table of contents
- bullseye 20190101-1
- testing 20230101-1
- unstable 20230101-1
- experimental 20230101-2~exp1
| tinysshd(8) | System Manager's Manual | tinysshd(8) |
NAME¶
tinysshd - Tiny SSH daemon
SYNOPSIS¶
tinysshd [ options ] keydir
DESCRIPTION¶
tinysshd is a minimalistic SSH server which implements only a subset of SSHv2 features.
tinysshd supports only secure cryptography (minimum 128-bit security, protected against cache-timing attacks)
tinysshd doesn't implement unnecessary features (such as SSH1 protocol, compression, ...)
tinysshd doesn't implement older crypto (such as RSA, DSA, HMAC-MD5, HMAC-SHA1, 3DES, RC4, ...)
tinysshd doesn't implement unsafe features (such as password or hostbased authentication)
tinysshd doesn't use dynamic memory allocation (no allocation failures, etc.)
OPTIONS¶
- -q
- no error messages
- -Q
- print error messages (default)
- -v
- print extra information
- -s
- enable state-of-the-art crypto - ssh-ed25519, curve25519-sha256, chacha20-poly1305@openssh.com (default)
- -S
- disable state-of-the-art crypto
- -p
- enable post-quantum crypto - TODO, sntrup4591761x25519-sha512@tinyssh.org, chacha20-poly1305@openssh.com (default)
- -P
- disable post-quantum crypto
- -l
- use syslog instead of standard error output (useful for running from inetd)
- -L
- don't use syslog, use standard error output (default)
- -x name=command
- add subsystem command (e.g.: sftp=/usr/libexec/openssh/sftp-server)
- keydir
- directory containing TinySSH keys, typically /etc/tinyssh/sshkeydir
AUTHORIZATION¶
tinysshd supports only public-key authorization via AuthorizedKeysFile ~/.ssh/authorized_keys. Each line of the file contains one key in format "keytype base64-encoded-key comment". tinyssh supports only "ssh-ed25519" keytype.
~/.ssh/authorized_keys example:
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV5AGhGQ1QVXjBWhTKJP3vrqE3isL4ivisBailQ14gS comment
RUNNING¶
- TCPSERVER
- tcpserver -HRDl0 0.0.0.0 22 /usr/sbin/tinysshd -v /etc/tinyssh/sshkeydir &
- BUSYBOX
- busybox tcpsvd 0 22 tinysshd -v /etc/tinyssh/sshkeydir &
- INETD
[Unit] Description=TinySSH server socket ConditionPathExists=!/etc/tinyssh/disable_tinysshd [Socket] ListenStream=22 Accept=yes [Install] WantedBy=sockets.target
[Unit]
Description=Tiny SSH server
After=network.target auditd.service
[Service]
ExecStartPre=-/usr/sbin/tinysshd-makekey -q /etc/tinyssh/sshkeydir
EnvironmentFile=-/etc/default/tinysshd
ExecStart=/usr/sbin/tinysshd ${TINYSSHDOPTS} -- /etc/tinyssh/sshkeydir
KillMode=process
StandardInput=socket
StandardError=journal
[Install]
WantedBy=multi-user.target
SEE ALSO¶
tinysshd-makekey(1), tinysshd-printkey(1)
https://tinyssh.org/