←back to thread

SSH3: Faster and rich secure shell using HTTP/3

(github.com)
532 points tempaccount420 | 1 comments | 27 Sep 25 14:27 UTC | HN request time: 0.199s | source
Show context
kelnos ◴[27 Sep 25 18:50 UTC] No.45398425[source]
> Establishing a new session with SSHv2 can take 5 to 7 network round-trip times, which can easily be noticed by the user. SSH3 only needs 3 round-trip times. The keystroke latency in a running session is unchanged.

Bummer. From a user perspective, I don't see the appeal. Connection setup time has never been an annoyance for me.

SSH is battle-tested. This feels risky to trust, even whenever they end up declaring it production-ready.

replies(7): >>45399046 #>>45399565 #>>45399743 #>>45399861 #>>45401100 #>>45401784 #>>45402561 #
pancsta ◴[27 Sep 25 22:24 UTC] No.45399861[source]
UDP tunnels are the main feature, way lighter than wireguard, also OpenID auth.
replies(2): >>45400363 #>>45403223 #
rollcat ◴[28 Sep 25 10:21 UTC] No.45403223[source]
Wireguard (and certainly every VPN protocol worth your attention) runs on UDP. TCP-over-TCP is a disaster, no sane person does that.

And what's "lighter" than Wireguard? It's about as simple as it can get (certainly simpler than QUIC).

replies(1): >>45447884 #
1. pancsta ◴[02 Oct 25 10:05 UTC] No.45447884[source]
SSH is always deployed, wireguard needs to be (additionally) deployed. Wireguard gives a network address, SSH gives you a network port.