ssh wish list?

Ethan Rahn ethan.rahn at gmail.com
Thu Oct 19 08:22:31 AEDT 2023


In no particular order my wishlist would be:

- Support for the final PQC candidates NIST choose
- Having ssh-key based logins consult PAM so that external modules could
make additional judgement calls or update login statistics.

On Wed, Oct 18, 2023 at 2:13 PM Steffen Nurpmeso <steffen at sdaoden.eu> wrote:

> Chris Rapier wrote in
>  <8e8c9940-4b65-448b-8290-336da1299cdf at psc.edu>:
>  |On 10/18/23 2:56 PM, Steffen Nurpmeso wrote:
>  |> Chris Rapier wrote in
>  |>   <9b9c0475-7c4f-468a-b6bf-7921fb5e276c at psc.edu>:
>  |>|So I do some development based on openssh and I'm trying to think of
>  |>|some new projects that might extend the functionality, feature set,
> user
>  |>|workflow, performance, etc of ssh.
>  ...
>  |> SSH over UDP (or "any other non-stream", or "auto-connection-re-
>  |> establish" protocol).  I do not know how it can work for you all
>  |> if you have internet access via wlan; maybe ipsec is also an
>  |> option, i do not use it as i am afraid of the setup (on all end
>  |> points; there is that interesting thing for OpenBSD, but i never
>  |> heard anything real again -- and OpenBSD only of course), and
>  |> WireGuard does this really nicely!
>  ...
>  |We have been looking at implementing different protocols other than TCP.
>  |QUIC, for example, looks promising. We're mostly looking at that for
>
> Yes.  Yes, that.
>
>  |throughput performance though. I don't know if that would work in your
>  |specific use case though.
>
> Sure it would.  OpenSSL put a lot of efforts to have a complete
> implementation, as far as i know, and OpenBSD also reported
> a success-over-QUIC, but i looked even less.  But that comes.
>
>  |> Now the only thing that remains is that ~60 second connection
>  |> limit for OpenBSD downloads on their main server, since with
>  |> 64KBit you cannot even download the openssh ball within.
>  |
>  |Your throughput is limited to 64Kbps? Is that a limitation of wireguard
>  |or some other issue?
>
> Only when the bandwidth is out.  Or when sharing in between many
> breaks down the thing.  Or when that whoever it is bombs the
> neighbourhood with electromagnetic storms so that anything
> wireless inclusive DVB-T.  The former two happen quite frequently.
> 'Don't think WireGuard is a resource hog or bandwidth killer from
> what i know.  But i never have done performance testing.
>
> --steffen
> |
> |Der Kragenbaer,                The moon bear,
> |der holt sich munter           he cheerfully and one by one
> |einen nach dem anderen runter  wa.ks himself off
> |(By Robert Gernhardt)
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>


More information about the openssh-unix-dev mailing list