Any of them. Try spiped.

lima · on June 8, 2016

More attack surface, not less.

dchest · on June 8, 2016

Picture time!

More surface (both spiped and ssh are accepting connections):

     |
  →  |ssh
     |
  →  |spiped

Less surface (spipe accepts connection, ssh is behind it):

                 |
  →  | spiped  ↝ | ssh
                 |

With proper configuration, spiped sits in front of ssh, authenticating and decrypting traffic and passing it to ssh.

spiped is a tiny program, uses symmetric crypto (small surface). SSH isn't a tiny program, uses more complex asymmetric crypto (larger surface).

To learn more: http://www.daemonology.net/blog/2011-07-04-spiped-secure-pip...

To learn how to put it in front of SSH, see https://github.com/Tarsnap/spiped#example-usage

michaelrash · on June 8, 2016

There are some similarities between this and SPA:

-> | SPA / fwknop | ssh

There are important differences too though (beyond the fact that SPA is not encrypting/decrypting traffic for SSH itself). SPA is a UDP authenticator so it cannot be scanned.

Design goals: http://www.cipherdyne.org/fwknop/docs/fwknop-tutorial.html#d...

tptacek · on June 8, 2016

No, SPA is the first picture: both SPA and OpenSSH are directly responsive to attacker communications. I don't think "attack surface" is the dispositive argument here (the fact that SPA doesn't protect OpenSSH connections at all is), but either way: SPA is inferior to spiped.

michaelrash · on June 8, 2016

Not exactly. OpenSSH gated by SPA can only be interacted with by an attacker that can either hijack an SPA-authenticated connection, or is on the same network as the SPA client if the client must go through a NAT. This is a fairly limited set of possible attackers. For those not in this set, how can they interact with OpenSSH without first breaking SPA?