#ssh-client #ssh #client-server #public-key #ssh-agreement

ssh-rs

In addition to encryption library, pure RUST implementation of SSH-2.0 client protocol

17 unstable releases (4 breaking)

0.5.0 Dec 26, 2023
0.4.5 Nov 17, 2023
0.4.3 Oct 17, 2023
0.3.2 Jan 11, 2023
0.1.3 Jan 17, 2022

#360 in Network programming

Download history 434/week @ 2024-07-01 585/week @ 2024-07-08 336/week @ 2024-07-15 392/week @ 2024-07-22 346/week @ 2024-07-29 457/week @ 2024-08-05 247/week @ 2024-08-12 383/week @ 2024-08-19 773/week @ 2024-08-26 670/week @ 2024-09-02 531/week @ 2024-09-09 395/week @ 2024-09-16 465/week @ 2024-09-23 543/week @ 2024-09-30 568/week @ 2024-10-07 639/week @ 2024-10-14

2,231 downloads per month
Used in 4 crates

MIT license

225KB
5.5K SLoC

ssh-rs ✨

Build API Docs LICENSE

English | 简体中文

Rust implementation of ssh2.0 client.

If you encounter any problems in use, welcome issues or PR .

Content

Connection method:

1. Password:

use ssh;

let mut session = ssh::create_session()
    .username("ubuntu")
    .password("password")
    .connect("127.0.0.1:22")
    .unwrap();

2. Public key:

  • Currently, only RSA, ED25519 keys/key files are supported.

1. Use key file path:

// pem format key path -> /xxx/xxx/id_rsa
// the content of the keyfile shall begin with
//      -----BEGIN RSA PRIVATE KEY----- / -----BEGIN OPENSSH PRIVATE KEY-----
// and end with
//       -----END RSA PRIVATE KEY----- / -----END OPENSSH PRIVATE KEY-----
// simply generated by `ssh-keygen -t rsa -m PEM -b 4096`
use ssh;

let mut session = ssh::create_session()
    .username("ubuntu")
    .private_key_path("./id_rsa")
    .connect("127.0.0.1:22")
    .unwrap();

2. Use key string:

// pem format key string:
//      -----BEGIN RSA PRIVATE KEY----- / -----BEGIN OPENSSH PRIVATE KEY-----
// and end with
//       -----END RSA PRIVATE KEY----- / -----END OPENSSH PRIVATE KEY-----
use ssh;

let mut session = ssh::create_session()
    .username("ubuntu")
    .private_key("rsa_string")
    .connect("127.0.0.1:22")
    .unwrap();

3. Use them together

  • According to the implementation of OpenSSH, it will try public key first and fallback to password. So both of them can be provided.
use ssh;

let mut session = ssh::create_session()
    .username("username")
    .password("password")
    .private_key_path("/path/to/rsa")
    .connect("127.0.0.1:22")
    .unwrap();

Enable global logging:

  • This crate now uses the log compatible tracing for logging functionality
use tracing::Level;
use tracing_subscriber::FmtSubscriber;

// this will generate some basic event logs
// a builder for `FmtSubscriber`.
let subscriber = FmtSubscriber::builder()
    // all spans/events with a level higher than INFO (e.g, info, warn, etc.)
    // will be written to stdout.
    .with_max_level(Level::INFO)
    // completes the builder.
    .finish();

tracing::subscriber::set_global_default(subscriber).expect("setting default subscriber failed");

Set timeout:

  • Only global timeouts per r/w are currently supported.
use ssh;

let _listener = TcpListener::bind("127.0.0.1:7777").unwrap();

match ssh::create_session()
    .username("ubuntu")
    .password("password")
    .private_key_path("./id_rsa")
    .timeout(Some(std::time::Duration::from_secs(5)))
    .connect("127.0.0.1:7777")
{
    Err(e) => println!("Got error {}", e),
    _ => unreachable!(),
}

How to use:

  1. Execute a command
  2. Scp files
  3. Run a shell
  4. Run an interactive shell
  5. Connect ssh server w/o a tcp stream
  6. Cofigure your own algorithm list

Algorithm support:

1. Kex algorithms

  • curve25519-sha256
  • ecdh-sha2-nistp256
  • diffie-hellman-group14-sha256
  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1 (behind feature "deprecated-dh-group1-sha1")

2. Server host key algorithms

  • ssh-ed25519
  • rsa-sha2-256
  • rsa-sha2-512
  • rsa-sha (behind feature "deprecated-rsa-sha1")
  • ssh-dss (behind feature "deprecated-dss-sha1")

3. Encryption algorithms

  • chacha20-poly1305@openssh.com
  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • aes128-cbc (behind feature "deprecated-aes-cbc")
  • aes192-cbc (behind feature "deprecated-aes-cbc")
  • aes256-cbc (behind feature "deprecated-aes-cbc")
  • 3des-cbc (behind feature "deprecated-des-cbc")

4. Mac algorithms

  • hmac-sha2-256
  • hmac-sha2-512
  • hmac-sha1

5. Compression algorithms

  • none
  • zlib@openssh.com
  • zlib (behind feature "zlib")

☃️ Additional algorithms will continue to be added.

Dependencies

~12–21MB
~401K SLoC