Chris Rapier wrote in <9b9c0475-7c4f-468a-b6bf-7921fb5e276c@xxxxxxx>: |So I do some development based on openssh and I'm trying to think of |some new projects that might extend the functionality, feature set, user |workflow, performance, etc of ssh. Despite my own two year old SIGUSR1 for ssh-agent that i rebase all the time. SSH over UDP (or "any other non-stream", or "auto-connection-re- establish" protocol). I do not know how it can work for you all if you have internet access via wlan; maybe ipsec is also an option, i do not use it as i am afraid of the setup (on all end points; there is that interesting thing for OpenBSD, but i never heard anything real again -- and OpenBSD only of course), and WireGuard does this really nicely! Yes i am thankful for the UDP based WireGuard, it improved my SSH experience tremendously, as eventual "reconnections" are not seen by OpenSSH at all, it is only the timeouts that keep on ticking. As WG also then bypasses the normal FILTER firewall once a connection is established, i can use super strict firewalling rules on the freely chosen ports WG listens on. This did not work out with plain SSH even with ControlMaster as after connection break you, well, have to re-establish a TCP connection, thus counting against the limit. (I mean i do have a port-knocking thing that whitelists me for 30 seconds, NOW, before it only could remove all occurrances of the remote IP from all firewall lists. Now i simply can thereafter use WG (wg show XX dump) to whitelist in an early "table" any client that successfully connected (in the last X seconds). What a relieve!) Now the only thing that remains is that ~60 second connection limit for OpenBSD downloads on their main server, since with 64KBit you cannot even download the openssh ball within. Thank you. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
