use ssh compression and a ssh-cipher that enables AES-NI#17
Conversation
If the transfer rate is limited by
- network-bandwidth, enable SSH stream compression
- ssh/sshd cpu load, switch the ssh-cipher to a one that utilizes
hardware-accelerated crypto (like x86-aes-ni)
cc531de to
a6b0217
Compare
|
@glaweh Did you make performance measurements to verify that these SSH options actually do what they are supposed to do? If so, what speedup (roughly) did you measure? |
|
Out of curiosity I just did a performance test on two of my systems. I used A rented virtual server with AMD EPYC CPU:
On an arm based system:
So changing the default cipher seems like a bad idea. It depends to much on the environment if it makes de-/encryption faster or slower. I have not tested if compression has any benefit/harm. |
|
@txt-file Thanks for testing! So I assume we still might want to use the |
|
As always: It depends / Its complicated. It depends how compressable the input stream is. These test ignore the decompression. According to https://manpages.debian.org/bookworm/openssh-client/ssh.1.en.html ssh uses gzip for compression. Take these tests with a With current network bandwidth gzip is not such a good idea anymore. lz4 would be better but I do not see an option in OpenSSH to set the compression algorithm. I am very unsure if |
|
From today's perspective:
zstd can (un-)compress with multiple threads (option |
If the transfer rate is limited by
hardware-accelerated crypto (like x86-aes-ni)