QUIC proxy that allows to use QUIC to connect to an SSH server without needing to patch the client or the server.

Jun Ouyang

Last update: May 5, 2023

Related tags

Network programming quicssh-rs

Overview

quicssh-rs

😄 quicssh-rs is a QUIC proxy that allows to use QUIC to connect to an SSH server without needing to patch the client or the server.

quicssh-rs is quicssh rust implementation. It is based on quinn and tokio

Why use QUIC? Because SSH is vulnerable in TCP connection environments, and most SSH packets are actually small, so it is only necessary to maintain the SSH connection to use it in any network environment. QUIC is a good choice because it has good weak network optimization and an important feature called connection migration. This means that I can switch Wi-Fi networks freely when remote, ensuring a stable SSH connection.

Demo

demo-quicssh-rs.mp4

Why not mosh?

Because the architecture of mosh requires the opening of many ports to support control and data connections, which is not very user-friendly in many environments. In addition, vscode remote development does not support mosh.

Architecture

Standard SSH connection

┌───────────────────────────────────────┐             ┌───────────────────────┐
│                  bob                  │             │         wopr          │
│ ┌───────────────────────────────────┐ │             │ ┌───────────────────┐ │
│ │           ssh user@wopr           │─┼────tcp──────┼▶│       sshd        │ │
│ └───────────────────────────────────┘ │             │ └───────────────────┘ │
└───────────────────────────────────────┘             └───────────────────────┘

SSH Connection proxified with QUIC

┌───────────────────────────────────────┐             ┌───────────────────────┐
│                  bob                  │             │         wopr          │
│ ┌───────────────────────────────────┐ │             │ ┌───────────────────┐ │
│ │ssh -o ProxyCommand "quicssh-rs    │ │             │ │       sshd        │ │
│ │ client quic://%h:4433             │ │             │ └───────────────────┘ │
│ │       user@wopr                   │ │             │           ▲           │
│ └───────────────────────────────────┘ │             │           │           │
│                   │                   │             │           │           │
│                process                │             │  tcp to localhost:22  │
│                   │                   │             │           │           │
│                   ▼                   │             │           │           │
│ ┌───────────────────────────────────┐ │             │┌─────────────────────┐│
│ │  quicssh-rs client wopr:4433      │─┼─quic (udp)──▶│   quicssh-rs server ││
│ └───────────────────────────────────┘ │             │└─────────────────────┘│
└───────────────────────────────────────┘             └───────────────────────┘

Usage

$ quicssh-rs -h
A simple ssh server based on quic protocol

Usage: quicssh-rs [OPTIONS] <COMMAND>

Commands:
  server  Server
  client  Client
  help    Print this message or the help of the given subcommand(s)

Options:
      --log <LOG_FILE>  Location of log, Defalt if
  -h, --help            Print help
  -V, --version         Print version

Client

$ quicssh-rs client -h
Client

Usage: quicssh-rs client <URL>

Arguments:
  <URL>  Sewrver address

Options:
  -h, --help     Print help
  -V, --version  Print version

Client SSH Config

╰─$ cat ~/.ssh/config
Host test
    HostName test.test
    User root
    Port 22333
    ProxyCommand /Users/ouyangjun/code/quicssh-rs/target/release/quicssh-rs client quic://%h:%p

╰─$ ssh test                                                                                                                                                                  
Last login: Mon May  1 13:32:15 2023 from 127.0.0.1

Server

$ quicssh-rs server -h
Server

Usage: quicssh-rs server [OPTIONS]

Options:
  -l, --listen <LISTEN>  Address to listen on [default: 0.0.0.0:4433]
  -h, --help             Print help
  -V, --version          Print version

pam-send-slack-message is a program that publishes messages on slack when a linux server is accessed through ssh.

pam-send-slack-message pam-send-slack-message is a program that publishes messages on slack when the linux server is accessed through ssh. Installatio

2 Aug 17, 2022

An experimental HTTP server in Rust that supports HTTP/1.1, HTTP/2, and HTTP/3 over QUIC.

🚀 H123 An experimental HTTP server in Rust that supports HTTP/1.1, HTTP/2, and HTTP/3 over QUIC. Warning This is an experimental project and not inte

7 Dec 15, 2022

A versatile and efficient proxy framework with nice features suitable for various use cases.

1.7k Jan 9, 2023

🥧 Savoury implementation of the QUIC transport protocol and HTTP/3

quiche is an implementation of the QUIC transport protocol and HTTP/3 as specified by the IETF. It provides a low level API for processing QUIC packet

7.1k Jan 8, 2023

Futures-based QUIC implementation in Rust

Pure-rust QUIC protocol implementation Quinn is a pure-rust, future-based implementation of the QUIC transport protocol undergoing standardization by

2.6k Jan 8, 2023

neqo — an Implementation of QUIC written in Rust

Neqo, an Implementation of QUIC written in Rust To run test HTTP/3 programs (neqo-client and neqo-server): cargo build ./target/debug/neqo-server [::]

1.6k Jan 7, 2023

TCP is so widely used, however QUIC may have a better performance.

TCP is so widely used, however QUIC may have a better performance. For softwares which use protocols built on TCP, this program helps them take FULL advantage of QUIC.

15 Jun 10, 2022

Library + CLI-Tool to measure the TTFB (time to first byte) of HTTP requests. Additionally, this crate measures the times of DNS lookup, TCP connect and TLS handshake.

TTFB: CLI + Lib to Measure the TTFB of HTTP/1.1 Requests Similar to the network tab in Google Chrome or Mozilla Firefox, this crate helps you find the

24 Dec 1, 2022

MQTT over QUIC

MQuicTT 🚧 This is a pre-alpha project, tread carefully 🚧 A rustlang utility/library for MQTT over QUIC. QUIC allows us to send data over multiple co

29 Dec 16, 2022

Comments

网络切换时间大于 10 秒，quicssh-rs 服务端读取超时，连接被断开
如果切换网络，从断开到恢复连接的时间大于 10 秒，服务端超时直接退出，如下：

ERROR quicssh_rs::server - [server] reading from quic client error: connection lost

因此以下常见的漫游/连接迁移的场景将不可用：

火车经过隧道时

从工位到会议室

从家里到办公室（有点牵强）

候车室候车、检票（也有点牵强）

......
opened by kings-way 1
SSH 报文损坏，切换成功率低
【测试环境 1 】本地：电信宽带，同光猫下的几个 WiFi 路由器，轮流切换；远程：vps，延迟约 140 ms，当前丢包情况为 0%，连接建立后在 vps 上持续 ping 1.1.1.1

【测试环境 2 】本地：联通 5G 手机热点，轮流打开 “网络数据” 开关远程：vps，延迟约 170 多 ms，当前丢包情况为 0%，连接建立后在 vps 上持续 ping 1.1.1.1

以上两种环境多次测试，SSH 连接漫游只成功过一次，甚至有时候连上 ssh 没有任何操作，几秒之后也会自动断开 ；手机热点的测试，在很短时间内开关数据，本机持续 ping 测试确认网络很快恢复，但是 SSH 连接都会断开，错误如下：

Bad packet length 3414441652. ssh_dispatch_run_fatal: Connection to UNKNOWN port 65535: Connection corrupted

在客户端发生错误、连接断开之后，服务端才会出现 read error 错误并关闭相应连接

ERROR quicssh_rs::server - [server] reading from quic client error: connection lost` INFO quicssh_rs::server - [server] exit client

所以是 SSH 连接先断开，之后 QUIC 连接才断开，猜测是否是连接重建过程中，错误发送了 buffer 中的部分数据导致破坏了 SSH 报文？
opened by kings-way 1

QUIC proxy that allows to use QUIC to connect to an SSH server without needing to patch the client or the server.

Related tags

Overview

quicssh-rs

Demo

Why not mosh?

Architecture

Usage

Client

Client SSH Config

Server

You might also like...

pam-send-slack-message is a program that publishes messages on slack when a linux server is accessed through ssh.

An experimental HTTP server in Rust that supports HTTP/1.1, HTTP/2, and HTTP/3 over QUIC.

A versatile and efficient proxy framework with nice features suitable for various use cases.

🥧 Savoury implementation of the QUIC transport protocol and HTTP/3

Futures-based QUIC implementation in Rust

neqo — an Implementation of QUIC written in Rust

TCP is so widely used, however QUIC may have a better performance.

Library + CLI-Tool to measure the TTFB (time to first byte) of HTTP requests. Additionally, this crate measures the times of DNS lookup, TCP connect and TLS handshake.

MQTT over QUIC

Comments

网络切换时间大于 10 秒，quicssh-rs 服务端读取超时，连接被断开

SSH 报文损坏，切换成功率低

Releases(v0.1.1)

v0.1.1(May 2, 2023)

v0.1(Apr 30, 2023)

Owner

Jun Ouyang

A TCP proxy using HTTP - Reach SSH behind a Nginx reverse proxy

Lightweight proxy that allows redirect HTTP(S) traffic through a proxy.

Acts as an IRC server and a nostr client. Connect with your IRC client using your nostr private key as the password.

Proxy sentry request to a sentry server using a tunnel/proxy endpoint

UDP proxy with Proxy Protocol and mmproxy support

Web3-proxy: a fast caching and load balancing proxy for web3 (Ethereum or similar) JsonRPC servers.

This Intelligent Transportation Systems (ITS) MQTT client based on the JSon ETSI specification transcription provides a ready to connect project for the mobility

A tcp proxy server/client which exchange the data in temp files

A multi-connection TCP reverse proxy server and client.

Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing every 30 seconds as a TOTP code...