Skip to content

nwtgck/piping-ssh-web

Repository files navigation

piping-ssh

SSH over HTTPS via Piping Server on browser.

https://piping-ssh.nwtgck.org

We often want to access applications on our remote machine. But some environments have NATs or difficulties with opening a port to the public and getting a static IP. There is a way to forward a port over HTTPS with high transparency. This project aims to provide an SSH client that works on the browser and is compatible with the highly transparent way.

SSH over pure HTTPS via Piping Server

On the SSH server side, you can simply run the following command.

curl -sSN https://ppng.io/aaa | nc localhost 22 | curl -sSNT - https://ppng.io/bbb

The command above consists only of curl and nc, which are widely used and trusted. These commands are likely to already be installed on your machine.

Security

  • SSH things are processed only in the browser without any server.
  • Go language (golang.org/x/crypto/ssh) and WebAssembly are used.
  • The connection between the browser and the SSH server are end-to-end encrypted.
  • The connection between the browser and Piping Server is also encrypted in transit with HTTPS.
  • The running command on the SSH server side is highly transparent, so you can easily understand what they are doing.

SSH key generation

You can generate SSH keys only in the browser without any server.

  • RSA 2048 bits
  • RSA 4096 bits
  • Ed25519
SSH key generation in browser

You can also manage keys generated by ssh-keygen command with or without a passphrase.

URL fragment parameters

You can store the configuration in the URL. All the parameters are in the URL fragment so they are never sent to the web server. piping-ssh-web with URL fragment parameters

e.g. https://piping-ssh.nwtgck.org/#?user=myuser&password=mypass&s_port=22&cs_path=aaa&sc_path=bbb

  • user: SSH user name
  • password: SSH user password
  • server: Piping Server URL
  • cs_path: Server-to-client path
  • sc_path: Client-to-server path
  • auto_connect: Connect automatically
  • s_port: SSH Server port for command hint
  • headers: HTTP headers to Piping Server
    • (e.g. [["X-MyExtra1", "myvalue1"], ["Content-Type", "application/myapp"]])

Requirement

This project requires Google Chrome 105 or higher for fetch() upload streaming feature. You can also use Chromium-based browsers.

Previous version using SSHy

This project used to highly based on SSHy before Go language and WebAssembly were used.
SSHy version: https://6453204af3b3fc3555e79371--piping-ssh.netlify.app

Acknowledgements

The idea of tunneling over Piping Server was proposed by @Cryolite in a Japanese post, https://qiita.com/Cryolite/items/ed8fa237dd8eab54ef2f. Thanks!

Self-hosting Piping Server

It is easy to use Replit and fork https://replit.com/@nwtgck/piping to host Piping Server for free. You can see https://github.com/nwtgck/piping-server/wiki/How-to-self-host-Piping-Server to get other ways.

References