SSH keys: ed25519 vs RSA performance demystified
The cipher/algorithm used for ssh keys is independent of the algorithm/ciphers used for encrypting the session/connection.
So a faster key algorithm will only speed up operations relating to key generation and validation, i.e. authenticating and establishing a session.
For faster or more secure transfer speeds, you can tune the preferred Ciphers
in the servers sshd_config
and/or the ssh client with the same config file option or the -c cipher_spec
command line option.
You can test on your own machine how for example how RSA 1024, 2048 and 4096 compare in that regard with ed25519 using openssl speed rsa1024 rsa2048 rsa4096 ecdsap256 ed25519
:
sign verify sign/s verify/s
rsa 1024 bits 0.000078s 0.000006s 12852.6 175638.7
rsa 2048 bits 0.000519s 0.000016s 1926.4 62959.0
rsa 3072 bits 0.001570s 0.000033s 636.8 30670.3
rsa 4096 bits 0.003496s 0.000055s 286.1 18200.7
256 bits ecdsa (nistp256) 0.0000s 0.0001s 41044.8 16044.8
253 bits EdDSA (Ed25519) 0.0000s 0.0001s 21079.9 9383.2