You are not logged in.

#1 2014-10-19 11:56:27

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,832
Website

Openssh 6.7 disables a number of ciphers

For those using ssh over rsync or just scp to move files around on a LAN, be aware that a number of version 2 ciphers have been disabled in the 6.7p1-1 release of openssh (see release notes) including the following:
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se

That leaves the following available:
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com

If you have defined any of these ciphers in ~/.ssh/config you should switch to one of the supported ones.  Also make the change in any shell script you might be using.  The significance of this particularly for older hardware could be much slower transfer speeds.  See this thread for a comparison of all version 2 ciphers moving 500 MB files around.  The conclusion from this older experiment was that any of the arcfour ciphers provided the fastest transfers on LANs where security was not a concern.

Using a similar script I shared in the linked thread, I tested these supported ciphers an 1100 MB file this time (with 6 replicates) and found that all are more or less the same within error of the experiment on the Ivy or Haswell hardware tested (with the exception of the chacha20-poly1305 cipher that was a tiny bit slower on each).  The older Yorkfield (Xeon version of the Q9550) had a harder time keeping up and slightly preferred the aes256-gcm cipher.  YMMV.

table.png
haswell.jpg
ivy.jpg
yorkfield.jpg

None of these were CPU-limited using my hardware (sending machine was a Haswell i7-4790k and receiving machines are as indicated in the headers on the plots.

You can benchmark your own hardware with the script below:
Script: https://gist.github.com/graysky2/0e265604bfd4856a2596

Last edited by graysky (2015-11-22 22:16:24)


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#2 2014-10-20 02:55:39

Pse
Member
Registered: 2008-03-15
Posts: 403

Re: Openssh 6.7 disables a number of ciphers

Thank you for taking the time to post about this.

Last edited by Pse (2014-10-20 02:55:52)

Offline

#3 2014-10-20 06:30:12

HiImTye
Member
From: Nanaimo, BC, Canada
Registered: 2012-05-09
Posts: 1,061

Re: Openssh 6.7 disables a number of ciphers

* sshd(8): The default set of ciphers and MACs has been altered to
   remove unsafe algorithms. In particular, CBC ciphers and arcfour*
   are disabled by default.

   The full set of algorithms remains available if configured
   explicitly via the Ciphers and MACs sshd_config options.

you can still enable them if you wish in your system-wide settings

Last edited by HiImTye (2014-10-20 06:30:29)

Offline

#4 2014-10-23 19:43:39

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,832
Website

Re: Openssh 6.7 disables a number of ciphers

Pse wrote:

Thank you for taking the time to post about this.

You're welcome; glad someone found it of value.

HiImTye wrote:

you can still enable them if you wish in your system-wide settings

True but unless you combine them with an IP restriction (LAN only) that would be ill-advised since they were disabled for a reason tongue  I edited the first post including the arcfour as a comparison.

Last edited by graysky (2014-10-23 20:24:38)


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#5 2014-10-24 13:57:13

kokoko3k
Member
Registered: 2008-11-14
Posts: 1,851

Re: Openssh 6.7 disables a number of ciphers

Thanks graysky, your results probably depends on specific cpu accelerated functions.
My mileage varies much on a Core2 Duo E7500.

I tried to make a benchmark without involving too much I/O operations.
This one requires sshpass:

#!/bin/bash

user=<username with access to local ssh server>
password=<his password>
port=22  
MB=200

export LC_ALL=C

ciphers="3des-cbc aes128-cbc aes192-cbc aes256-cbc aes128-ctr aes192-ctr \
         aes256-ctr aes128-gcm@openssh.com aes256-gcm@openssh.com arcfour \
         arcfour128 arcfour256 blowfish-cbc cast128-cbc chacha20-poly1305@openssh.com"

#ciphers=$(ssh -Q cipher)

for cipher in $ciphers; do
        echo cipher: "$cipher"
        dd if=/dev/zero bs=1M count=$MB conv=sync  | \
        sshpass -p $password ssh -c $cipher -o Compression=no -o Port=$port $user@127.0.0.1 "cat - >/dev/null"
done

And my results:

# nice -n -19 /tmp/ciphers.sh 2>&1|grep 'cipher\|MB'
cipher: 3des-cbc
209715200 bytes (210 MB) copied, 11.0941 s, 18.9 MB/s
cipher: aes128-cbc
209715200 bytes (210 MB) copied, 1.78707 s, 117 MB/s
cipher: aes192-cbc
209715200 bytes (210 MB) copied, 2.14264 s, 97.9 MB/s
cipher: aes256-cbc
209715200 bytes (210 MB) copied, 2.02551 s, 104 MB/s
cipher: aes128-ctr
209715200 bytes (210 MB) copied, 1.70451 s, 123 MB/s
cipher: aes192-ctr
209715200 bytes (210 MB) copied, 1.77964 s, 118 MB/s
cipher: aes256-ctr
209715200 bytes (210 MB) copied, 2.00527 s, 105 MB/s
cipher: aes128-gcm@openssh.com
209715200 bytes (210 MB) copied, 1.99968 s, 105 MB/s
cipher: aes256-gcm@openssh.com
209715200 bytes (210 MB) copied, 2.33376 s, 89.9 MB/s
cipher: arcfour
209715200 bytes (210 MB) copied, 1.51805 s, 138 MB/s
cipher: arcfour128
209715200 bytes (210 MB) copied, 1.43505 s, 146 MB/s
cipher: arcfour256
209715200 bytes (210 MB) copied, 1.41674 s, 148 MB/s
cipher: blowfish-cbc
209715200 bytes (210 MB) copied, 3.21618 s, 65.2 MB/s
cipher: cast128-cbc
209715200 bytes (210 MB) copied, 3.28389 s, 63.9 MB/s
cipher: chacha20-poly1305@openssh.com
209715200 bytes (210 MB) copied, 2.16026 s, 97.1 MB/s

Offline

#6 2015-02-01 02:11:43

solar
Member
Registered: 2011-03-01
Posts: 77

Re: Openssh 6.7 disables a number of ciphers

Worth noting, that now it is likely a good idea to do make OPENSSL=no in the openssh PKGBUILD as openssl is infested with US subterfuge and NIST "random" seeds, (don't use ECDSA!), but compiling it without lends to niceties like EDDSA and so on ,p

EDIT: Ah, it finished and is not part of the portable options..sigh.

Last edited by solar (2015-02-01 03:27:14)


I am hilariously insane. yup. you won't notice though.. I promise...I think.

Offline

#7 2015-07-06 06:56:51

vak
Member
Registered: 2015-07-06
Posts: 1

Re: Openssh 6.7 disables a number of ciphers

Could someone sum up, please, what is recommended to use instead of disabled arcfour,blowfish-cbc in a usual case?

Offline

#8 2015-07-06 09:49:10

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,832
Website

Re: Openssh 6.7 disables a number of ciphers

The answer to your question is clearly stated in the first post.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#9 2015-09-14 22:46:37

kozaki
Member
From: London >. < Paris
Registered: 2005-06-13
Posts: 670
Website

Re: Openssh 6.7 disables a number of ciphers

Just runned kokoko3k's script on 3 machines, of which two tiny netbooks that are handy when moving away.

  • Atom Z520 @ 1.33GHz, none of the left ciphers make it to 7MB/s, that's a 75% drop from Arcfour, which tops out at, well an incredible 23MB/sec

  • Atom N450 @ 1.66GHz, 3 of them pass 10MB/s (max 15), a 50% drop from arcfour;

  • On an i3-3220 @ 3.30GHz, 4 allow for over 200 MBc, a 20% drop from arcfour.

indeed CPU does make a difference yikes

@Graysky I like your graph! mind to share how do you ouput that?

EDIT: Tested Z520 has older OpenSSH_5.8p2, OpenSSL1.0.0j-Fips, while N450 runs OpenSSH_7.1p1, OpenSSL 1.0.2d. Dunno about the version difference's impact.

Last edited by kozaki (2015-09-15 00:44:44)


Seeded last month: Arch 50 gig, derivatives 1 gig
Desktop @3.3GHz 8 gig RAM, linux-ck
laptop #1 Atom 2 gig RAM, Arch linux stock i686 (6H w/ 6yrs old battery smile) #2: ARM Tegra K1, 4 gig RAM, ChrOS
Atom Z520 2 gig RAM, OMV (Debian 7) kernel 3.16 bpo on SDHC | PGP Key: 0xFF0157D9

Offline

#10 2015-09-14 23:55:21

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,832
Website

Re: Openssh 6.7 disables a number of ciphers

@kozaki - Spotfire dxp


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

#11 2015-09-15 00:41:20

kozaki
Member
From: London >. < Paris
Registered: 2005-06-13
Posts: 670
Website

Re: Openssh 6.7 disables a number of ciphers

Thanks! Ah, demos are appealing. Now I don't have that kind of server arround atm hmm


Seeded last month: Arch 50 gig, derivatives 1 gig
Desktop @3.3GHz 8 gig RAM, linux-ck
laptop #1 Atom 2 gig RAM, Arch linux stock i686 (6H w/ 6yrs old battery smile) #2: ARM Tegra K1, 4 gig RAM, ChrOS
Atom Z520 2 gig RAM, OMV (Debian 7) kernel 3.16 bpo on SDHC | PGP Key: 0xFF0157D9

Offline

#12 2015-11-22 22:17:32

graysky
Wiki Maintainer
From: :wq
Registered: 2008-12-01
Posts: 9,832
Website

Re: Openssh 6.7 disables a number of ciphers

I updated the first post responding some the feedback to explore additional hardware.  Indeed, the older machine (Yorkfield in my case) gave a different answer.  What's probably more important is sharing the script to test your own hardware if you move a ton of data around your LAN or if you're just OCD like me.


CPU-optimized Linux-ck packages @ Repo-ck  • AUR packagesZsh and other configs

Offline

Board footer

Powered by FluxBB