# openssh performance problem

## Treborius

hi, i have the following cpu in my little homeserver

```

model name      : Geode(TM) Integrated Processor by AMD PCS

cpu MHz         : 498.077

```

my problem is a very low transfer-rate via ssh, if i copy a file through an ssh-tunnel

on this machine i get about 1.3MB/s while the cpu sits on 100% usage

can anyone give me an hint, where i should look at?

the hd isnt the problem (tested with hdparm and iostat)

and i found in the inet, that some guy gets around 4-5MB/s with the same cpu and motherboard

here is the output of top while copying a large file via ssh from one dir on the computer to another

------------------------------

asks:  90 total,   3 running,  87 sleeping,   0 stopped,   0 zombie

Cpu(s): 86.8%us, 11.0%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.3%hi,  1.9%si,  0.0%st

Mem:    247024k total,   187908k used,    59116k free,    12912k buffers

Swap:  1959924k total,     6024k used,  1953900k free,   136656k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                   

17051 root      20   0  3996 2116 1688 R 47.0  0.9   0:05.54 ssh                                                       

17064 XXX      20   0  7276 1532  904 R  46.7  0.6   0:05.31 sshd

------------------------------

here i am sending the file from root to the user XXX's home-dir,

i really dont have a clue, what i should test, to determine where the problem lies

----------

## solamour

Just to narrow down the cause of the problem, can you try different file transfer, such as smb, nbd, and nfs?

__

sol

----------

## madchaz

are you using compression?

I've found that if the link is fast, that's usually going to slow down transfer more then increase it.

----------

## Kethreveris

I've got a similar server, (bought for the low power usage). Perhaps the same model.

```
> cat /proc/cpuinfo | head -8

processor     : 0

vendor_id     : AuthenticAMD

cpu family    : 5

model         : 10

model name    : Geode(TM) Integrated Processor by AMD PCS

stepping      : 2

cpu MHz       : 499.876

cache size    : 128 KB

...
```

At one point, I thought that I could get the built in AES encryption

to work with SSH. But it never seem to help performance. Or I did

it wrong.

One thing I did find was the ability to use SCP with no encryption

for the data. The connection verification and checksuming are still

in place. This gives me 3x speed improvement. This is the command;

```
scp -oNoneSwitch=yes -oNoneEnabled=yes ${MY_OPTIONS} ${MY_SOURCE} ${MY_DESTINATION}
```

You also have to have this in the "/etc/ssh/sshd_config" file;

```
# allow the use of the none cipher

NoneEnabled yes
```

And possibly list "none" on the "Ciphers" line, (at the end).

This USE flag is also needed when building SSH;

```
> grep hpn /usr/portage/profiles/use.local.desc 

net-misc/openssh:hpn - Enable high performance ssh
```

NOTE: I only use this for point to point copies with only a switch

in-between. And very much local. Further more, this does not

affect SSH traffic, only SCP traffic. Please read the various web

sites about this feature if concerned about security.

----------

## phajdan.jr

 *Kethreveris wrote:*   

> One thing I did find was the ability to use SCP with no encryption
> 
> for the data. The connection verification and checksuming are still
> 
> in place. This gives me 3x speed improvement.

 

This still sounds quite dangerous, now you need to be quite careful not to transfer anything that should be encrypted (i.e. passwords, config files, data, etc). I think it's really to forget, especially when you're used to ssh/scp doing the encryption.

----------

## Kethreveris

Yes, it can be dangerous.

BUT, you have to manually turn it on. For each and EVERY transfer. So in my

case, I know when I am transferring a huge file that does not matter. My time

for those file transfers is far more important.

To transfer a 10GB file at 2MBps takes 83 minutes. If I can boost the speed

up to 8MBps then it's down to 21 minutes.

----------

## Treborius

after a whole week of trail and error i found a way to enable the hardware encryption with the

amd-geode chip

what i have done :

patched linux-2.6.38-gentoo-r6 with this patch : http://www.docunext.com/wiki/My_Notes_on_Patching_2.6.22_with_OCF

read documentation in the link, till patching openssl, since openssl 1.0.0 no patch is needed

edited openssl-1.0.0e.ebuild in my local overlay

diff :

```

18c18

< IUSE="bindist gmp kerberos rfc3779 sse2 test zlib -cryptodev"

---

> IUSE="bindist gmp kerberos rfc3779 sse2 test zlib"

87,91d86

< 

<       if use cryptodev ; then

<               config="${config} -DHAVE_CRYPTODEV" 

<       fi

< 

108a104

>               --libdir=$(get_libdir) \

```

what it does : added a useflag "cryptodev" to compile open-ssl with "-DHAVE_CRYPTODEV"

editited openssh-5.8_p1-r1.ebuild

to use the hw-device via openssl

diff :

```

27c27

< IUSE="${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509 -cryptodev"

---

> IUSE="${HPN_PATCH:++}hpn kerberos ldap libedit pam selinux skey static tcpd X X509"

149,153d148

<       if use cryptodev ; then

<               USE_CRYPTODEV="--with-ssl-engine=cryptodev"

<       else

<               USE_CRYPTODEV="--with-ssl-engine "

<         fi

156d150

<               ${USE_CRYPTODEV} \

164a159

>               --with-ssl-engine \

```

ebuild digest the modifications

- USE="cryptodev" emerge openssl openssh

- install patched kernel

- reboot

- modprobe ocf

- modprobe cryptodev

- modprobe cryptosoft

i was able to speed up scp transfers with aes-128-cbc cipher via wlan

from 1.3Mb/s to 4Mb/s with these modifiction

----------

## phajdan.jr

Have you filed Gentoo bugs to include those modifications in our ebuilds? They seem quite useful.

----------

