SSH3: SSH using HTTP/3 and QUIC

1. ssh3

   1 6 3,382 8.8 Go

   SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/

   

   There is now an open issue: https://github.com/francoismichel/ssh3/issues/79

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. quicssh

   2 9 822 0.0 Go

   SSH over QUIC

   

   SSH over QUIC exists: https://github.com/moul/quicssh.

   I don't see any advantage of layering HTTP/3 here. It adds more friction, and the only advantage it brings is being able to "hide" the SSH server over a URL path. I guess x.509 certificates would be fine, but SSH hostkeys, SSHFP or TOFU is enough and far more secure (because it implicitly pins the server public key).

   It's a relatively new project from the looks of it, so I'd definitely not use it anywhere half important having to create something interesting with QUIC and HTTP/3.

4. wstunnel

   3 16 4,939 9.2 Rust

   Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available

   

   If you want to tunnel UDP (WireGuard) or TCP (SSH) over WebSocket protocol, check out https://github.com/erebe/wstunnel

5. monopiped

   4 2 13 3.7 Rust

   A reinterpretation of spiped using monocypher

   

   Also https://github.com/nnathan/monopiped. Just plugging my own project.

6. ssh_pki

   5 2 59 0.0 Go

   PKI support for SSH certificates

   

   If hosts are configured with SSH certificates as part or their setup, you can definitely skip TOFU and determine trust on the first connection. That won't work for the "I need to connect to a random IP address" scenario, but any cloud server exposing SSH can be configured with a certificate signed by a company/personal SSH certificate authority.

   You could configure something delightfully atrocious like https://github.com/mjg59/ssh_pki but I think for most use cases where you connect to loads of SSH servers, host keys and certificate authorities will work just fine.

7. sslh

   6 45 4,813 8.2 C

   Applicative Protocol Multiplexer (e.g. share SSH and HTTPS on the same port)

   

   That already has a (brutal) solution now - sslh https://www.rutschle.net/tech/sslh/README.html - the current version is more sophisticated, but it was originally just a perl script that would send the connection to sshd or the https web server, based on regex matching on an initial string (and I probably timing out and going to sshd if it didn't see one? Something like that, I haven't dug out the old code to check.)

8. pico

   7 25 1,160 9.7 Go

   The ultimate ssh powered services for developers (by picosh)

   

   SNI is absolutely needed. Over at https://pico.sh we have to request an IP for each ssh server even though from a resource perspective we really only need 1 VM. It increases the complexity of our deployments and overall makes us want to figure out how to merge all of our SSH apps into one.

9. Stream

   getstream.io featured

   Stream - Scalable APIs for Chat, Feeds, Moderation, & Video. Stream helps developers build engaging apps that scale to millions with performant and flexible Chat, Feeds, Moderation, and Video APIs and SDKs powered by a global edge network and enterprise-grade infrastructure.

   

10. pam_oidc

    8 1 70 3.7 Go

    pam_oidc authenticates users with an OpenID Connect (OIDC) token.

    

    For oidic there's at least:

    https://github.com/salesforce/pam_oidc

    https://github.com/EOSC-synergy/ssh-oidc

11. ssh-oidc

    9 1 58 2.1

    Documentation for SSH with OIDC

    

    For oidic there's at least:

    https://github.com/salesforce/pam_oidc

    https://github.com/EOSC-synergy/ssh-oidc

12. openssh-portable

    10 51 3,417 9.7 C

    Portable OpenSSH

    

Suggest a related project