chisel icon indicating copy to clipboard operation
chisel copied to clipboard
verified publisher icon jpillora

Question about WSS and SSH

Open killwing opened this issue 3 years ago • 2 comments

"Chisel is a fast TCP/UDP tunnel, transported over HTTP, secured via SSH." If the connection is setup by secured websocket (wss), is SSH still needed?

killwing avatar Jan 03 '22 06:01 killwing

Can anyone please answer ?

techiek7 avatar Feb 09 '23 04:02 techiek7

Yes, SSH is essentially needed. SSH is more than authentication and encryption. It also includes reliable multiplexing for multiple channels through one tunnel (tcp-connection). Chisel uses this part of the well-documented protocol and well-testet library to provide the Remotes. If transportet over TLS (HTTPS) the Encryption-Part of SSH is not required, but included per specification. You might try to use a null-cipher to reduce the load.

  • How can I disable encryption on openssh?
  • https://pkg.go.dev/github.com/keltia/cipher/null
  • https://github.com/keltia/cipher/blob/master/null/cipher.go
  • https://pkg.go.dev/golang.org/x/crypto/ssh#Config

EDIT this pull request may help https://github.com/jpillora/chisel/pull/226

redneck-f25 avatar Feb 21 '23 18:02 redneck-f25