Bug#832611: ITP: tinyssh -- Tiny SSH server

To: Dmitry Bogatov <KAction@gnu.org>, 832611@bugs.debian.org
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#832611: ITP: tinyssh -- Tiny SSH server
From: Jan Mojzis <jan.mojzis@gmail.com>
Date: Wed, 27 Jul 2016 19:26:10 +0200
Message-id: <[🔎] 1519113.oz2v3PWs78@apache>
Reply-to: Jan Mojzis <jan.mojzis@gmail.com>, 832611@bugs.debian.org
In-reply-to: <[🔎] E1bSQOT-0007WH-5Q@eggs.gnu.org>
References: <[🔎] 20160727141337.3358.45150.reportbug@apache.kobka> <[🔎] E1bSQOT-0007WH-5Q@eggs.gnu.org>

On Wednesday 27 of July 2016 18:05:01 Dmitry Bogatov wrote:

> [2016-07-27 16:13] Jan Mojzis <jan.mojzis@gmail.com>

> >

> > Package: wnpp

> > Severity: wishlist

> > Owner: Jan Mojzis <jan.mojzis@gmail.com>

> >

> > * Package name : tinyssh

> > Version : 20160726

> > Upstream Author : Jan Mojzis <jan.mojzis@gmail.com>

> > * URL : https://tinyssh.org/

> > * License : public domain

> > Programming Lang: C

> > Description : Tiny SSH server

> >

> > This is tiny SSH server which implement 'less'.

> > TinySSH supports only secure crypto (min 128-bit security,

> > protected against cache-timing attacks).

> > Unnecessary features (such SSH1 protocol, compression, scp, sftp, ...),

> > unsafe crypto (such rsa, dsa, hmac-md5, hmac-sha1, 3des, arcfour, ...) and

> > unsafe features (such password or hostbased authentication)

> > are simply NOT implemented.

> > TinySSH has less than 100000 words of code, so it's very easy auditable.

> Sounds nice. How does it compare with dropbear?

Hello,

TinySSH not implements 100% of SSH protocol.

It has limited amount of features.

1. only safe crypto:

implemented:

ssh-ed25519, curve25519-sha256@libssh.org, chacha20-poly1305@openssh.com

also implemented older standard (but disabled by default)

ecdsa-sha2-nistp256, ecdh-sha2-nistp256, aes128-ctr, aes256-ctr, hmac-sha2-256

not implemented:

rsa, dsa, hmac-md5, hmac-sha1, 3des, arcfour, ....

2. only safe protocol

implemented:

subset of SSHv2 features

not implemented:

SSHv1

3. only safe authentification

implemented:

only authorized_keys authentification

not implemented:

password or hostbased authentication

4. no unnecesary programs

scp (‘rsync -e ssh’ makes same job)

sftp (TinySSH doesn’t have sftp program, but can run e.g. OpenSSH /usr/libexec/openssh/sftp-server)

5. TinySSH has less than 100.000 word of code

computed using shell command:

cat *.c *.h \

| (cpp -fpreprocessed || gcpp -fpreprocessed) \

| sed 's/[_a-zA-Z0-9][_a-zA-Z0-9]*/x/g' \

| tr -d ' \012' | wc -c | tr -d ' '

'word of code' idea is taken from:

https://cr.yp.to/qmail/qmailsec-20071101.pdf

Jan

Reply to:

References:
- Bug#832611: ITP: tinyssh -- Tiny SSH server
  - From: Jan Mojzis <jan.mojzis@gmail.com>
- Bug#832611: ITP: tinyssh -- Tiny SSH server
  - From: Dmitry Bogatov <KAction@gnu.org>

Prev by Date: Processed: ITP: android-platform-external-jsilver -- Pure-Java implementation of Clearsilver
Next by Date: Bug#258096: Hello
Previous by thread: Bug#832611: ITP: tinyssh -- Tiny SSH server
Next by thread: Bug#832611: ITP: tinyssh -- Tiny SSH server
Index(es):
- Date
- Thread