New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mod_sftp has low performance #1751
Comments
FileZilla 3.66.1 does not offer With FileZilla compression on my transfers were 5-15MiB/s. I turned compression off to get better performance. Compression must be turned off if you're getting 60. Other clients do not use compression by default. Test bed: All measurements are taken from client before the first rekey. FileZilla rekeys at 10% and does not remove the rekey time from the speed. sftp does not rekey.
A sftp benchmark site I can't find now found that AES+HMAC was slower than AES+UMAC and AES-GCM which were fast and equal speed. AES-CTR might go faster if paired with proftpd sftp performance isn't slower than the fastest client. All performance problems are at the client. Clients that use OpenSSL and libsodium are fast. Clients that use their own code are not. These are the conf lines I used. Bitvise and OpenSSH can specify protocols so don't need these lines.
Did some more testing, same clients, more servers. Test Bed: Linux OpenSSH 9.5 Added test for This is a repeat of the above test in table form.
nSoftware is a slow starter. Takes till about 30% to get the max speed.
Here are the lines I used in
|
I'd like to chime in with similar findings, I'm seeing slow speeds with sftp versus scp. Given that sftp as a subsystem is more secure, I would prefer not to drop it for speed. (I saw a post from RedHat that they are dropping the scp default subsystem ) Client OpenSSH 7Try 1: Regular Usage
small-512.dat 51% 264MB 94.5MB/s 00:02 ETA OpenSSH 8Try 2: Regular usage
Try 3: Addl '-O' speeds up significantly
Thanks in advance, I'm hoping there is a straightforward fix. |
Problem maybe related to #1288 (comment). |
On the previous test the speed limit imposed by the gigabit network made OpenSSH sshd and proftpd look about the same. I improved the test and found that OpenSSH has a significant performance advantage. Test methodology:
Plenty of OpenSSH Benchmarks but they all missed at least one of the above rules. Like Famzah, this test also demonstrates the dramatic differences between processors and platforms. My E-2146G desktop runs ahead of pack pushing more than 10Gbe speeds using the latest and best algorithms, no arcfour needed. There is a performance difference between OpenSSH and proftpd when you get above 1Gbe. It would be good to find out how OpenSSH goes so fast. Some sftp clients and servers are so slow that gigabit Ethernet and hard drives are not bottlenecks. Some clients perform differently with different servers of similar speed. Most clients are speed optimized for OpenSSH server. OpenSSH sftp can specify algos on the command line, logs results, and consistently outperformed all other clients. OpenSSH sftp client was used for all tests. aes-gcm and umac are the speed leaders. Some algos are so slow that faster processors make no noticeable improvement. sha1 is faster than md5. My Haswell laptop keeps up with Haswell workstations, handily beating earlier workstations. Windows performance was substantially lower than Linux performance with both the Windows 10 build and the CYGWin build. Note that chacha20 and aes-gcm do not use a separate MAC. Ignore the column header. All measurements are as reported by OpenSSH sftp client: Megabytes/second (not megabits). Entries are sorted on their aes256-gcm speed.
Here's a couple interesting full tables. Lenovo ThinkServer TS140, E3-1245 v3, Arch Linux
Lenovo ThinkServer TS140, E3-1245 v3, Arch Linux
Included are the full set of results and the test program. The test program generates these markdown tables. The test program is a shell script. It runs in Linux or CYGWIN bash. It includes the Windows CMD lines to generate sparse files. |
@severach thanks for the thorough testing! I'm wondering what differences we might see, specifically with newer OpenSSH clients, now that mod_sftp implements the |
What I Did
I compared SFTP upload performabce through sshd (openssh 8.5) & proftpd mod_sftp (1.3.8 / 1.3.8a).
The SFTP client used is FileZilla.
Upload rate to an sshd server is 106 Mio/s.
Upload rate to a proftpd server is only 64 Mio/s.
The host is the same, and I don't run both servers simultaneously.
What I Expected/Wanted
I expected upload rate to a proftpd server to be similar.
ProFTPD Version and Configuration
proftpd 1.3.8 & 1.3.8a
Configuration key points:
These parameters are the same in sshd_config.
If I remove SFTPCiphers from proftpd configuration, the upload rate goes up to 80Mio/s which is a bit better but still way lower than sshd.
The text was updated successfully, but these errors were encountered: