linux

Getting the most out of SSH - hardware acceleration tuning for AES-NI

  • Posted on: 3 September 2015
  • By: Michał Turecki

On Intel some OpenSSH ciphers use hardware accelerated AES-NI extensions which leads to significally better performance. There is a pretty easy way to determine cipher performance on any particular Linux installation:

for i in `ssh -Q cipher`; do dd if=/dev/zero bs=1M count=100 2> /dev/null \
  | ssh -c $i someuser@localhost "(time -p cat) > /dev/null" 2>&1 \
  | grep real | awk '{print "'$i': "100 / $2" MB/s" }'; done

The script will only work if "someuser" has key authentication configured (~/.ssh/config contains a valid entry for someuser@localhost).

How to run another SSH daemon on Amazon EC2 - on a different port

  • Posted on: 31 October 2014
  • By: Michał Turecki

Running a separate SSH server only makes sense when a second SSHD will run using different settings. If settings are the same, port forwarding should be enough to just pass the traffic from one port to another:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 20202 -j REDIRECT --to-port 22

where 20202 is the new port and 22 is the default SSH port.

If SSHD settings should be separate, we need another sshd instance with a copy of current configuration files).

Please remember to change the alternative ssh port number (20202) to a custom port.