Log in

No account? Create an account
Recent Entries Friends Archive Profile Tags My wildlife photography
Quick techie question: I'd like to enforce rate limiting to a total of 26K/s outbound on sftp connections. Is that supported by the daemon (a chroot-patched version running on 10.3.9), or would I be better off implementing that (how?) under Apache?

(There's no specific reason Ocelot's still running Panther rather than Tiger - basically just haven't had any need to change it, given Ocelot's only a secondary system now)
Is this "sftp" as in the FTP-like protocol over SSH2, or "ftps",
the TLS/SSL enabled "real" FTP protocol on port 989/990. If
it's the 'sshd' protocol, then I've read blurbs on google that
people typically reconfigure sshd to run under inetd/xinetd and
use inetd to do the rate limiting. This could probably work
as well for ftpd, though some FTP servers, like proftpd, support
rate limiting natively.
inetd could do a fine job of rate-limiting the number of connections that can be outstanding at any time, but I don't think it can limit the amount of bandwidth that each connection would use.

The problem with sftp is that it occurs on the same port that ssh works on, so you can't shape sftp traffic without also shaping other ssh traffic.

Does MacOS include PF and ALTQ? If so, there's some traffic shaping capabilities there, though they are still somewhat new to me.