Hold on folks! I can only get this performance boost on one particular machine so the tip may not be widely applicable.
Will investigate further and update the article
Works on any CPU implementing http://en.wikipedia.org/wiki/AES_instruction_set (most Intel/AMD desktop and server CPUs since 2010).
Benchmarking:
# Create a big random test file (~500MB)
dd if=/dev/urandom of=/tmp/bigfile bs=1M count=500
500+0 records in
500+0 records out
524288000 bytes (524 MB) copied, 45.5077 s, 11.5 MB/s
# encryption performance with default OpenSSL cipher (aes128-ctr)
scp -c aes128-ctr /tmp/bigfile localhost:/dev/null
bigfile 100% 500MB 55.6MB/s 00:09
# encryption performance with hardware accelerated cipher (aes256-cbc)
scp -c aes256-cbc /tmp/bigfile localhost:/dev/null
bigfile 100% 500MB 125.0MB/s 00:04
dd if=/dev/urandom of=/tmp/bigfile bs=1M count=500
500+0 records in
500+0 records out
524288000 bytes (524 MB) copied, 45.5077 s, 11.5 MB/s
# encryption performance with default OpenSSL cipher (aes128-ctr)
scp -c aes128-ctr /tmp/bigfile localhost:/dev/null
bigfile 100% 500MB 55.6MB/s 00:09
# encryption performance with hardware accelerated cipher (aes256-cbc)
scp -c aes256-cbc /tmp/bigfile localhost:/dev/null
bigfile 100% 500MB 125.0MB/s 00:04
Change your default ciphers:
# edit /etc/ssh/ssh_config
# For protocol 1
Cipher aes256-cbc
# For protocol 2 (put aes256-cbc at front of list)
Ciphers aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# For protocol 1
Cipher aes256-cbc
# For protocol 2 (put aes256-cbc at front of list)
Ciphers aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
Security Implications
Changing the default OpenSSL cipher has security implications beyond my basic crypto understanding.
See http://crypto.stackexchange.com/questions/1886/which-one-of-the-block-cipher-modes-is-the-best for more information.
Idea came from http://www.capnfreedom.com/home/viac7padlockaesbenchmarks