== What influences SSH's bulk transfer speeds

A number of years ago I wrote [[How fast various ssh ciphers are
SshSpeed]] because I was curious about just how fast you could do
bulk SSH transfers and how to get them to go fast under various
circumstances. Since then I have learned somewhat more about SSH
speed and what controls what things you have available and can
get.

To start with, my years ago entry was naively incomplete because
SSH encryption has two components: it has both a cipher and a
cryptographic hash used as the [[MAC
http://en.wikipedia.org/wiki/Message_authentication_code]]. The
choice of both of them can matter, especially if you're willing to
deliberately weaken the MAC. As an example of how much of an impact
this might make, in my testing on a Linux machine I could almost
double SSH bandwidth by switching from the default MAC to
'umac-64-etm@openssh.com'.

(At the same time, no other MAC choice made much of a difference within
a particular cipher, although hmac-sha1 was sometimes a bit faster than
hmac-md5.)

Clients set the cipher list with _-c_ and the MAC with _-m_, or with
the _Ciphers_ and _MACs_ options in your SSH configuration file (either
a personal one or a global one). However, what the client wants to use
has to be both supported by the server and accepted by it; this is set
in the server's _Ciphers_ and _MACs_ configuration options. The manpages
for ((ssh_config)) and ((sshd_config)) on your system will hopefully
document both what your system supports at all and what it's set to
accept by default. Note that this is not necessarily the same thing;
I've seen systems where _sshd_ knows about ciphers that it will not
accept by default.

(Some modern versions of OpenSSH also report this information
through '_ssh -Q <option>_'; see the _ssh_ manpage for details.
Note that such lists are not necessarily reported in preference
order.)

At least some SSH clients will tell you what the server's list of
acceptable ciphers (and MACs) if you tell the client to use options
that the server doesn't support. If you wanted to, I suspect that
you could write a program in some language with SSH protocol libraries
that dumped all of this information for you for an arbitrary server
(without the fuss of having to find a cipher and MAC that your
client knew about but your server didn't accept).

Running '_ssh -v_' will report the negotiated cipher and MAC that
are being used for the connection. Technically there are two sets
of them, one for the client to server and one for the server back
to the client, but I believe that under all but really exceptional
situations you'll use the same cipher and MAC in both directions.

Different Unix OSes may differ significantly in their support for
both ciphers and MACs. In particular Solaris effectively forked a
relatively old version of OpenSSH and so modern versions of Illumos
(and Illumos distributions such as OmniOS) do not offer you anywhere
near a modern list of choices here. How recent your distribution is
will also matter; our Ubuntu 14.04 machines naturally offer us a lot
more choice than our Ubuntu 10.04 ones.

PS: helpfully the latest OpenSSH manpages are online ([[cf
http://www.openssh.com/manual.html]]), so [[the current
manpage for _``ssh_config''_
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/ssh_config.5?&manpath=OpenBSD-current&sec=5&query=ssh_config]]
will tell you the latest set of ciphers and MACs supported by the
official OpenSSH and also show the current preference order.  To
my interest it appears that OpenSSH now defaults to the very fast
umac-64-etm MAC.