[GH-ISSUE #2207] use_encryption = true -> SSH fails #1758

New issue

Closed

opened 2026-05-05 13:07:51 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 13:07:51 -06:00

Owner

Originally created by @asheroto on GitHub (Jan 21, 2021).
Original GitHub issue: https://github.com/fatedier/frp/issues/2207

Version: 0.3.0
OS: Win 10
CPU architecture: 64-bit

FRPS config:

[common]
bind_port = 7000

FRPC config:

[common]
server_addr = utilities
server_port = 7000

[ssh]
type = tcp
local_ip = 127.0.0.1
local_port = 22
remote_port = 6000
use_encryption = true

I have an SSH server on my client at port 22. I cannot connect over port 6000 on my server. If I take out use_encryption it works fine.

Does use_encryption relate to the TLS setting tls_enable or is that totally different?
To use TLS encryption, do I have to have certificates on both client and server?

Originally created by @asheroto on GitHub (Jan 21, 2021). Original GitHub issue: https://github.com/fatedier/frp/issues/2207 Version: 0.3.0 OS: Win 10 CPU architecture: 64-bit FRPS config: ``` [common] bind_port = 7000 ``` FRPC config: ``` [common] server_addr = utilities server_port = 7000 [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 6000 use_encryption = true ``` I have an SSH server on my client at port 22. I cannot connect over port 6000 on my server. If I take out use_encryption it works fine. - Does use_encryption relate to the TLS setting tls_enable or is that totally different? - To use TLS encryption, do I have to have certificates on both client and server?

gitea-mirror

2026-05-05 13:07:51 -06:00

closed this issue
added the
WaitingForInfo
label

gitea-mirror commented

2026-05-05 13:07:53 -06:00

Author

Owner

@yuyulei commented on GitHub (Jan 22, 2021):

use_encryption and tls_enable are totally different. tls_enable is applied to workConn, use_encryption is applied to proxy.

I have tried your configs, but it works no matter what use_encryption is. So may you provide more details(cmd, log, etc.) ?

@yuyulei commented on GitHub (Jan 22, 2021): `use_encryption` and `tls_enable` are totally different. `tls_enable` is applied to workConn, `use_encryption` is applied to proxy. I have tried your configs, but it works no matter what `use_encryption` is. So may you provide more details(cmd, log, etc.) ?

gitea-mirror commented

2026-05-05 13:07:54 -06:00

Author

Owner

@asheroto commented on GitHub (Jan 22, 2021):

Thanks for the info. Would it be fair to say that using use_encryption is sufficient enough to prevent against interception/bad actors? How exactly is it encrypted? Public key encryption?

For some reason it's working now, I must have had a typo. I'll close this after your reply.

@asheroto commented on GitHub (Jan 22, 2021): Thanks for the info. Would it be fair to say that using ```use_encryption``` is sufficient enough to prevent against interception/bad actors? How exactly is it encrypted? Public key encryption? For some reason it's working now, I must have had a typo. I'll close this after your reply.

gitea-mirror commented

2026-05-05 13:07:55 -06:00

Author

Owner

@fatedier commented on GitHub (Jan 25, 2021):

@asheroto use_encryption only encrypt your proxy connection data with aes-128-cfb, not including Login message.

Use tls_enable instead if you want to encrypt all data between frpc and frps. It supports public key encryption.

@fatedier commented on GitHub (Jan 25, 2021): @asheroto `use_encryption` only encrypt your proxy connection data with `aes-128-cfb`, not including `Login` message. Use `tls_enable` instead if you want to encrypt all data between frpc and frps. It supports public key encryption.

gitea-mirror commented

2026-05-05 13:07:55 -06:00

Author

Owner

@asheroto commented on GitHub (Jan 25, 2021):

@fatedier thank you

I'll close this request.

@asheroto commented on GitHub (Jan 25, 2021): @fatedier thank you I'll close this request.