Re: “Stripped-down” SSH (no encryption or authentication, just forwarding)

Nico Kadel-Garcia nkadel at gmail.com
Wed Oct 16 23:07:08 AEDT 2019


On Tue, Oct 15, 2019 at 8:16 PM Demi M. Obenour <demiobenour at gmail.com> wrote:
>
> On 2019-10-15 20:00, asymptosis wrote:
> > On Tue, Oct 15, 2019 at 07:43:00PM -0400, Demi M. Obenour wrote:
> >> On 2019-10-15 19:11, Job Snijders wrote:
> >>> The S in SSH stands for secure. You are asking the wrong group of people.
> >>> You’ll have to resolve your issue in some other way.
> >>>
> >> This tool would only support running on stdin/stdout.  Indeed,
> >> an idiomatic use-case would be to use it as the command argument
> >> to ssh(1).  The assumption I am making is that anyone that can pass
> >> arbitrary data to this tool over stdin can also obtain a shell (with
> >> the same privileges).
> >
> > It smells like an XY-problem. I gather you are after something like a reverse proxy, so why not just use something which advertises reverse proxying, like nginx or haproxy?
> >
> > If they are still too heavy I would also check whether your requirements could
> > be met by netcat.
> >
> As I mentioned in another email, what I am really looking for is
> multiplexing multiple socket connections over a single full-duplex
> stream.  None of the tools you just mentioned can do this.  HTTP/2
> connection multiplexing can almost do this, but my understanding is
> that it is meant as an optimization only.
>
> If you do know of such a tool, I would love to know what it is!

stunnel? https://www.stunnel.org/static/stunnel.html ?


More information about the openssh-unix-dev mailing list