Re: SSH over websockets

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 30/01/15 08:39, Phil Lello wrote:

> It will depend on how picky the firewalls are. You may prefer to embed it into a https stream,

That's certainly worth considering. However, my focus when posting was more motivated by defining a standard for ssh - over - web sockets, such as ws://host/path, along with a standard (as opposed to proxy command) implementation.

How would then programs (like vcs) that use a path like ssh://host/path to mean "connect remotely using ssh" learn what to do with a ssh-over-websocket url if you used ws:// there? IMHO ssh-over-websocket should be ssh+ws://
(if at all desired)

I think in intranet environments tunneling over HTTP is good so that firewalls can inspect session setup/endpoints; in public environments I'd go for HTTPS to prevent precisely that.

The first thing a websocket client would do if knowingly using a proxy would be to open a HTTP tunnel with CONNECT. If that's allowed by the proxy, you could as well use ssh-over-http directly, instead of websockets.

So, would a patch to the client to support hostnames as ws:// or wss:// be a welcome addition? If so, should a reference server be included too, given that I would be doing this as an apache module?

If any, I would make ssh connect directly to a ssh:// url, and for a ssh+foo(\+[^:])*:// execute a 'foo' wrapper (eg. /usr/bin/tunnel.foo) as ProxyCommand

I'm not convinced of the general usefulness of doing ssh over websockets yet.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux