There are several advantages to using spiped rather than tunneling via ssh:

* Reduced attack surface: The spiped protocol (and implementation) is orders of magnitude simpler than ssh.

* spiped opens a separate transport layer connection for each pipe, mitigating "noisy neighbour" effects where one busy connection tunneled over ssh can bottleneck other connections tunneled over the same ssh connection. (This is not perfect, since spiped is single-threaded: A connection which is busy enough will end up starving you for CPU time for the crypto. But you'll typically hit that limit with traffic orders of magnitude higher than you'd need to create a bottleneck if everything goes over the same TCP connection.)

* spiped has no persistent connection, so there's nothing to be interrupted if your network drops (or if you move between networks). Every connection is a new connection; spiped is effectively transparent.

iirc spiped uses TLS/OpenSSL for securing the connection, the symmetric key avoids the key-exchange and worrying about certificates, and therefore is better capable of efficiently using the connection than SSH by itself.

Because it's much simpler it's also a good way to expose a system to the internet, although Wireguard with a PSK is a very similar and possibly superior solution.

spiped does not in fact use TLS.

A subthread from 2014:

https://news.ycombinator.com/item?id=7540288

Ah okay, yea I wasn't sure if I remembered that correctly or not. I double checked it was using OpenSSL and assumed.

I'm presuming this is pretty similar to https://www.stunnel.org

We would use stunnel rather than SSH for non-interactive usages. Having an active stunnel running all the time is safer than requiring a full SSH session being active.

stunnel predates spiped by quite some time; spiped is a reaction to stunnel --- specifically, a network hole punch for people who trust neither OpenSSL nor OpenSSH's attack surface.

Today, most people would just use WireGuard for this.