Description

This article is from the SSH - Secure Shell FAQ, by Thomas Koenig Thomas.Koenig@ciw.uni-karlsruhe.de with numerous contributions by others.

4.2. Should I turn encryption off, for performance reasons? (Ssh Applications)

No; you should keep it turned on, for security reasons.

Today's CPUs are fast enough that performance losses (if any) only are
noticable for local Ethernet speeds, or faster.

You might want to specify blowfish encryption instead of the default,
IDEA, with -c blowfish, for faster operation.

Following are some measurements where the different encryption methods
were applied between a P5/90 and a 486/100, both running Linux, for
copying files with scp across a lightly loaded Ethernet.

The model chosen was t=a+x/b; a is the startup time in seconds, and b
the sustainable transfer rate in kB/s. Also given are the 68.3%
confidence intervals for the data, as determined by the Levenberg-
Marquardt algorithm as implemented a pre-3.6 version of gnuplot.

  Encryption	a[s]	da[s]    b[kB/s]	db[kB/s]
  none		2.37	0.37     386.1	 5.8
  rc4		1.96	0.27     318.2	 2.9
  tss		2.33	0.37     298.5	 3.5
  des		2.07	0.19     218.8	 1.0
  idea		2.25	0.45     169.6	 1.3
  3des		1.92	0.11     118.2	 0.2

Across a heavily loaded Ethernet, rc4 encryption together with
compression may actually be faster than using rcp.

If you don't encrypt your sessions, you are vulnerable to all the
attacks which are open on the "r" suite of utilities, and you might as
well not use ssh.

 

Continue to:

• prev: 4.1. Can I run backups over ssh?
• Index
• next: 4.3. Can I use ssh to communicate across a firewall?

Share and Enjoy

Tags

security, SSH, Secure Shell