🐜 ANT

Another Network Tunnel; A simple program for local/remote port forwarding over a SSH tunnel.

Table of Contents

• Installation
  • Pre-requisites
  • Pre-packaged Binary
  • Compilation
• Usage
• Configuration
• License

Installation

^{(Back to top)}

Pre-requisites

^{(Back to top)}

This application was written in the Rust language. If you plan on compiling the application from source, you have to have the Rust toolchain installed. See Install Rust for more information.

For this application to work you have to have an openssh compatible client installed on your system and have it as the ssh command in your $PATH.

Linux

^{(Back to top)}

Most Linux distributions ship an openssh client out of the box. If your Linux distribution does not ship a client, you may find the installation command below for your system.

Ubuntu/Debian

sudo apt install openssh-client

Arch

sudo pacman -S openssh

Fedora/RedHat

sudo dnf install openssh

OpenSUSE

sudo zypper in openssh-clients

MacOS

^{(Back to top)}

Your Mac should have a version of ssh already installed, otherwise you can add openssh via the Homebrew package manager.

brew install openssh

Windows

^{(Back to top)}

Since Windows 10 Microsoft ships a version of win32-openssh on your PC by default. If you want to install it nevertheless you can use the Scoop package manager. You can find futher information on SSH on Windows and Scoop here.

scoop install openssh

Pre-packaged Binary

^{(Back to top)}

This application provides pre-packaged binaries for different architectures and Operating Systems under the Releases tab of GitHub.

Compilation

^{(Back to top)}

To compile the programyou can use just scripts. You can append a cargo build flags as you wish, just the flag --release is set by default.

just b

To install the program you can use just install and then specify the installation package manager. For the installation targets deb and rpm sudo-privileges may be required on your system.

just install [cargo|deb|rpm]

Usage

^{(Back to top)}

--------------------------------------------------
🐜 ANT 0.1.5 - Command Line Tool
--------------------------------------------------
Another Network Tunnel; A simple program for local/remote port forwarding over a SSH tunnel.

Usage: ant-rs [OPTIONS] <HOST>

Arguments:
  <HOST>  Host to create tunnel(s) for. Has to be in `hosts` inside your ANT configuration file.
          This host has to be accessible without user input. (use identity_file, etc. for
          authentication)

Options:
  -l, --log-level <LOG_LEVEL>  Log level of application [default: info]
  -c, --config <CONFIG>        Path to ANT configuration file `ant.yaml`
                               [default: ~/.ssh/ant.yaml]
  -d, --daemon                 Run application in daemon mode.
                               (will restart child process on child exit)
  -h, --help                   Print help
  -V, --version                Print version

Configuration

^{(Back to top)}

The tunnels are configured via the ant.yaml file (by default at ~/.ssh/ant.yaml). An example file can be found in this repository at ./res/ant.example.yaml. The application uses the latest YAML standard to parse its configuration. Note that in the newest configuration only true|True|TRUE|false|False|FALSE are valid boolean values. y|yes|...|n|no|...|off|... will be read as String and may throw a hard error.

• version
  Set the version of the program that should consume the configuration file. Major and minor version should match the used version of ant. If this version does not mtach the application will throw a hard error.
  Type: String
  Possible: 0.1

• hosts
  Array that contains the hosts, each host is identified via a unique name (further $host) and contains the configuration of the connection to the host and the tunnels.
  Type: Host[ ]

• hosts.$host
  Host entry and configuration. The host identification $host has to conform to default yaml key parameters.
  Type: Host (see hosts.$host.*)

• hosts.$host.hostname
  Specifies the real host name to log into. IP or FQDN of server you want to connect to. IP's do not need explicit ". Do not specifiy port of server here (See hosts.$host.port).
  Type: String

• hosts.$host.port (optional)
  Port of SSH service of server you want to connect to.
  Type: u16
  Default: 22

• hosts.$host.identity_file
  Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
  Type: String

• hosts.$host.user
  Specifies the user to log in as.
  Type: String

• hosts.$host.local_forward
  Array of ports/addresses forwarded from the remote server to the local client. May be optional, if remote_forward is set.
  Type: Item[ ]
  Item:

  • local: String - IP/FQDN and port for client, where they should be accessible
  • remote: String - IP/FQDN and port for server, that should be forwarded

• hosts.$host.remote_forward
  Array of ports/addresses forwarded from the local client to the remote server. May be optional, if local_forward is set.
  Type: Item[ ]
  Item:

  • local: String - IP/FQDN and port for client, that should be forwarded
  • remote: String - IP/FQDN and port for server, where they should be accessible

• hosts.$host.ssh_options (optional)
  Additional SSH options that can be set for a specific host.
  Type: SshOptions (see hosts.$host.ssh_options.*)

• hosts.$host.ssh_options.strict_host_key_checking (optional)
  If this option is set to yes, ssh will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against man-in-the-middle (MITM) attacks, though it can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained or when connections to new hosts are frequently made. This option forces the user to manually add all new hosts.
  If this option is set to accept-new then ssh will automatically add new host keys to the user's known_hosts file, but will not permit connections to hosts with changed host keys. If this option is set to no or off, ssh will automatically add new host keys to the user known hosts files and allow connections to hosts with changed hostkeys to proceed, subject to some restrictions.
  Type: String
  Default: yes
  Possible:

  • on, yes
  • off, no
  • accept-new

• hosts.$host.ssh_options.bind_address (optional)
  Use the specified address on the local machine as the source address of the connection. Only useful on systems with more than one address.
  Type: String
  Default: null

• hosts.$host.ssh_options.batch_mode (optional)
  If set to yes, user interaction such as password prompts and host key confirmation requests will be disabled. This option is useful in scripts and other batch jobs where no user is present to interact with ssh.
  Type: bool
  Default: true

• hosts.$host.ssh_options.compression (optional)
  Specifies whether to use compression.
  Type: bool
  Default: false

• hosts.$host.ssh_options.connect_timeout (optional)
  Specifies the timeout (in seconds) used when connecting to the SSH server, instead of using the default system TCP timeout. This timeout is applied both to establishing the connection and to performing the initial SSH protocol handshake and key exchange.
  Type: usize
  Default: 10

• hosts.$host.ssh_options.server_alive_interval (optional)
  Sets a timeout interval in seconds after which if no data has been received from the server, ssh will send a message through the encrypted channel to request a response from the server.
  Type: usize
  Default: 600

• hosts.$host.ssh_options.exit_on_forward_failure (optional)
  Specifies whether ssh should terminate the connection if it cannot set up all requested dynamic, tunnel, local, and remote port forwardings, (e.g. if either end is unable to bind and listen on a specified port).
  Type: bool
  Default: true

• hosts.$host.ssh_options.ciphers (optional)
  Specifies the ciphers allowed and their order of preference. Multiple ciphers must be comma-separated. If the specified list begins with a + character, then the specified ciphers will be appended to the default set instead of replacing them. If the specified list begins with a - character, then the specified ciphers (including wildcards) will be removed from the default set instead of replacing them. If the specified list begins with a ^ character, then the specified ciphers will be placed at the head of the default set.
  The supported ciphers are:

  3des-cbc
  aes128-cbc
  aes192-cbc
  aes256-cbc
  aes128-ctr
  aes192-ctr
  aes256-ctr
  [email protected]
  [email protected]
  [email protected]
  

  The default set is:

  [email protected],aes128-ctr,aes192-ctr,aes256-ctr,
  [email protected],[email protected]
  

  Type: String
  Default: null

• hosts.$host.ssh_options.macs (optional)
  Specifies the MAC (message authentication code) algorithms in order of preference. The MAC algorithm is used for data integrity protection. Multiple algorithms must be comma- separated. If the specified list begins with a + character, then the specified algorithms will be appended to the default set instead of replacing them. If the specified list begins with a - character, then the specified algorithms (including wildcards) will be removed from the default set instead of replacing them. If the specified list begins with a ^ character, then the specified algorithms will be placed at the head of the default set.
  The algorithms that contain -etm calculate the MAC after encryption (encrypt-then-mac). These are considered safer and their use recommended.
  The default is:

  [email protected],[email protected],[email protected],
  [email protected],[email protected],[email protected],
  [email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
  

  Type: String
  Default: null

License

^{(Back to top)}

ant, program for local/remote port forwarding over a SSH tunnel
Copyright (C) 2023, Hendrik Böck [email protected]

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.

See the file LICENSE for details.