README
¶
handy-sshd
Portable SSH Server
Install on Ubuntu/Debian
wget https://github.com/nwtgck/handy-sshd/releases/download/v0.4.0/handy-sshd-0.4.0-linux-amd64.deb
sudo dpkg -i handy-sshd-0.4.0-linux-amd64.deb
Install on Mac
brew install nwtgck/handy-sshd/handy-sshd
Get more executables in the releases.
Examples
# Listen on 2222 and accept user name "john" with password "mypass"
handy-sshd -p 2222 -u john:mypass
# Listen on 2222 and accept user name "john" without password
handy-sshd -p 2222 -u john:
# Listen on 2222 and accept users "john" and "alice" without password
handy-sshd -p 2222 -u john: -u alice:
# Listen on unix domain socket
handy-sshd --unix-socket /tmp/my-unix-socket -u john:
Features
An SSH client can use
- Shell/Interactive shell
- Local port forwarding (ssh -L)
- Remote port forwarding (ssh -R)
- SOCKS proxy (dynamic port forwarding)
- SFTP
- SSHFS
- Unix domain socket (local/remote port forwarding)
All features are enabled by default. You can allow only some of them using permission flags.
Permissions
There are several permissions:
- --allow-direct-streamlocal
- --allow-direct-tcpip
- --allow-execute
- --allow-sftp
- --allow-streamlocal-forward
- --allow-tcpip-forward
All permissions are allowed when nothing is specified. The log shows "allowed: " and "NOT allowed: " permissions as follows:
$ handy-sshd -u "john:"
2023/08/11 11:40:44 INFO listening on :2222...
2023/08/11 11:40:44 INFO allowed: "tcpip-forward", "direct-tcpip", "execute", "sftp", "streamlocal-forward", "direct-streamlocal"
2023/08/11 11:40:44 INFO NOT allowed: none
For example, specifying --allow-direct-tcpip and --allow-execute allows only them:
$ handy-sshd -u "john:" --allow-direct-tcpip --allow-execute
2023/08/11 11:41:03 INFO listening on :2222...
2023/08/11 11:41:03 INFO allowed: "direct-tcpip", "execute"
2023/08/11 11:41:03 INFO NOT allowed: "tcpip-forward", "sftp", "streamlocal-forward", "direct-streamlocal"
--help
Portable SSH server
Usage:
handy-sshd [flags]
Examples:
# Listen on 2222 and accept user name "john" with password "mypass"
handy-sshd -u john:mypass
# Listen on 22 and accept the user without password
handy-sshd -p 22 -u john:
Permissions:
All permissions are allowed by default.
For example, specifying --allow-direct-tcpip and --allow-execute allows only them.
Flags:
--allow-direct-streamlocal client can use Unix domain socket local forwarding (ssh -L)
--allow-direct-tcpip client can use local forwarding (ssh -L) and SOCKS proxy (ssh -D)
--allow-execute client can use shell/interactive shell
--allow-sftp client can use SFTP and SSHFS
--allow-streamlocal-forward client can use Unix domain socket remote forwarding (ssh -R)
--allow-tcpip-forward client can use remote forwarding (ssh -R)
-h, --help help for handy-sshd
--host string SSH server host to listen (e.g. 127.0.0.1)
-p, --port uint16 port to listen (default 2222)
--shell string Shell
--unix-socket string Unix domain socket to listen
-u, --user stringArray SSH user name (e.g. "john:mypass")
-v, --version show version
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateKey ¶
Types ¶
type Server ¶
type Server struct {
Logger *slog.Logger
// Permissions
AllowTcpipForward bool
AllowDirectTcpip bool
AllowExecute bool // this should not be split into "allow-exec" and "allow-pty-req" for now because "pty-req" can be used not for shell execution.
AllowSftp bool
AllowStreamlocalForward bool
AllowDirectStreamlocal bool
// contains filtered or unexported fields
}
func (*Server) HandleChannels ¶
func (s *Server) HandleChannels(shell string, chans <-chan ssh.NewChannel)
func (*Server) HandleGlobalRequests ¶
func (s *Server) HandleGlobalRequests(sshConn *ssh.ServerConn, reqs <-chan *ssh.Request)
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.