ssh / scp slow on 10GBE

Iain Morgan imorgan at
Fri Jan 11 11:12:39 EST 2013

On Mon, Jan 07, 2013 at 04:57:01 -0600, Damien Miller wrote:
> On Mon, 7 Jan 2013, Tomas Kuthan wrote:
> > >>Part of the gap between encryption speed and the dd measurement can be
> > >>accounted to checksumming, some to initial key-exchange and rekeying.
> > >>The gap still feels quite wide though.
> > > Now it's 400MB/s using ssh and 1230MB/s when using a direct TCP connection.
> > 
> > Well, you certainly won't get anything faster than your 700 MB of
> > openssl aes speed results. You cannot transmit data faster, than you
> > encrypt them. And even this upper bound is not reachable, because of
> > checksumming overhead.
> Right: if you are using AES and umac-64 as your MAC then you are actually
> invoking AES twice as umac-64 uses AES internally.
> > There is a potential in enhancing OpenSSH to do some tasks in parallel.
> > MACs and encryption could be done at the same time. Or, for some modes
> > of encryption, counters can be pre-computed in advance. But in the past
> > OpenSSH developers expressed strongly against threads...
> Yeah, we do don't want to go there (threads in OpenSSH). You might be
> able to make an OpenSSL engine implementation that manages it all on the
> OpenSSL side.
> Alternately, we are considering adding support for AES-GCM which is very
> fast on recent Intel CPUs and probably slightly faster than AES+umac-64
> everywhere.
> -d

Apparently, it was more than just "considering." :-)

Nice to see the addition of AES-GCM in recent snapshots!


Iain Morgan

More information about the openssh-unix-dev mailing list