Update README; remove TODO

master
Merlijn Wajer 7 years ago
parent 00d7185851
commit 58bca08b7b
  1. 26
      README.rst
  2. 9
      TODO

@ -5,10 +5,20 @@ sshd implementation in Go, for the sole purpose of restricting the ports that
clients can request using direct-tcpip and tcpip-forward / forwarded-tcpip.
OpenSSH so far refuses to merge patches to support this, but there is a fork of
OpenSSH with patches that achieve something similar to this. [1]
OpenSSH with patches that achieve something similar to this. [1]_
You might like this server if:
[1] https://github.com/antonyantony/openssh
* You want to limit the addresses/ports clients can listen to and/or connect
to, something OpenSSH only implement for `direct-tcpip`, not for
`forwarded-tcpip`.
* You want to support a lot of clients without having to fork() for every
client.
* You want to use a ssh server written in a memory safe language, which
doesn't depend on OpenSSL or similar libraries.
.. [1] https://github.com/antonyantony/openssh
authorized_keys format
======================
@ -31,8 +41,20 @@ capability on the resulting binary:
setcap 'cap_net_bind_service=+ep' go-sshd
In combination with the `forwarded-tcpip` feature this might allow processes to
listen to priviledged ports, so be careful.
Init script
===========
There is an init script for gentoo/alpine (OpenRC) users. SSHD_LISTEN needs to
be set in /etc/conf.d/go-sshd and the init-script goes in /etc/init.d/go-sshd
Known issues / TODO
===================
* The current remoteports= and localports= syntax only supports single ports. It
might make sense to support ranges of ports, and also support host-port
combinations.
* USR1 is not available on Windows, but otherwise the SSH server works fine on
Windows (just comment out the signal-related parts)

@ -1,9 +0,0 @@
* Make sure to not run this as root (setuid doesn't work well), so use NET capabilities
* Allow limiting the hosts that one can connect to use direct-tcpip (right now
all hosts are allowed)
* Allow lifting restrictions on what clients can bind on with forwarded-tcpip
* Check assertions and TODOs.
* Look if/where we want to set deadlines on open sockets
* Go through all log.Println calls, and make sure they are unique(?) and
sensible, and are not too verbose, and/or hidden behind *verbose
Loading…
Cancel
Save