57 releases (13 breaking)

new 0.47.0-beta.1 Nov 5, 2024
0.46.0-beta.4 Aug 22, 2024
0.44.0 Jul 18, 2024
0.43.0 Mar 21, 2024
0.34.0-beta.2 Mar 19, 2022

#38 in Cryptography

Download history 10810/week @ 2024-07-18 10432/week @ 2024-07-25 9099/week @ 2024-08-01 10220/week @ 2024-08-08 12985/week @ 2024-08-15 11880/week @ 2024-08-22 10231/week @ 2024-08-29 11915/week @ 2024-09-05 12333/week @ 2024-09-12 11897/week @ 2024-09-19 12468/week @ 2024-09-26 11867/week @ 2024-10-03 13125/week @ 2024-10-10 13307/week @ 2024-10-17 11589/week @ 2024-10-24 10134/week @ 2024-10-31

50,763 downloads per month
Used in 24 crates (22 directly)

Apache-2.0

630KB
14K SLoC

Russh

Rust All Contributors

Low-level Tokio SSH2 client and server implementation.

Examples: simple client, interactive PTY client, server, SFTP client, SFTP server.

This is a fork of Thrussh by Pierre-Étienne Meunier.

✨ = added in Russh

  • More panic safety
  • async_trait support ✨
  • direct-tcpip (local port forwarding)
  • forward-tcpip (remote port forwarding) ✨
  • direct-streamlocal (local UNIX socket forwarding, client only) ✨
  • forward-streamlocal (remote UNIX socket forwarding) ✨
  • Ciphers:
    • chacha20-poly1305@openssh.com
    • aes256-gcm@openssh.com
    • aes256-ctr
    • aes192-ctr
    • aes128-ctr
    • aes256-cbc
    • aes192-cbc
    • aes128-cbc
    • 3des-cbc
  • Key exchanges:
    • curve25519-sha256@libssh.org
    • diffie-hellman-group1-sha1
    • diffie-hellman-group14-sha1
    • diffie-hellman-group14-sha256
    • diffie-hellman-group16-sha512
    • ecdh-sha2-nistp256
    • ecdh-sha2-nistp384
    • ecdh-sha2-nistp521
  • MACs:
    • hmac-sha1
    • hmac-sha2-256
    • hmac-sha2-512
    • hmac-sha1-etm@openssh.com
    • hmac-sha2-256-etm@openssh.com
    • hmac-sha2-512-etm@openssh.com
  • Host keys and public key auth:
    • ssh-ed25519
    • rsa-sha2-256
    • rsa-sha2-512
    • ssh-rsa
    • ecdsa-sha2-nistp256
    • ecdsa-sha2-nistp384
    • ecdsa-sha2-nistp521
  • Authentication methods:
    • password
    • publickey
    • keyboard-interactive
    • none
    • OpenSSH certificates ✨
  • Dependency updates
  • OpenSSH keepalive request handling ✨
  • OpenSSH agent forwarding channels ✨
  • OpenSSH server-sig-algs extension ✨

Safety

  • deny(clippy::unwrap_used)
  • deny(clippy::expect_used)
  • deny(clippy::indexing_slicing)
  • deny(clippy::panic)
  • Exceptions are checked manually

Panics

  • When the Rust allocator fails to allocate memory during a CryptoVec being resized.
  • When mlock/munlock fails to protect sensitive data in memory.

Unsafe code

  • cryptovec uses unsafe for faster copying, initialization and binding to native API.

Ecosystem

  • russh-sftp - server-side and client-side SFTP subsystem support for russh - see russh/examples/sftp_server.rs or russh/examples/sftp_client.rs.
  • async-ssh2-tokio - simple high-level API for running commands over SSH.

Adopters

  • HexPatch - A binary patcher and editor written in Rust with terminal user interface (TUI).
    • Uses russh::client and russh_sftp::client to allow remote editing of files.
  • kartoffels - A game where you're given a potato and your job is to implement a firmware for it
    • Uses russh:server to deliver the game, using ratatui as the rendering engine.
  • kty - The terminal for Kubernetes.
    • Uses russh::server to deliver the ratatui based TUI and russh_sftp::server to provide scp based file management.
  • lapdev - Self-Hosted Remote Dev Environment
    • Uses russh::server to construct a proxy into your development environment.
  • medusa - A fast and secure multi protocol honeypot.
    • Uses russh::server to be the basis of the honyepot.
  • rebels-in-the-sky - P2P terminal game about spacepirates playing basketball across the galaxy
    • Uses russh::server to deliver the game, using ratatui as the rendering engine.
  • warpgate - Smart SSH, HTTPS and MySQL bastion that requires no additional client-side software
    • Uses russh::server in addition to russh::client as part of the smart SSH functionality.
  • Devolutions Gateway - Establish a secure entry point for internal or external segmented networks that require authorized just-in-time (JIT) access.
    • Uses russh::client for the web-based SSH client of the standalone web application.

Contributors ✨

Thanks goes to these wonderful people (emoji key):

Mihir Samdarshi
Mihir Samdarshi

📖
Connor Peet
Connor Peet

💻
KVZN
KVZN

💻
Adrian Müller (DTT)
Adrian Müller (DTT)

💻
Simone Margaritelli
Simone Margaritelli

💻
Joe Grund
Joe Grund

💻
AspectUnk
AspectUnk

💻
Simão Mata
Simão Mata

💻
Mariotaku
Mariotaku

💻
yorkz1994
yorkz1994

💻
Ciprian Dorin Craciun
Ciprian Dorin Craciun

💻
Eric Milliken
Eric Milliken

💻
Swelio
Swelio

💻
Joshua Benz
Joshua Benz

💻
Jan Holthuis
Jan Holthuis

🛡️
mateuszkj
mateuszkj

💻
Saksham Mittal
Saksham Mittal

💻
Lucas Kent
Lucas Kent

💻
Raphael Druon
Raphael Druon

💻
Maya the bee
Maya the bee

💻
Milo Mirate
Milo Mirate

💻
George Hopkins
George Hopkins

💻
Åke Amcoff
Åke Amcoff

💻
Brendon Ho
Brendon Ho

💻
Samuel Ainsworth
Samuel Ainsworth

💻
Sherlock Holo
Sherlock Holo

💻
Alessandro Ricottone
Alessandro Ricottone

💻
T0b1-iOS
T0b1-iOS

💻
Shoaib Merchant
Shoaib Merchant

💻
Michael Gleason
Michael Gleason

💻
Ana Gelez
Ana Gelez

💻
Tom König
Tom König

💻
Pierre Barre
Pierre Barre

💻
Jean-Baptiste Skutnik
Jean-Baptiste Skutnik

💻
Adam Chappell
Adam Chappell

💻
Yaroslav Bolyukin
Yaroslav Bolyukin

💻
Julian
Julian

💻
Thomas Rampelberg
Thomas Rampelberg

💻
Kaleb Elwert
Kaleb Elwert

📖
Gary Guo
Gary Guo

💻
irvingouj @ Devolutions
irvingouj @ Devolutions

💻
Toni Peter
Toni Peter

💻
Nathaniel Bajo
Nathaniel Bajo

💻

This project follows the all-contributors specification. Contributions of any kind welcome!

Dependencies

~14–44MB
~704K SLoC