Make SSH apps, just like that! 💫
SSH is an excellent platform to build remotely accessible applications on. It offers:
- secure communication without the hassle of HTTPS certificates
- user identification with SSH keys
- accessiblity from anywhere with a terminal
Powerful protocols like Git work over SSH and you can even render TUIs directly over an SSH connection.
Wish is an SSH server with sensible defaults and a collection of middlewares that makes building SSH apps easy. Wish is built on gliderlabs/ssh and should be easy to integrate into any existing projects.
What are SSH Apps?
Usually, when we think about SSH, we think about remote shell access into servers,
most commonly through
That's a perfectly valid and probably the most common use of SSH, but it can do so much more than that. Just like HTTP, SMTP, FTP and others, SSH is a protocol! It is a cryptographic network protocol for operating network services securely over an unsecured network. 1
That means, among other things, that we can write custom SSH servers without touching
so we can securely do more things than just providing a shell.
Wish is a library that helps writing these kind of apps using Go.
Wish middlewares are analogous to those in several HTTP frameworks. They are essentially SSH handlers that you can use to do specific tasks, and then call the next middleware.
Notice that middlewares are composed from first to last, which means the last one is executed first.
bubbletea middleware makes it easy to serve any
Bubble Tea application over SSH. Each SSH session will get their own
tea.Program with the SSH pty input and output connected. Client window
dimension and resize messages are also natively handled by the
You can see a demo of the Wish middleware in action at:
git middleware adds
git server functionality to any ssh server.
It supports repo creation on initial push and custom public key based auth.
This middleware requires that
git is installed on the server.
logging middleware provides basic connection logging. Connects
are logged with the remote address, invoked command, TERM setting, window
dimensions and if the auth was public key based. Disconnect will log the remote
address and connection duration.
Not all applications will support general SSH connections. To restrict access
to supported methods, you can use the
activeterm middleware to
only allow connections with active terminals connected and the
accesscontrol middleware that lets you specify allowed
Wish includes the ability to easily create an always authenticating default SSH server with automatic server key generation.
Apps Built With Wish
When building various Wish applications locally you can add the following to
~/.ssh/config to avoid having to clear out
localhost entries in your
How it works?
Wish uses gliderlabs/ssh to implement its SSH server, and OpenSSH is never used nor needed — you can even uninstall it if you want to.
Incidentally, there's no risk of accidentally sharing a shell because there's no default behavior that does that on Wish.
Running with SystemD
If you want to run a Wish app with
systemd, you can create an unit like so:
You can tune the values below, and once you're happy with them, you can run:
# need to run this every time you change the unit file
sudo systemctl daemon-reload
sudo systemctl start myapp
If you use a new user for each app (which is good), you'll need to create them first:
useradd --system --user-group --create-home myapp
That should do it.
We’d love to hear your thoughts on this project. Feel free to drop us a note!
Part of Charm.
Charm热爱开源 • Charm loves open source