Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include know SSH tunnel providers #3

Open
stokito opened this issue Jul 3, 2023 · 1 comment
Open

Include know SSH tunnel providers #3

stokito opened this issue Jul 3, 2023 · 1 comment

Comments

@stokito
Copy link
Member

stokito commented Jul 3, 2023

Main free SSH providers:

  • localhost.run
  • remote.moe
  • srv.us
  • serveo.net

Pre-install known hostname for the localhost.run. The problem is that the RSA pubkey is big. Need to ask generate a ed25519.

Support for localhost.run out of the box and extract the domain.

Interesting that SSH supports dynamic allocation of a remote port. If you specified 0 then a server may take any free port and return it to you.
To get it you can execute ssh -O forward.
https://unix.stackexchange.com/a/584505/162125

Maybe on the SSH protocol level it's also possible to request an external domain that was allocated for you.
Then there will be no need for execution of a special command or checking logs to get the domain.

stokito pushed a commit that referenced this issue Feb 12, 2024
@yurtpage
Copy link
Contributor

Hostkeys of SSH providers are included into the package. So once connecting users will be safe and they don't have to trust to a key that they didn't saw before.
They still can check by eyes that fingerprint is the same as the providers says.
If a key is compromised then users are in danger. We must update the sshtunnel with a new key but not all users updating their system.
The attacker can make a MITM but I hope that users will use an additional encryption e.g. TLS.
Still, most of the SSH providers are making the TLS offloading.
Anyway this is better then Trust of first usage (TOFU).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants