git_clone/handy-sshd
1
0
Fork 0
mirror of https://github.com/nwtgck/handy-sshd.git synced 2025-06-08 07:03:04 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: --allow-direct-streamlocal

Browse source
This commit is contained in:
Ryo Ota 2023-08-11 09:44:31 +09:00
parent 36b1ade1c0
commit 7b324d52e6
1 changed files with 27 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
README.md
View file

@ -41,20 +41,29 @@ handy-sshd --unix-socket /tmp/my-unix-socket --user "john:"
``` ```
## Permissions ## Permissions
**All permissions are allowed when nothing is specified.** There are some permissions. There are several permissions:
* --allow-direct-streamlocal
* --allow-direct-tcpip * --allow-direct-tcpip
* --allow-execute * --allow-execute
* --allow-sftp * --allow-sftp
* --allow-tcpip-forward * --allow-tcpip-forward
Specifying `--allow-direct-tcpip` and `--allow-execute` for example allows only them. **All permissions are allowed when nothing is specified.** The log shows "allowed: " and "NOT allowed: " permissions as follows:
The log shows "allowed: " and "NOT allowed: " permissions as follows.
```console
$ handy-sshd --user "john:"
2023/08/11 09:42:05 INFO listening on :2222...
2023/08/11 09:42:05 INFO allowed: "tcpip-forward", "direct-tcpip", "execute", "sftp", "direct-streamlocal"
2023/08/11 09:42:05 INFO NOT allowed: none
```
For example, specifying `--allow-direct-tcpip` and `--allow-execute` allows only them:
```console ```console
$ handy-sshd --user "john:" --allow-direct-tcpip --allow-execute $ handy-sshd --user "john:" --allow-direct-tcpip --allow-execute
2023/08/09 20:49:35 INFO listening on :2222... 2023/08/11 09:38:58 INFO listening on :2222...
2023/08/09 20:49:35 INFO allowed: "direct-tcpip", "execute" 2023/08/11 09:38:58 INFO allowed: "direct-tcpip", "execute"
2023/08/09 20:49:35 INFO NOT allowed: "tcpip-forward", "sftp" 2023/08/11 09:38:58 INFO NOT allowed: "tcpip-forward", "sftp", "direct-streamlocal"
``` ```
## --help ## --help
@ -66,6 +75,7 @@ Usage:
handy-sshd [flags] handy-sshd [flags]
Flags: Flags:
--allow-direct-streamlocal client can use Unix domain socket local forwarding
--allow-direct-tcpip client can use local forwarding and SOCKS proxy --allow-direct-tcpip client can use local forwarding and SOCKS proxy
--allow-execute client can use shell/interactive shell --allow-execute client can use shell/interactive shell
--allow-sftp client can use SFTP and SSHFS --allow-sftp client can use SFTP and SSHFS
@ -74,7 +84,7 @@ Flags:
--host string SSH server host (e.g. 127.0.0.1) --host string SSH server host (e.g. 127.0.0.1)
-p, --port uint16 SSH server port (default 2222) -p, --port uint16 SSH server port (default 2222)
--shell string Shell --shell string Shell
--unix-socket string Unix-domain socket --unix-socket string Unix domain socket
--user stringArray SSH user name (e.g. "john:mypassword") --user stringArray SSH user name (e.g. "john:mypassword")
-v, --version show version -v, --version show version
``` ```