SSH is one of the staples when administrating *nix servers. One thing many people know but don’t use is that Blowfish SSH encryption is much faster than AES encryption. This comes in very handy if you are scp-ing large files or piping something over SSH.The speed difference is significant. It can be around 4-5x faster than using the common AES cypher. Blowfish is probably as secure as AES. I have not found any comments to the contrary.
You can activate the blowfish cypher by using SSH like this:
ssh -c blowfish <user>@<host>
Even better is to include compression. That would then be:
ssh -C -c blowfish <user>@<host>
But this is a lot to type and often gets forgotten. So how to activate it permanently…
In Ubuntu (and probably most Debian distros) edit the file /etc/ssh/ssh_config. Change the lines
# Cipher 3des # Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
to
Compression yes Cipher blowfish Ciphers blowfish-cbc,aes128-cbc,3des-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
If you want to see what is going on with SSH and what encryption is being used add a -v (verbose) to the SSH command.
Tags: Linux, performance, Tips, Ubuntu