SSH3: Faster and rich secure shell using HTTP/3

(github.com)

532 points tempaccount420 | 1 comments | 27 Sep 25 14:27 UTC | HN request time: 0.376s | source

Show context

eqvinox ◴[27 Sep 25 17:35 UTC] No.45397793[source]▶

I feel like this should really be SSH over QUIC, without the HTTP authorization mechanisms. Apart from the latter not really being used at all for users (only for API calls, Bearer auth), shell logins have a whole truckload of their own semantics. e.g. you'd be in a rather large amount of pain trying to wire PAM TOTP (or even just password+OTP) into HTTP auth…

replies(2): >>45397861 #>>45398328 #

axiolite ◴[27 Sep 25 18:36 UTC] No.45398328[source]▶

>>45397793 #

That has been around for years:

https://github.com/moul/quicssh

replies(1): >>45398505 #

1. eqvinox ◴[27 Sep 25 19:00 UTC] No.45398505[source]▶

>>45398328 #

I guess it didn't get traction… whether that happens honestly feels like a fickle, random thing.

To be fair, a go project as sole implementation (I assume it is that?) is a no-go, for example we couldn't even deploy it on all our systems since last I checked Go doesn't support ppc64. (BE, not ppc64le)

I also don't see a protocol specification in there.

[edit] actually, no, this is not SSH over QUIC. This is SSH over single bidi stream transport over QUIC, it's just a ProxyCommand. That's not how SSH over QUIC should behave, it needs to be natively QUIC so it can take advantage of the multi-stream features. And the built-in TLS.

↑