git_clone/handy-sshd
1
0
Fork 0
mirror of https://github.com/nwtgck/handy-sshd.git synced 2025-06-07 22:53:05 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

update help and log

Browse source
This commit is contained in:
Ryo Ota 2023-08-11 16:24:59 +09:00
parent d3a0a420f4
commit edfd9533f3
3 changed files with 56 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
README.md
View file

@ -21,25 +21,37 @@ Get more executables in [the releases](https://github.com/nwtgck/handy-sshd/rele
## Examples
```bash
# Listen on 2222 and accept user name "john" with password "mypassword"
handy-sshd -p 2222 --user "john:mypassword"
# Listen on 2222 and accept user name "john" with password "mypass"
handy-sshd -p 2222 -u john:mypass
```
```bash
# Listen on 2222 and accept user name "john" without password
handy-sshd -p 2222 --user "john:"
handy-sshd -p 2222 -u john:
```
```bash
# Listen on 2222 and accept users "john" and "alice" without password
handy-sshd -p 2222 --user "john:" --user "alice:"
handy-sshd -p 2222 -u john: -u alice:
```
```bash
# Listen on unix domain socket
handy-sshd --unix-socket /tmp/my-unix-socket --user "john:"
handy-sshd --unix-socket /tmp/my-unix-socket -u john:
```
## Features
An SSH client can use
* Shell/Interactive shell
* Local port forwarding (ssh -L)
* Remote port forwarding (ssh -R)
* [SOCKS proxy](https://wikipedia.org/wiki/SOCKS) (dynamic port forwarding)
* SFTP
* [SSHFS](https://wikipedia.org/wiki/SSHFS)
* Unix domain socket (local/remote port forwarding)
All features are enabled by default. You can allow only some of them using permission flags.
## Permissions
There are several permissions:
* --allow-direct-streamlocal
@ -52,7 +64,7 @@ There are several permissions:
**All permissions are allowed when nothing is specified.** The log shows "allowed: " and "NOT allowed: " permissions as follows:
```console
$ handy-sshd --user "john:"
$ handy-sshd -u "john:"
2023/08/11 11:40:44 INFO listening on :2222...
2023/08/11 11:40:44 INFO allowed: "tcpip-forward", "direct-tcpip", "execute", "sftp", "streamlocal-forward", "direct-streamlocal"
2023/08/11 11:40:44 INFO NOT allowed: none
@ -61,7 +73,7 @@ $ handy-sshd --user "john:"
For example, specifying `--allow-direct-tcpip` and `--allow-execute` allows only them:
```console
$ handy-sshd --user "john:" --allow-direct-tcpip --allow-execute
$ handy-sshd -u "john:" --allow-direct-tcpip --allow-execute
2023/08/11 11:41:03 INFO listening on :2222...
2023/08/11 11:41:03 INFO allowed: "direct-tcpip", "execute"
2023/08/11 11:41:03 INFO NOT allowed: "tcpip-forward", "sftp", "streamlocal-forward", "direct-streamlocal"
@ -75,18 +87,29 @@ Portable SSH server
Usage:
handy-sshd [flags]
Examples:
# Listen on 2222 and accept user name "john" with password "mypass"
handy-sshd -u john:mypass
# Listen on 22 and accept the user without password
handy-sshd -p 22 -u john:
Permissions:
All permissions are allowed by default.
For example, specifying --allow-direct-tcpip and --allow-execute allows only them.
Flags:
--allow-direct-streamlocal client can use Unix domain socket local forwarding
--allow-direct-tcpip client can use local forwarding and SOCKS proxy
--allow-direct-streamlocal client can use Unix domain socket local forwarding (ssh -L)
--allow-direct-tcpip client can use local forwarding (ssh -L) and SOCKS proxy (ssh -D)
--allow-execute client can use shell/interactive shell
--allow-sftp client can use SFTP and SSHFS
--allow-streamlocal-forward client can use Unix domain socket remote forwarding
--allow-tcpip-forward client can use remote forwarding
--allow-streamlocal-forward client can use Unix domain socket remote forwarding (ssh -R)
--allow-tcpip-forward client can use remote forwarding (ssh -R)
-h, --help help for handy-sshd
--host string SSH server host (e.g. 127.0.0.1)
-p, --port uint16 SSH server port (default 2222)
--host string SSH server host to listen (e.g. 127.0.0.1)
-p, --port uint16 port to listen (default 2222)
--shell string Shell
--unix-socket string Unix domain socket
--user stringArray SSH user name (e.g. "john:mypassword")
--unix-socket string Unix domain socket to listen
-u, --user stringArray SSH user name (e.g. "john:mypassword")
-v, --version show version
```

25
cmd/root.go
View file

@ -59,27 +59,36 @@ func RootCmd() *cobra.Command {
Short: "handy-sshd",
Long: "Portable SSH server",
SilenceUsage: true,
Example: `# Listen on 2222 and accept user name "john" with password "mypass"
handy-sshd -u john:mypass
# Listen on 22 and accept the user without password
handy-sshd -p 22 -u john:
Permissions:
All permissions are allowed by default.
For example, specifying --allow-direct-tcpip and --allow-execute allows only them.`,
RunE: func(cmd *cobra.Command, args []string) error {
return rootRunEWithExtra(cmd, args, &flag, allPermissionFlags)
},
}
rootCmd.PersistentFlags().BoolVarP(&flag.showsVersion, "version", "v", false, "show version")
rootCmd.PersistentFlags().StringVarP(&flag.sshHost, "host", "", "", "SSH server host (e.g. 127.0.0.1)")
rootCmd.PersistentFlags().Uint16VarP(&flag.sshPort, "port", "p", 2222, "SSH server port")
rootCmd.PersistentFlags().StringVarP(&flag.sshHost, "host", "", "", "SSH server host to listen (e.g. 127.0.0.1)")
rootCmd.PersistentFlags().Uint16VarP(&flag.sshPort, "port", "p", 2222, "port to listen")
// NOTE: long name 'unix-socket' is from curl (ref: https://curl.se/docs/manpage.html)
rootCmd.PersistentFlags().StringVarP(&flag.sshUnixSocket, "unix-socket", "", "", "Unix domain socket")
rootCmd.PersistentFlags().StringVarP(&flag.sshUnixSocket, "unix-socket", "", "", "Unix domain socket to listen")
rootCmd.PersistentFlags().StringVarP(&flag.sshShell, "shell", "", "", "Shell")
//rootCmd.PersistentFlags().StringVar(&flag.dnsServer, "dns-server", "", "DNS server (e.g. 1.1.1.1:53)")
rootCmd.PersistentFlags().StringArrayVarP(&flag.sshUsers, "user", "", nil, `SSH user name (e.g. "john:mypassword")`)
rootCmd.PersistentFlags().StringArrayVarP(&flag.sshUsers, "user", "u", nil, `SSH user name (e.g. "john:mypassword")`)
// Permission flags
rootCmd.PersistentFlags().BoolVarP(&flag.allowTcpipForward, "allow-tcpip-forward", "", false, "client can use remote forwarding")
rootCmd.PersistentFlags().BoolVarP(&flag.allowDirectTcpip, "allow-direct-tcpip", "", false, "client can use local forwarding and SOCKS proxy")
rootCmd.PersistentFlags().BoolVarP(&flag.allowTcpipForward, "allow-tcpip-forward", "", false, "client can use remote forwarding (ssh -R)")
rootCmd.PersistentFlags().BoolVarP(&flag.allowDirectTcpip, "allow-direct-tcpip", "", false, "client can use local forwarding (ssh -L) and SOCKS proxy (ssh -D)")
rootCmd.PersistentFlags().BoolVarP(&flag.allowExecute, "allow-execute", "", false, "client can use shell/interactive shell")
rootCmd.PersistentFlags().BoolVarP(&flag.allowSftp, "allow-sftp", "", false, "client can use SFTP and SSHFS")
rootCmd.PersistentFlags().BoolVarP(&flag.allowStreamlocalForward, "allow-streamlocal-forward", "", false, "client can use Unix domain socket remote forwarding")
rootCmd.PersistentFlags().BoolVarP(&flag.allowDirectStreamlocal, "allow-direct-streamlocal", "", false, "client can use Unix domain socket local forwarding")
rootCmd.PersistentFlags().BoolVarP(&flag.allowStreamlocalForward, "allow-streamlocal-forward", "", false, "client can use Unix domain socket remote forwarding (ssh -R)")
rootCmd.PersistentFlags().BoolVarP(&flag.allowDirectStreamlocal, "allow-direct-streamlocal", "", false, "client can use Unix domain socket local forwarding (ssh -L)")
return &rootCmd
}

2
server.go
View file

@ -123,7 +123,7 @@ func (s *Server) handleSession(shell string, newChannel ssh.NewChannel) {
case "subsystem":
s.handleSessionSubSystem(req, connection)
default:
s.Logger.Info("unknown request", "req_type", req.Type)
s.Logger.Info("unsupported request", "req_type", req.Type)
}
}
}