Secure Shell (SSH)
SSH is a widely used protocol for remote terminal access with secure authentication and data encryption. It is also used for file transfers, using tools such as scp (Secure Copy), sftp (Secure FTP), or rsync-over-ssh.
Performance Issues With SSH
Application Layer Window Limitation
When users use SSH to transfer large files, they often think that performance is limited by the processing power required for encryption and decryption. While this can indeed be an issue in a LAN context, the bottleneck over "long fat networks" (LFNs) is most likely a window limitation. Even when TCP parameters have been tuned to allow sufficiently large TCP Windows, the most common SSH implementation (OpenSSH) has a hardwired window size at the application level. Until OpenSSH 4.7, the limit was ~64K but since then, the limit was increased 16-fold (see below) and window increase logic was made more aggressive.
This limitation is replaced with a more advanced logic in a modification of the OpenSSH software provided by the Pittsburgh Supercomputing Center (see below).
The performance difference is substantial especially when RTT grows. In a test setup, with 45 ms RTT, two Linux systems with 8 MB read/write buffers could achive 1.5 MB/s performance with regular OpenSSH (3.9p1 + 4.3p1). Switching to OpenSSH 5.1p1 + HPN-SSH patches on both ends allow up to 55-70 MB/s (no encryption) or 35/50 MB/s (aes128-cbc/ctr encryption) , with the stable rate somewhat lower, the bottleneck being CPU on one end. By just upgrading the receiver (client) side, transfer could still reach 50 MB/s (with encryption).
Crypto overhead
When the window-size limitation is removed, encryption/decryption performance may become the bottleneck again. So it is useful to choose a "cipher" (encryption/decryption method) that performs well, while still being regarded as sufficiently secure to protect the data in question. Here is a table that displays the performance of several ciphers supported by OpenSSH in a reference setting:
cipher |
throughput |
|---|---|
3des-cbc |
2.8MB/s |
arcfour |
24.4MB/s |
aes192-cbc |
13.3MB/s |
aes256-cbc |
11.7MB/s |
aes128-ctr |
12.7MB/s |
aes192-ctr |
11.7MB/s |
aes256-ctr |
11.3MB/s |
blowfish-cbc |
16.3MB/s |
cast128-cbc |
7.9MB/s |
12.2MB/s |
The High Performance Enabled SSH/SCP (HPN-SSH) version also supports an option to the scp program that supports use of the "none" cipher, when confidentiality protection of the transferred data is not required. The program also supports a cipher-switch option where password authentication can be encrypted but the transferred data not.
References
Basics
- Protocol Basics: Secure Shell Protocol, W. Stallings, The Internet Protocol Journal, Volume 12, No.4, December 2009
SSH Performance
- High Performance Enabled SSH/SCP, Pittsburgh Supercomputing Center
- OpenSSH channel size increase between 4.6 and 4.7., OpenBSD webcvs.
- Application Layer Network Window management in the SSH protocol, C. Rapier, M. A. Stevens, August 2004
- High Speed Bulk Data Transfer Using the SSH Protocol, C. Rapier, B. Bennett, February 2008
– Main.ChrisWelti - 03 Apr 2006
-- Main.SimonLeinen - 12 Feb 2005 - 26 Apr 2010
– Main.PekkaSavola - 01 Oct 2008