ssh / scp slow on 10GBE

Damien Miller djm at
Mon Jan 7 21:57:01 EST 2013

On Mon, 7 Jan 2013, Tomas Kuthan wrote:

> >>Part of the gap between encryption speed and the dd measurement can be
> >>accounted to checksumming, some to initial key-exchange and rekeying.
> >>The gap still feels quite wide though.
> > Now it's 400MB/s using ssh and 1230MB/s when using a direct TCP connection.
> Well, you certainly won't get anything faster than your 700 MB of
> openssl aes speed results. You cannot transmit data faster, than you
> encrypt them. And even this upper bound is not reachable, because of
> checksumming overhead.

Right: if you are using AES and umac-64 as your MAC then you are actually
invoking AES twice as umac-64 uses AES internally.

> There is a potential in enhancing OpenSSH to do some tasks in parallel.
> MACs and encryption could be done at the same time. Or, for some modes
> of encryption, counters can be pre-computed in advance. But in the past
> OpenSSH developers expressed strongly against threads...

Yeah, we do don't want to go there (threads in OpenSSH). You might be
able to make an OpenSSL engine implementation that manages it all on the
OpenSSL side.

Alternately, we are considering adding support for AES-GCM which is very
fast on recent Intel CPUs and probably slightly faster than AES+umac-64


More information about the openssh-unix-dev mailing list