Getting the most out of SSH - hardware acceleration tuning for AES-NI

  • Posted on: 3 September 2015
  • By: Michał Turecki

On Intel some OpenSSH ciphers use hardware accelerated AES-NI extensions which leads to significally better performance. There is a pretty easy way to determine cipher performance on any particular Linux installation:

for i in `ssh -Q cipher`; do dd if=/dev/zero bs=1M count=100 2> /dev/null \
  | ssh -c $i someuser@localhost "(time -p cat) > /dev/null" 2>&1 \
  | grep real | awk '{print "'$i': "100 / $2" MB/s" }'; done

The script will only work if "someuser" has key authentication configured (~/.ssh/config contains a valid entry for someuser@localhost).