After authnz, SSH runs a shell (or other specified remote program), while Wiregu... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nine_k on Aug 30, 2024 \| parent \| context \| favorite \| on: I'm blocking connections from AWS to my on-prem se... After authnz, SSH runs a shell (or other specified remote program), while Wireguard just sets up a network interface. I think it's really hard to make Wireguard run something remotely as you connect, AFAICT. You can achieve a somehow similar result running by OpenSSH as `ssh -N -D`: do not run anything on the remote end, work as a socks5 proxy.

immibis on Aug 31, 2024 [–]

ssh -w sets up a network interface

ssh -w -N sets up a network interface and does not run a shell

It still runs over TCP, so it's not ideal. TCP-over-TCP is a recognized antipattern that causes extra retransmissions, wasted bandwidth and delays.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact