Showing posts from June, 2019

The case for SSH over UDP

I was recently led to the following excellent, humorous article about the current state of Internet protocols – and the winding road that brought us here:

The world in which IPv6 was a good design
I agree with Avery as he identifies a future necessity: replacing TCP with an encrypted, UDP-based protocol like QUIC that will no longer identify sessions with a 4-tuple (clientIP, clientPort, serverIP, serverPort), but instead with a random session ID. This would allow clients to change their IP address, e.g. between WiFi connections, while continuing the session state. This is not currently possible with TCP, with IPv6 or not.

The Secure Shell protocol is built on top of TCP. This creates for SSH a number of problems:
Anyone can send a TCP RST in your name (faking the IP and port; it can be brute-forced), which breaks your connection. Routers that unilaterally decide your connection is "taking too long" are in a special position to do so.If there's a data transmission error (p…