File: README.md

package info (click to toggle)
tinyssh 20230101-1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 2,244 kB
  • sloc: ansic: 12,106; sh: 1,168; python: 479; makefile: 42
file content (65 lines) | stat: -rw-r--r-- 2,689 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
### Introduction ###
* tinysshd is a minimalistic SSH server which implements only a subset of SSHv2 features.
* tinysshd supports only secure cryptography (minimum 128-bit security, protected against cache-timing attacks)
* tinysshd doesn't implement older crypto (such as RSA, DSA, HMAC-MD5, HMAC-SHA1, 3DES, RC4, ...)
* tinysshd doesn't implement unsafe features (such as password or hostbased authentication)
* tinysshd doesn't have features such: SSH1 protocol, compression, port forwarding, agent forwarding, X11 forwarding ...
* tinysshd doesn't use dynamic memory allocation (no allocation failures, etc.)

### Crypto primitives ###
* State-of-the-art crypto: ssh-ed25519, curve25519-sha256, chacha20-poly1305@openssh.com
* Older standard: <strike>ecdsa-sha2-nistp256, ecdh-sha2-nistp256, aes256-ctr, hmac-sha2-256</strike> removed in version 20190101
* Postquantum crypto: sntrup761x25519-sha512@openssh.com, chacha20-poly1305@openssh.com

### Project timelime ###
* <strike>experimental: 2014.01.01 - 2014.12.31 (experimentation)</strike>
* <strike>alpha(updated): 2015.01.01 - 2017.12.31 (not ready for production use, ready for testing)</strike>
* beta(updated): 2018.01.01 - ????.??.?? (ready for production use)
* stable: expected ????.??.?? - (ready for production use - including post-quantum crypto)

### Current release (20220801) ###
* has 62899 words of code
* beta release

### How-to run ###
~~~
       TCPSERVER
              tcpserver -HRDl0 0.0.0.0 22 /usr/sbin/tinysshd -v /etc/tinyssh/sshkeydir &

       BUSYBOX
              busybox tcpsvd 0 22 tinysshd -v /etc/tinyssh/sshkeydir &

       INETD
           /etc/inetd.conf:
               ssh stream tcp nowait root /usr/sbin/tinysshd tinysshd -l -v /etc/tinyssh/sshkeydir

       SYSTEMD
           tinysshd.socket:
               [Unit]
               Description=TinySSH server socket
               ConditionPathExists=!/etc/tinyssh/disable_tinysshd

               [Socket]
               ListenStream=22
               Accept=yes

               [Install]
               WantedBy=sockets.target

           tinysshd@.service:
               [Unit]
               Description=Tiny SSH server
               After=network.target auditd.service

               [Service]
               ExecStartPre=-/usr/sbin/tinysshd-makekey -q /etc/tinyssh/sshkeydir
               EnvironmentFile=-/etc/default/tinysshd
               ExecStart=/usr/sbin/tinysshd ${TINYSSHDOPTS} -- /etc/tinyssh/sshkeydir
               KillMode=process
               SuccessExitStatus=111
               StandardInput=socket
               StandardError=journal

               [Install]
               WantedBy=multi-user.target
~~~