UDP for data?

Stef Bon stefbon at gmail.com
Thu Jul 12 17:05:14 AEST 2018


Thanks a lot for your feedback.

David, I'm not suggesting to change openssh, and be suprised and upset
when pacthes are not acccepted.
That's not my style, I'm informing about the ability to make openssh
work with udp (without any patches).

I'm working on a project which offers automatic access to users to
fileservices like smb,nfs and sftp using avahi for detection and fuse.
And I wrote my own
ssh and sftp clients. The simple public key auth works (serverkey in
~/.ssh/known_hosts and users public key in ~/.ssh/authorized_keys on
server ) I'm testing openssh certificates and wanting to make it work
with yubikey and nitrokey. I'm also very interested in making this
work with centralized adiminstration.
Some months ago there was an very interesting discussion about this,
with usefull links.

So UDP has some disadvantages cause it does not have the confirmation
a package is received TCP has.
Building something myself for the client is not a problem. But the
server is another thing. It has to allow
the client to open another connection over UDP. Extensions have to be
used here for the client to discover the server supports it.

A counter administration has to be used apart from the existing
counter mechanism for the session over TCP.
It looks a good idea to only use this "UDP channel" for bigger data
like reading and writing files, not for every sftp command.
I'm just thinking outloud, not suggesting anything.

Stef Bon


More information about the openssh-unix-dev mailing list