Re: “Stripped-down” SSH (no encryption or authentication, just forwarding)

Demi M. Obenour demiobenour at gmail.com
Wed Oct 16 12:07:12 AEDT 2019


On 2019-10-15 20:45, hvjunk wrote:
> 
> The more I read this, and your other responses, the more I have the funny feeling you are looking for the -L & -R options, perhaps the -J option and should consider the -D & -w & -W  options too.
> 
The -L, -N, -oStrictHostKeyChecking=no, and -oProxyCommand= options
to ssh(1), and the -i option to sshd(8), do indeed do what I need.
As I said, however, the interface is rather clumsy: I don’t need
host keys at all (since the connection is already authenticated),
and the encryption is needless overhead when the connection is over
Xen shared memory.  My ultimate solution did, in fact, use OpenSSH
as it exists today.  I just think that it can be improved :).
> 
>> Another alternative would be additional options, like
>> `-oIPromiseMyConnectionIsTrustedDisableAuthenticationAndEncryption=yes`,
>> to ssh(1) and sshd(8).
>>
>> How difficult would it be to incorporate such a tool into OpenSSH?
>> If this is not something the OpenSSH developers are interested in, I
>> could try to write one myself, but that would likely be significantly
>> more effort and duplicate capabilities already found in the OpenSSH
>> codebase.  I also won’t have time for quite a while.
>>
>> Disclaimer: I have almost no knowledge of the SSH protocol, and
>> have not looked at the OpenSSH source code.  I am merely a (very)
>> happy user.
> 
> Perhaps re-read the ssh(1) manual pages…. I found the -w & -W options as I were preparing for a VPN talk the past month ;) (And I’ve been using SSH since 1993)
> 
> Else, you might consider VTUN for a stream forwarding option too (and not just a tap/tun connection)
> 
I just installed vtun, and it can indeed forward streams.  However,
it seems to also require one connection per stream.  If it had all
the forwarding abilities that OpenSSH has, and its client was equally
secure against malicious servers, it would be an ideal solution.

Sincerely,

Demi

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20191015/62f3db0b/attachment.asc>


More information about the openssh-unix-dev mailing list