Hi all, I can't find a working archive search for this list, so please forgive me if this has been discussed before. Has any thought been given to supporting websockets in the ssh client? I'm talking about solely using a websocket as the transport layer, and leaving the actual protocol intact, as opposed to the (to me, frankly terrifying) idea of allowing a web server to act as an ssh client to a regular sshd and providing a terminal interface. I'm weighing up the pros and cons of this idea in my own mind at the moment, and whilst I like the idea for providing another transport to services such as git-over-ssh, I can't help wonder if it would encourage poor network security. My main motivation is that it is generally easier to route HTTP across multiple corporate firewalls than getting ports opened for ssh (even if it is an embedded sshd such as in gerrit rather than an actual shell). That said, my main motivation is also probably the biggest reason not to push this as a standard part of the ssh client. I'm not subscribed to the list, please cc me in any responses. Best wishes, Phil Lello
On 29 Jan 2015, at 19:55, Phil Lello <phil at dunlop-lello.uk> wrote:> Has any thought been given to supporting websockets in the ssh client? I'm > talking about solely using a websocket as the transport layer, and leaving > the actual protocol intact, as opposed to the (to me, frankly terrifying) > idea of allowing a web server to act as an ssh client to a regular sshd and > providing a terminal interface.Be frightened: https://chrome.google.com/webstore/detail/secure-shell/pnhechapfaindjhompbnflcldabbghjo?hl=en -- Alex Bligh
On Thu, Jan 29, 2015 at 2:55 PM, Phil Lello <phil at dunlop-lello.uk> wrote:> > Has any thought been given to supporting websockets in the ssh client?No, but you could implement it on the client side in a ProxyCommand. I dunno how you'd route from the websocket whatever to sshd on the server side but I imagine it'd be possible. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On 29/01/15 21:15, Alex Bligh wrote:> Be frightened: > https://chrome.google.com/webstore/detail/secure-shell/pnhechapfaindjhompbnflcldabbghjo?hl=en >That's a ssh client implemented in chromium, not a web server acting as sshd. However... ?Secure Shell also knows how to connect to an HTTP-to-ssh relay that was built inside Google. Unfortunately that relay isn't open source, and Google doesn't maintain a public pool of relays? -- http://git.chromium.org/gitweb/?p=chromiumos/platform/assets.git;a=blob;f=chromeapps/nassh/doc/faq.txt Phil wrote:> My main motivation is that it is generally easier to route HTTP across > multiple corporate firewalls than getting ports opened for ssh (even if it > is an embedded sshd such as in gerrit rather than an actual shell).It will depend on how picky the firewalls are. You may prefer to embed it into a https stream, such as using a proxy command of socat - openssl-connect:%h:%p