Open burntheplanet opened 1 year ago
So is my inquiry as well!
Isn't SSH proxy better for personal use?
Like they can't put a server in black list only because of having SSH traffic.
And It's already well encrypted!
It depends on your ISP. Some ISPs throttle SSH traffic or drop the SSH session after some passed time for at least some of the cloud providers. Therefore, it almost impossible to use SSH in some situations.
Furthermore, you usually don't want to share your SSH credentials with someone else to just help them to overcome the censorship. You may create a non-privilaged user for them, but they still access to so many things. Proxy tools usually have a built-in user management system to add/remove users on the fly without restarting the service and interrupting the other users.
They also provide more throughput on the same bandwidth in comparison to SSH.
@Soberia Oh, I see. Apparently, for my ISP (Irancell TD-LTE), it seems like it is not throttled whatsoever, since I'm getting around the same speed as native, with around 0% packet loss and connection lasting for at least 3+ hours as tested so far. The only issue might be user management, which is fine for me since I am the only one using it. On a technical term tho, how are other solutions hypothetically able to provide more bandwidth than SSH? Don't they have stronger and longer encryptions and obfuscations than SSH?
I'm not sure why but I think it must be related to their implementations. In my tests with Irancell LTE, I reached 120Mb with Trojan over xTLS and 80Mb with SSH (both proxied in v2rayN
)
@burntheplanet
To be honest with you, a huge traffic coming from SSH is not very usual. Administrators and developers usually upload (send) noticeable traffic over ssh to their server using SCP or whatever, but they tend to not get huge files from their servers, at least I cannot think of any scenario that is needed (they might use SFTP though, which is ssl based, not ssh based). Therefore, personally, I think when it comes to downloading large files, or watching movies, perhaps it is better to use https rather than ssh. Other than that, I see no other benefit. As for restricting user's permission on shell, you can unset Path variable for them.
@arandomgstring yeah, that is true. But I guess in the end, their suspicion just leads to the IP getting blacklisted. And since the IP is dynamic, that's no big deal.
@burntheplanet Since when has VPS's IP become dynamic?
In Iran, there's documentation of SSH being throttled as far back as 2013. The specific observations are likely to be obsolete today, but it shows that circumvention has been more complicated than just using an SSH proxy for many years.
https://censorbib.nymity.ch/#Aryan2013a
For HTTP and HTTPS file transfers, Aryan used 85% and 89% of its total bandwidth on average, respectively. In contrast, for SSH file transfers, only 15% was utilized on average. All of our measurements were within 5% of these averages.
To confirm that this decrease resulted from the censor’s interference, we proceeded to obfuscate our SSH file transfer (and therefore the unencrypted portion of its handshake) by XORing packet payloads with a predefined constant key. In this way, we expected to circumvent the censor’s efforts to detect and throttle our SSH tunnel. Surprisingly, all of the trials using this modified SSH tunnel exhibited even worse performance. The obfuscated connection was constantly throttled to the point that download speed dropped to near zero at around 60 seconds into the connection. This resulted in incomplete file transfers during all of our trials.
From this observation, we hypothesize that instead of blacklisting undesired protocols, the censorship system was configured to whitelist approved protocols.
@arandomgstring I have an Amazon Lightsail instance, and those have a dynamic IP by default if you don't attach any static IP to them. Even if you do, the static IP can be changed just by removing and attaching another one, which can be done for free.
@wkrp Yeah, I also heard from a few of my friends that SSH is throttled for them. But for me, I am getting speeds as much as 90 Mb/s, which is even higher than my native internet speed somehow. And compared to only 30 Mb/s with Trojan and 35 Mb/s with Vless, it's much higher. Just for statistical purposes, SSH doesn't seem to be limited on Irancell yet (at least for me).
@burntheplanet may i ask what client you use on your phone for this purpose?
@iminsightman
Why do you use SSH over shadowsocks, when SSH itself is secure enough?
Recently I realized that the best protocol that works almost flawlessly on my private server with most ISPs in Iran is actually SSH. Vless + XTLS + Vision or Trojan + XTLS barely work on Irancell, but SSH works without any packet loss or throttling. However, it seems like everyone recommends either V2Ray or Xray. So, are there any disadvantages to using just a simple SSH tunnel? Can they distinguish it from a regular SSH usage scenario? If not, then considering SSH works the best in terms of speed and reliability, is Xray/V2Ray still the recommended solution (for me)? Thanks