Saturday, March 20, 2010

SSH ciphers on emulated sparcs

Running X-applications on an emulated sparc over two ssh tunnels seemed quite slow, so I experimented a bit with different ciphers. Of course when you are connected from localhost to the very same localhost, a risk that a third party can sniff you connection is pretty low. So, obviously the most performing cipher would have been "no cipher". Unfortunately the ssh  bundled with Solaris 9 doesn't have this feature. I found an article where a few different ciphers where compared and wondered whether an emulated sparc cpu is closer to a real sparc or to the host cpu (in my case x86-64). It seems to be that the emulated system is acting rather like a host: arcfour is just a little bit more performant than blowfish:
aes128-cbc1.89 MiB/s
Theoretical limit (dd if=/dev/zero of=junk bs=1024k count=100): 20.8MiB/s.
Yes, 2.63MiB/s is pretty lame. But hey, on the real hardware you'd get even less.

For now I'm adding

Host 10.0.2.*
  Ciphers arcfour

to my ~/.ssh/config

No comments: