I have installed properly OpenSSH in two PCs which have Mandriva 2005 and SUSE 9.2 . I want to evaluate the performance of the network in relation to the cipher being used. I have also managed to use either password and public/private keys authentications.

The problem is that the transfer time is the same when I use a cipher or not ... I cant explain this...

I always apply the following steps to change a cipher :

1. Open the ssh_config (client properties)
2. Go to line "Cipher 3des"
3. Edit the existing cipher with the preffered one
4. Save the file

I use sftp username@server to connect to the server and the get command to download the file to the client.

Make sure you know what you are measuring. It may be that the overhead of the cipher is small in relation to the network transfer time - all of the cipher work could be done while waiting to send or receive the next packet. The overhead may only show up under high system load - which will make measurements even more difficult to reproduce.

Also check which cipher is actually negotiated between the client and server.

You have a point there but I have already tested OpenSSH with various ciphers (AES, 3DES, Blowfish, Arcfour) in WindowsXP using cygwin and everything worked fine !! But now I have to make the measurements in Linux environment...

The problem seems to be the non application of the selected cipher algorithm. It is not logical the fact that the transfer time is the same using a cipher or not...

Any proposition???

There is a way to verify which cipher algorithms is being used? Something like a log?

You could try running the ssh server deamon in debug mode with -d. This stops it from backgrounding itself, quits after one connection session and outputs verbose debug information to syslog. That should provide details on which ciphers get selected etc.

As for performance, as far as I know, for short connections, most time is spent generating and exchanging session keys and negotiating client/server settings. Have you considered comparing sftp to ftp? At least you can guarantee that there will be no encryption overhead with ftp.

I did a quick search: Apparently, blowfish is about 11 times faster than 3DES but no-one can show test resuts to prove it makes ANY difference over a network! There may not be any differences to measure (under Linux).

For a definitive answer, I suggest the OpenSSH mailing lists: http://www.openssh.org/list.html

I executed sshd <mypc> -vvv and I saw that it has a line "Cipher: arcfour" and "Ciphers:arcfour" ... So I can guess that the selection and application of the ciphers is made correctly! But, I keep taking unexpected results...

There is a ssh server/client with GUI in Linux ? Can you propose me one?

I believe that I solved my problem by using the command scp with the parameter -oCiphers=<ciphername>.Now, I get some logical results. I can assume that in small files' transfers cipher algorithms dont make difference !!

Thanks DaveG for your interest !

You may run openssl at the terminal and type "help" and then "speed" so you can time the algorithms in your machine. OpenSSH uses OpenSSL, so speed would be easier to know.

Very good idea ! I didnt know that OpenSSH cooperates with OpenSSl ! I will try although I use Ethereal to capture the tranferred packets.