What is the overhead of SSH compared to telnet?

3

I am curious: how big is the overhead SSH introduces compared to telnet?

Obviously there are different parts here:

  1. Initial connection time overhead due to additional round trips for encryption
  2. Is there a bandwidth overhead?
    • Is there an overhead in each packet transmitted
    • or do we only have some padding at the end?
  3. CPU overhead on the client side
  4. CPU overhead on the server side
    • How large is it?
    • How about newer CPUs which have AES modules?
    • And what about servers with dozens or hundreds of SSH connections?
    • is the per-connection CPU overhead of clients and servers symmetric?
  5. Is there a memory overhead?
  6. Did I forgot something?

This is more of a theoretical question. I am fully aware that it makes practically no difference in typical scenarios where a server maintains only a few ssh connections.

masgo

Posted 2016-08-03T08:40:40.677

Reputation: 1 541

I’m VTC as “too broad” because I don’t think an answer would fit in this site concept (or answer text limit :D ). – Daniel B – 2016-08-03T08:49:36.117

Answers

4

I'll give you quick answer since a lengthy explanation would easily fill a 90 min lecture or tow. These are little more than estimations since it is very much dependent on system load, the kind of connections you throw at the server and of course the hardware that is used.

  1. Yes and no. There is a rekeying after 1 GB of data or 1 hour of connection time. Can also depend on whether keys are used for authentication. Diffie-Hellman is generally more expensive than RSA key exchange, but since it only happens once(ish) not a big deal.
  2. Yes there is overhead: you have to add random padding of at least 4 byte (SSH2) And each data package gets an HMAC of some sort. Depending on what is used. I don't know how much exactly but it is less at max 33 byte (Full sha2 lengt) Max payload is 35000 - 4 byte padding. You get about 37/34996 = 0.001 % overhead or less.
  3. CPU overhead is minimal. That was one of the goals for AES standard.
  4. Same here. It is roughly symmetrical since the crypto operations are symmetrical (similar to multiplication and division are symmetrical), of course this requires knowing the keys. How many connections can a server handle? Depends on the connections. If you have simple terminal sessions: many. If someone blasts a 1 GBit connection at you and copies 10 GB of data via scp: using a standard intel i7 probably two or three at a time. Its likely that your NIC or storage bottle necks first.
  5. Not sure. A little bit probably. I'd say not more than double the memory of a normal telnet session.

paradoxon

Posted 2016-08-03T08:40:40.677

Reputation: 596

Does each TCP package get an HMAC or each logical SSH data package? If each logical SSH package gets an HMAC, then the overhead will be bigger for smaller packets – masgo – 2016-08-03T11:32:34.213

No, the TCP protocol is unaware of what is going on on the application layer (where SSH operates). The HMAC is per SSH Package, which is broken up unto multiple TCP segments. So yes overhead will be greater for smaller packages, that is true. For terminal sessions this is not exactly grate, but it also not that severe since it will take you ~100ms to notice a change on the screen. So there is a bias towards optimising for larger payloads. I also think that 35k is not just plugged out of the thin air either. It probably is an optimisation between different scenarios. – paradoxon – 2016-08-03T12:04:35.513

Asked: 2016-08-03T08:40:40.677

Viewed: 2 533 times

Active: 2016-08-03T10:54:32.417