SOCKSv6 and OpenSSH

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi there,

I'm Vladimir Olteanu (or just Vlad, for short), and I'm working on the SOCKSv6 protocol. It is being discussed at the IETF (https://tools.ietf.org/html/draft-olteanu-intarea-socks-6-10). The spec has matured somewhat and is currently undergoing an adoption call at the Intarea WG.

I would like to get your opinion on this newer version of the protocol, in particular on how it would work for OpenSSH and what features and tweaks you'd like to see included.

Version 6's core functionality is roughly equivalent to v4. It is extensible and has several optional features, like:

 * 0-RTT authentication

 * A setsockopt()-like mechanism (which can notably be used to request TFO)

 * Full support for hosting TCP services behind the proxy

 * DNS proxy

 * Protection against replays

 * Zero (or even negative!) RTT overhead compared to connecting to the server directly, assuming the proxy is on path

There's also an implementation available on Github:

 * Message library: https://github.com/45G/libsocks6msg
 * Utility library: https://github.com/45G/libsocks6util
 * TCP proxy and transparent proxifier: https://github.com/45G/sixtysocks

The libraries are written in C++, but also have C bindings, so they could be used for a potential OpenSSH + SOCKSv6 prototype.

Cheers,

Vlad


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux