# Russh [![Rust](https://github.com/warp-tech/russh/actions/workflows/rust.yml/badge.svg)](https://github.com/warp-tech/russh/actions/workflows/rust.yml) [![All Contributors](https://img.shields.io/badge/all_contributors-43-orange.svg?style=flat-square)](#contributors-) Low-level Tokio SSH2 client and server implementation. Examples: [simple client](russh/examples/client_exec_simple.rs), [interactive PTY client](russh/examples/client_exec_interactive.rs), [server](russh/examples/echoserver.rs), [SFTP client](russh/examples/sftp_client.rs), [SFTP server](russh/examples/sftp_server.rs). This is a fork of [Thrussh](https://nest.pijul.com/pijul/thrussh) by Pierre-Étienne Meunier. > ✨ = added in Russh * [More panic safety](https://github.com/warp-tech/russh#safety) ✨ * `async_trait` support ✨ * `direct-tcpip` (local port forwarding) * `forward-tcpip` (remote port forwarding) ✨ * `direct-streamlocal` (local UNIX socket forwarding, client only) ✨ * `forward-streamlocal` (remote UNIX socket forwarding) ✨ * Ciphers: * `chacha20-poly1305@openssh.com` * `aes256-gcm@openssh.com` ✨ * `aes256-ctr` ✨ * `aes192-ctr` ✨ * `aes128-ctr` ✨ * `aes256-cbc` ✨ * `aes192-cbc` ✨ * `aes128-cbc` ✨ * `3des-cbc` ✨ * Key exchanges: * `curve25519-sha256@libssh.org` * `diffie-hellman-group1-sha1` ✨ * `diffie-hellman-group14-sha1` ✨ * `diffie-hellman-group14-sha256` ✨ * `diffie-hellman-group16-sha512` ✨ * `ecdh-sha2-nistp256` ✨ * `ecdh-sha2-nistp384` ✨ * `ecdh-sha2-nistp521` ✨ * MACs: * `hmac-sha1` ✨ * `hmac-sha2-256` ✨ * `hmac-sha2-512` ✨ * `hmac-sha1-etm@openssh.com` ✨ * `hmac-sha2-256-etm@openssh.com` ✨ * `hmac-sha2-512-etm@openssh.com` ✨ * Host keys and public key auth: * `ssh-ed25519` * `rsa-sha2-256` * `rsa-sha2-512` * `ssh-rsa` ✨ * `ecdsa-sha2-nistp256` ✨ * `ecdsa-sha2-nistp384` ✨ * `ecdsa-sha2-nistp521` ✨ * Authentication methods: * `password` * `publickey` * `keyboard-interactive` * `none` * OpenSSH certificates ✨ * Dependency updates * OpenSSH keepalive request handling ✨ * OpenSSH agent forwarding channels ✨ * OpenSSH `server-sig-algs` extension ✨ ## Safety * `deny(clippy::unwrap_used)` * `deny(clippy::expect_used)` * `deny(clippy::indexing_slicing)` * `deny(clippy::panic)` * Exceptions are checked manually ### Panics * When the Rust allocator fails to allocate memory during a CryptoVec being resized. * When `mlock`/`munlock` fails to protect sensitive data in memory. ### Unsafe code * `cryptovec` uses `unsafe` for faster copying, initialization and binding to native API. ## Ecosystem * [russh-sftp](https://crates.io/crates/russh-sftp) - server-side and client-side SFTP subsystem support for `russh` - see `russh/examples/sftp_server.rs` or `russh/examples/sftp_client.rs`. * [async-ssh2-tokio](https://crates.io/crates/async-ssh2-tokio) - simple high-level API for running commands over SSH. ## Adopters * [HexPatch](https://github.com/Etto48/HexPatch) - A binary patcher and editor written in Rust with terminal user interface (TUI). * Uses `russh::client` and `russh_sftp::client` to allow remote editing of files. * [kartoffels](https://github.com/Patryk27/kartoffels) - A game where you're given a potato and your job is to implement a firmware for it * Uses `russh:server` to deliver the game, using `ratatui` as the rendering engine. * [kty](https://github.com/grampelberg/kty) - The terminal for Kubernetes. * Uses `russh::server` to deliver the `ratatui` based TUI and `russh_sftp::server` to provide `scp` based file management. * [lapdev](https://github.com/lapce/lapdev) - Self-Hosted Remote Dev Environment * Uses `russh::server` to construct a proxy into your development environment. * [medusa](https://github.com/evilsocket/medusa) - A fast and secure multi protocol honeypot. * Uses `russh::server` to be the basis of the honyepot. * [rebels-in-the-sky](https://github.com/ricott1/rebels-in-the-sky) - P2P terminal game about spacepirates playing basketball across the galaxy * Uses `russh::server` to deliver the game, using `ratatui` as the rendering engine. * [warpgate](https://github.com/warp-tech/warpgate) - Smart SSH, HTTPS and MySQL bastion that requires no additional client-side software * Uses `russh::server` in addition to `russh::client` as part of the smart SSH functionality. * [Devolutions Gateway](https://github.com/Devolutions/devolutions-gateway/) - Establish a secure entry point for internal or external segmented networks that require authorized just-in-time (JIT) access. * Uses `russh::client` for the web-based SSH client of the standalone web application. ## Contributors ✨ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)):
Mihir Samdarshi
Mihir Samdarshi
📖		 Connor Peet
Connor Peet
💻		 KVZN
KVZN
💻		 Adrian Müller (DTT)
Adrian Müller (DTT)
💻		 Simone Margaritelli
Simone Margaritelli
💻		 Joe Grund
Joe Grund
💻		 AspectUnk
AspectUnk
💻
Simão Mata
Simão Mata
💻		 Mariotaku
Mariotaku
💻		 yorkz1994
yorkz1994
💻		 Ciprian Dorin Craciun
Ciprian Dorin Craciun
💻		 Eric Milliken
Eric Milliken
💻		 Swelio
Swelio
💻		 Joshua Benz
Joshua Benz
💻
Jan Holthuis
Jan Holthuis
🛡️		 mateuszkj
mateuszkj
💻		 Saksham Mittal
Saksham Mittal
💻		 Lucas Kent
Lucas Kent
💻		 Raphael Druon
Raphael Druon
💻		 Maya the bee
Maya the bee
💻		 Milo Mirate
Milo Mirate
💻
George Hopkins
George Hopkins
💻		 Åke Amcoff
Åke Amcoff
💻		 Brendon Ho
Brendon Ho
💻		 Samuel Ainsworth
Samuel Ainsworth
💻		 Sherlock Holo
Sherlock Holo
💻		 Alessandro Ricottone
Alessandro Ricottone
💻		 T0b1-iOS
T0b1-iOS
💻
Shoaib Merchant
Shoaib Merchant
💻		 Michael Gleason
Michael Gleason
💻		 Ana Gelez
Ana Gelez
💻		 Tom König
Tom König
💻		 Pierre Barre
Pierre Barre
💻		 Jean-Baptiste Skutnik
Jean-Baptiste Skutnik
💻		 Adam Chappell
Adam Chappell
💻
Yaroslav Bolyukin
Yaroslav Bolyukin
💻		 Julian
Julian
💻		 Thomas Rampelberg
Thomas Rampelberg
💻		 Kaleb Elwert
Kaleb Elwert
📖		 Gary Guo
Gary Guo
💻		 irvingouj @ Devolutions
irvingouj @ Devolutions
💻		 Toni Peter
Toni Peter
💻
Nathaniel Bajo
Nathaniel Bajo
💻
This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome!