Pure Rust implementation of components of the Secure Shell (SSH) protocol

Related tags

Cryptography SSH
Overview

RustCrypto: SSH Project Chat dependency status

Pure Rust implementation of components of the Secure Shell (SSH) protocol.

Crates

Name crates.io Docs Description
ssh—encoding crates.io Documentation Decoders and encoders for SSH protocol data types
ssh—key crates.io Documentation SSH key and certificate library with signing support

License

All crates licensed under either of

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Comments
  • Support for SSH key signing

    Support for SSH key signing

    I tried implementing the new commit signing of Git with the git2 and ssh-key crate. This crate was a great help and contained almost all the pieces I needed to create working signatures.

    Took me a few hours of searching around and fiddling with the signature format, but got a working implementation of the signing part. Definitely needs tons of tests and more verification, but it's a start.

    The main part that is missing, is this SSH signature scheme: https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.sshsig

    I was wondering if this is something that would make sense to include into ssh-key, or may it be out of scope? Would try to start integrating my current solution into the crate and open a PR, if there is interest.

    opened by dnaka91 16
  • ssh-key: add partial support for U2F signatures verification

    ssh-key: add partial support for U2F signatures verification

    Hi,

    I saw the recent release of v0.5 that added support for SSH signatures, and noticed that U2F/sk signatures were still missing.

    I did some preliminary work to implement verification of ed25519-sk signatures. This is almost in a mergeable state, there's a few outstanding items and before doing too much I thought I'd check in with you.

    Here's a short recap:

    • only verification is supported as signature generation would require interaction with hardware devices which is a lot more work;
    • only sk-ed25519 is currently implemented, p256 is TBD;
    • I made a few design choices about where to store the various components of the signature, I'm not super familiar with the project so if you have objections on how some of the things are implemented, I'm happy to change stuff around. Generally, feel free to change things yourself if you want. Mostly I tried to keep everything inside the Sshsig layer, but it could make sense to have a dedicated one for this format as those signature are a sort of wrapper around regular SSH signatures;
    • one of the tests (encoding the signature from raw bytes) currently fails. I am not entirely sure what is the best abstraction to hook into. The Signature decoding mechanism expects length-prefixed data, but sk signatures have 5 trailing bytes that are just added at the end. They are part of the signed data. Is there a good way to read those? Alternatively they could be removed from the test data given that they're not included in the length.

    As mentioned before, I can (time permitting) incorporate comments that you may have, or I'm perfectly fine if you'd like to take it from here and hit this into shape.

    Bye A.

    opened by a-dma 7
  • build(deps): bump serde from 1.0.149 to 1.0.151

    build(deps): bump serde from 1.0.149 to 1.0.151

    Bumps serde from 1.0.149 to 1.0.151.

    Release notes

    Sourced from serde's releases.

    v1.0.151

    • Update serde::{ser,de}::StdError to re-export core::error::Error when serde is built with feature="std" off and feature="unstable" on (#2344)

    v1.0.150

    • Relax some trait bounds from the Serialize impl of HashMap and BTreeMap (#2334)
    • Enable Serialize and Deserialize impls of std::sync::atomic types on more platforms (#2337, thanks @​badboy)
    Commits
    • 44bf363 Release 1.0.151
    • f261184 Merge pull request #2344 from dtolnay/coreerror
    • df40f80 Make StdError identical to core::error::Error on feature="unstable"
    • e7060ba Merge pull request #2342 from atouchet/badges
    • d98f0ee Update build status badge
    • 4f157a8 Prevent build.rs rerunning unnecessarily on all source changes
    • d493649 Release 1.0.150
    • 0e947e6 Merge pull request #2338 from serde-rs/atomic
    • 9249dab Deduplicate atomic_impl macro calls
    • 7440e56 Deduplicate atomic_impl macro implementations
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • build(deps): bump serde from 1.0.149 to 1.0.150

    build(deps): bump serde from 1.0.149 to 1.0.150

    Bumps serde from 1.0.149 to 1.0.150.

    Release notes

    Sourced from serde's releases.

    v1.0.150

    • Relax some trait bounds from the Serialize impl of HashMap and BTreeMap (#2334)
    • Enable Serialize and Deserialize impls of std::sync::atomic types on more platforms (#2337, thanks @​badboy)
    Commits
    • d493649 Release 1.0.150
    • 0e947e6 Merge pull request #2338 from serde-rs/atomic
    • 9249dab Deduplicate atomic_impl macro calls
    • 7440e56 Deduplicate atomic_impl macro implementations
    • 0d79306 Update atomic_impl macros to have same input syntax in all cfgs
    • 37faaf2 Mention target_has_atomic stabilization
    • 650358f Replace obsolete comment about target_has_atomic support
    • 6159ead Invert use_target_has_atomic cfg
    • 692ac99 Format PR 2337 with rustfmt
    • 86161ce Adjust spacing in some macro matchers
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • build(deps): bump serde from 1.0.147 to 1.0.148

    build(deps): bump serde from 1.0.147 to 1.0.148

    Bumps serde from 1.0.147 to 1.0.148.

    Release notes

    Sourced from serde's releases.

    v1.0.148

    • Support remote derive for generic types that have private fields (#2327)
    Commits
    • 7766103 Release 1.0.148
    • 30f7c71 Merge pull request #2331 from dtolnay/remote
    • 50354c2 Improve error message on remote derive duplicate generics
    • c4f67e6 Add ui test of duplicate generics in remote derive
    • 0daafe4 Merge pull request #2330 from dtolnay/remote
    • 3702191 Fix Into conversion involving generic remote derive with getter
    • 7328b34 Add test of generic remote derive with getter
    • fabbd2b Merge pull request #2329 from dtolnay/safety
    • 6814f97 Revert Buf::as_str safety change from PR 2319
    • 4ea403c Merge pull request #2328 from dtolnay/remote
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • build(deps): bump rsa from 0.7.0 to 0.7.1

    build(deps): bump rsa from 0.7.0 to 0.7.1

    Bumps rsa from 0.7.0 to 0.7.1.

    Changelog

    Sourced from rsa's changelog.

    0.7.1 (2022-10-31)

    Added

    • Documentation improvements (#216)

    Changed

    • Ensure PaddingScheme is Send and Sync (#215)

    #215: RustCrypto/RSA#215 #216: RustCrypto/RSA#216

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • How to encrypt/verify custom data ?

    How to encrypt/verify custom data ?

    Hello everyone!

    Could someone tell me, how can I encrypt/verify my custom data via this lib ?

    For example:

    1. Client is sending a phone number to the server
    2. Server is generating sms code and send it to the Client phone
    3. Server is generating a token with combination user phone and sms code, and send it to the Client
    4. Client is writing a form with a received sms code and send it to the server with phone number and token
    5. Server is validating all received data and make a decision for login or not

    Thanks!

    opened by kosten 1
  • build(deps): bump ctr from 0.9.1 to 0.9.2

    build(deps): bump ctr from 0.9.1 to 0.9.2

    Bumps ctr from 0.9.1 to 0.9.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • build(deps): bump sec1 from 0.2.1 to 0.3.0

    build(deps): bump sec1 from 0.2.1 to 0.3.0

    Bumps sec1 from 0.2.1 to 0.3.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • build(deps): bump p256 from 0.10.1 to 0.11.1

    build(deps): bump p256 from 0.10.1 to 0.11.1

    Bumps p256 from 0.10.1 to 0.11.1.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 1
  • build(deps): bump serde from 1.0.149 to 1.0.152

    build(deps): bump serde from 1.0.149 to 1.0.152

    Bumps serde from 1.0.149 to 1.0.152.

    Release notes

    Sourced from serde's releases.

    v1.0.152

    • Documentation improvements

    v1.0.151

    • Update serde::{ser,de}::StdError to re-export core::error::Error when serde is built with feature="std" off and feature="unstable" on (#2344)

    v1.0.150

    • Relax some trait bounds from the Serialize impl of HashMap and BTreeMap (#2334)
    • Enable Serialize and Deserialize impls of std::sync::atomic types on more platforms (#2337, thanks @​badboy)
    Commits
    • ccf9c6f Release 1.0.152
    • b25d0ea Link to Hjson data format
    • 4f4557f Link to bencode data format
    • bf400d6 Link to serde_tokenstream data format
    • 4d2e36d Wrap flexbuffers bullet point to 80 columns
    • df6310e Merge pull request #2347 from dtolnay/docsrs
    • 938ab5d Replace docs.serde.rs links with intra-rustdoc links
    • ef5a0de Point documentation links to docs.rs instead of docs.serde.rs
    • 5d186c7 Opt out -Zrustdoc-scrape-examples on docs.rs
    • 44bf363 Release 1.0.151
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies rust 
    opened by dependabot[bot] 0
  • Additional crates

    Additional crates

    This is a brainstorming issue for additional crates which could go in this repo.

    • [x] ssh-encoding
    • [x] ssh-key
    • [ ] Others?

    There is no current plan to provide a full SSH protocol in this repo, and we are only looking to provide common functionality which is useful for multiple SSH implementations and use cases outside full SSH protocol implementations, such as interoperating with the SSH key/certificate formats and providing linkage to the respective RustCrypto signing algorithm implementations.

    However, with sufficient interest that may change.

    opened by tarcieri 6
  • ssh_key::Signature doesn't round-trip through Signature trait

    ssh_key::Signature doesn't round-trip through Signature trait

    Afaict the Signature::from_bytes method expects a algorithm type string as a prefix, but Signature::as_bytes doesn't return the algorithm type string as a prefix.

    opened by programmerjake 2
  • Merging ssh-key and sshcerts

    Merging ssh-key and sshcerts

    Heyo,

    So I've been working on SSH Certificate parsing in pure rust for a while and might have some features that we could port over. I would also love to be able to get feedback on the code I've been writing for the past 2 years.

    https://github.com/obelisk/sshcerts

    Ultimately it would probably be best if we could port all the functionality for dealing with SSH certificates over then I can retire that crate and build more specific ones for the Yubikey portions.

    opened by obelisk 5
Owner
Rust Crypto
Cryptographic algorithms written in pure Rust
Rust Crypto
GitHub
ssh-box: use ssh keys to encrypt files

ssh-box: use ssh keys to encrypt files work in progress ssh-box file format A file encrypted by ssh-box is an ASCII-armored binary file. The binary co

Tony Finch 3 Jun 27, 2022
Use Touch ID / Secure Enclave for SSH Authentication!

SeKey About SeKey is a SSH Agent that allow users to authenticate to UNIX/Linux SSH servers using the Secure Enclave How it Works? The Secure Enclave

SeKey 2.3k Jan 5, 2023
A safe implementation of the secure remote password authentication and key-exchange protocol (SRP), SRP6a and legacy are as features available.

Secure Remote Password (SRP 6 / 6a) A safe implementation of the secure remote password authentication and key-exchange protocol (SRP version 6a). Ver

Sven Assmann 10 Nov 3, 2022
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Themis provides strong, usable cryptography for busy people General purpose cryptographic library for storage and messaging for iOS (Swift, Obj-C), An

Cossack Labs 1.6k Dec 30, 2022
User-friendly secure computation engine based on secure multi-party computation

CipherCore If you have any questions, or, more generally, would like to discuss CipherCore, please join the Slack community. See a vastly extended ver

CipherMode Labs 356 Jan 5, 2023
A prototype implementation of the Host Identity Protocol v2 for bare-metal systems, written in pure-rust.

Host Identity Protocol for bare-metal systems, using Rust I've been evaluating TLS replacements in constrained environments for a while now. Embedded

null 31 Dec 12, 2022
A fast and secure multi protocol honeypot.

Medusa A fast and secure multi protocol honeypot that can mimic realistic devices running ssh, telnet, http, https or any other tcp and udp servers. W

Simone Margaritelli 268 Dec 26, 2022
Transmissing metainfo across components.

Metainfo Transmissing metainfo across components. Quickstart Metainfo is designed to be passed through task local, so we provided a unified key for it

CloudWeGo 10 Oct 29, 2022
A monorepo containing all the custom components of the Astria network

A monorepo containing all the custom components of the Astria network, a decentralized system that replaces traditional sequencers, offering a shared, permissionless sequencer network.

Astria 6 Jun 7, 2023
use your GitHub SSH keys to authenticate to sshd

aeneid If you squint, GitHub is basically a free, zero-ops IdP that provides SSH public keys. Let's use it to authenticate to OpenSSH! What / How? The

Nikhil Jha 21 Dec 6, 2022
Retrieving SSH and GPS keys from GitHub and GitLab

Dormarch Retrieving SSH and GPS keys from GitHub and GitLab Usage After having installed Dormarch, you can see all the options with dormarch -h. To re

Riccardo Padovani 2 Dec 24, 2021
Authorize an ssh session using your keys on GitHub.

GitHub AuthorizedKeysCommand (hubakc) Heavily inspired by https://github.com/sequencer/gitakc . It allows someone login to the server using their ssh

Wenzhuo Liu 5 Nov 11, 2022
Git FIDO Helper - Sign your Git commits with multiple resident SSH keys

gfh Git FIDO helper, or God Fucking Help me. gfh is a tool for helping you sign your commits in Git with resident SSH keys stored on multiple FIDO dev

Michael Mitchell 16 Nov 30, 2022
Monorepo of our ahead-of-time implementation of Secure ECMAScript

Ahead-of-time Secure EcmaScript The monorepo contains a set of packages that helps adopt SES in a pre-compiled way. Security Assumptions This project

Dimension 13 Dec 21, 2022
A (mostly) pure-Rust implementation of various cryptographic algorithms.

Rust-Crypto A (mostly) pure-Rust implementation of various common cryptographic algorithms. Rust-Crypto seeks to create practical, auditable, pure-Rus

null 1.2k Dec 27, 2022
A pure-Rust implementation of group operations on Ristretto and Curve25519

curve25519-dalek A pure-Rust implementation of group operations on Ristretto and Curve25519. curve25519-dalek is a library providing group operations

dalek cryptography 611 Dec 25, 2022
An implementation of the FP-Growth algorithm in pure Rust.

fp-growth-rs An implementation of the FP-Growth algorithm in pure Rust, which is inspired by enaeseth/python-fp-growth. Usage Add this to your Cargo.t

JmPotato 13 Dec 20, 2022
A pure-Rust implementation of various threshold secret sharing schemes

Threshold Secret Sharing Efficient pure-Rust library for secret sharing, offering efficient share generation and reconstruction for both traditional S

Snips 137 Dec 29, 2022
Pure Rust implementation of the RNCryptor cryptographic format by Rob Napier

rncryptor Rust Implementation of the RNCryptor spec This library implements the specification for the RNCryptor encrypted file format by Rob Napier. d

null 7 Jun 29, 2022