Rsync faster with AES-NI and ssh options


Introduction

Copying files per ssh is very convenient, but the default encryption(1) usually takes its toll on the CPU, and the result is that you do not fill the available network bandwidth. The solution is to use a less CPU intensive cipher, which often leads to using a less secure encryption scheme. On a local network this is rarely an issue.

Earlier I was often using blowfish or arc4 as preferred ciphers, but in newer Linux distros (i.e Ubuntu 16.04LTS) these are no longer supported. Nowadays there are some default ciphers that are supported using hardware accelerated AES-NI instructions, helping to offload the ciphering in the CPU. aes128-gmc@openssh.com and aes256-gcm@openssh.com is such ciphers.

  • Quick and easy
cd /path/to/your/files
time rsync -av --delete -e "ssh -T -o Compression=no -x -c aes256-gcm@openssh.com" . someuser@remote.system:/mnt/remote_filesystem
time rsync -av --delete -e "ssh -T -o Compression=no -x -c aes128-gcm@openssh.com" . someuser@remote.system:/mnt/remote_filesystem

On a 1gbit connection, I often see >110MB/s with the command line above.

References

  • https://turecki.net/content/getting-most-out-ssh-hardware-acceleration-tuning-aes-ni
  • man ssh_config => Default ciphers
maglub@myserver:~$ ssh -Q cipher
3des-cbc
blowfish-cbc
cast128-cbc
arcfour
arcfour128
arcfour256
aes128-cbc
aes192-cbc
aes256-cbc
rijndael-cbc@lysator.liu.se
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
chacha20-poly1305@openssh.com
Related Posts

Leave Your Comment