Check speed of ssh cipher(s) on your system

ssh-cipher-benchmark.sh

#!/bin/bash

# Based on: http://www.systutorials.com/5450/improving-sshscp-performance-by-choosing-ciphers/#comment-28725
#
# You should set up PublicKey authentication so that you don't have to type your
# password for every cipher tested.

set -o pipefail

ciphers="$@"
if [[ -n "$ciphers" ]]; then echo "User-supplied ciphers: $ciphers"; fi

if [[ -z "$ciphers" ]]; then
  ciphers=$(egrep '^\s*Ciphers' /etc/ssh/sshd_config|sed 's/Ciphers//; s/,/ /')
  if [[ -n "$ciphers" ]]; then echo "/etc/ssh/sshd_config allows these ciphers: $ciphers"; fi
fi

if [[ -z "$ciphers" ]]; then
  ciphers=$(echo $(ssh -Q cipher))
  if [[ -n "$ciphers" ]]; then echo "ssh -Q cipher reports these ciphers: $ciphers"; fi
fi

if [[ -z "$ciphers" ]]; then
  read -rd '' ciphers <<EOF
3des-cbc aes-128-cbc aes-128-ctr [email protected] aes-192-cbc aes192-ctr
aes-256-cbc aes-256-ctr [email protected] arcfour arcfour128 arcfour256
EOF
  echo "Default cipher test list: $ciphers"
fi

echo
echo "For each cipher, will transfer 1000 MB of zeros to/from localhost."
echo

tmp=$(mktemp)
for i in $ciphers
do
  echo -n "$i: "
  dd if=/dev/zero bs=1000000 count=1000 2> /dev/null |
  ssh -c $i -o Compression=no localhost "(time -p cat) > /dev/null" > $tmp 2>&1
  
  if [[ $? == 0 ]]; then
      grep real $tmp | awk '{print 1000 / $2" MB/s" }'
  else
      echo "failed, for why run: ssh -vc $i localhost"
  fi
done