• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

SFTP - what type of a speed hit does it take?

bob4432

bob4432

Lifer
comparing sftp to ftp, what type of speed hit does sftp take? also, would this be a cpu limitation?

thanks,
bob
 
On a local network where both machines are fast enough to deal with the encryption and compression the difference is minimal, I just tested with a ~330M file and it took 30s via FTP and 33s via SFTP. The slower, dual 1.2Ghz, machine's CPU was ~50% for the entire transfer with SFTP but was nearly completely idle during the FTP transfer.
 
depends on too many factors to give an exact comparison on how it would operate in your environment.

file type, compression method, encryption method, and the type of link (lan vs wan) all come into play.

Nothinman's above speeds were probobly in an ideal environment. local transfers, compressible files, medium encryption, and capable machines on both ends.
 
Originally posted by: Nothinman
On a local network where both machines are fast enough to deal with the encryption and compression the difference is minimal, I just tested with a ~330M file and it took 30s via FTP and 33s via SFTP. The slower, dual 1.2Ghz, machine's CPU was ~50% for the entire transfer with SFTP but was nearly completely idle during the FTP transfer.
Click to expand...

What were the settings you used? On my local network SFTP/AES runs at about 2,300KBps while SCP/Blowfish was about 9,100KBps.

Originally posted by: bob4432
comparing sftp to ftp, what type of speed hit does sftp take? also, would this be a cpu limitation?

thanks,
bob
Click to expand...

I think it depends on a lot of factors. I have two AXP 1700s and the W32/WinSCP machine always runs slower than the Ubuntu Server box. The only W32 machine I have that can keep up with the Ubuntu box has a Core Solo.
 
i don't really know what type of encryption it is - i am trying out a version of www.serv-u.com and it has it built in. cpu wise this box is going to be weak - ~500MHz-750MHz, P3 (i kick my self in the a$$ everry day for passing up a dual 1.4GHz P3 w/ 1GB ECC and serverworks board for ~$125 every day...)

if anybody has a better alternative for a win32 setup i am all ears - gpl would be great. 🙂

as far as connection it will be 512-1Mb/s up isp stuff, so i will be limited in that dept, but do have a server class nic (older intel dual heat 100Mb/s) if that will offload anything to help it out?? so tempted to just go pick up a cheap a64 3000 or even some flavor of a barton setup...

please give me your feedback on what i have suggested, thanks, bob
 
What were the settings you used? On my local network SFTP/AES runs at about 2,300KBps while SCP/Blowfish was about 9,100KBps.
Click to expand...

Yes, I switched to blowfish a while ago because I have some other automated transfers that I wanted to speed up.

as far as connection it will be 512-1Mb/s up isp stuff, so i will be limited in that dept, but do have a server class nic (older intel dual heat 100Mb/s) if that will offload anything to help it out?? so tempted to just go pick up a cheap a64 3000 or even some flavor of a barton setup...
Click to expand...

At those speeds I doubt you'll notice any difference and the NIC's brand/model won't matter at all.
 
tbh, the best thing you could do to speed up sftp would be to move to a *nix solution, as it will utilize the hardware more efficiently, and takes a smaller footprint to run the OS.
 
just out of curiosity, does the username/pass get transfered in plain text? or since it sees it coming in on port 990, does it ecrypt all the data? so far, in my testing wth the rig in sig, i am at most using 2% cpu peaki, but i know things will be different when i switch it to the old p3 machine. again, though my load will be small so i think it can handle it.
 
Originally posted by: Nothinman
just out of curiosity, does the username/pass get transfered in plain text?
Click to expand...

Not if you use a non-plain-text block cipher.

or since it sees it coming in on port 990, does it ecrypt all the data?
Click to expand...

The port is irrelevant.
Click to expand...

this is what happens when i connect -

Status: Connecting to 192.168.1.25:990 ...
Status: Connected with 192.168.1.25:990, negotiating SSL connection...
Status: SSL connection established. Waiting for welcome message...
Response: 220 >>> X2 Box <<<
Command: USER user25
Response: 331 User name okay, need password.
Command: PASS ******
Response: 230 User logged in, proceed.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Extension supported
Response: AUTH TLS
Response: SSCN
Response: PBSZ
Response: PROT
Response: CCC
Response: CLNT
Response: MDTM
Response: MDTM YYYYMMDDHHMMSS[+-TZ];filename
Response: SIZE
Response: SITE PSWD;EXEC;SET;INDEX;ZONE;CHMOD;MSG
Response: REST STREAM
Response: XCRC filename;start;end
Response: MODE Z
Response: MLST Type*;Size*;Create;Modify*;Win32.ea*;
Response: 211 End
Command: PBSZ 0
Response: 200 PBSZ command OK. Protection buffer size set to 0.
Command: PROT P
Response: 200 PROT command OK. Using private data connection.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/d:/" is current directory.
Command: MODE Z
Response: 200 MODE Z ok.
Command: TYPE A
Response: 200 Type set to A.
Command: PORT 192,168,1,25,11,169
Response: 200 PORT Command successful.
Command: LIST
Response: 150 Opening ASCII mode data connection for /bin/ls.
Status: SSL connection established
Response: 226 Transfer complete.
Status: Directory listing successful

here it is for anonymous -
Status: Connecting to 192.168.1.25:990 ...
Status: Connected with 192.168.1.25:990, negotiating SSL connection...
Status: SSL connection established. Waiting for welcome message...
Response: 220 >>> X2 Box <<<
Command: USER anonymous
Response: 331 User name okay, please send complete E-mail address as password.
Command: PASS *****
Response: 530 Sorry, no ANONYMOUS access allowed.
Error: Unable to connect!

so since the ssl stuff is done before the u/p is sent should i assume it is encrypted too?

thanks in advance,
bob
 
what is the difference between sftp and ftp-ssl? all this new stuff when i try to learn about securing stuff.....😱

i did notice that it said it used openssl...
 
For win32 I doubt it matters much since there's no ssh or ftps client installed, for most unixes sftp would be better because you probably already have the client installed. There is the fact that I already trust the OpenSSH developers so I'd be more cautious about some random ftp daemon, but that's up to you.
 
just as a reference, on a 100Mb/s LAN with the server being either the rig in sig or a xp2000 w/ 1GB pc3200 and 7.2khdd a 550MHz p3 would max out at 2MB/s with ftp-ssl and around 6-8MB/s regular. didn't matter if i had 1 connection going to the server or 10, end result was 2MB/s to the 550MHz machine 🙂

thanks all for the info
 
Originally posted by: Nothinman
I'd say that's a problem with Serv-U then since I only lost ~3s when using sftp on my home Linux machines.
Click to expand...

even though the client (550MHz) machine cpu was pegged @ 95%+? using filezilla as a client. my rig in sig cpu usage was very low where the server was
 
Maybe it's filezilla's fault then, but either way something is wrong because I'm getting 3.5MB/s sftp'ing to a 300Mhz Ultra2.
 
Originally posted by: Nothinman
Maybe it's filezilla's fault then, but either way something is wrong because I'm getting 3.5MB/s sftp'ing to a 300Mhz Ultra2.
Click to expand...

could it be that ftp-ssl has more overhead? just throwing out ideas as i don't know much abou sftp or ftp-ssl and never used it before this thread. can you think of a different ftp client that is free like filezilla fo a win32 box? could the fact that it is on a win32 box be the issue? wouuld a *nix box be more efficient?

thanks 🙂
 
It shouldn't, the FTP protocol is really bare, once you say GET or PUT the rest of the stream is raw data so any encryption overhead should be minimal.

As for ftps software, I have no idea, ftps has never really been popular so not many clients implement it. If either of them was running via some translation layer like cygwin then I might blame that because cygwin causes a noticeable slowdown, but assuming that Serv-U and Filezilla are both native, win32 apps I doubt that's an issue.
 
I don't have any x86 machines as slow as yours though or I'd do more testing, my only two machines below 1.2Ghz are a sparc64 and an Alpha and that definitely makes a difference. An easy way for you to test sftp also would be to burn some Ubuntu LiveCDs and boot them, I'm not sure if the SSH server is enabled by default but you can install it pretty easily. I recommend doing it that way because the only OpenSSH daemons I know of for Windows use cygwin and causes a noticable performance hit.
 
Originally posted by: Nothinman
I don't have any x86 machines as slow as yours though or I'd do more testing, my only two machines below 1.2Ghz are a sparc64 and an Alpha and that definitely makes a difference. An easy way for you to test sftp also would be to burn some Ubuntu LiveCDs and boot them, I'm not sure if the SSH server is enabled by default but you can install it pretty easily. I recommend doing it that way because the only OpenSSH daemons I know of for Windows use cygwin and causes a noticable performance hit.
Click to expand...

i might do that. i actually d/l the ubuntu cds - server and desktop but wanted a gui for the usage of this machine which is strictly https - but doing it via win2kpro - just don't have the time to learn *nix even though i should....especially since this vista b.s. coming out :thumbsdown: i just wish *nix had more gaming support, but i have a 360 on the way so maybe i will start to use my rig for strictly computer stuff then i can go *nix since there is photo/video/audio/office apps for it....

anyway, it is cool. i need to install acronis and make an image of the current hdd that is in there before i start messing with ubuntu 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top