Tinysshd is a minimalistic SSH server which implements only a subset of SSHv2 features

Overview

Introduction

  • tinysshd is a minimalistic SSH server which implements only a subset of SSHv2 features.
  • tinysshd supports only secure cryptography (minimum 128-bit security, protected against cache-timing attacks)
  • tinysshd doesn't implement older crypto (such as RSA, DSA, HMAC-MD5, HMAC-SHA1, 3DES, RC4, ...)
  • tinysshd doesn't implement unsafe features (such as password or hostbased authentication)
  • tinysshd doesn't have features such: SSH1 protocol, compression, port forwarding, agent forwarding, X11 forwarding ...
  • tinysshd doesn't use dynamic memory allocation (no allocation failures, etc.)

Crypto primitives

Project timelime

  • experimental: 2014.01.01 - 2014.12.31 (experimentation)
  • alpha(updated): 2015.01.01 - 2017.12.31 (not ready for production use, ready for testing)
  • beta(updated): 2018.01.01 - ????.??.?? (ready for production use)
  • stable: expected ????.??.?? - (ready for production use - including post-quantum crypto)

Current release (20220101)

  • has 62008 words of code
  • beta release

How-to run

       TCPSERVER
              tcpserver -HRDl0 0.0.0.0 22 /usr/sbin/tinysshd -v /etc/tinyssh/sshkeydir &

       BUSYBOX
              busybox tcpsvd 0 22 tinysshd -v /etc/tinyssh/sshkeydir &

       INETD
           /etc/inetd.conf:
               ssh stream tcp nowait root /usr/sbin/tinysshd tinysshd -l -v /etc/tinyssh/sshkeydir

       SYSTEMD
           tinysshd.socket:
               [Unit]
               Description=TinySSH server socket
               ConditionPathExists=!/etc/tinyssh/disable_tinysshd

               [Socket]
               ListenStream=22
               Accept=yes

               [Install]
               WantedBy=sockets.target

           [email protected]:
               [Unit]
               Description=Tiny SSH server
               After=network.target auditd.service

               [Service]
               ExecStartPre=-/usr/sbin/tinysshd-makekey -q /etc/tinyssh/sshkeydir
               EnvironmentFile=-/etc/default/tinysshd
               ExecStart=/usr/sbin/tinysshd ${TINYSSHDOPTS} -- /etc/tinyssh/sshkeydir
               KillMode=process
               StandardInput=socket
               StandardError=journal

               [Install]
               WantedBy=multi-user.target

TravisCI status

Issues
  • sshfs, tinyssh

    sshfs, tinyssh

    current arhclinux, gives me this on a sshfs attempt.. not sure if bug or just a lacking feature?

    tinysshd: cVG3YoxN: BUG: (protocol error){channel.c:214} Not sure about the activity of project but you are a great dev mate!!

    I HOPE what seems as a slowdown of activity is simply because of a fairly complete package ,)

    love from EUrope to .cz. Ok, so that line indicates the channel pid is negative in channel_put.

    Ignore error above; I didn't have sftp enabled in the tinysshd server. However, once I did, and can sftp in, I still get an error from tinyssh when trying sshfs:

    tinysshd: eSIpVRao: BUG: (connection reset){packet_auth.c:57}

    l57: if (!packet_getall(b, SSH_MSG_USERAUTH_REQUEST)) bug(); SO some exchange issue, maybe I can browse some more tomorrow when I have more time. Although I don't recall if this is sshfs compatible (man sshfs saisi t used sftp which is why I realise the former mistake).

    bug 
    opened by lulcat 7
  • fatal: unknown message type {tinysshd.c:303} - KEEPALIVE not implemented

    fatal: unknown message type {tinysshd.c:303} - KEEPALIVE not implemented

    SSHv2 keepalive packets cause the connection to be reset intinysshd.c

    (I was using ServerAliveInterval 60 in my ~/.ssh/config)

    daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: kex selected: [email protected] {sshcrypto_kex.c:106}
    daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: key selected: ssh-ed25519 {sshcrypto_key.c:122}
    daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: cipher selected: [email protected] {sshcrypto_cipher.c:110}
    daemon.info: Jul 18 20:05:07 tinysshd: M2lhPXOB: info: kex: mac selected: [email protected] {sshcrypto_cipher.c:111}
    daemon.info: Jul 18 20:05:10 tinysshd: M2lhPXOB: info: auth: stuart: none rejected {packet_auth.c:144}
    daemon.info: Jul 18 20:05:10 tinysshd: M2lhPXOB: info: auth: stuart: ssh-rsa rejected {packet_auth.c:144}
    daemon.info: Jul 18 20:05:17 tinysshd: M2lhPXOB: info: auth: stuart: ssh-ed25519 accepted {packet_auth.c:158}
    daemon.info: Jul 18 20:06:25 tinysshd: M2lhPXOB: fatal: unknown message type (temporary failure){tinysshd.c:303}
    daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: kex selected: [email protected] {sshcrypto_kex.c:106}
    daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: key selected: ssh-ed25519 {sshcrypto_key.c:122}
    daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: cipher selected: [email protected] {sshcrypto_cipher.c:110}
    daemon.info: Jul 18 20:08:25 tinysshd: 5wbjLsha: info: kex: mac selected: [email protected] {sshcrypto_cipher.c:111}
    daemon.info: Jul 18 20:08:28 tinysshd: 5wbjLsha: info: auth: stuart: none rejected {packet_auth.c:144}
    daemon.info: Jul 18 20:08:28 tinysshd: 5wbjLsha: info: auth: stuart: ssh-rsa rejected {packet_auth.c:144}
    daemon.info: Jul 18 20:08:35 tinysshd: 5wbjLsha: info: auth: stuart: ssh-ed25519 accepted {packet_auth.c:158}
    daemon.info: Jul 18 20:09:36 tinysshd: 5wbjLsha: fatal: unknown message type {tinysshd.c:303}
    

    `sniffing the interface shows the SSHv2 packet that causes the reset:

    No.     Time        Source                Destination           Protocol Length Info
        126 80.903015   LAN.IP            VPN.IP          TCP      54     22→61681 [FIN, ACK] Seq=1572 Ack=3961 Win=45664 Len=0
    
    Frame 126: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
    Ethernet II, Src: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94), Dst: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39)
    Internet Protocol Version 4, Src: LAN.IP(LAN.IP), Dst: VPN.IP (VPN.IP)
    Transmission Control Protocol, Src Port: 22 (22), Dst Port: 61681 (61681), Seq: 1572, Ack: 3961, Len: 0
    
    No.     Time        Source                Destination           Protocol Length Info
        127 80.928609   VPN.IP          LAN.IP            TCP      54     61681→22 [ACK] Seq=3961 Ack=1573 Win=59904 Len=0
    
    Frame 127: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
    Ethernet II, Src: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39), Dst: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94)
    Internet Protocol Version 4, Src: VPN.IP (VPN.IP), Dst: LAN.IP(LAN.IP)
    Transmission Control Protocol, Src Port: 61681 (61681), Dst Port: 22 (22), Seq: 3961, Ack: 1573, Len: 0
    
    No.     Time        Source                Destination           Protocol Length Info
        128 80.929648   VPN.IP          LAN.IP            SSHv2    114    Client: Encrypted packet (len=60)
    
    Frame 128: 114 bytes on wire (912 bits), 114 bytes captured (912 bits)
    Ethernet II, Src: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39), Dst: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94)
    Internet Protocol Version 4, Src: VPN.IP (VPN.IP), Dst: LAN.IP(LAN.IP)
    Transmission Control Protocol, Src Port: 61681 (61681), Dst Port: 22 (22), Seq: 3961, Ack: 1573, Len: 60
    SSH Protocol
    
    No.     Time        Source                Destination           Protocol Length Info
        129 80.929665   LAN.IP            VPN.IP          TCP      54     22→61681 [RST] Seq=1573 Win=0 Len=0
    
    Frame 129: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
    Ethernet II, Src: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94), Dst: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39)
    Internet Protocol Version 4, Src: LAN.IP(LAN.IP), Dst: VPN.IP (VPN.IP)
    Transmission Control Protocol, Src Port: 22 (22), Dst Port: 61681 (61681), Seq: 1573, Len: 0
    
    No.     Time        Source                Destination           Protocol Length Info
        130 80.930936   VPN.IP          LAN.IP            TCP      54     61681→22 [FIN, ACK] Seq=4021 Ack=1573 Win=59904 Len=0
    
    Frame 130: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
    Ethernet II, Src: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39), Dst: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94)
    Internet Protocol Version 4, Src: VPN.IP (VPN.IP), Dst: LAN.IP(LAN.IP)
    Transmission Control Protocol, Src Port: 61681 (61681), Dst Port: 22 (22), Seq: 4021, Ack: 1573, Len: 0
    
    No.     Time        Source                Destination           Protocol Length Info
        131 80.930950   LAN.IP            VPN.IP          TCP      54     22→61681 [RST] Seq=1573 Win=0 Len=0
    
    Frame 131: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
    Ethernet II, Src: 76:3a:3e:a7:71:94 (76:3a:3e:a7:71:94), Dst: ReboxBV_f9:3e:39 (00:16:3c:f9:3e:39)
    Internet Protocol Version 4, Src: LAN.IP(LAN.IP), Dst: VPN.IP (VPN.IP)
    Transmission Control Protocol, Src Port: 22 (22), Dst Port: 61681 (61681), Seq: 1573, Len: 0
    

    Will ssh_send_keepalive be part of /* XXX TODO - send SSH_MSG_UNIMPLEMENTED */ ?

    The automatic log out after 1 hour is nice. I've not had any problem with my build against libsodium.

    I've also been testing tinysshd with fwknop & have automatic logins through nat into LXC containers working.

    opened by itoffshore 7
  • SFTP support via external binary

    SFTP support via external binary

    Given that tinyssh already supports channels in which stdin/stdout are from an external binary (e.g. bash), is there any reason not to add SFTP support? It would require openssh's sftp-server binary, and a bit of code to accept the sftp channel type and run the sftp-server binary as the logged in user, but all of the support code for that is already in place.

    opened by mordyovits 6
  • ControlMaster triggers BUG:  (protocol error){channel.c:57}

    ControlMaster triggers BUG: (protocol error){channel.c:57}

    Initially reported (by me) downstream: https://bugs.debian.org/995146 Forwarding here because I reproduced it with 20210601 much quicker than I expected. See the attached transcript for the exact openssh CLI options I used. transcript.txt

    bug 
    opened by trentbuck 5
  • opentest failed (musl libc)

    opentest failed (musl libc)

    === Thu May 26 19:42:23 GMT 2016 ===   numtostrtest ok
    === Thu May 26 19:42:23 GMT 2016 ===   opentest failed ... see the log /tmp/tinyssh-master/build/log
    

    build.log:

    === Thu May 26 19:42:23 GMT 2016 ===   newenvtest ok
    numtostrtest.c:299:8: warning: integer constant is so large that it is unsigned [enabled by default]
         { -9223372036854775808LL, "-9223372036854775808" },
            ^
    numtostrtest.c:299:5: warning: this decimal constant is unsigned only in ISO C90 [enabled by default]
         { -9223372036854775808LL, "-9223372036854775808" },
         ^
    === Thu May 26 19:42:23 GMT 2016 ===   numtostrtest ok
    opentest.c:62: process exited with status = 0
    
    opened by dcegielka 5
  • Not building on OpenWrt

    Not building on OpenWrt

    https://github.com/openwrt/packages/issues/7919

    This is the build log: https://gist.github.com/neheb/0c11d413757bcb5957e39561e6803039

    It seems the proper include directory is not there.

    I have no real time to work on this, thus posting it here.

    opened by neheb 4
  • Agent forwarding

    Agent forwarding

    Are there any plans to add support for authentication agent forwarding?

    I have a herd of SBCs (perfect for TinySSH) that I sometimes have to access via bastion. Currently the only way to access them would be to put the private key on the bastion, which is less than ideal.

    wontfix 
    opened by jailbird777 4
  • Mandir creation fails

    Mandir creation fails

    DESTDIR=/tmp/tinyssh-release make -C /tmp/tinyssh-build install
    make[1]: Entering directory '/tmp/tinyssh-build'
    sh -e make-install.sh /tmp/tinyssh-release
    === Wed Jul 27 14:44:12 UTC 2016 === installing bin directory /tmp/tinyssh-release/usr/bin
    === Wed Jul 27 14:44:13 UTC 2016 ===   installing /tmp/tinyssh-build/build/bin/tinysshd-makekey -> /tmp/tinyssh-release/usr/bin/tinysshd-makekey
    === Wed Jul 27 14:44:13 UTC 2016 ===   installing /tmp/tinyssh-build/build/bin/tinysshd-printkey -> /tmp/tinyssh-release/usr/bin/tinysshd-printkey
    === Wed Jul 27 14:44:13 UTC 2016 ===   installing /tmp/tinyssh-build/build/bin/tinysshd -> /tmp/tinyssh-release/usr/bin/tinysshd
    === Wed Jul 27 14:44:13 UTC 2016 === finishing
    === Wed Jul 27 14:44:13 UTC 2016 === installing man directory /tmp/tinyssh-release/usr/share/man
    _tinysshd-install: fatal: unable to stat directory /tmp/tinyssh-release/usr/share/man/man1 (file does not exist)
    make[1]: *** [Makefile:6: install] Error 111
    make[1]: Leaving directory '/tmp/tinyssh-build'
    make: *** [Makefile:30: build] Error 2
    

    It looks like this is because the code creates manfiles directly in ${man}, but the install code expects to find it in man/man$n/. Digging in now to see if I can get a clean patch to fix it

    opened by akerl 4
  • Add option to disable root logins

    Add option to disable root logins

    I have tinysshd running without any problems in Alpine Linux & will be introducing a tinysshd package to Alpine shortly.

    Can a switch be added to disable root logins please ?

    opened by itoffshore 4
  • SCP does not work in latest version

    SCP does not work in latest version

    After upgrade to latest version 20220222-1 (Arch) SCP does not work anymore, SSH works all right.

    Client: client_loop: send disconnect: Broken pipe, lost connection Server's log: tinysshd[929]: tinysshd: JLiyKgwc: BUG: (protocol error){sshcrypto_cipher_chachapoly.c:88}

    opened by petrkutalek 3
  • cleanup macro is removed by optimizing compilers

    cleanup macro is removed by optimizing compilers

    This report is for an instance of CWE-14 “Compiler Removal of Code to Clear Buffers” https://cwe.mitre.org/data/definitions/14.html

    A cleanup macro is defined here and is used in several places to clear local variables of secrets: https://github.com/janmojzis/tinyssh/blob/97dd9e05f52482e46d660af81547c7c02669c1a2/crypto/cleanup.h

    For instance on my computer, gcc invokes clang:

    ~/tinyssh $ gcc -v
    Configured with: --prefix=/Applications/Xcode.app/Contents/Developer/usr --with-gxx-include-dir=/usr/include/c++/4.2.1
    Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
    Target: x86_64-apple-darwin13.4.0
    

    And the result of the compilation of the function crypto_scalarmult_nistp256_tinynacl, that invokes the cleanup macro, is:

    ~/tinyssh $ otool -tV build/lib/libtinynacl.a | grep -A50 crypto_scalarmult_nistp256_tinynacl
    _crypto_scalarmult_nistp256_tinynacl:
    0000000000000000    pushq   %r15
    0000000000000002    pushq   %r14
    0000000000000004    pushq   %r12
    0000000000000006    pushq   %rbx
    0000000000000007    subq    $0xc8, %rsp
    000000000000000e    movq    %rsi, %r14
    0000000000000011    movq    %rdi, %rbx
    0000000000000014    movq    ___stack_chk_guard(%rip), %r12
    000000000000001b    movq    _crypto_scalarmult_nistp256_tinynacl(%r12), %rax
    000000000000001f    movq    %rax, 0xc0(%rsp)
    0000000000000027    leaq    0x60(%rsp), %rdi
    000000000000002c    movq    %rdx, %rsi
    000000000000002f    callq   _gep256_frombytes
    0000000000000034    testl   %eax, %eax
    0000000000000036    jne 0x5f
    0000000000000038    leaq    _crypto_scalarmult_nistp256_tinynacl(%rsp), %r15
    000000000000003c    leaq    0x60(%rsp), %rsi
    0000000000000041    movq    %r15, %rdi
    0000000000000044    movq    %r14, %rdx
    0000000000000047    callq   _gep256_scalarmult
    000000000000004c    movq    %rbx, %rdi
    000000000000004f    movq    %r15, %rsi
    0000000000000052    callq   _gep256_tobytes
    0000000000000057    movl    %eax, %ecx
    0000000000000059    xorl    %eax, %eax
    000000000000005b    testl   %ecx, %ecx
    000000000000005d    je  0xa3
    000000000000005f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x38(%rbx)
    0000000000000067    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x30(%rbx)
    000000000000006f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x28(%rbx)
    0000000000000077    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x20(%rbx)
    000000000000007f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x18(%rbx)
    0000000000000087    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x10(%rbx)
    000000000000008f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x8(%rbx)
    0000000000000097    movq    $_crypto_scalarmult_nistp256_tinynacl, _crypto_scalarmult_nistp256_tinynacl(%rbx)
    000000000000009e    movl    $0xffffffff, %eax       ## imm = 0xFFFFFFFF
    00000000000000a3    movq    _crypto_scalarmult_nistp256_tinynacl(%r12), %rcx
    00000000000000a7    cmpq    0xc0(%rsp), %rcx
    00000000000000af    jne 0xc0
    00000000000000b1    addq    $0xc8, %rsp
    00000000000000b8    popq    %rbx
    00000000000000b9    popq    %r12
    00000000000000bb    popq    %r14
    00000000000000bd    popq    %r15
    00000000000000bf    ret
    00000000000000c0    callq   ___stack_chk_fail
    00000000000000c5    nopw    %cs:_crypto_scalarmult_nistp256_tinynacl(%rax,%rax)
    _crypto_scalarmult_nistp256_tinynacl_base:
    …
    

    The above is the translation of the source code below, from crypto/crypto_scalarmult_nistp256.c:

    int crypto_scalarmult_nistp256_tinynacl(unsigned char *q, const unsigned char *n, const unsigned char *p) {
    
        gep256 P, Q;
        long long i;
        int ret = -1;
    
        if (gep256_frombytes(P, p) != 0) goto fail;
        gep256_scalarmult(Q, P, n);
        if (gep256_tobytes(q, Q) != 0) goto fail;
        ret = 0;
        goto cleanup;
    
    fail:
        for (i = 0; i < 64; ++i) q[i] = 0;
    
    cleanup:
        cleanup(P); cleanup(Q);
        return ret;
    }
    

    The for (i = 0; i < 64; ++i) q[i] = 0; was translated to the series of 8 movq instructions. The code that follows is the canary check. The code cleanup(P); cleanup(Q); was translated to nothing.

    The real GCC, or any modern optimizing C compiler, will do the same and translate the invocations of cleanup() on all local variables at the end of their scopes to nothing.

    There exists no perfect solution for this problem. The C11 standard introduced memset_s but it is the still the wrong idiom http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html and GCC can still translate that to nothing: http://goo.gl/LDfPHG (gcc.godbolt.org link by Samuel Neves). Also not everyone is using a C11 compiler yet.

    I found that if I simply convert the array passed as argument to the cleanup() macro to a volatile pointer, my compiler does generate the code to clean up the local arrays:

    ~/tinyssh $ git diff
    diff --git a/crypto/cleanup.h b/crypto/cleanup.h
    index 0566c59..efb95d3 100644
    --- a/crypto/cleanup.h
    +++ b/crypto/cleanup.h
    @@ -1,6 +1,6 @@
     #ifndef _CLEANUP_H____
     #define _CLEANUP_H____
    
    -#define cleanup(x) for (i = 0; i < sizeof(x); ++i) ((char *)x)[i] = 0;
    +#define cleanup(x) for (i = 0; i < sizeof(x); ++i) ((volatile char *)x)[i] = 0;
    
     #endif
    ~/tinyssh $ otool -tV build/lib/libtinynacl.a | grep -A50 crypto_scalarmult_nistp256_tinynacl
    _crypto_scalarmult_nistp256_tinynacl:
    0000000000000000    pushq   %r15
    0000000000000002    pushq   %r14
    0000000000000004    pushq   %r12
    0000000000000006    pushq   %rbx
    0000000000000007    subq    $0xc8, %rsp
    000000000000000e    movq    %rsi, %r14
    0000000000000011    movq    %rdi, %rbx
    0000000000000014    movq    ___stack_chk_guard(%rip), %r12
    000000000000001b    movq    _crypto_scalarmult_nistp256_tinynacl(%r12), %rax
    000000000000001f    movq    %rax, 0xc0(%rsp)
    0000000000000027    leaq    0x60(%rsp), %rdi
    000000000000002c    movq    %rdx, %rsi
    000000000000002f    callq   _gep256_frombytes
    0000000000000034    testl   %eax, %eax
    0000000000000036    jne 0x5f
    0000000000000038    leaq    _crypto_scalarmult_nistp256_tinynacl(%rsp), %r15
    000000000000003c    leaq    0x60(%rsp), %rsi
    0000000000000041    movq    %r15, %rdi
    0000000000000044    movq    %r14, %rdx
    0000000000000047    callq   _gep256_scalarmult
    000000000000004c    movq    %rbx, %rdi
    000000000000004f    movq    %r15, %rsi
    0000000000000052    callq   _gep256_tobytes
    0000000000000057    movl    %eax, %ecx
    0000000000000059    xorl    %eax, %eax
    000000000000005b    testl   %ecx, %ecx
    000000000000005d    je  0xa3
    000000000000005f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x38(%rbx)
    0000000000000067    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x30(%rbx)
    000000000000006f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x28(%rbx)
    0000000000000077    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x20(%rbx)
    000000000000007f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x18(%rbx)
    0000000000000087    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x10(%rbx)
    000000000000008f    movq    $_crypto_scalarmult_nistp256_tinynacl, 0x8(%rbx)
    0000000000000097    movq    $_crypto_scalarmult_nistp256_tinynacl, _crypto_scalarmult_nistp256_tinynacl(%rbx)
    000000000000009e    movl    $0xffffffff, %eax       ## imm = 0xFFFFFFFF
    00000000000000a3    xorl    %ecx, %ecx
    00000000000000a5    xorl    %edx, %edx
    00000000000000a7    nopw    _crypto_scalarmult_nistp256_tinynacl(%rax,%rax)
    00000000000000b0    movb    $_crypto_scalarmult_nistp256_tinynacl, 0x60(%rsp,%rdx)
    00000000000000b5    incq    %rdx
    00000000000000b8    cmpq    $0x60, %rdx
    00000000000000bc    jne 0xb0
    00000000000000be    nop
    00000000000000c0    movb    $_crypto_scalarmult_nistp256_tinynacl, _crypto_scalarmult_nistp256_tinynacl(%rsp,%rcx)
    00000000000000c4    incq    %rcx
    00000000000000c7    cmpq    $0x60, %rcx
    00000000000000cb    jne 0xc0
    00000000000000cd    movq    _crypto_scalarmult_nistp256_tinynacl(%r12), %rcx
    00000000000000d1    cmpq    0xc0(%rsp), %rcx
    00000000000000d9    jne 0xea
    00000000000000db    addq    $0xc8, %rsp
    00000000000000e2    popq    %rbx
    00000000000000e3    popq    %r12
    00000000000000e5    popq    %r14
    00000000000000e7    popq    %r15
    00000000000000e9    ret
    00000000000000ea    callq   ___stack_chk_fail
    00000000000000ef    nop
    _crypto_scalarmult_nistp256_tinynacl_base:
    …
    

    Using the volatile qualifier this way is not perfect either, but it at least tricks some current compilers into doing the right thing, which is somewhat better than the reliable elimination of dead stores that happens without it.

    opened by pascal-cuoq 3
  • aarch64 build

    aarch64 build

    Hi guys. I'm trying to build tinyssh from source (apt source tinysshd) in Ubuntu 20.04.2 (amd64) using crosscompiler CC=aarch64-linux-gnu-gcc make for ARMv8

    before make I did sudo apt-get build-dep tinyssh, but It did not help much.

    Build fails on libtinynacl.a failed ... see the log /home/user/tinyssh-20190101/build/log First it wanted libutil.h, so I installed sudo apt install libutil-freebsd-dev But it wants a lot of other includes...

    Are there any build images? How could I find nessesary libs and headers for build?

    In file included from haslibutilh.h-yes.c:2: /usr/include/libutil.h:43:10: fatal error: sys/_types.h: No such file or directory 43 | #include <sys/_types.h> | ^~~~~~~~~~~~~~ compilation terminated. hasutilh.h-yes.c:2:10: fatal error: util.h: No such file or directory 2 | #include <util.h> | ^~~~~~~~ compilation terminated. hasutmpxupdwtmpx.h-yes.c: In function 'foo': hasutmpxupdwtmpx.h-yes.c:6:5: warning: implicit declaration of function 'updwtmpx' [-Wimplicit-function-declaration] 6 | updwtmpx("/nonexistent", &ut); | ^~~~~~~~ hasutmpxsyslen.h-yes.c: In function 'main': hasutmpxsyslen.h-yes.c:7:14: error: 'struct utmpx' has no member named 'ut_syslen' 7 | return ut.ut_syslen; | ^ hasutmpxsyslen.h-yes.c:6:18: warning: variable 'ut' set but not used [-Wunused-but-set-variable] 6 | struct utmpx ut = {0}; | ^~ hasutmp.h-yes.c: In function 'main': hasutmp.h-yes.c:8:17: warning: unused variable 'ut' [-Wunused-variable] 8 | struct utmp ut = {0}; | ^~ hasutmptype.h-yes.c: In function 'main': hasutmptype.h-yes.c:8:17: warning: variable 'ut' set but not used [-Wunused-but-set-variable] 8 | struct utmp ut; | ^~ === Wed May 26 16:08:35 2021 === finishing === Wed May 26 16:08:35 2021 === starting crypto lib cleanup.c:2:10: fatal error: hasasmvolatilememory.h: No such file or directory 2 | #include "hasasmvolatilememory.h" | ^~~~~~~~~~~~~~~~~~~~~~~~ compilation terminated. === Wed May 26 16:08:36 2021 === libtinynacl.a failed ... see the log /home/user/tinyssh-20190101/build/log

    opened by MisteryX 3
  • FEATURE REQUEST: Display fingerprint on key creation

    FEATURE REQUEST: Display fingerprint on key creation

    It would be nice if a key fingerprint was displayed at host key creation. Ass it stands now, there is no way to perform the initial fingerprint verification when you connect.

    opened by VA1DER 3
  • Bugfix: fix compilation with musl and clang

    Bugfix: fix compilation with musl and clang

    Also needs a -Werror=implicit-function-declaration in the CFLAGS as for some reason the linker seems to accept it at configure/detection time but not compile time.

    opened by lanodan 0
  • Problems during runtime on Cygwin

    Problems during runtime on Cygwin

    Hi,

    First of all, let me say I appreciate the work that's been put into this unique project; it's quite rare to see such a good, minimalist SSH server.

    I'm trying to make use of TinySSH on Windows using Cygwin (using 3.0.7 which is the latest as of today) and despite managing to compile it successfully (no obvious error messages, process completes fully), I'm having some problems in what seems to be the "packet_hello.c" function:

    image

    I've modified the function a bit (the one with the tick doesn't produce an error while the one with a cross does) to produce some more debug output:

    image

    This is the output during runtime, which seems garbled:

    image

    Everything seems good from the client side, as shown by these OpenSSH and PuTTY logs:

    image image

    I've not got any good leads to investigate but I believe this could either be a problem caused by Cygwin or perhaps a problem caused by the difference between Linux and Windows line terminators (not sure if the code takes this into account) ?

    Many thanks for any assistance !

    opened by bulanula 2
  • tinyssh-initramfs scripts for debian users

    tinyssh-initramfs scripts for debian users

    Hi,

    I looked for an equivalent to mkinitcpio-tinyssh for debian and could not find it anywhere.
    I made a quick one using initramfs-tools based on the already existing dropbear hooks and the Arch one.

    Sharing it here for future users, feel free to include it in your repo if you wish.

    https://git.sp4ke.com/sp4ke/tinyssh-initramfs

    opened by sp4ke 4
  • Feature-parity with SSH commands via symlinks

    Feature-parity with SSH commands via symlinks

    I think TinySSHD would have a lot of reception if we can have feature parity command-wise with OpenSSH/Dropbear.

    commands like ssh, ssh-keygen, sshd, etc. can be symlinked and recognized in the tinyssh-specific command. Just a little thought since you can't really drop-in replace using TinySSH since it'll break with applications like Ansible.

    opened by sr229 0
Releases(20220801)
远程桌面、RADMIN、SSH、VNC集中管理器

远程连接管理器 远程桌面、RADMIN、SSH、VNC集中管理器 本软件用于集中管理远程桌面、ADMIN、SSH、VNC,双击主机即可直接调用对应客户端对服务器进行控制。 软件运行需要VC2010 X86运行库支持。

null 215 Aug 6, 2022
Run SSH on iOS 12 device.

Shelly12 Run SSH on iOS 12 device. Only worked on iPad Air 1, iOS 12.4 Working Get root Set tfp0 to hsp4 Escape Sandbox Restore/Remount RootFS Defeat

null 6 May 11, 2021
An SSH file manager that lets you edit files like they are local

An SSH file manager that lets you edit files like they are local

Allan Boll 445 Jul 29, 2022
Corkscrew is a tool for tunneling SSH through HTTP proxies

Corkscrew is a tool for tunneling SSH through HTTP proxies

Bryan Chan 889 Jul 29, 2022
C++ TCP/IP and SSH stack with bounded run time and no dynamic memory allocations

Static Network Stack TCP/IP stack with all-static allocations designed for bare metal (no operating system) embedded applications with minimal footpri

Andrew Zonenberg 24 Jul 22, 2022
Raven is like a simplified SSH with NAT traversal.

Raven Raven works like a simplified SSH with NAT traversal. Now developing... But you can still have a test for fun! Just fill server_ip in Raven.conf

null 3 Jul 13, 2022
ZeroMQ core engine in C++, implements ZMTP/3.1

ZeroMQ Welcome The ZeroMQ lightweight messaging kernel is a library which extends the standard socket interfaces with features traditionally provided

The ZeroMQ project 7.9k Aug 8, 2022
A program that implements the forwading of packets from a router.

Nume: Dragne Lavinia-Stefana Grupa: 324 CA PROTOCOALE DE COMUNICATIE Tema #1 - Router Continutul proiectului este urmatorul: - dir

null 1 Jun 22, 2022
GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure Sockets Layer) protocol

GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure Sockets Layer) protocol

Jonathan Bastien-Filiatrault 3 Jun 3, 2021
Minimalistic pipeline buffer

Synopsis pipebuf is as a low‐overhead buffer for command pipelines. Usage pipebuf reads from standard input and writes to standard output, buffering t

Mikael 1 Feb 26, 2022
Minimalistic socket library inspired by Asio/Boost Asio, implemented in 1 single header file

cz-spas czspas (Small Portable Asynchronous Sockets) is minimalistic socket library inspired by Asio/Boost Asio, implemented in 1 single header file.

Rui Figueira 25 Jun 12, 2022
Built a client-server application using TCP and UDP sockets, in which the clients can subscribe/unsubscribe to various topics.

Built a client-server application using TCP and UDP sockets, in which the clients can subscribe/unsubscribe to various topics.

null 1 Jun 22, 2022
WslinkClient is a client intended to communicate with Wslink, which is a unique loader running as a server

WslinkClient WslinkClient is a client intended to communicate with Wslink, which is a unique loader running as a server and executing received modules

ESET 12 Apr 19, 2022
LAppS - Lua Application Server for micro-services with default communication over WebSockets. The fastest and most vertically scalable WebSockets server implementation ever. Low latency C++ <-> Lua stack roundtrip.

LAppS - Lua Application Server This is an attempt to provide very easy to use Lua Application Server working over WebSockets protocol (RFC 6455). LApp

null 47 Apr 25, 2022
Windows named pipe server that forwards connections to given TCP server

PipeTcp An asynchronous Windows named pipe server that forwards connections to given TCP server. Pre-built binaries can be found in Releases. Invocati

Jinoh Kang 4 May 23, 2022
A project designed for the esp8266 D1 Mini or the esp8266 D1 Mini PRO to provide a wifi http server and dns server.

PS4 Server 9.00 This is a project designed for the esp8266 D1 Mini or the esp8266 D1 Mini PRO to provide a wifi http server and dns server. this is fo

null 13 Jun 7, 2022
A C++ header-only HTTP/HTTPS server and client library

cpp-httplib A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include the httplib.h file in your c

null 7.5k Aug 5, 2022
web server that will print hello world on the screen only for linux users

a simple http server side lib only for linux users Note: This lib is currently under development you can check the source code and even use it but dn'

notaweeb 11 Mar 14, 2021
Tiny HTTP Server on C, using only standard libraries

hell_o Linux only. Tiny HTTP Server on C, using only standard libraries. It is unfinished yet, going to add working interface and rewrite handler late

null 3 Feb 1, 2022