New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to enable unrestricted access and to spawn a custom process instead of shell #29

wants to merge 4 commits into
base: master


None yet
1 participant
Copy link

1Hyena commented Oct 27, 2017

In the spirit of websockify and tcpserver, I have added functionality to tinysshd that allows secure connections to a public TCP server (a MUD, for example). If the public server does not implement its own application layer security and only has support for the telnet protocol then providing that much needed security would be really simple thanks to tinysshd.

A couple of new command line parameters were added to tinysshd. They are also documented in the manual:

 -e command
        execute the given command instead of spawning the shell (disables exec channel requests)

 -g username
        enable unrestricted guest access as the specified user in the host system

The most expected use case for this added functionality could be illustrated with the below example:
tcpserver -HRDl0 4022 ./tinysshd -g guest -e 'nc localhost 4000' ./tinyssh-keys

MUDs still use the completely insecure telnet protocol (execute telnet 4000, for example). You will see that it asks sensitive information such as the password to be sent over a plaintext channel. With the help of the proposed features a lot of MUDs could be made more secure without having to change a single line in their codebase. Thanks to the fact that tinyssh is so light weight the integration would go real smoothly just like adding websocket support to a plaintext server with the help of websockify.

This enhancement to tinyssh was mainly inspired by this article.

You can see this in action by running ssh

1Hyena added some commits Oct 27, 2017

TinySSH can now be started in unrestricted mode that allows guest ses…
…sions. In addition, a command to be executed can be specified with the -e parameter. If set then instead of spawning a shell for new sessions the specified command is executed. Regular exec requests will be rejected if the -e parameter is set.
Removed the -u and -U (unrestricted) command line parameters and repl…
…aced them with the -g option for specifying the username of the guest user. If the guest username is provided then the host system will use that user instead of the one provided by the client. The -g option will allow unrestricted guest access to the host system.

This comment has been minimized.

Copy link

1Hyena commented Mar 1, 2018

Hi! Please review. Thanks.

@janmojzis janmojzis force-pushed the janmojzis:master branch 2 times, most recently from 037fe36 to 7926153 Jan 1, 2019


This comment has been minimized.

Copy link

1Hyena commented Feb 4, 2019

@janmojzis I've noticed you've pushed some changes that have caused conflicts between my pull request. Do you want me to update the PR accordingly?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment