Coder Social home page Coder Social logo

pssht's Introduction

pssht

pssht is a PHP library that provides an SSH server that can be embedded in other applications.

What we're aiming for:

  • Clean code (eg. PSR-2 & PSR-4 compliance, tests, ...)
  • Extensibility
  • Interoperability with as much SSH clients as possible, but mainly with the OpenSSH client

What we're not specifically aiming for, but still interested in:

  • Completeness (support for TCP port forwarding, TUN/TAP tunneling, the scp/sftp subsystems, ...)
  • Strong security (peer reviews, security audits, ...)

Disclaimer

This should be obvious from the get-go, but DO NOT USE pssht in production. This project merely exists for two reasons:

  • First, I wanted to provide a """somewhat secure""" cross-platform way to expose Erebot internals for introspection purposes and I did not want to install an external SSH daemon.
  • Secondly, I wanted to learn more about the SSH protocol itself.

The implementation did not pass any specific security audit. In addition, no attempt has been made to avoid some common classes of vulnerabilities, eg. timing attacks. Not to mention that the PHP interpreter itself is known to be frequently subject to vulnerabilities of its own.

If you are looking for an SSH daemon with thorough testing and code audits to integrate with your PHP code, we recommend that you look into the OpenSSH project.

If you still aren't convinced that you shouldn't use this code in production, see this reddit page which relates part of the story of a project similar to pssht by MtGox's CEO.

In no event shall the authors of pssht be liable for anything that happens while using this library. Please read the license for the full disclaimer.

Installation

The requirements for pssht are quite basic:

  • PHP 5.3.3 or later with the following PHP extensions enabled:
    • OpenSSL
    • mcrypt
    • gmp
    • pcre
    • Sockets
    • SPL
  • Some external packages (they will automatically be installed when installing pssht):
    • erebot/plop for logging
    • symfony/config for configuration handling
    • symfony/dependency-injection for dependency injection
    • symfony/filesystem (dependency for symfony/config)

Moreover, you may be interested in enable the following PHP extensions to get additional features:

  • HTTP: adds support for zlib-compression
  • hash: adds support for more encryption and message authentication code algorithms

First things first, download the composer.phar executable or use the installer:

$ curl -sS https://getcomposer.org/installer | php

Now, you can either install pssht:

  • As a basic SSH server for evaluation purposes (standalone).
  • As a library/framework in your own project (embedded) to create a custom SSH server.

Standalone installation

To install pssht as a standalone SSH server, clone this repository and then run Composer on it:

$ git clone https://github.com/fpoirotte/pssht.git
$ cd pssht
$ php /path/to/composer.phar update --no-dev

Embedded installation

To install pssht as an embedded library in your application, create or update a composer.json file in your project's root directory with a requirement on pssht.

For example, for a new empty project, your composer.json file would look somewhat like this:

{
    "require": {
        "fpoirotte/pssht": "*"
    }
}

Run Composer:

$ php /path/to/composer.phar install --no-dev

Finally, copy pssht.xml to your project's root directory:

$ cp -a vendor/fpoirotte/pssht/pssht.xml ./

Basic usage

Start the server:

$ php bin/pssht         # for standalone installations
$                       # ...or...
$ php vendor/bin/pssht  # for embedded installations

Note

When run like that, pssht will just act as a basic echo server, responding with the exact same data that was sent to it.

pssht will display various debugging messages while initializing. When ready, you will see something like this in the console:

[Fri, 08 May 2015 20:23:21 +0200] INFO: Listening for new connections on 0.0.0.0:22222

You can now connect to the server with the same user that was used to start pssht by using your regular SSH client (eg. OpenSSH/PuTTy). For example, using the OpenSSH client and assuming pssht was run by clicky:

$ ssh -T -p 22222 clicky@localhost
Hello world!
clicky@localhost's password: pssht

The default pssht.xml configuration file automatically loads the public keys stored in ~/.ssh/authorized_keys. You can thus connect with the matching private key. It will also accept password-based authentication using "pssht" as the password.

Note

The -T option is used to disable pseudo-tty allocation as it is not yet supported (see #21). Without it, OpenSSH displays a warning in the console (PTY allocation request failed on channel 0).

Configuration

pssht uses the Dependency Injection component from the Symfony2 framework for its configuration.

Have a look at the default pssht.xml configuration file for ways to customize pssht. The file contains numerous comments and the options should thus be very straightforward.

Compatibility

pssht supports the mechanisms and algorithms defined in the following documents for compatibility with other Secure Shell implementations:

The rest of this section describes precisely which algorithms and features are supported.

TL;DR here's a feature chart for comparison with OpenSSH 6.7p1:

  • ☑ Services (2 in pssht; 2 in OpenSSH)
  • ☐ Authentication methods (4 in pssht; ? in OpenSSH)
  • ☐ Key exchange methods (6 in pssht; 8 in OpenSSH)
  • ☑ Encryption algorithms (34 in pssht; 16 in OpenSSH) [1]
  • ☑ MAC algorithms (20 in pssht; 19 in OpenSSH) [1]
  • ☐ Public key algorithms (6 in pssht; 14 in OpenSSH)
  • ☑ Compression algorithms (2 in pssht; 2 in OpenSSH) [1]
[1](1, 2, 3) The "none" algorithm has been excluded from those counts.

Services

The following services are supported:

  • ssh-userauth
  • ssh-connection

Authentication methods

The following authentication methods are supported:

  • publickey
  • password
  • hostbased
  • none

Key exchange methods

The following key exchange methods are supported:

  • [email protected]
  • diffie-hellman-group1-sha1
  • diffie-hellman-group14-sha1
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521

The PHP hash extension must be installed for [email protected] and the ecdsa-sha2-* family of algorithms to work properly. Also, elliptic curve points encoded using point compression are not accepted or generated.

Encryption algorithms

The following encryption algorithms are supported:

  • 3des-cbc
  • 3des-ctr
  • aes128-cbc
  • aes128-ctr
  • [email protected]
  • aes192-cbc
  • aes192-ctr
  • aes256-cbc
  • aes256-ctr
  • [email protected]
  • arcfour
  • arcfour128
  • arcfour256
  • blowfish-cbc
  • blowfish-ctr
  • cast128-cbc
  • cast128-ctr
  • [email protected]
  • idea-cbc
  • idea-ctr
  • none
  • [email protected] (as an alias for aes256-cbc)
  • serpent128-cbc
  • serpent192-cbc
  • serpent256-cbc
  • serpent128-ctr
  • serpent192-ctr
  • serpent256-ctr
  • twofish-cbc
  • twofish128-cbc
  • twofish192-cbc
  • twofish256-cbc
  • twofish128-ctr
  • twofish192-ctr
  • twofish256-ctr

MAC algorithms

The following MAC algorithms are supported:

All these algorithms except for the umac-* family require the PHP hash extension in order to work properly.

Public key algorithms

The following public key algorithms are supported:

  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ssh-dss
  • ssh-ed25519
  • ssh-rsa

The PHP hash extension must be installed for the ssh-ed25519 and ecdsa-sha2-* family of algorithms to work properly. Also, elliptic curve points encoded using point compression are not accepted or generated.

Compression algorithms

The following compression algorithms are supported:

The PHP http extension must be installed for the zlib and [email protected] algorithms to work properly.

Integration

pssht is mainly intended to be used as an embedded SSH server for PHP applications. By default, only the bare structure for an SSH server is provided. The application using pssht is responsible for adding it's own logic on top of this structure.

Contributions

Want to contribute back to the project?

  • Fork the code to your own account.
  • Create a new branch.
  • Hack around.
  • Create a pull request with your changes.

License

The MIT License (MIT)

Copyright (c) 2014 François Poirotte

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Changelog

v0.1.1

  • [#28] Temporarily fix Diffie–Hellman key exchange by disabling public key validation for Elliptic Curve Diffie–Hellman. This code will be revisited later on as it currently represents a possible security threat when ECDH is used.
  • Improve this README (installation instruction, changelog).
  • Change the default pssht.xml so that it accepts connections from the same user as the one starting the server (prior to this change, it used an hardcoded username).

v0.1.0

  • Initial release with lots of features already.

pssht's People

Contributors

fpoirotte avatar

Stargazers

Chris Morrell avatar Taha Amin Ghafuri [T@G] avatar avatar Theo Gotsopoulos avatar avatar Sven Herzky avatar Cuda Chen avatar 不知火 Shiranui avatar Tony Yang avatar avatar Nijat Mahmudov avatar LANDERS avatar dmls avatar Oleg Andreyev avatar Loïc Hermann avatar kenny avatar avatar Mark Schmitz avatar Patrick 'Quezler' Mounier avatar bruce avatar Moein Porkamel avatar Tobias R avatar Austin Heap avatar David Amanshia avatar Ernesto Serrano avatar CARBONNEAUX Mathieu avatar Mohamed Meabed avatar Maxime Veber avatar Matt Light avatar Romain Beaumont avatar Calvin Chou avatar S.Cherepanov avatar avatar Hennik Hunsaker avatar Mark Holtz avatar Matt Johnston avatar Ma'moun othman avatar Arnaud Trouvé avatar avatar avatar uzulla / Junichi Ishida avatar

Watchers

avatar Ma'moun othman avatar James Cloos avatar David Amanshia avatar avatar

Forkers

wagnert 0x6b386f jemmy655 phpengine kaihuiwang goisneto quezler terrafrost federicoputt

pssht's Issues

Support more private key formats

The purpose of this ticket is to handle new private key formats like PPK from the PuTTY project in addition to the currently supported ones (OpenSSL/OpenSSH).

Implement re-keying

The current code does not handle re-keying.
While this is not really an issue for short-lived sessions where not much data is exchanged between the client and server, this is critical to protect confidentiality and integrity when a large amount of data is transmitted.

This is also a requirement per RFC 4251.

Support roaming

See roaming_* in OpenSSH's source code for more information.
We need to be careful with license/copyright implications here.

Check compliance with crypto suite B

See http://www.rfc-editor.org/rfc/rfc6239.txt. The goal of this ticket is to determine whether Pssht could theoritically be compatible with crypto suite B.

I say theoretically since Pssht has never (and probably never will) be audited for full compliance.
Also, as a reminder, Pssht has not been made to be secure and probably cannot be made secure anyway, so if you're thinking of using it to handle confidential data, think again!

Implement an actual shell

I already begun a bit of work on this (see fpoirotte/push).
Not yet usable with pssht, but this is a first step.

Add support for TUN/TAP forwarding ?

The goal of this ticket is to see if it would be possible to add support for TUN/TAP forwarding without too much of a hassle.
An example (written in C) of TUN/TAP allocation can be seen in https://www.kernel.org/doc/Documentation/networking/tuntap.txt.

Opening a file descriptor for TUN/TAP is trivial, but we also need a way to call ioctl(fd, TUNSETIFF, ...) from PHP code. I see two ways to achieve that:

  • Write a wrapper in another language (eg. Python, using the ctypes module)
  • Write a PHP extension that adds the necessary functions

The former is probably easier. The latter would require manual handling of C structures and alignment issues. It could also be seen as a port of Python's ctypes module to PHP (which, while interesting in itself, is outside the scope of this project).

Make it possible to whitelist algorithms

OpenSSH allows algorithms to be whitelisted through the Ciphers, KexAlgorithms, HostKeyAlgorithms, HostbasedAcceptedKeyTypes, MACs & PubkeyAcceptedKeyTypes options.

It would be great if pssht had similar options to restrict available algorithms, to avoid the use of weak/obsolete ones (arcfour, CBC mode, MD5/SHA1, etc.).

Support encrypted private keys

Some private key formats are not supported by either openssl (eg. Ed25519) or by its PHP binding (eg. ecdsa-sha2-*), so we currently handle them ourselves.
This works quite well except for encrypted keys which we do not support yet.
The goal of this ticket is to add support for such keys.

Support session resumption

See roaming_* in OpenSSH's source code (both roaming & this feature are mixed in there).
See algo #25 for implications on copyright/license.

Support AEAD_AES_128_GCM and AEAD_AES_256_GCM

Follow-up ticket for issue #3.

The official names for aes128-gcm & aes256-gcm as registered to IANA (https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml) are:

  • AEAD_AES_128_GCM and
  • AEAD_AES_256_GCM

These names are registered both as cipher & MAC algorithms.

Although Pssht now supports these algorithms, it does so under private names ([email protected] and [email protected], which are both compatible with OpenSSH's implementation/behaviour).

This is necessary to avoid issues in RFC 5647. More specifically, section 5.1 of the RFC states that:

   If AES-GCM is selected as the encryption algorithm for a given
   tunnel, AES-GCM MUST also be selected as the Message Authentication
   Code (MAC) algorithm.  Conversely, if AES-GCM is selected as the MAC
   algorithm, it MUST also be selected as the encryption algorithm.

However, it fails to specify the behaviour when AES-GCM is presented for both encryption & MAC using different variants (say the cipher presented is AEAD_AES_128_GCM but the MAC is AEAD_AES_256_GCM).

The purpose of this ticket is to add support for the official names. The implementation will raise an error and close the connection whenever conflicting algorithms would otherwise be selected. This way, interoperability with other implementations conforming to RFC 5647 can be kept.

Support PuTTY's Private Key files (PPK)

The code currently assumes OpenSSH keys everywhere. It would be nice to be able to use PuTTY Private Keys too.
I already have a working prototype of a PPK parser (both plaintext & encrypted keys are supported), I'll try to improve it a little before I merge it in.

Support pecl_http 2.x for compression

pssht relies on the PECL HTTP extension to provide compression on a stream of data (rather than on a fixed-length buffer).
Currently, the old 1.x branch is the only version supported.

The goal of this ticket is to add support for version 2.x as well to have broader support for compression.
As an alternative, maybe take a look at stream filters to see if it is possible to use them in a streaming mode.

Do not die on errors

Most errors trigger an exception (often an InvalidArgumentException or a RuntimeException).
It would be nice if only the connection that triggered the exception got closed on errors instead of the whole server dying on us.
This is trivial to implement (we just need to extend the try { ... } catch (...) { ... } block in CLI.php).

This depends on #20 being fixed first because otherwise the UMAC problem will be harder to diagnose (and fix).

Fix UMAC

The UMAC code generates invalid authentication tags in some (hard to reproduce) circumstances.
The issue is pretty much random, making it hard to debug.

This is a critical bug for interoperability since OpenSSH 6.4+ has a preference for UMAC-64 over other algorithms by default.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.