[WizzleKake]

Several ciphers will be disabled by default [in the next release]: blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES.

I still use arcfour; it seems to be the fastest when using scp or rsync (rsync -e 'ssh -c arcfour') for copying large files. I hope the OpenSSH package manager for my distribution keeps arcfour enabled for this reason.

[cesarb]

RC4 (arcfour) should not be used, because it's broken. It has biases in its output (which is XOR-ed with the plaintext), which given enough cyphertext allows one to recover the plaintext (see http://www.rc4nomore.com/ for the most recent result).

OpenSSH since the 6.5 release (http://www.openssh.com/txt/release-6.5) has a better alternative, ChaCha20. It's even faster than RC4, and has no known weaknesses AFAIK. Some more information: https://security.stackexchange.com/questions/46812/what-does...

[Scaevolus]

ChaCha20 is slower than RC4 in my testing (176MB/s vs 213MB/s). Since I have AESNI and PCMLMUL, aes128-gcm is the fastest-- 430MB/s.

    $ for c in $(ssh -Q cipher); do echo $c; dd if=/dev/zero bs=1M count=8K | ssh -o Compression=no -c $c localhost dd of=/dev/null 2>/dev/null; done