>On 9/28/2024 7:30 AM, hostmas...@audiogen.ch wrote: >> Hi all >> >> After I got ssh2 running, I'm struggling with performance issues. >> >> Same file, same server system (Ubuntu), same client system (Ubunut), same >> network connection, only difference is the transfer protocol - sftp vs. >> https. >> >> File to download: >> >> Size: 33.6 MB >> >> Type: Zip file >> >> Download time >> >> with ssh2/sftp: 45 sec >> >> with wget/https: 1.6 sec >> >> with openssh-client/sftp: 6 sec >> >> The data is received in 4314 buffers, which indicates the chunk size the >> server is using to transfer data is 8k (33.6 * 1024 * 1024 / 4314). So >> setting buffersize on the client side or in ssh2 seems to have no effect. >> >> The results make me conclude the problem can't be sftp as such nor the >> server. So it's probably me :-) Is there anything performance-wise I'm >> missing? Something in need to tweak in the PHP configuration? .. ? >> >> Thanks a lot for your support. >> >> Have a nice weekend >> >> Mark
> Have you tried comparing performance to phpseclib? In general, > phpseclib does things that the ssh2 extension does not. It's written in > pure PHP userland but will take advantage of various PHP extensions for > improved performance if they are installed (e.g. OpenSSL, GMP, BCMath, > etc). I've generally had good luck with it over the years except it > will occasionally fail to connect for unknown reasons, which makes me > think it doesn't perfectly implement the SSH protocol. > HTTPS and SSH/SFTP are completely different protocols. Comparing them > isn't exactly a fair comparison. Even the fastest SSH client/server > will take 3-4 seconds to establish a connection because of the extensive > and expensive cryptographic handshake that takes place to establish the > secure connection. Longer EC/RSA private keys will take even longer to > establish a connection. In addition, SFTP has both sides compress and > decompress the content to save on network transport, which incurs some > CPU load. HTTPS, in comparison, has a fairly simple protocol handshake > that just verifies that public keys trace to a pre-trusted root CA. The primary intension doing a https test was to get a benchmark for the bandwidth between the two servers with a protocol different than ssh/sftp. The performance issue I encounter comes from the payload transmission - the longer duration of the ssh handshake relatively to the long transmission time isn't significant. Related to https vs. ssh, I'd say yes and no. I mean, in the end, both protocols establish an encrypted communication channel, so with only focussing on the transmission performance, comparing both I think isn't unfair. I agree that ssh by design won't be able to reach the full https bandwidth in best case, but close (at the same time http wasn't designed to transmit large amounts of data). Whereas in my case the difference is about factor 10, which, as far as I understand, can not be explained by the differences in the protocols. Furthermore, as I was doing a test with the openssh client on the command line (which, if I correctly understood, is using the same ssh lib as ssh2 does), and the results are far better with the client, it seems valid to conclude the root case must be either my application (a very trival script) or ssh2. That's why I was asking if I'm the only one experiencing such low transmission performance. > Since you've got HTTPS access for the file, you should ask yourself why > you aren't just going with that? If it's for legitimate security > reasons and the HTTPS test was a performance test, then that's fine. > But there are plenty of ways to secure HTTPS to a "good enough" level. > For example, place the file outside of the web root and use > X-Accel-Redirect or X-Sendfile within a PHP script and require some sort > of secret token in a header (e.g. Authorization: Bearer ...) or in the > URL to protect the PHP script from random drive-by visitors. I would like to stay with ssh. If I can't get an adequate performance with the ssh2 module, I will go forward by exec() the openssh client in the php script. > -- > Thomas Hruska > CubicleSoft President > CubicleSoft has over 80 original open source projects and counting. > Plus a couple of commercial/retail products. > What software are you looking to build?
