7413539965
* Move password authentication handling into sshd/auth (fixes #394). Password authentication is now completely handeled in Auth. The normal keyboard-interactive handler checks if passwords are supported and asks for them, removing the need to override the callbacks. Brute force throttling is removed; I'd like to base it on IP address banning, which requires changes to the checks. I'm not sure, but I think timing attacks against the password are fixed: - The hashing of the real password happens only at startup. - The hashing of a provided password is something an attacker can do themselves; It doesn't leak anything about the real password. - The hash comparison is constant-time. * refactor checks, IP-ban incorrect passphrases, renames - s/assword/assphrase/, typo fixes - bans are checked separately from public keys - an incorrect passphrase results in a one-minute IP ban - whitelists no longer override bans (i.e. you can get banned if you're whitelisted) * (hopefully) final changes
ssh-chat
Custom SSH server written in Go. Instead of a shell, you get a chat prompt.
Demo
Join the party:
$ ssh ssh.chat
Please abide by our project's Code of Conduct while participating in chat.
The server's RSA key fingerprint is MD5:e5:d5:d1:75:90:38:42:f6:c7:03:d7:d0:56:7d:6a:db or SHA256:HQDLlZsXL3t0lV5CHM0OXeZ5O6PcfHuzkS8cRbbTLBI. If you see something different, you might be MITM'd.
(Apologies if the server is down, try again shortly.)
Downloading a release
Recent releases include builds for MacOS (darwin/amd64) and Linux (386, amd64, and ARM6 for your RaspberryPi).
Grab the latest binary release here.
Play around with it. Additional deploy examples are here.
Compiling / Developing
Most people just want the latest binary release. If you're sure you want to compile it from source, read on:
You can compile ssh-chat by using make build. The resulting binary is portable and
can be run on any system with a similar OS and CPU arch. Go 1.8 or higher is required to compile.
If you're developing on this repo, there is a handy Makefile that should set
things up with make run.
Additionally, make debug runs the server with an http pprof server. This allows you to open
http://localhost:6060/debug/pprof/ and view profiling data. See
net/http/pprof for more information about pprof.
Quick Start
Usage:
ssh-chat [OPTIONS]
Application Options:
-v, --verbose Show verbose logging.
--version Print version and exit.
-i, --identity= Private key to identify server with. (default: ~/.ssh/id_rsa)
--bind= Host and port to listen on. (default: 0.0.0.0:2022)
--admin= File of public keys who are admins.
--whitelist= Optional file of public keys who are allowed to connect.
--motd= Optional Message of the Day file.
--log= Write chat log to this file.
--pprof= Enable pprof http server for profiling.
Help Options:
-h, --help Show this help message
After doing go get github.com/shazow/ssh-chat/... on this repo, you should be able
to run a command like:
$ ssh-chat --verbose --bind ":22" --identity ~/.ssh/id_dsa
To bind on port 22, you'll need to make sure it's free (move any other ssh daemons to another port) and run ssh-chat as root (or with sudo).
Frequently Asked Questions
The FAQs can be found on the project's Wiki page. Feel free to submit more questions to be answered and added to the page.
License
MIT