this post was submitted on 01 Sep 2024
33 points (97.1% liked)
Linux
5191 readers
62 users here now
A community for everything relating to the linux operating system
Also check out !linux_memes@programming.dev
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I noticed a pretty extreme difference in performance in openssh when using x11 forwarding when I touch the cipher suite.
AES128-ctr vs AES128-gcm on kubuntu 22.04.
I was wondering if anyone could shed some light into that. I'm mostly curious if it's not using hardware acceleration when I switch it to GCM.
The week went by and this was left unanswered. Usually I research a bit to treat anything on these threads. This time, I'm on the phone, so I went lazy and directly to chatgpt. Hopefully this is not an AI hallucination and it sheds some light for you.
The performance difference you're observing between AES128-CTR and AES128-GCM in OpenSSH with X11 forwarding can be attributed to several factors, including the nature of the ciphers and hardware acceleration support.
AES128-CTR vs AES128-GCM
Cipher Characteristics:
Hardware Acceleration:
Checking Hardware Acceleration
To determine if your system is using hardware acceleration for AES operations, you can check the following:
CPU Support:
aes
in the output, your CPU supports AES-NI.OpenSSL Benchmark:
SSH Configuration:
/etc/ssh/sshd_config
for the server and/etc/ssh/ssh_config
or~/.ssh/config
for the client):Conclusion
The performance difference between AES128-CTR and AES128-GCM is expected due to the additional authentication overhead in GCM mode. Ensuring that your system is utilizing hardware acceleration (AES-NI) can help mitigate some of this overhead, but GCM will generally still be slower than CTR. If performance is critical and you do not need the additional authentication provided by GCM, sticking with CTR mode might be the better option.