Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to enable unrestricted access and to spawn a custom process instead of shell #29

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Option to enable unrestricted access and to spawn a custom process instead of shell #29

wants to merge 4 commits into from

Conversation

1Hyena
Copy link

@1Hyena 1Hyena commented Oct 27, 2017
edited
Loading

In the spirit of websockify and tcpserver, I have added functionality to tinysshd that allows secure connections to a public TCP server (a MUD, for example). If the public server does not implement its own application layer security and only has support for the telnet protocol then providing that much needed security would be really simple thanks to tinysshd.

A couple of new command line parameters were added to tinysshd. They are also documented in the manual:

 -e command
        execute the given command instead of spawning the shell (disables exec channel requests)

 -g username
        enable unrestricted guest access as the specified user in the host system

The most expected use case for this added functionality could be illustrated with the below example:
tcpserver -HRDl0 0.0.0.0 4022 ./tinysshd -g guest -e 'nc localhost 4000' ./tinyssh-keys

MUDs still use the completely insecure telnet protocol (execute telnet stonia.ttu.ee 4000, for example). You will see that it asks sensitive information such as the password to be sent over a plaintext channel. With the help of the proposed features a lot of MUDs could be made more secure without having to change a single line in their codebase. Thanks to the fact that tinyssh is so light weight the integration would go real smoothly just like adding websocket support to a plaintext server with the help of websockify.

This enhancement to tinyssh was mainly inspired by this article.

You can see this in action by running ssh mud.sndd.io.

1Hyena added 4 commits October 27, 2017 14:57
Anonymous logins enabled.
16732f0
TinySSH can now be started in unrestricted mode that allows guest ses…
6a461e4 
…sions. In addition, a command to be executed can be specified with the -e parameter. If set then instead of spawning a shell for new sessions the specified command is executed. Regular exec requests will be rejected if the -e parameter is set.
Added description of new command line parameters to the manual.
1b9ee87
Removed the -u and -U (unrestricted) command line parameters and repl…
41cdb04 
…aced them with the -g option for specifying the username of the guest user. If the guest username is provided then the host system will use that user instead of the one provided by the client. The -g option will allow unrestricted guest access to the host system.
@1Hyena
Copy link
Author

1Hyena commented Mar 1, 2018

@janmojzis
Hi! Please review. Thanks.

This was referenced Mar 9, 2018
Open
Closed
@janmojzis janmojzis force-pushed the master branch 2 times, most recently from 037fe36 to 7926153 Compare January 1, 2019 19:19
@1Hyena
Copy link
Author

1Hyena commented Feb 4, 2019

@janmojzis I've noticed you've pushed some changes that have caused conflicts between my pull request. Do you want me to update the PR accordingly?

@janmojzis janmojzis force-pushed the master branch 2 times, most recently from e76abae to a46acb1 Compare May 15, 2021 09:09
@janmojzis janmojzis mentioned this pull request Jan 4, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@1Hyena