update help and log

README.md

@@ -21,25 +21,37 @@ Get more executables in [the releases](https://github.com/nwtgck/handy-sshd/rele
 ## Examples
 
 ```bash
-# Listen on 2222 and accept user name "john" with password "mypassword"
+# Listen on 2222 and accept user name "john" with password "mypass"
-handy-sshd -p 2222 --user "john:mypassword"
+handy-sshd -p 2222 -u john:mypass
 ```
 
 ```bash
 # Listen on 2222 and accept user name "john" without password
-handy-sshd -p 2222 --user "john:"
+handy-sshd -p 2222 -u john:
 ```
 
 ```bash
 # Listen on 2222 and accept users "john" and "alice" without password
-handy-sshd -p 2222 --user "john:" --user "alice:"
+handy-sshd -p 2222 -u john: -u alice:
 ```
 
 ```bash
 # Listen on unix domain socket
-handy-sshd --unix-socket /tmp/my-unix-socket --user "john:"
+handy-sshd --unix-socket /tmp/my-unix-socket -u john:
 ```
 
+## Features
+An SSH client can use
+* Shell/Interactive shell
+* Local port forwarding (ssh -L)
+* Remote port forwarding (ssh -R)
+* [SOCKS proxy](https://wikipedia.org/wiki/SOCKS) (dynamic port forwarding)
+* SFTP
+* [SSHFS](https://wikipedia.org/wiki/SSHFS)
+* Unix domain socket (local/remote port forwarding)
+
+All features are enabled by default. You can allow only some of them using permission flags.
+
 ## Permissions
 There are several permissions:
 * --allow-direct-streamlocal
@@ -52,7 +64,7 @@ There are several permissions:
 **All permissions are allowed when nothing is specified.** The log shows "allowed: " and "NOT allowed: " permissions as follows:
 
 ```console
-$ handy-sshd --user "john:"
+$ handy-sshd -u "john:"
 2023/08/11 11:40:44 INFO listening on :2222...
 2023/08/11 11:40:44 INFO allowed: "tcpip-forward", "direct-tcpip", "execute", "sftp", "streamlocal-forward", "direct-streamlocal"
 2023/08/11 11:40:44 INFO NOT allowed: none
@@ -61,7 +73,7 @@ $ handy-sshd --user "john:"
 For example, specifying `--allow-direct-tcpip` and `--allow-execute` allows only them:
 
 ```console
-$ handy-sshd --user "john:" --allow-direct-tcpip --allow-execute
+$ handy-sshd -u "john:" --allow-direct-tcpip --allow-execute
 2023/08/11 11:41:03 INFO listening on :2222...
 2023/08/11 11:41:03 INFO allowed: "direct-tcpip", "execute"
 2023/08/11 11:41:03 INFO NOT allowed: "tcpip-forward", "sftp", "streamlocal-forward", "direct-streamlocal"
@@ -75,18 +87,29 @@ Portable SSH server
 Usage:
   handy-sshd [flags]
 
+Examples:
+# Listen on 2222 and accept user name "john" with password "mypass"
+handy-sshd -u john:mypass
+
+# Listen on 22 and accept the user without password
+handy-sshd -p 22 -u john:
+
+Permissions:
+All permissions are allowed by default.
+For example, specifying --allow-direct-tcpip and --allow-execute allows only them.
+
 Flags:
-      --allow-direct-streamlocal    client can use Unix domain socket local forwarding
+      --allow-direct-streamlocal    client can use Unix domain socket local forwarding (ssh -L)
-      --allow-direct-tcpip          client can use local forwarding and SOCKS proxy
+      --allow-direct-tcpip          client can use local forwarding (ssh -L) and SOCKS proxy (ssh -D)
       --allow-execute               client can use shell/interactive shell
       --allow-sftp                  client can use SFTP and SSHFS
-      --allow-streamlocal-forward   client can use Unix domain socket remote forwarding
+      --allow-streamlocal-forward   client can use Unix domain socket remote forwarding (ssh -R)
-      --allow-tcpip-forward         client can use remote forwarding
+      --allow-tcpip-forward         client can use remote forwarding (ssh -R)
   -h, --help                        help for handy-sshd
-      --host string                 SSH server host (e.g. 127.0.0.1)
+      --host string                 SSH server host to listen (e.g. 127.0.0.1)
-  -p, --port uint16                 SSH server port (default 2222)
+  -p, --port uint16                 port to listen (default 2222)
       --shell string                Shell
-      --unix-socket string          Unix domain socket
+      --unix-socket string          Unix domain socket to listen
-      --user stringArray            SSH user name (e.g. "john:mypassword")
+  -u, --user stringArray            SSH user name (e.g. "john:mypassword")
   -v, --version                     show version
 ```

cmd/root.go

@@ -59,27 +59,36 @@ func RootCmd() *cobra.Command {
 		Short:        "handy-sshd",
 		Long:         "Portable SSH server",
 		SilenceUsage: true,
+		Example: `# Listen on 2222 and accept user name "john" with password "mypass"
+handy-sshd -u john:mypass
+
+# Listen on 22 and accept the user without password
+handy-sshd -p 22 -u john:
+
+Permissions:
+All permissions are allowed by default.
+For example, specifying --allow-direct-tcpip and --allow-execute allows only them.`,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			return rootRunEWithExtra(cmd, args, &flag, allPermissionFlags)
 		},
 	}
 
 	rootCmd.PersistentFlags().BoolVarP(&flag.showsVersion, "version", "v", false, "show version")
-	rootCmd.PersistentFlags().StringVarP(&flag.sshHost, "host", "", "", "SSH server host (e.g. 127.0.0.1)")
+	rootCmd.PersistentFlags().StringVarP(&flag.sshHost, "host", "", "", "SSH server host to listen (e.g. 127.0.0.1)")
-	rootCmd.PersistentFlags().Uint16VarP(&flag.sshPort, "port", "p", 2222, "SSH server port")
+	rootCmd.PersistentFlags().Uint16VarP(&flag.sshPort, "port", "p", 2222, "port to listen")
 	// NOTE: long name 'unix-socket' is from curl (ref: https://curl.se/docs/manpage.html)
-	rootCmd.PersistentFlags().StringVarP(&flag.sshUnixSocket, "unix-socket", "", "", "Unix domain socket")
+	rootCmd.PersistentFlags().StringVarP(&flag.sshUnixSocket, "unix-socket", "", "", "Unix domain socket to listen")
 	rootCmd.PersistentFlags().StringVarP(&flag.sshShell, "shell", "", "", "Shell")
 	//rootCmd.PersistentFlags().StringVar(&flag.dnsServer, "dns-server", "", "DNS server (e.g. 1.1.1.1:53)")
-	rootCmd.PersistentFlags().StringArrayVarP(&flag.sshUsers, "user", "", nil, `SSH user name (e.g. "john:mypassword")`)
+	rootCmd.PersistentFlags().StringArrayVarP(&flag.sshUsers, "user", "u", nil, `SSH user name (e.g. "john:mypassword")`)
 
 	// Permission flags
-	rootCmd.PersistentFlags().BoolVarP(&flag.allowTcpipForward, "allow-tcpip-forward", "", false, "client can use remote forwarding")
+	rootCmd.PersistentFlags().BoolVarP(&flag.allowTcpipForward, "allow-tcpip-forward", "", false, "client can use remote forwarding (ssh -R)")
-	rootCmd.PersistentFlags().BoolVarP(&flag.allowDirectTcpip, "allow-direct-tcpip", "", false, "client can use local forwarding and SOCKS proxy")
+	rootCmd.PersistentFlags().BoolVarP(&flag.allowDirectTcpip, "allow-direct-tcpip", "", false, "client can use local forwarding (ssh -L) and SOCKS proxy (ssh -D)")
 	rootCmd.PersistentFlags().BoolVarP(&flag.allowExecute, "allow-execute", "", false, "client can use shell/interactive shell")
 	rootCmd.PersistentFlags().BoolVarP(&flag.allowSftp, "allow-sftp", "", false, "client can use SFTP and SSHFS")
-	rootCmd.PersistentFlags().BoolVarP(&flag.allowStreamlocalForward, "allow-streamlocal-forward", "", false, "client can use Unix domain socket remote forwarding")
+	rootCmd.PersistentFlags().BoolVarP(&flag.allowStreamlocalForward, "allow-streamlocal-forward", "", false, "client can use Unix domain socket remote forwarding (ssh -R)")
-	rootCmd.PersistentFlags().BoolVarP(&flag.allowDirectStreamlocal, "allow-direct-streamlocal", "", false, "client can use Unix domain socket local forwarding")
+	rootCmd.PersistentFlags().BoolVarP(&flag.allowDirectStreamlocal, "allow-direct-streamlocal", "", false, "client can use Unix domain socket local forwarding (ssh -L)")
 
 	return &rootCmd
 }

server.go

@@ -123,7 +123,7 @@ func (s *Server) handleSession(shell string, newChannel ssh.NewChannel) {
 		case "subsystem":
 			s.handleSessionSubSystem(req, connection)
 		default:
-			s.Logger.Info("unknown request", "req_type", req.Type)
+			s.Logger.Info("unsupported request", "req_type", req.Type)
 		}
 	}
 }