On Wed, Jul 11, 2018 at 6:58 PM, David Newall <openssh at davidnewall.com> wrote:> I remember, when Sun first released NFS they used UDP for transport because > "performance", and then, not so very long later, had to implement TCP > transport because "reliability".network reliability has changed quite a bit since the 80's. see eg QUIC
On 12/07/18 12:00, Peter Moody wrote:> On Wed, Jul 11, 2018 at 6:58 PM, David Newall <openssh at davidnewall.com> wrote: > >> I remember, when Sun first released NFS they used UDP for transport because >> "performance", and then, not so very long later, had to implement TCP >> transport because "reliability". > network reliability has changed quite a bit since the 80's. see eg QUICEven if under 1 in 1,000,000,000 packets were dropped, that's not zero, so you have to do your own detection and retransmission.
Thanks a lot for your feedback. David, I'm not suggesting to change openssh, and be suprised and upset when pacthes are not acccepted. That's not my style, I'm informing about the ability to make openssh work with udp (without any patches). I'm working on a project which offers automatic access to users to fileservices like smb,nfs and sftp using avahi for detection and fuse. And I wrote my own ssh and sftp clients. The simple public key auth works (serverkey in ~/.ssh/known_hosts and users public key in ~/.ssh/authorized_keys on server ) I'm testing openssh certificates and wanting to make it work with yubikey and nitrokey. I'm also very interested in making this work with centralized adiminstration. Some months ago there was an very interesting discussion about this, with usefull links. So UDP has some disadvantages cause it does not have the confirmation a package is received TCP has. Building something myself for the client is not a problem. But the server is another thing. It has to allow the client to open another connection over UDP. Extensions have to be used here for the client to discover the server supports it. A counter administration has to be used apart from the existing counter mechanism for the session over TCP. It looks a good idea to only use this "UDP channel" for bigger data like reading and writing files, not for every sftp command. I'm just thinking outloud, not suggesting anything. Stef Bon