ringtailsoftware/misshod
MiSSHod is a minimal, experimental SSH client and server implemented as a library
misshod. (ˌmɪsˈʃɒd). adj. badly shod
MiSSHod is a minimal, experimental SSH client and server implemented as a library.
It has been tested with both OpenSSH and Dropbear.
MiSSHod is not secure, it should not be used in real world systems
It aims to be:
Features
MiSSHod requires Zig 0.14.0.
To build mssh
, a command line SSH client for Mac/Linux
zig build test
cd mssh
zig build
./zig-out/bin/mssh
./zig-out/bin/mssh <username@host> <port> [idfile]
To run a test SSH server (dropbear) in docker
cd testserver
./sshserver
Login with password auth, ("password")
./zig-out/bin/mssh [email protected] 2022
# Same as: ssh -p 2022 [email protected]
Login with pubkey auth using a passwordless private key
./zig-out/bin/mssh [email protected] 2022 ../testserver/id_ed25519_passwordless
# Same as: ssh -p 2022 [email protected] -i ../testserver/id_ed25519_passwordless
Login with pubkey auth using a password protected private key ("secretpassword")
./zig-out/bin/mssh [email protected] 2022 ../testserver/id_ed25519_passworded
# Same as: ssh -p 2022 [email protected] -i ../testserver/id_ed25519_passworded
msshd
is a toy ssh server. It handles one connection at a time and echoes back received data with "You said X".
To build msshd
cd msshd
zig build
./zig-out/bin/msshd
./zig-out/bin/msshd <port> <hostkey>
To run the server
./zig-out/bin/msshd 2022 ../testserver/id_ed25519_passwordless
Server listening on port 2022
Connect using OpenSSH
ssh -p 2022 [email protected]
By default the server will accept any public key offered. Typically, OpenSSH offers all available keys, so it will be able to login immediately. This can be changed in msshd/src/main.zig
. Typically, a real server would check the user's authorized_keys
file.
Connect using mssh
using pubkey auth (key password is "secretpassword")
cd mssh
zig build run -- [email protected] 2022 ../testserver/id_ed25519_passworded
Connect using mssh
using password auth (any password matching username will be accepted, so "foo" here)
cd mssh
zig build run -- [email protected] 2022
As a proof of concept, the tiny
example logs into the test server but contains no socket code. Instead, it uses stdout and stdin. To run it via socat
:
zig build && socat TCP4:127.0.0.1:2022 EXEC:./zig-out/bin/tiny
Tiny uses a weaker PRNG, a fixed buffer allocator and does no file I/O.
MiSSHod is not secure, it should not be used in real world systems
MiSSHod was developed rapidly. The main aim was to get it working and learn something along the way. I don't know what's next, but hopefully you can learn something too by looking at a small SSH implementation.
It's entirely undocumented and there aren't enough tests. The IO systems are a bit arcane, as I've tried wherever possible to avoid using excess RAM.