In no particular order my wishlist would be: - Support for the final PQC candidates NIST choose - Having ssh-key based logins consult PAM so that external modules could make additional judgement calls or update login statistics. On Wed, Oct 18, 2023 at 2:13 PM Steffen Nurpmeso <steffen@xxxxxxxxxx> wrote: > Chris Rapier wrote in > <8e8c9940-4b65-448b-8290-336da1299cdf@xxxxxxx>: > |On 10/18/23 2:56 PM, Steffen Nurpmeso wrote: > |> Chris Rapier wrote in > |> <9b9c0475-7c4f-468a-b6bf-7921fb5e276c@xxxxxxx>: > |>|So I do some development based on openssh and I'm trying to think of > |>|some new projects that might extend the functionality, feature set, > user > |>|workflow, performance, etc of ssh. > ... > |> SSH over UDP (or "any other non-stream", or "auto-connection-re- > |> establish" protocol). I do not know how it can work for you all > |> if you have internet access via wlan; maybe ipsec is also an > |> option, i do not use it as i am afraid of the setup (on all end > |> points; there is that interesting thing for OpenBSD, but i never > |> heard anything real again -- and OpenBSD only of course), and > |> WireGuard does this really nicely! > ... > |We have been looking at implementing different protocols other than TCP. > |QUIC, for example, looks promising. We're mostly looking at that for > > Yes. Yes, that. > > |throughput performance though. I don't know if that would work in your > |specific use case though. > > Sure it would. OpenSSL put a lot of efforts to have a complete > implementation, as far as i know, and OpenBSD also reported > a success-over-QUIC, but i looked even less. But that comes. > > |> Now the only thing that remains is that ~60 second connection > |> limit for OpenBSD downloads on their main server, since with > |> 64KBit you cannot even download the openssh ball within. > | > |Your throughput is limited to 64Kbps? Is that a limitation of wireguard > |or some other issue? > > Only when the bandwidth is out. Or when sharing in between many > breaks down the thing. Or when that whoever it is bombs the > neighbourhood with electromagnetic storms so that anything > wireless inclusive DVB-T. The former two happen quite frequently. > 'Don't think WireGuard is a resource hog or bandwidth killer from > what i know. But i never have done performance testing. > > --steffen > | > |Der Kragenbaer, The moon bear, > |der holt sich munter he cheerfully and one by one > |einen nach dem anderen runter wa.ks himself off > |(By Robert Gernhardt) > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
