Lib.rs

Cryptography
#ssh-client #client-server #ssh #sftp-client #remote #unix-socket #forwarding

russh

A client and server SSH library

by Eugene, Pierre-Etienne Meunier and 51 contributors

57 releases (13 breaking)

new 0.47.0-beta.1 Nov 5, 2024
0.46.0-beta.4 Aug 22, 2024
0.44.0 Jul 18, 2024
0.43.0 Mar 21, 2024
0.34.0-beta.2 Mar 19, 2022

#38 in Cryptography

Download history 10810/week @ 2024-07-18 10432/week @ 2024-07-25 9099/week @ 2024-08-01 10220/week @ 2024-08-08 12985/week @ 2024-08-15 11880/week @ 2024-08-22 10231/week @ 2024-08-29 11915/week @ 2024-09-05 12333/week @ 2024-09-12 11897/week @ 2024-09-19 12468/week @ 2024-09-26 11867/week @ 2024-10-03 13125/week @ 2024-10-10 13307/week @ 2024-10-17 11589/week @ 2024-10-24 10134/week @ 2024-10-31

50,763 downloads per month
Used in 24 crates (22 directly)

Apache-2.0

630KB
14K SLoC

Russh

Rust All Contributors

Low-level Tokio SSH2 client and server implementation.

Examples: simple client, interactive PTY client, server, SFTP client, SFTP server.

This is a fork of Thrussh by Pierre-Étienne Meunier.

✨ = added in Russh

  • More panic safety
  • async_trait support ✨
  • direct-tcpip (local port forwarding)
  • forward-tcpip (remote port forwarding) ✨
  • direct-streamlocal (local UNIX socket forwarding, client only) ✨
  • forward-streamlocal (remote UNIX socket forwarding) ✨
  • Ciphers:
    • chacha20-poly1305@openssh.com
    • aes256-gcm@openssh.com
    • aes256-ctr
    • aes192-ctr
    • aes128-ctr
    • aes256-cbc
    • aes192-cbc
    • aes128-cbc
    • 3des-cbc
  • Key exchanges:
    • curve25519-sha256@libssh.org
    • diffie-hellman-group1-sha1
    • diffie-hellman-group14-sha1
    • diffie-hellman-group14-sha256
    • diffie-hellman-group16-sha512
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521
  • MACs:
    • hmac-sha1
    • hmac-sha2-256
    • hmac-sha2-512
    • hmac-sha1-etm@openssh.com
    • hmac-sha2-256-etm@openssh.com
    • hmac-sha2-512-etm@openssh.com
  • Host keys and public key auth:
    • ssh-ed25519
    • rsa-sha2-256
    • rsa-sha2-512
    • ssh-rsa
    • ecdsa-sha2-nistp256
    • ecdsa-sha2-nistp384
    • ecdsa-sha2-nistp521
  • Authentication methods:
    • password
    • publickey
    • keyboard-interactive
    • none
    • OpenSSH certificates ✨
  • Dependency updates
  • OpenSSH keepalive request handling ✨
  • OpenSSH agent forwarding channels ✨
  • OpenSSH server-sig-algs extension ✨

Safety

  • deny(clippy::unwrap_used)
  • deny(clippy::expect_used)
  • deny(clippy::indexing_slicing)
  • deny(clippy::panic)
  • Exceptions are checked manually

Panics

  • When the Rust allocator fails to allocate memory during a CryptoVec being resized.
  • When mlock/munlock fails to protect sensitive data in memory.

Unsafe code

  • cryptovec uses unsafe for faster copying, initialization and binding to native API.

Ecosystem

  • russh-sftp - server-side and client-side SFTP subsystem support for russh - see russh/examples/sftp_server.rs or russh/examples/sftp_client.rs.
  • async-ssh2-tokio - simple high-level API for running commands over SSH.

Adopters

  • HexPatch - A binary patcher and editor written in Rust with terminal user interface (TUI).
    • Uses russh::client and russh_sftp::client to allow remote editing of files.
  • kartoffels - A game where you're given a potato and your job is to implement a firmware for it
    • Uses russh:server to deliver the game, using ratatui as the rendering engine.
  • kty - The terminal for Kubernetes.
    • Uses russh::server to deliver the ratatui based TUI and russh_sftp::server to provide scp based file management.
  • lapdev - Self-Hosted Remote Dev Environment
    • Uses russh::server to construct a proxy into your development environment.
  • medusa - A fast and secure multi protocol honeypot.
    • Uses russh::server to be the basis of the honyepot.
  • rebels-in-the-sky - P2P terminal game about spacepirates playing basketball across the galaxy
    • Uses russh::server to deliver the game, using ratatui as the rendering engine.
  • warpgate - Smart SSH, HTTPS and MySQL bastion that requires no additional client-side software
    • Uses russh::server in addition to russh::client as part of the smart SSH functionality.
  • Devolutions Gateway - Establish a secure entry point for internal or external segmented networks that require authorized just-in-time (JIT) access.
    • Uses russh::client for the web-based SSH client of the standalone web application.

Contributors ✨

Thanks goes to these wonderful people (emoji key):

Mihir Samdarshi
Mihir Samdarshi
📖		 Connor Peet
Connor Peet
💻		 KVZN
KVZN
💻		 Adrian Müller (DTT)
Adrian Müller (DTT)
💻		 Simone Margaritelli
Simone Margaritelli
💻		 Joe Grund
Joe Grund
💻		 AspectUnk
AspectUnk
💻
Simão Mata
Simão Mata
💻		 Mariotaku
Mariotaku
💻		 yorkz1994
yorkz1994
💻		 Ciprian Dorin Craciun
Ciprian Dorin Craciun
💻		 Eric Milliken
Eric Milliken
💻		 Swelio
Swelio
💻		 Joshua Benz
Joshua Benz
💻
Jan Holthuis
Jan Holthuis
🛡️		 mateuszkj
mateuszkj
💻		 Saksham Mittal
Saksham Mittal
💻		 Lucas Kent
Lucas Kent
💻		 Raphael Druon
Raphael Druon
💻		 Maya the bee
Maya the bee
💻		 Milo Mirate
Milo Mirate
💻
George Hopkins
George Hopkins
💻		 Åke Amcoff
Åke Amcoff
💻		 Brendon Ho
Brendon Ho
💻		 Samuel Ainsworth
Samuel Ainsworth
💻		 Sherlock Holo
Sherlock Holo
💻		 Alessandro Ricottone
Alessandro Ricottone
💻		 T0b1-iOS
T0b1-iOS
💻
Shoaib Merchant
Shoaib Merchant
💻		 Michael Gleason
Michael Gleason
💻		 Ana Gelez
Ana Gelez
💻		 Tom König
Tom König
💻		 Pierre Barre
Pierre Barre
💻		 Jean-Baptiste Skutnik
Jean-Baptiste Skutnik
💻		 Adam Chappell
Adam Chappell
💻
Yaroslav Bolyukin
Yaroslav Bolyukin
💻		 Julian
Julian
💻		 Thomas Rampelberg
Thomas Rampelberg
💻		 Kaleb Elwert
Kaleb Elwert
📖		 Gary Guo
Gary Guo
💻		 irvingouj @ Devolutions
irvingouj @ Devolutions
💻		 Toni Peter
Toni Peter
💻
Nathaniel Bajo
Nathaniel Bajo
💻

This project follows the all-contributors specification. Contributions of any kind welcome!

Dependencies

~14–44MB
~704K SLoC