Easy SSH servers in Golang

Overview

gliderlabs/ssh

GoDoc CircleCI Go Report Card OpenCollective Slack Email Updates

The Glider Labs SSH server package is dope. —@bradfitz, Go team member

This Go package wraps the crypto/ssh package with a higher-level API for building SSH servers. The goal of the API was to make it as simple as using net/http, so the API is very similar:

 package main

 import (
     "github.com/gliderlabs/ssh"
     "io"
     "log"
 )

 func main() {
     ssh.Handle(func(s ssh.Session) {
         io.WriteString(s, "Hello world\n")
     })  

     log.Fatal(ssh.ListenAndServe(":2222", nil))
 }

This package was built by @progrium after working on nearly a dozen projects at Glider Labs using SSH and collaborating with @shazow (known for ssh-chat).

Examples

A bunch of great examples are in the _examples directory.

Usage

See GoDoc reference.

Contributing

Pull requests are welcome! However, since this project is very much about API design, please submit API changes as issues to discuss before submitting PRs.

Also, you can join our Slack to discuss as well.

Roadmap

  • Non-session channel handlers
  • Cleanup callback API
  • 1.0 release
  • High-level client?

Sponsors

Become a sponsor and get your logo on our README on Github with a link to your site. [Become a sponsor]

License

BSD

Comments
  • Build a SSH bastion

    Build a SSH bastion

    Hi,

    Is there any example of SSH bastion created with this package?

    Basically I'd like to create a SSH server accepting connections, verifying the identity with Public SSH keys, and then forwarding the connections to another server.

    Since I believe this is a pretty standard need, it could be interesting to add such an example in the repo.

    Thanks

    api examples 
    opened by arkan 20
  • Co-maintainers wanted

    Co-maintainers wanted

    This project is built and maintained 100% voluntarily. There is no company spending money on it, and everybody working on it is also busy with other projects. We can use your help keeping this project healthy if you can participate as a maintainer. This is a "commitment" to optionally be involved in:

    • Code reviewing PRs
    • API change discussions
    • Pushing PRs in the right direction
    • Merging PRs that are obviously good to go

    With your help, we can slowly iterate towards the best SSH server building library on the planet. If you're interested, join our Slack and say hi in the #golang channel.

    help wanted 
    opened by progrium 16
  • Add DefaultServerConfigCallback option for create custom default `ServerConfig`s

    Add DefaultServerConfigCallback option for create custom default `ServerConfig`s

    This callback allows a more granular control of the SSH server configuration, such as for the key exchange / cipher / MAC algorithms.

    Example usage:

    server := ssh.Server{
      Addr: ":2222",
      // ...
      DefaultServerConfigCallback: func (ctx ssh.Context) *gossh.ServerConfig {
        config := &gossh.ServerConfig{}
    
        config.KeyExchanges = []string{"[email protected]"}
        config.MACs = []string{"[email protected]"}
        config.Ciphers = []string{
          "[email protected]",
          "ssh-ed25519",
          "ssh-rsa",
        }
    
        return config
      },
    }
    
    server.ListenAndServe()
    
    opened by binwiederhier 12
  • Request for example

    Request for example

    This is a great peace of software. Thank you very much. Could you please post an example how to write a client as go routine which is waiting for user input lines and which answers each lines after processing it? Thank you very much.

    ssh.Handle(func(s ssh.Session) {
    		log.Printf("%s", s.RemoteAddr())
    		io.WriteString(s, fmt.Sprintf("Hello %s\n", s.User()))
    
                    // ... handle connection until it closes by user input, client close
                    // ??????
    	})
    

    Thank you very much in advance.

    opened by literadix 11
  • Register chan to Session to listen for break requests

    Register chan to Session to listen for break requests

    This change supports break over SSH (https://tools.ietf.org/html/rfc4335) by adding a method to Session to register a channel to indicate that a break request was received.

    opened by meislerj 8
  • Support remote port forwarding

    Support remote port forwarding

    Hello

    Is there any plans to support remote port forwarding? Researching a bit it seems to require support of the two channels type tcpip-forward and forwarded-tcpip, and I found a working "example" here: https://github.com/tunneled/tunneled-server/blob/master/tunneled-server.go

    Regards Kristian Klausen

    enhancement 
    opened by klausenbusk 8
  • Get hostname

    Get hostname

    Hi, I need to write an SSH Proxy. The server will be access via *.mydomain.com (ex: subdomain.mydomain.com) and from there tunnel the connection to some other SSH server depending on the subdomain. I can't for the life of me figure out how to get the hostname? Hoping someone can point me in the right direction... Thanks,

    opened by reneherrero 7
  • Remote forwarding

    Remote forwarding

    Tiny fixes for #60. BTW I don't know how to contribute to existing PR, so if it's critical plz help me.

    some other polishing and remote forwarding handler will be done a bit later

    opened by eliastor 7
  • HostKeyFile Not support ED25519

    HostKeyFile Not support ED25519

    When I use ssh.HostKeyFile add a /etc/ssh/ssh_host_ed25519_key, Start ssh server error, Report: unsupported key type 'OPENSSH PRIVATE KEY'

    In fact, when i use ssh.ParsePrivateKey(x/crypto/ssh), it can support ed25519

    func AddHostKeyFile(filepath string, srv *ssh.Server) {
    	pemBytes, err := ioutil.ReadFile(filepath)
    	if err != nil {
    		log.Printf("AddHostKeyFile: %s", err)
    		return
    	}
    	hostKey, err := gossh.ParsePrivateKey(pemBytes)
    	if err != nil {
    		log.Printf("Fatal to parse host key: %s, %s", filepath, err)
    		return
    	}
    	srv.AddHostKey(hostKey)
    	return
    }
    

    Bug in: https://github.com/gliderlabs/ssh/blob/4a4de396c4d49400d09e0b4d83053a01539e4bcc/util.go#L14

    func signerFromBlock(block *pem.Block) (ssh.Signer, error) {
    	var key interface{}
    	var err error
    	switch block.Type {
    	case "RSA PRIVATE KEY":
    		key, err = x509.ParsePKCS1PrivateKey(block.Bytes)
    	case "EC PRIVATE KEY":
    		key, err = x509.ParseECPrivateKey(block.Bytes)
    	case "DSA PRIVATE KEY":
    		key, err = ssh.ParseDSAPrivateKey(block.Bytes)
    	default:// NOT parse ed25519
    		return nil, fmt.Errorf("unsupported key type %q", block.Type)
    	}
    	if err != nil {
    		return nil, err
    	}
    	signer, err := ssh.NewSignerFromKey(key)
    	if err != nil {
    		return nil, err
    	}
    	return signer, nil
    }
    
    bug help wanted 
    opened by fcharlie 7
  • Add support for cleanly shutting down a server

    Add support for cleanly shutting down a server

    This is related to #22 and #20 and is needed to write tests.

    I understand this is probably more complicated than we were hoping, so feel free to offer suggestions for improvements.

    Please do not merge this until I get a chance to double check stuff and clean it up.

    opened by belak 7
  • Make it possible to log errors in the ssh protocol

    Make it possible to log errors in the ssh protocol

    As an example, handleConn in server.go just drops errors when they happen at the protocol level. This is particularly important when there are changes pushed out to x/crypto/ssh which break certain clients.

    duplicate enhancement api 
    opened by belak 6
  • add PasswordAuthE func, which is like PasswordAuth but returns error instead of bool

    add PasswordAuthE func, which is like PasswordAuth but returns error instead of bool

    Add PasswordAuthE function, because sometimes ssh server should returns detailed error than "permission denied". if PasswordAuthEand PasswordAuth both set, PasswordAuthE will overwrite PasswordAuth

    opened by umialpha 2
  • feat: replace newlines with crlf newlines when in a pty

    feat: replace newlines with crlf newlines when in a pty

    Writing to the stdout of the session already handles replacing \n with \r\n, but the stderr didn't had the same treatment.

    Created another io.Writer wrapper that can be used in both, and a "session.SafeStderr()` that returns it.

    PS: pretty sure "safe writer" is not a good name, also considered "crlf writer", let me know if you like one better than the other, or maybe yet another name

    opened by caarlos0 0
  • PasswordCallback should give more errors than

    PasswordCallback should give more errors than "permision denied"

    In our ssh server, we integrate third-party authn system. When error occurs, it always prompts "permision denied", which confuses our users, meanwhile, we have to inspect server logs to give our users an explaination. So, we need to prompt the details errors to our users, not just "permision denied".

    I think we can fix this by adding a callback like "PasswordCallbackWithError" to make it backward compatible. If this thought sounds ok, i can help to this feature.

    opened by umialpha 2
Releases(v0.2.2)
Golang `net/rpc` over SSH using installed SSH program

Golang net/rpc over SSH using installed SSH program This package implements a helper functions to launch an RPC client and server. It uses the install

null 1 Nov 16, 2022
Extended ssh-agent which supports git commit signing over ssh

ssh-agentx ssh-agentx Rationale Requirements Configuration ssh-agentx Configuration ssh-gpg-signer Linux Windows Signing commits after configuration T

Wim 10 Jun 29, 2022
Gsshrun - Running commands via ssh on the server/hosting (if ssh support) specified in the connection file

Gsshrun - Running commands via ssh on the server/hosting (if ssh support) specified in the connection file

Məhəmməd 2 Sep 8, 2022
one simple git ssh server (just for learning git over ssh )

wriet one simple git ssh server use golang write one simple git ssh server how to running starting service docker-compose up -d add authorized_keys i

rong fengliang 2 Mar 5, 2022
Gogrok is a self hosted, easy to use alternative to ngrok. It uses SSH as a base protocol, using channels and existing functionality to tunnel requests to an endpoint.

gogrok A simple, easy to use ngrok alternative (self hosted!) The server and client can also be easily embedded into your applications, see the 'serve

Tyler Stuyfzand 6 Dec 3, 2022
A vote botting wrapper for GoLang designed for Minecraft: Pocket Servers.

libvote A vote botting wrapper for GoLang designed for Minecraft: Pocket Servers by Jviguy and JustTal. Disclaimer Usage of libvote requires your own

Tal 2 Apr 17, 2022
🚀Gev is a lightweight, fast non-blocking TCP network library based on Reactor mode. Support custom protocols to quickly and easily build high-performance servers.

gev 中文 | English gev is a lightweight, fast non-blocking TCP network library based on Reactor mode. Support custom protocols to quickly and easily bui

徐旭 1.5k Dec 5, 2022
llb - It's a very simple but quick backend for proxy servers. Can be useful for fast redirection to predefined domain with zero memory allocation and fast response.

llb What the f--k it is? It's a very simple but quick backend for proxy servers. You can setup redirect to your main domain or just show HTTP/1.1 404

Kirill Danshin 13 Sep 27, 2022
Zero downtime restarts for go servers (Drop in replacement for http.ListenAndServe)

endless Zero downtime restarts for golang HTTP and HTTPS servers. (for golang 1.3+) Inspiration & Credits Well... it's what you want right - no need t

Florian von Bock 3.7k Dec 7, 2022
mdmb is a tool for simulating Apple devices interacting with Apple MDM servers.

mdmb mdmb — short for MDM Benchmark, à la ab — is a tool for simulating Apple devices interacting with Apple MDM servers. mdmb creates sets of fake Ap

Jesse Peterson 41 Nov 10, 2022
Secure-by-default HTTP servers in Go.

go-safeweb DISCLAIMER: This is not an officially supported Google product. go-safeweb is a collection of libraries for writing secure-by-default HTTP

Google 570 Dec 2, 2022
The fastest way to create self-hosted exit-servers

inletsctl - the fastest way to create self-hosted exit-servers inletsctl automates the task of creating an exit-server (tunnel server) on public cloud

inlets 426 Nov 25, 2022
DNS Ping: to check packet loss and latency issues with DNS servers

DNSping DNS Ping checks packet loss and latency issues with DNS servers Installation If you have golang, easiest install is go get -u fortio.org/dnspi

Fortio (Φορτίο) 61 Nov 18, 2022
List running processes that are acting as DCE/RPC servers or clients

rpcls This project was made to assist in a larger research project. It pulls from a running process' PEB to enumerate the loaded DLLs. If a process im

Alex Flores 5 Sep 14, 2022
mt-multiserver-proxy is a reverse proxy designed for linking multiple Minetest servers together

mt-multiserver-proxy mt-multiserver-proxy is a reverse proxy designed for linking multiple Minetest servers together. It is the successor to multiserv

null 16 Nov 17, 2022
WebRTC media servers stress testing tool (currently only Janus)

GHODRAT WebRTC media servers stress testing tool (currently only Janus) Architecture Janus media-server under load Deployment ghodrat # update or crea

Snapp Cab Incubators 34 Nov 9, 2022
Create inlets servers on fly.io

inlets-on-fly inlets-on-fly automates the task of creating an inlets-pro exit-server (tunnel server) on the fly.io platform. This automation started a

Johan Siebens 9 Dec 1, 2022
Powered by Matterbridge, MatterAMXX is a plugin for AMXX that allows simple bridging between your game servers, Mattermost, IRC, XMPP, Gitter, Slack, Discord, Telegram, and more.

Powered by Matterbridge, MatterAMXX is a plugin for AMXX that allows simple bridging between your game servers, Mattermost, IRC, XMPP, Gitter, Slack, Discord, Telegram, and more.

Gabriel Iggy N. 10 Dec 3, 2022
Package manager for minecraft servers

KoperManager Package manager for minecraft servers Install minecraft server software and plugins in 1 click command Setup server ./koper_manager setup

null 2 Dec 23, 2021