SSH as discard server?
rapier
rapier at psc.edu
Sat Aug 7 01:47:53 AEST 2021
Understood. That's why I was looking at doing in cipher_crypt. All the
other mechanism should JustWork(tm). Maybe.
That said, that's sort of what I do in the none cipher switch in hpnssh.
Instead of running through a decrypt process it just does a memcpy from
src to dst and returns.
Thanks
Chris
On 8/6/21 11:27 AM, Brian Candler wrote:
> After authentication, the ssh client is almost certainly going to
> request a channel. If you don't acknowledge that, it will hang. It can
> then request further channels at any point during the connection.
> Handling this requires decrypting the traffic. Any "sink" server that
> doesn't bother to decrypt packets will need to be written in a way which
> is very specific to the way the client uses SSH.
>
> From the intro to rfc4254:
>
> This document describes the SSH Connection Protocol. It provides
> interactive login sessions, remote execution of commands, forwarded
> TCP/IP connections, and forwarded X11 connections. **All of these channels are multiplexed into a single encrypted tunnel**.
>
> (my emphasis)
>
More information about the openssh-unix-dev
mailing list