SSH over HTTPS via Piping Server on browser.
We often want to access applications on our remote machine. But some environments have NATs or difficulties with opening a port to the public and getting a static IP. There is a way to forward a port over HTTPS with high transparency. This project aims to provide an SSH client that works on the browser and is compatible with the highly transparent way.
On the SSH server side, you can simply run the following command.
curl -sSN https://ppng.io/aaa | nc localhost 22 | curl -sSNT - https://ppng.io/bbb
The command above consists only of curl
and nc
, which are widely used and trusted. These commands are likely to already be installed on your machine.
- SSH things are processed only in the browser without any server.
- Go language (
golang.org/x/crypto/ssh
) and WebAssembly are used. - The connection between the browser and the SSH server are end-to-end encrypted.
- The connection between the browser and Piping Server is also encrypted in transit with HTTPS.
- The running command on the SSH server side is highly transparent, so you can easily understand what they are doing.
You can generate SSH keys only in the browser without any server.
- RSA 2048 bits
- RSA 4096 bits
- Ed25519
You can also manage keys generated by ssh-keygen
command with or without a passphrase.
You can store the configuration in the URL. All the parameters are in the URL fragment so they are never sent to the web server.
e.g. https://piping-ssh.nwtgck.org/#?user=myuser&password=mypass&s_port=22&cs_path=aaa&sc_path=bbb
user
: SSH user namepassword
: SSH user passwordserver
: Piping Server URLcs_path
: Server-to-client pathsc_path
: Client-to-server pathauto_connect
: Connect automaticallys_port
: SSH Server port for command hintheaders
: HTTP headers to Piping Server- (e.g.
[["X-MyExtra1", "myvalue1"], ["Content-Type", "application/myapp"]]
)
- (e.g.
This project requires Google Chrome 105 or higher for fetch() upload streaming feature. You can also use Chromium-based browsers.
This project used to highly based on SSHy before Go language and WebAssembly were used.
SSHy version: https://6453204af3b3fc3555e79371--piping-ssh.netlify.app
The idea of tunneling over Piping Server was proposed by @Cryolite in a Japanese post, https://qiita.com/Cryolite/items/ed8fa237dd8eab54ef2f. Thanks!
It is easy to use Replit and fork https://replit.com/@nwtgck/piping to host Piping Server for free. You can see https://github.com/nwtgck/piping-server/wiki/How-to-self-host-Piping-Server to get other ways.