On Wed, Dec 23, 2020 at 09:56:01AM +0800, Jeremy Ardley wrote:
Having said that, scp and ssh are affected by the encryption algorithm. The
fastest one at the moment is blowfish and it's possible to get up to 50 MB/s on
a gig lan.
That's pretty ancient advice. The fastest on most modern x86 CPUs with AES-NI instructions is aes128-gcm@openssh.com. Without AES-NI your fastest may be chacha20-poly1305@openssh.com. The default is chacha20, which is fast enough in most cases that it doesn't matter, but worth testing & reconfiguring in cases where it does. Blowfish isn't supported in the latest versions of ssh, and even before it was dropped it was much slower than hardware-accelerated AES. It also never got an authenticated encryption mode IIRC, so it had additional MAC overhead that the more modern modes do not.
The following are on a mid-range Ryzen machine running to localhost, to take the network out of the equation, and are copying a sparse 1G file to /dev/null so there's no disk I/O; either of these algorithms will easily max out a gigabit connection if the disks are fast enough.
scp -o Ciphers=aes128-gcm@openssh.com testfil localhost:/dev/nulltestfil 100% 1024MB 864.3MB/s 00:01
scp -o Ciphers=chacha20-poly1305@openssh.com testfil localhost:/dev/nulltestfil 100% 1024MB 475.1MB/s 00:02
For comparison, here's stretch (still supported blowfish) on a much lower power intel CPU (i3-7100U):
$ scp -o Ciphers=chacha20-poly1305@openssh.com testfil localhost:/dev/null
testfil 100% 1024MB 167.7MB/s 00:06 $ scp -o Ciphers=aes128-gcm@openssh.com testfil localhost:/dev/null
testfil 100% 1024MB 507.5MB/s 00:02 $ scp -o Ciphers=blowfish-cbc testfil localhost:/dev/null
testfil 100% 1024MB 77.8MB/s 00:13
(see how terrible blowfish is, and how the AES-NI acceleration leads to AES tremendously outperforming CHACHA20?)
here's an almost 10 year old non-AES-NI desktop cpu:
$ scp -o Ciphers=aes128-gcm@openssh.com testfil localhost:/dev/null
testfil 100% 1024MB 224.7MB/s 00:04 $ scp -o Ciphers=chacha20-poly1305@openssh.com testfil localhost:/dev/null
testfil 100% 1024MB 184.9MB/s 00:05
Note that AES & CHACHA20 are much closer in performance, but AES is still faster. Note also that either can still max out gigabit ethernet.
Thanks for the update. Here is my available cipher list:
ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
I did some tests and found there was around a 10-20% difference in speed between runs. This is on a Ryzen 5 with M.2 PCIe drive using aes128-gcm@openssh.com
(base) jeremy@client:~$ scp -o Ciphers=aes128-gcm@openssh.com
sparse_file localhost:/dev/null
sparse_file
100% 1024MB 770.8MB/s 00:01
(base) jeremy@client:~$ scp -o Ciphers=aes128-gcm@openssh.com
sparse_file localhost:/dev/null
sparse_file
100% 1024MB 814.2MB/s 00:01
(base) jeremy@client:~$ scp -o Ciphers=aes128-gcm@openssh.com
sparse_file localhost:/dev/null
sparse_file
100% 1024MB 757.6MB/s 00:01
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature