Performance Analysis Of Ssh Session Establishment; Performance Running As Ssh Daemon; Performance Analysis Of Sftp Traffic; Sftpserv Performance Of Ls Command With Wildcards - HP NonStop SSH 544701-014 Reference Manual

Performance Analysis of SSH Session
Establishment

Performance Running as SSH Daemon

The performance impact of the initial SSH session setup should be viewed separately. As explained before, establishing
an SSH session involves several CPU-intensive public key operations. The amount of CPU cycles consumed depends
upon the key sizes used.
The following table shows the CPU consumption of an SSH session setup (without any data transfer taking place) for a
DSA host key with 1024 bit length and for RSA client keys with the sizes as stated in the table:
Client Key size [bits]
512
1024
2048
It is very hard to predict future developments, both in cryptography and computer technology, which makes it next to
impossible to tell in advance what key size will be sufficient in the years to come. We recommend using a key size of
1024 bits for the time being.

Performance Analysis of SFTP Traffic

To get an indication of the performance of the SSH2 component and the subordinate SFTPSERV processes when acting
as SFTP daemon, the average transfer rate and CPU consumption has been measured while a file with 50 MB of data has
been transferred via SFTP.
The following table shows the result of the measurement:
Partner Direction
system of transfer
Linux, NonStop to
OpenSSH Partner
system
Linux, Partner
OpenSSH system to
NonStop
Please bear in mind that the measured transfer rate does not only depend on the performance of the SSH2/SFTPSERV
components, but also on the network throughput and the performance of the remote SFTP client or server.
The most significant column of the table probably is the value "CPU ms/MB transfer" which should give a good estimate
for the CPU milliseconds needed to transfer one Megabyte of data using SFTP.

SFTPSERV Performance of ls Command with Wildcards

The output from command ls (list) can be delayed when wildcards are used and the file information returned by
SFTPSERV is not processed effectively. Unlike the ftp protocol the sftp protocol does not define two commands for
listing the names of files in a directory (ftp: NLST) and listing of all file attributes of files in a directory (ftp: LIST).
There is only one command in the sftp protocol (READDIR) that always retrieves all attributes of the files in a directory.
In case of a wildcard (e.g. ls test*) the SFTP client will do the pattern matching after all file attributes have been
retrieved from the SFTP server. After the pattern matching the SFTP client could display the file listing but there are
300 • Performance Considerations
Approximate CPU consumption [milliseconds]
234
236
242
Cipher Time
Suite/MAC elapsed [s]
algorithm
AES- 66,5
128/MD5
AES- 242
128/MD5
CPU time Through-
used [s] put [KB/s]
27,1 734
26,6 202
HP NonStop SSH Reference Manual
CPU CPU usage
ms/MB
transfer
568 41 %
557 11%