UDP for data?

[Selphie Keller]

Take a look at MOSH it uses UDP and AES-OCB to provide SSH over UDP, though
it's for terminal access on unreliable networks that change IP addresses
like wireless / wifi / cell networks.

On 12 July 2018 at 01:05, Stef Bon <stefbon at gmail.com> wrote:

> Thanks a lot for your feedback.
>
> David, I'm not suggesting to change openssh, and be suprised and upset
> when pacthes are not acccepted.
> That's not my style, I'm informing about the ability to make openssh
> work with udp (without any patches).
>
> I'm working on a project which offers automatic access to users to
> fileservices like smb,nfs and sftp using avahi for detection and fuse.
> And I wrote my own
> ssh and sftp clients. The simple public key auth works (serverkey in
> ~/.ssh/known_hosts and users public key in ~/.ssh/authorized_keys on
> server ) I'm testing openssh certificates and wanting to make it work
> with yubikey and nitrokey. I'm also very interested in making this
> work with centralized adiminstration.
> Some months ago there was an very interesting discussion about this,
> with usefull links.
>
> So UDP has some disadvantages cause it does not have the confirmation
> a package is received TCP has.
> Building something myself for the client is not a problem. But the
> server is another thing. It has to allow
> the client to open another connection over UDP. Extensions have to be
> used here for the client to discover the server supports it.
>
> A counter administration has to be used apart from the existing
> counter mechanism for the session over TCP.
> It looks a good idea to only use this "UDP channel" for bigger data
> like reading and writing files, not for every sftp command.
> I'm just thinking outloud, not suggesting anything.
>
> Stef Bon
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>