dlenski · December 6, 2022 09:14 · May 30, 2016 · May 29, 2016 · May 29, 2016 · May 29, 2016
diff --git a/ssh-cipher-benchmark.sh b/ssh-cipher-benchmark.sh
@@ -5,16 +5,18 @@
 # You should set up PublicKey authentication so that you don't have to type your
 # password for every cipher tested.
 
+set -o pipefail
+
 ciphers="$@"
 if [[ -n "$ciphers" ]]; then echo "User-supplied ciphers: $ciphers"; fi
 
 if [[ -z "$ciphers" ]]; then
-  ciphers="$(egrep '^\s*Ciphers' /etc/ssh/sshd_config|sed 's/Ciphers//; s/,/ /')"
+  ciphers=$(egrep '^\s*Ciphers' /etc/ssh/sshd_config|sed 's/Ciphers//; s/,/ /')
   if [[ -n "$ciphers" ]]; then echo "/etc/ssh/sshd_config allows these ciphers: $ciphers"; fi
 fi
 
 if [[ -z "$ciphers" ]]; then
-  ciphers="$(ssh -Q cipher)"
+  ciphers=$(echo $(ssh -Q cipher))
   if [[ -n "$ciphers" ]]; then echo "ssh -Q cipher reports these ciphers: $ciphers"; fi
 fi
 
@@ -27,9 +29,20 @@ EOF
   echo "Default cipher test list: $ciphers"
 fi
 
+echo
+echo "For each cipher, will transfer 1000 MB of zeros to/from localhost."
+echo
+
+tmp=$(mktemp)
 for i in $ciphers
 do
+  echo -n "$i: "
   dd if=/dev/zero bs=1000000 count=1000 2> /dev/null |
-    ssh -qc $i -o Compression=no localhost "(time -p cat) > /dev/null" 2>&1 |
-    grep real | awk '{print "'$i': "1000 / $2" MB/s" }'
-done
+  ssh -c $i -o Compression=no localhost "(time -p cat) > /dev/null" > $tmp 2>&1
+
+  if [[ $? == 0 ]]; then
+      grep real $tmp | awk '{print 1000 / $2" MB/s" }'
+  else
+      echo "failed, for why run: ssh -vc $i localhost"
+  fi
+done
diff --git a/ssh-cipher-benchmark.sh b/ssh-cipher-benchmark.sh
@@ -1,29 +1,35 @@
 #!/bin/bash
 
 # Based on: http://www.systutorials.com/5450/improving-sshscp-performance-by-choosing-ciphers/#comment-28725
+#
+# You should set up PublicKey authentication so that you don't have to type your
+# password for every cipher tested.
 
-ciphers="$(egrep '^\s*Ciphers' /etc/ssh/sshd_config|sed 's/Ciphers//; s/,/ /')"
-if [[ -n "$ciphers" ]]; then
-  echo "/etc/ssh/sshd_config allows these ciphers: $ciphers"
-else
+ciphers="$@"
+if [[ -n "$ciphers" ]]; then echo "User-supplied ciphers: $ciphers"; fi
+
+if [[ -z "$ciphers" ]]; then
+  ciphers="$(egrep '^\s*Ciphers' /etc/ssh/sshd_config|sed 's/Ciphers//; s/,/ /')"
+  if [[ -n "$ciphers" ]]; then echo "/etc/ssh/sshd_config allows these ciphers: $ciphers"; fi
+fi
+
+if [[ -z "$ciphers" ]]; then
   ciphers="$(ssh -Q cipher)"
-  if [[ -n "$ciphers" ]]; then
-    echo "ssh -Q cipher reports these ciphers: $ciphers"
-  else
-    read -rd '' ciphers <<EOF
+  if [[ -n "$ciphers" ]]; then echo "ssh -Q cipher reports these ciphers: $ciphers"; fi
+fi
+
+if [[ -z "$ciphers" ]]; then
+  read -rd '' ciphers <<EOF
 3des-cbc aes128-cbc aes128-ctr [email protected] aes192-cbc aes192-ctr
 aes256-cbc aes256-ctr [email protected] arcfour arcfour128 arcfour256
 blowfish-cbc cast128-cbc [email protected] [email protected]
 EOF
-    echo "Default cipher test list: $ciphers"
-  fi
+  echo "Default cipher test list: $ciphers"
 fi
 
 for i in $ciphers
 do
   dd if=/dev/zero bs=1000000 count=1000 2> /dev/null |
-    ssh -qc $i localhost "(time -p cat) > /dev/null" 2>&1 |
+    ssh -qc $i -o Compression=no localhost "(time -p cat) > /dev/null" 2>&1 |
     grep real | awk '{print "'$i': "1000 / $2" MB/s" }'
 done
-
-
diff --git a/ssh-cipher-benchmark.sh b/ssh-cipher-benchmark.sh
@@ -1,5 +1,6 @@
-# Based on:
-# http://www.systutorials.com/5450/improving-sshscp-performance-by-choosing-ciphers/#comment-28725
+#!/bin/bash
+
+# Based on: http://www.systutorials.com/5450/improving-sshscp-performance-by-choosing-ciphers/#comment-28725
 
 ciphers="$(egrep '^\s*Ciphers' /etc/ssh/sshd_config|sed 's/Ciphers//; s/,/ /')"
 if [[ -n "$ciphers" ]]; then
@@ -21,7 +22,7 @@ fi
 for i in $ciphers
 do
   dd if=/dev/zero bs=1000000 count=1000 2> /dev/null |
-    ssh -c $i localhost "(time -p cat) > /dev/null" 2>&1 |
+    ssh -qc $i localhost "(time -p cat) > /dev/null" 2>&1 |
     grep real | awk '{print "'$i': "1000 / $2" MB/s" }'
 done
 

diff --git a/ssh-cipher-benchmark.sh b/ssh-cipher-benchmark.sh
@@ -6,13 +6,16 @@ if [[ -n "$ciphers" ]]; then
   echo "/etc/ssh/sshd_config allows these ciphers: $ciphers"
 else
   ciphers="$(ssh -Q cipher)"
-  echo "ssh -Q cipher reports these ciphers: $ciphers"
-else
-  read -rd '' ciphers <<EOF
+  if [[ -n "$ciphers" ]]; then
+    echo "ssh -Q cipher reports these ciphers: $ciphers"
+  else
+    read -rd '' ciphers <<EOF
 3des-cbc aes128-cbc aes128-ctr [email protected] aes192-cbc aes192-ctr
 aes256-cbc aes256-ctr [email protected] arcfour arcfour128 arcfour256
 blowfish-cbc cast128-cbc [email protected] [email protected]
 EOF
+    echo "Default cipher test list: $ciphers"
+  fi
 fi
 
 for i in $ciphers

diff --git a/ssh-cipher-benchmark.sh b/ssh-cipher-benchmark.sh
@@ -1,7 +1,7 @@
 # Based on:
 # http://www.systutorials.com/5450/improving-sshscp-performance-by-choosing-ciphers/#comment-28725
 
-ciphers="$(egrep '^\s*Ciphers' /etc/ssh/sshd_config|sed 's/Ciphers//; s/,/ /'")
+ciphers="$(egrep '^\s*Ciphers' /etc/ssh/sshd_config|sed 's/Ciphers//; s/,/ /')"
 if [[ -n "$ciphers" ]]; then
   echo "/etc/ssh/sshd_config allows these ciphers: $ciphers"
 else

diff --git a/ssh-cipher-benchmark.sh b/ssh-cipher-benchmark.sh
@@ -0,0 +1,25 @@
+# Based on:
+# http://www.systutorials.com/5450/improving-sshscp-performance-by-choosing-ciphers/#comment-28725
+
+ciphers="$(egrep '^\s*Ciphers' /etc/ssh/sshd_config|sed 's/Ciphers//; s/,/ /'")
+if [[ -n "$ciphers" ]]; then
+  echo "/etc/ssh/sshd_config allows these ciphers: $ciphers"
+else
+  ciphers="$(ssh -Q cipher)"
+  echo "ssh -Q cipher reports these ciphers: $ciphers"
+else
+  read -rd '' ciphers <<EOF
+3des-cbc aes128-cbc aes128-ctr [email protected] aes192-cbc aes192-ctr
+aes256-cbc aes256-ctr [email protected] arcfour arcfour128 arcfour256
+blowfish-cbc cast128-cbc [email protected] [email protected]
+EOF
+fi
+
+for i in $ciphers
+do
+  dd if=/dev/zero bs=1000000 count=1000 2> /dev/null |
+    ssh -c $i localhost "(time -p cat) > /dev/null" 2>&1 |
+    grep real | awk '{print "'$i': "1000 / $2" MB/s" }'
+done
+
+