Re: “Stripped-down” SSH (no encryption or authentication, just forwarding)

Demi M. Obenour demiobenour at gmail.com
Wed Oct 16 11:04:51 AEDT 2019


On 2019-10-15 20:00, asymptosis wrote:
> On Tue, Oct 15, 2019 at 07:43:00PM -0400, Demi M. Obenour wrote:
>> On 2019-10-15 19:11, Job Snijders wrote:
>>> The S in SSH stands for secure. You are asking the wrong group of people.
>>> You’ll have to resolve your issue in some other way.
>>>
>> This tool would only support running on stdin/stdout.  Indeed,
>> an idiomatic use-case would be to use it as the command argument
>> to ssh(1).  The assumption I am making is that anyone that can pass
>> arbitrary data to this tool over stdin can also obtain a shell (with
>> the same privileges).
> 
> It smells like an XY-problem. I gather you are after something like a reverse proxy, so why not just use something which advertises reverse proxying, like nginx or haproxy?
> 
> If they are still too heavy I would also check whether your requirements could
> be met by netcat.
> 
As I mentioned in another email, what I am really looking for is
multiplexing multiple socket connections over a single full-duplex
stream.  None of the tools you just mentioned can do this.  HTTP/2
connection multiplexing can almost do this, but my understanding is
that it is meant as an optimization only.

If you do know of such a tool, I would love to know what it is!

Thank you,

Demi


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20191015/885d0338/attachment.asc>


More information about the openssh-unix-dev mailing list