openssh bugs - Jun 2009 - [Bug 1604] New: SCTP support for openssh

https://bugzilla.mindrot.org/show_bug.cgi?id=1604

           Summary: SCTP support for openssh
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Miscellaneous
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: jchadima at redhat.com


Created an attachment (id=1646)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1646)
patch which solves the problem

SCTP is network protocol similar to TCP. Openssh traffic can be
transmited by SCTP instead of TCP.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604


Maciej ?enczykowski <zenczykowski at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |zenczykowski at gmail.com




--- Comment #1 from Maciej ?enczykowski <zenczykowski at gmail.com> 
2009-06-19 04:36:58 ---
(outside observer)

While I agree that getting SCTP support for SSH would be real nice. 
The presented patch merely uses SCTP in (what is effectively) TCP
emulation mode.

SCTP offers a lot of features that mesh well with ssh, ie.:
 - seperate channels for stdin/stdout/stderr, for every port forward,
for authentication agents, X forwarding, etc.
 - the ability to monitor IP addresses available on the machine the
client or server is running on and add these to the existing connection
 - others?

I realize of course that implementing all these 'features' would be a
*lot* more work than simply using TCP emulation mode.  However if we
start off with TCP emulation mode won't we than have to support it for
ever more - wouldn't it make sense to start of with a _real_
implementation?  Is there a benefit to supporting ssh over sctp in tcp
emulation mode?  Won't performance be pretty much identical to using
tcp?

(really just food for thought...)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604


jchadima at redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jchadima at redhat.com




--- Comment #2 from jchadima at redhat.com  2009-06-19 07:06:51 ---
The main benefit from using SCTP is access to non TCP accessible sites.
Or blocked by firewalls or connected via pure SCTP network.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604





--- Comment #3 from Maciej ?enczykowski <zenczykowski at gmail.com> 
2009-06-19 08:10:58 ---
> The main benefit from using SCTP is access to non TCP accessible sites.
> Or blocked by firewalls or connected via pure SCTP network.
SCTP is not a new protocol the likes of ipv6, as such I'm not quite
sure what you mean by a pure SCTP network.  The only reasonable case of
a pure SCTP network I can think of is in a test lab, where UDP & TCP
have been blocked to promote SCTP.

If a firewall is really restrictive enough to block ssh/tcp traffic
then it will probably also block unknown protocols (ie. sctp) anyway -
or it will implement the same policy for ssh/sctp as for ssh/tcp.  Thus
switching ssh from tcp to sctp will rarely help avoid the firewall.

Since using SCTP requires both SCTP capable client ssh and server sshd
binaries, with sctp access enabled, I fail to see how in all but very
very rare cases this is an easier solution than getting a tcp port
opened.

(I've actually run sshd/ssh over sctp with an ld_preload tcp->sctp
converter, and I'm mostly commenting here out of curiosity, since I'd
really like to see a real ssh over sctp implementation)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604





--- Comment #4 from jchadima at redhat.com  2009-06-22 02:50:57 ---
a) many "firewals" are not so restrictive, so unknown => pass
b) this is the first try of SCTP. If success there are other goals as
QoS requirements.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604





--- Comment #5 from Maciej ?enczykowski <zenczykowski at gmail.com> 
2009-06-22 05:08:59 ---
OK, I guess I'm just hoping that this doesn't prevent a full-fledged
implementation later on due to the need to maintain backward
compatibility.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604





--- Comment #6 from jchadima at redhat.com  2009-06-22 16:49:31 ---
I think that this is a basis of it. This patch brings a possibility to
play with other SCTP features.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
           Severity|normal                      |enhancement
           Priority|P2                          |P5

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604

Samuel Thibault <samuel.thibault at ens-lyon.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |samuel.thibault at ens-lyon.or
                   |                            |g

--- Comment #7 from Samuel Thibault <samuel.thibault at ens-lyon.org>
2010-02-10 04:02:32 EST ---
What I need most is roaming between IP addresses, when e.g. switching
between various wired and wireless networks.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604

Mark van Cuijk <mark at van-cuijk.nl> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mark at van-cuijk.nl

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604

--- Comment #8 from Mark van Cuijk <mark at van-cuijk.nl> 2010-02-11
07:01:27 EST ---
I'm interested in exploring the options for the SSH protocol to make
use of the multi-streaming capability of SCTP as a Master thesis.

As part of the project I'd like to explore several methods of mapping
logical channels in the Connection Protocol to individual streams in
SCTP, research the possible effect on confidentiality and integrity of
these choices and implement at least on of the methods in OpenSSH.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604

Jan F. Chadima <jfch at jagda.eu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jfch at jagda.eu

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1604

Olivier Van Acker <cyberroadie at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cyberroadie at gmail.com

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.