|00:50||vagrantc has left IRC (vagrantc!~vagrant@2600:3c01:e000:21:7:77:0:20, Quit: leaving)|
|05:01||quinox has left IRC (email@example.com, Quit: WeeChat 3.5)|
|05:04||quinox has joined IRC (firstname.lastname@example.org)|
|13:54||bobby99 has joined IRC (email@example.com)|
hi. is anyone aware of a way to enable aes-ni for ssh on ubuntu?
For LTSP? You can set SSH_OPTIONS in ltsp.conf
I know. But how can I enable aes-ni that way?
I'm not sure what you mean, it's just an ssh option.
man ssh_config, option Cipher, it maps to ssh command line options
This option selects the cipher used. It does not select if the cipher runs in software or in hardware.
If your hardware supports it ,it will be used. If not, not.
There's no software option for "enforce hardware support"...
I have run some performance tests, and chacha20 turns out to be faster than aes ciphers. System load also went up during the tests. So I assume that aes-ni ist not used.
cat /proc/cpuinfo says if it supports aes
I know. I can see "aes" for all the cores.
ssh -q cipher says the selected cipher
# `ssh -vv $host hostname 2>&1 | grep cipher:` for the selected one
# Speed test: yes | pv | ssh $host "cat >/dev/null"
# Or: yes | pv | ssh -o "Ciphers=aes128-ctr" $host "cat >/dev/null"
In all my tests where aes was supported by hardware, aes128-ctr was the fastest cipher from all of them
chacha was only faster in raspberry pis, nowhere else
I'll re-check my numbers
|14:37||bobby99 has left IRC (firstname.lastname@example.org, Quit: Client closed)|
|15:43||shored1 has left IRC (shored1!~shored@user/shored, Quit: ZNC 1.8.2+deb2 - https://znc.in)|
|15:43||shored has joined IRC (shored!~shored@user/shored)|
|20:59||vagrantc has joined IRC (vagrantc!~vagrant@2600:3c01:e000:21:7:77:0:20)|
|22:53||MUHWALT has left IRC (MUHWALT!~ubox@user/muhwalt, Quit: WeeChat 3.5)|
|23:32||oh207_ has joined IRC (email@example.com)|
|23:38||oh207_ has left IRC (firstname.lastname@example.org, Ping timeout: 276 seconds)|