table of contents
| tinysshd(8) | System Manager's Manual | tinysshd(8) |
NAME¶
tinysshd - Tiny SSH daemon
SYNOPSIS¶
tinysshd [ options ] keydir
DESCRIPTION¶
tinysshd is a minimalistic SSH server which implements only a subset of SSHv2 features.
tinysshd supports only secure cryptography (minimum 128-bit security, protected against cache-timing attacks)
tinysshd doesn't implement older crypto (such as RSA, DSA, HMAC-MD5, HMAC-SHA1, 3DES, RC4, ...)
tinysshd doesn't implement unsafe features (such as password or hostbased authentication)
tinysshd doesn't have features such: SSH1 protocol, compression, port forwarding, agent forwarding, X11 forwarding ...
tinysshd doesn't use dynamic memory allocation (no allocation failures, etc.)
OPTIONS¶
- -q
- no error messages
- -Q
- print error messages (default)
- -v
- print extra information
- -s
- enable state-of-the-art crypto (default)
signing - ssh-ed25519
key-exchange - curve25519-sha256
symmetric - chacha20-poly1305@openssh.com
- -S
- disable state-of-the-art crypto
- -p
- enable post-quantum crypto (default)
signing - TODO (not implemented yet)
key-exchange - sntrup761x25519-sha512@openssh.com
symmetric - chacha20-poly1305@openssh.com
- -P
- disable post-quantum crypto
- -l
- use syslog instead of standard error output (useful for running from inetd)
- -L
- don't use syslog, use standard error output (default)
- -x name=command
- add subsystem command (e.g.: sftp=/usr/libexec/openssh/sftp-server)
- -e command
- execute the given command instead of spawning the shell (disables exec/subsystem channel requests)
- keydir
- directory containing TinySSH keys, typically /etc/tinyssh/sshkeydir
AUTHORIZATION¶
tinysshd supports only public-key authorization via AuthorizedKeysFile ~/.ssh/authorized_keys. Each line of the file contains one key in format "keytype base64-encoded-key comment". tinyssh supports only "ssh-ed25519" keytype.
~/.ssh/authorized_keys example:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV5AGhGQ1QVXjBWhTKJP3vrqE3isL4ivisBailQ14gS comment
RUNNING¶
- TCPSERVER
- tcpserver -HRDl0 0.0.0.0 22 /usr/sbin/tinysshd -v /etc/tinyssh/sshkeydir &
- BUSYBOX
- busybox tcpsvd 0 22 tinysshd -v /etc/tinyssh/sshkeydir &
- INETD
[Unit] Description=TinySSH server socket ConditionPathExists=!/etc/tinyssh/disable_tinysshd [Socket] ListenStream=22 Accept=yes [Install] WantedBy=sockets.target
[Unit]
Description=Tiny SSH server
After=network.target auditd.service
[Service]
ExecStartPre=-/usr/sbin/tinysshd-makekey -q /etc/tinyssh/sshkeydir
EnvironmentFile=-/etc/default/tinysshd
ExecStart=/usr/sbin/tinysshd ${TINYSSHDOPTS} -- /etc/tinyssh/sshkeydir
KillMode=process
SuccessExitStatus=111
StandardInput=socket
StandardError=journal
[Install]
WantedBy=multi-user.target
SEE ALSO¶
tinysshd-makekey(8), tinysshd-printkey(8)
https://tinyssh.org/