search

francoismichel / ssh3

SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/
https://arxiv.org/abs/2312.08396
Apache License 2.0
3.18k stars 81 forks source link

Support for reverse connections #41

Open siepkes opened 6 months ago

siepkes commented 6 months ago

First of all let me say this seems like a really interesting project!

One thing I think it could also be useful for is remote access to IoT devices. IoT devices often sit behind a NAT and only have outbound HTTP access. Granted, sometimes they might not even have outbound HTTP/3 access due to UDP restrictions but I think those days are numbered and those cases are limited. These devices sometimes also have laggy Internet connections over 2G (for which SSH3 seems like a good fit). Therefore it would be beneficial if SSH3 supported a reverse persistent connection. Where the "client" sets up a persistent connection to a server (like for example autossh).

francoismichel commented 6 months ago

Thanks for the feedback ! That would be great indeed. One "easy" way to achieve this would be to do reverse UDP port forwarding and then connect to the device using that, tunnelling the inbound connections through the UDP reverse tunnel.

I am a bit overloaded right now, so I might not implement this in the coming days but reverse port forwarding is for sure in the list of important features to implement next :-)

ezbik commented 6 months ago

There are numerous ways to achieve it, e.g. with the gost.run tool. You can make reverse connections (TCP / UDP ) to machines behind NAT.