Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
== Shaft == shaft(1) is a super minimal IPsec tunnel manager for OpenBSD built on top of OpenSSH. shaft is largely derived from OpenSSH's sftp subsystem. Currently shaft is only supported on OpenBSD and requires OpenBSD's ipsecctl(8) utility to operate correctly. In order to build shaft you will need a full checkout of the OpenBSD source tree. # tar zxf src.tar.gz -C /usr/src Additionally ssh must be built in order for shaft to compile successfully $ cd /usr/src/usr.bin/ssh $ make obj $ make depends $ make You will need to copy the shaft source directory to /usr/src/usr.sbin $ git clone git://github.com/kisoku/shaft $ sudo cp -R shaft /usr/src/usr.sbin/ $ cd /usr/src/usr.sbin/shaft $ make obj $ make depend $ sudo make install In order for shaft-server(8) to function you will need to add the following line to /etc/ssh/sshd_config and restart sshd. Subsystem shaft /usr/libexec/shaft-server Shaft is client-server based IPsec tunnel manager that erects a ESP tunnel between two hosts. It uses aesctr as the encryption algorithm and hmac-sha2-256 as the authentication algorithm. Shaft currently requires root privileges on both sides of the connection and will not attempt to rekey, gracefully degrade or buy you a pony. Shaft is under active development. If you want to use shaft to protect traffic between two networks, learn how to use gif(4). == Example == from your client connect to the shaft server. $ sudo shaft firstname.lastname@example.org $ sudo ipsecctl -sa FLOWS: flow esp in from 192.168.254.44 to 192.168.254.98 peer 192.168.254.44 type require flow esp out from 192.168.254.98 to 192.168.254.44 peer 192.168.254.44 type require flow esp in proto tcp from 192.168.254.44 port ssh to 192.168.254.98 type bypass flow esp out proto tcp from 192.168.254.98 to 192.168.254.44 port ssh type bypass SAD: esp tunnel from 192.168.254.44 to 192.168.254.98 spi 0x23b599ef auth hmac-sha2-256 enc aesctr esp tunnel from 192.168.254.98 to 192.168.254.44 spi 0x964f1438 auth hmac-sha2-256 enc aesctr Cut the crap, man, this is Shaft. It is distributed under the terms of the BSD license. Please refer to the source for additional licensing details. Copyright 2010 Mathieu Sauve-Frankel <email@example.com>