Re: Re: “Stripped-down” SSH (no encryption or authentication, just forwarding)
Jochen.Bern at binect.de
Wed Oct 16 19:16:58 AEDT 2019
On 10/16/2019 02:04 AM, Demi M. Obenour wrote:
> As I mentioned in another email, what I am really looking for is
> multiplexing multiple socket connections over a single full-duplex
As far as I know, SSH's forwarding allows only one kind of "socket",
namely, TCP connections - as opposed to, e.g., UNIX sockets.
If that's what you mean, my recommendation would be to establish the
"trunk" connection not with OpenSSH, but OpenVPN.
OpenVPN can use TCP and (preferred) UDP for the "trunk", can AFAIK be
configured not to encrypt the *data* stream at all, will automatically
re-establish the "trunk" when it gets closed, and the server can "push"
a route to the subnet your Docker containers live in to the client. (If
that subnet or the addresses thereon tend(s) to *change* over time,
finding the proper IPs to connect to from the VPN client might become a
If you want to avoid even the *potential* overhead of the encryption
parts of a VPN software like OpenVPN, my next suggestion would be GRE,
but I haven't done *that* on a unixoid base yet and you *will* have to
do quite some work to permit GRE tunnels from A to B through all the
firewalls that may sit on the path ...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
More information about the openssh-unix-dev