Low-level Tokio SSH2 client and server implementation.

Crypto backends: enable at least one of the aws-lc-rs or ring features. russh fails to compile when both are disabled because a crypto backend is required.

Examples: simple client, interactive PTY client, server, SFTP client, SFTP server.

This is a fork of Thrussh by Pierre-Étienne Meunier.

✨ = added in Russh

• More panic safety ✨
• async traits ✨
• direct-tcpip (local port forwarding)
• forward-tcpip (remote port forwarding) ✨
• direct-streamlocal (local UNIX socket forwarding, client only) ✨
• forward-streamlocal (remote UNIX socket forwarding) ✨
• Ciphers:
  • [email protected]
  • [email protected] ✨
  • [email protected] ✨
  • aes256-ctr ✨
  • aes192-ctr ✨
  • aes128-ctr ✨
  • aes256-cbc ✨
  • aes192-cbc ✨
  • aes128-cbc ✨
  • 3des-cbc ✨
• Key exchanges:
  • [email protected]
  • diffie-hellman-group-sha1 (GEX) ✨
  • diffie-hellman-group1-sha1 ✨
  • diffie-hellman-group14-sha1 ✨
  • diffie-hellman-group-sha256 (GEX) ✨
  • diffie-hellman-group14-sha256 ✨
  • diffie-hellman-group16-sha512 ✨
  • ecdh-sha2-nistp256 ✨
  • ecdh-sha2-nistp384 ✨
  • ecdh-sha2-nistp521 ✨
• MACs:
  • hmac-sha1 ✨
  • hmac-sha2-256 ✨
  • hmac-sha2-512 ✨
  • [email protected] ✨
  • [email protected] ✨
  • [email protected] ✨
• Host keys and public key auth:
  • ssh-ed25519
  • rsa-sha2-256
  • rsa-sha2-512
  • ssh-rsa ✨
  • ecdsa-sha2-nistp256 ✨
  • ecdsa-sha2-nistp384 ✨
  • ecdsa-sha2-nistp521 ✨
• Authentication methods:
  • password
  • publickey
  • keyboard-interactive
  • none
  • OpenSSH certificates ✨
• Dependency updates
• OpenSSH keepalive request handling ✨
• OpenSSH agent forwarding channels ✨
• OpenSSH server-sig-algs extension ✨
• PPK key format ✨
• Pageant support ✨
• AsyncRead/AsyncWrite-able channels ✨

• deny(clippy::unwrap_used)
• deny(clippy::expect_used)
• deny(clippy::indexing_slicing)
• deny(clippy::panic)
• Exceptions are checked manually

• When the Rust allocator fails to allocate memory during a CryptoVec being resized.
• When mlock/munlock fails to protect sensitive data in memory.

• cryptovec uses unsafe for faster copying, initialization and binding to native API.

• russh-sftp - server-side and client-side SFTP subsystem support for russh - see russh/examples/sftp_server.rs or russh/examples/sftp_client.rs.
• async-ssh2-tokio - simple high-level API for running commands over SSH.

• HexPatch - A binary patcher and editor written in Rust with terminal user interface (TUI).
  • Uses russh::client and russh_sftp::client to allow remote editing of files.
• kartoffels - A game where you're given a potato and your job is to implement a firmware for it
  • Uses russh:server to deliver the game, using ratatui as the rendering engine.
• kty - The terminal for Kubernetes.
  • Uses russh::server to deliver the ratatui based TUI and russh_sftp::server to provide scp based file management.
• lapdev - Self-Hosted Remote Dev Environment
  • Uses russh::server to construct a proxy into your development environment.
• medusa - A fast and secure multi protocol honeypot.
  • Uses russh::server to be the basis of the honeypot.
• rebels-in-the-sky - P2P terminal game about spacepirates playing basketball across the galaxy
  • Uses russh::server to deliver the game, using ratatui as the rendering engine.
• warpgate - Smart SSH, HTTPS and MySQL bastion that requires no additional client-side software
  • Uses russh::server in addition to russh::client as part of the smart SSH functionality.
• Devolutions Gateway - Establish a secure entry point for internal or external segmented networks that require authorized just-in-time (JIT) access.
  • Uses russh::client for the web-based SSH client of the standalone web application.
• Sandhole - Expose HTTP/SSH/TCP services through SSH port forwarding. A reverse proxy that just works with an OpenSSH client.
  • Uses russh::server for reverse forwarding connections, local forwarding tunnels, and the ratatui based admin interface.
• Motor OS - A new Rust-based operating system for VMs.
  • Uses russh::server as the base for its own SSH Server.

Thanks goes to these wonderful people (emoji key):

Mihir Samdarshi 📖	Connor Peet 💻	KVZN 💻	Adrian Müller (DTT) 💻	Simone Margaritelli 💻	Joe Grund 💻	AspectUnk 💻
Simão Mata 💻	Mariotaku 💻	yorkz1994 💻	Ciprian Dorin Craciun 💻	Eric Milliken 💻	Swelio 💻	Joshua Benz 💻
Jan Holthuis 🛡️	mateuszkj 💻	Saksham Mittal 💻	Lucas Kent 💻	Raphael Druon 💻	Maya the bee 💻	Milo Mirate 💻
George Hopkins 💻	Åke Amcoff 💻	Brendon Ho 💻	Samuel Ainsworth 💻	Sherlock Holo 💻	Alessandro Ricottone 💻	T0b1-iOS 💻
Shoaib Merchant 💻	Michael Gleason 💻	Ana Gelez 💻	Tom König 💻	Pierre Barre 💻	Jean-Baptiste Skutnik 💻	Adam Chappell 💻
Yaroslav Bolyukin 💻	Julian 💻	Thomas Rampelberg 💻	Kaleb Elwert 📖	Gary Guo 💻	irvingouj @ Devolutions 💻	Toni Peter 💻
Nathaniel Bajo 💻	Eric Rodrigues Pires 💻	Jerome Gravel-Niquet 💻	Quentin Santos 📖	André Almeida 💻	Mattias Eriksson 💻	Josh McKinney 💻
citorva 💻	Eric Seppanen 💻	Eric Seppanen 💻	Patryk Wychowaniec 💻	@RandyMcMillan 💻	handewo 💻	Chris 💻
procr1337 💻	iHsin 💻	Uli Schlachter 💻	Jacob Van Brunt 💻	lgmugnier 💻	Mingwei Samuel 💻	Pascal Grange 💻
wyhaya 💻	Philippe Laflamme 💻	Tom 💻	vzex 💻	Kenny Root 💻	Môshe van der Sterre 💻	Lucy 💻

This project follows the all-contributors specification. Contributions of any kind welcome!