Reverse proxy for ssh3

[vaminakov]

Since ssh3 uses http/3, it is theoretically possible to host it behind a reverse proxy. Then there is no need to use x509 certificates (there is no such option now). I tried to host ssh3 behind angie (a fork of nginx that can use http/3 both ways), but I'm running into the following problem (with verbose):

DBG dialing QUIC host at myhost:443 DBG QUIC handshake complete password for https://root@myhost:443/ssh3?user=root: DBG try the following Identity: password-identity DBG send CONNECT request to the server ERR bad SSH version fields ERR Could not parse server version: "Angie" ERR Could not open channel: returned non-200 and non-401 status code: 400

And Angie log:

quic reserved transport param id:0x4d4, skipped while handling frames, client: 10.10.0.4, server: 0.0.0.0:443 quic unknown transport param id:0x20, skipped while handling frames, client: 10.10.0.4, server: 0.0.0.0:443 client sent unknown pseudo-header ":protocol" while reading client request, client: 10.10.0.4, server: myhost

Is my idea possible?

[vaminakov]

And when reverse-proxy ssh3, it's not enough to add option to start without certificates. Need to proxy_pass some headers:

proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For "";

[fliberd]

Works?