tinysshd − Tiny SSH daemon
tinysshd [ options ] keydir
tinysshd is a minimalistic SSH server which implements only a subset of SSHv2 features.
tinysshd supports only secure cryptography (minimum 128−bit security, protected against cache−timing attacks)
tinysshd doesn’t implement older crypto (such as RSA, DSA, HMAC−MD5, HMAC−SHA1, 3DES, RC4, ...)
tinysshd doesn’t implement unsafe features (such as password or hostbased authentication)
tinysshd doesn’t have features such: SSH1 protocol, compression, port forwarding, agent forwarding, X11 forwarding ...
tinysshd doesn’t use dynamic memory allocation (no allocation failures, etc.)
−q |
no error messages |
|||
−Q |
print error messages (default) |
|||
−v |
print extra information |
|||
−s |
enable state−of−the−art crypto (default) |
signing − ssh−ed25519
key-exchange − curve25519−sha256
symmetric − chacha20−[email protected]
−S |
disable state−of−the−art crypto |
|||
−p |
enable post−quantum crypto (default) |
signing − TODO (not implemented yet)
key-exchange − sntrup761x25519−[email protected]
symmetric − chacha20−[email protected]
−P |
disable post−quantum crypto | ||
−l |
use syslog instead of standard error output (useful for running from inetd) | ||
−L |
don’t use syslog, use standard error output (default) |
−x name=command
add subsystem command (e.g.: sftp=/usr/libexec/openssh/sftp−server)
−e command
execute the given command instead of spawning the shell (disables exec/subsystem channel requests)
keydir |
directory containing TinySSH keys, typically /etc/tinyssh/sshkeydir |
tinysshd supports only public-key authorization via AuthorizedKeysFile ˜/.ssh/authorized_keys. Each line of the file contains one key in format "keytype base64-encoded-key comment". tinyssh supports only "ssh-ed25519" keytype.
˜/.ssh/authorized_keys example:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV5AGhGQ1QVXjBWhTKJP3vrqE3isL4ivisBailQ14gS comment
TCPSERVER
tcpserver −HRDl0 0.0.0.0 22 /usr/sbin/tinysshd −v /etc/tinyssh/sshkeydir &
BUSYBOX
busybox tcpsvd 0 22 tinysshd −v /etc/tinyssh/sshkeydir &
INETD |
/etc/inetd.conf:
ssh stream tcp nowait root /usr/sbin/tinysshd tinysshd −l −v /etc/tinyssh/sshkeydir
SYSTEMD
tinysshd.socket:
[Unit]
Description=TinySSH server socket
ConditionPathExists=!/etc/tinyssh/disable_tinysshd
[Socket]
ListenStream=22
Accept=yes
[Install]
WantedBy=sockets.target
[Unit]
Description=Tiny SSH server
After=network.target auditd.service
[Service]
ExecStartPre=−/usr/sbin/tinysshd−makekey
−q /etc/tinyssh/sshkeydir
EnvironmentFile=−/etc/default/tinysshd
ExecStart=/usr/sbin/tinysshd ${TINYSSHDOPTS} −−
/etc/tinyssh/sshkeydir
KillMode=process
SuccessExitStatus=111
StandardInput=socket
StandardError=journal
[Install]
WantedBy=multi−user.target
tinysshd−makekey(8), tinysshd−printkey(8)
https://tinyssh.org/