EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Why is speed of SFTP transfer too low comparing to WS_FTP or FileZilla?

1. Common speed for SSH and SFTP data transfer is around 1-1.5 Mb/sec. It is limited by encryption speed and several layers of data copying and processing (during SSH tunneling). So you can't directly compare speed of pure FTP transfer, where the data is sent over dedicated socket unaltered, and SFTP file transfer, where each chunk of data is wrapped several times (and unwrapped back on the other side).

2. Different encryption algorithms have different speed. This is caused by the number of calculations needed to encrypt the block, and by the block size. Talking about SSH encryption algorithms, DES and 3DES are very slow, RC4 is the fastest, AES is relatively fast. Encryption algorithms can be enabled and disabled using EncryptionAlgorithms property. You should note, that in .NET SecureBlackbox uses pure managed IL code, which is by definition slower, than the optimized native code used in FileZilla, WS_FTP and some other native clients. Also, some clients started to use hardware support for processor instructions that make AES faster - the advantage that we can't have in managed code.

3. Compression can increase speed of transfer of uncompressed data, but will slow down transfer if your data is already compressed or encrypted (encrypted or compressed data can't be compressed further yet time is wasted on this secondary compression). Compression can be enabled or disabled using CompressionAlgorithms property. Note, that you need to enable or disable SSH_CA_ZLIB algorithm (and not SSH_CA_NONE).

4. If you still experience slowness, it can be caused by pipelining being disabled by the component during automatic settings adjustment for particular server. When the client connects to the server, the server tells its name to the client. The name can be read in ServerSoftwareName property. Based on the given name the component attempts to adjust certain properties to bypass bugs and limitations of the particular server software. Some servers don't support pipelining (sending multiple SSH packets without waiting for confirmation for each packet). Some servers support pipelining only in recent versions, and it can happen that the component will disable pipelining based solely on server software name, and the server does support it in its used version. To check if pipelining is used, handle OnBlockTransferPrepared event (added in SecureBlackbox 8.2) and check it's parameters (you can also modified pipeline length that way if you feel that it's incorrect).

Return to the list


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!