Demi M. Obenour
2019-Oct-15 23:43 UTC
Re: “Stripped-down” SSH (no encryption or authentication, just forwarding)
On 2019-10-15 19:11, Job Snijders wrote:> The S in SSH stands for secure. You are asking the wrong group of people. > You?ll have to resolve your issue in some other way. >This tool would only support running on stdin/stdout. Indeed, an idiomatic use-case would be to use it as the command argument to ssh(1). The assumption I am making is that anyone that can pass arbitrary data to this tool over stdin can also obtain a shell (with the same privileges). Sincerely, Demi -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20191015/335944fc/attachment-0001.asc>
asymptosis
2019-Oct-16 00:00 UTC
“Stripped-down” SSH (no encryption or authentication, just forwarding)
On Tue, Oct 15, 2019 at 07:43:00PM -0400, Demi M. Obenour wrote:> On 2019-10-15 19:11, Job Snijders wrote: > > The S in SSH stands for secure. You are asking the wrong group of people. > > You?ll have to resolve your issue in some other way. > > > This tool would only support running on stdin/stdout. Indeed, > an idiomatic use-case would be to use it as the command argument > to ssh(1). The assumption I am making is that anyone that can pass > arbitrary data to this tool over stdin can also obtain a shell (with > the same privileges).It smells like an XY-problem. I gather you are after something like a reverse proxy, so why not just use something which advertises reverse proxying, like nginx or haproxy? If they are still too heavy I would also check whether your requirements could be met by netcat.
Demi M. Obenour
2019-Oct-16 00:04 UTC
Re: “Stripped-down” SSH (no encryption or authentication, just forwarding)
On 2019-10-15 20:00, asymptosis wrote:> On Tue, Oct 15, 2019 at 07:43:00PM -0400, Demi M. Obenour wrote: >> On 2019-10-15 19:11, Job Snijders wrote: >>> The S in SSH stands for secure. You are asking the wrong group of people. >>> You?ll have to resolve your issue in some other way. >>> >> This tool would only support running on stdin/stdout. Indeed, >> an idiomatic use-case would be to use it as the command argument >> to ssh(1). The assumption I am making is that anyone that can pass >> arbitrary data to this tool over stdin can also obtain a shell (with >> the same privileges). > > It smells like an XY-problem. I gather you are after something like a reverse proxy, so why not just use something which advertises reverse proxying, like nginx or haproxy? > > If they are still too heavy I would also check whether your requirements could > be met by netcat. >As I mentioned in another email, what I am really looking for is multiplexing multiple socket connections over a single full-duplex stream. None of the tools you just mentioned can do this. HTTP/2 connection multiplexing can almost do this, but my understanding is that it is meant as an optimization only. If you do know of such a tool, I would love to know what it is! Thank you, Demi -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20191015/885d0338/attachment.asc>
Reasonably Related Threads
- Re: “Stripped-down” SSH (no encryption or authentication, just forwarding)
- “Stripped-down” SSH (no encryption or authentication, just forwarding)
- Re: “Stripped-down” SSH (no encryption or authentication, just forwarding)
- ssh host keys on cloned virtual machines
- SFTP support for subsecond times