Thomas' Secure Shell

Author: Thomas Sauvage

This is a SSH like program, for fun. Uses a CA authority to authenticate the users and the servers.

• Uses ed25519 to sign ephemeral public keys and certificates.
• Uses x25519 for ephemeral Diffie-Hellman key exchanges.
• Uses aes-256-gcm-siv for symmetric encryption.

The server will only accepts connections from clients that have a certificate signed by the CA and that are authorized in the authorized_identities file.

Installation

• Install Rust

Usage

• See the docs :

cargo run --bin create-cert -- --help
cargo run --bin create-root -- --help
cargo run --bin server -- --help
cargo run --bin client -- --help

• You can also build the app with the following command, the executable will be at target/release

cargo build --release
cd target/release

Examples

• Create root certificate

cargo run --bin create-root root

• Create users and servers certificates

cargo run --bin create-cert frankiz.dev.sauvage.pm:8080 root.secret frankiz.secret
cargo run --bin create-cert endalcher.dev.sauvage.pm:8080 root.secret endalcher.secret
cargo run --bin create-cert thomas.sauvage root.secret thomas.secret
cargo run --bin create-cert guillaume.c root.secret guillaume.secret

• Launch the server and the client

cargo run --bin server 8080 frankiz.secret
cargo run --bin client frankiz.dev.sauvage.pm:8080 thomas.secret
cargo run --bin client frankiz.dev.sauvage.pm:8080 guillaume.secret # Will fail (not authorized)