First Church of Terry

Terry built the Temple, we must build the Church
http://terrys.church/

SSH discussion and interesting / viable alternatives

http://terrys.church/viewtopic.php?t=21

Page 1 of 1

SSH discussion and interesting / viable alternatives

Posted: Mon Dec 18, 2023 7:40 am
by masayuki
Been thinking more about OpenSSH after having xs recommended to me. OpenSSH took a good while to become Quantum-Resistant, and xs seems to of done it years before and has a more pro-active approach to security. (But I haven't looked into xs that much!) But it's interesting and now I'm thinking about it and so now I post my thoughts
https://gogs.blitter.com/RLabs/xs

I don't use systemd due to LoC bloat + memory-unsafe = hiding BoF's
By the same logic then, should we not use OpenSSH?

There are a lot of viable alternatives for basic management of a system over remote-session.
OpenSSH though provides a lot more features, one I use a lot is being able to reverse-bind ports to a system for testing (or forwarding) of services.

Anyways yeah, talk about OpenSSH here and related tools.

Re: SSH discussion and interesting / viable alternatives

Posted: Wed Dec 20, 2023 3:42 am
by masayuki
SSH is so incredibly versatile. Usually you'd think it operates on the Application level (which is usually correct!), but it also lives on 5, and can even live on LAYER 2!?
https://angrysysadmins.tech/index.php/2 ... -machines/
Like what?

Anyways I've been looking into alternatives for tunneling because SSH is kind of slow, but surprisingly no one on the internet is really able to explain why SSH tunnels are slow. Some people say its due to TCP over TCP (which is incorrect) [1] [2] [3]. But so far my understanding is that it's due to a. Latency with decapsulating and re-encapsulating TCP packets b. Latency with encryption c. Application layer operations d. Lack of optimization
I think D is kind of the biggest factor. SSH is primarily focused for security and well, being a remote shell, not tunneling or any other of its swissarmy suite of features. For instance, something that is optimized for tunnels, Wireguard, is LEAGUES faster than SSH for tunnels [4] (along with a number of other improvements [5]), and that's mostly because Wireguard is optimized so heavily for speed. Even against OpenVPN its way better.

Anyways, from my caffeine induced and scattered research session, I have even more motivations to switch away from SSH. It does a LOT, but it doesn't do much well. If all you need is a remote shell, pick xs. If all you need is a tunnel, Wireguard.

I'll continue to update this thread as I learn more

1. https://news.ycombinator.com/item?id=15774966
2. https://unix.stackexchange.com/a/667555/590781
3. https://serverfault.com/questions/65321 ... 509_653211
4. https://forums.gentoo.org/viewtopic-p-8778866.html
5. https://news.ycombinator.com/item?id=21162273
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited