Expand description
§anvil-ssh
Pure-Rust SSH library for Git: transport, keys, signing, agent.
Built on russh v0.59, it replaces the
general-purpose ssh binary in the Git transport pipeline, plus the
subset of ssh-keygen, ssh-add, and ssh-agent that day-to-day Git
workflows need. Works against GitHub, GitLab, Codeberg, AUR, sourcehut,
and self-hosted Git instances.
§Quick start
use anvil_ssh::{GitwayConfig, GitwaySession};
// GitHub
let config = GitwayConfig::github();
// GitLab
let config = GitwayConfig::gitlab();
// Codeberg
let config = GitwayConfig::codeberg();
let mut session = GitwaySession::connect(&config).await?;
session.authenticate_best(&config).await?;
let exit_code = session.exec("git-upload-pack 'user/repo.git'").await?;
session.close().await?;§Design principles
- Pinned host keys — SHA-256 fingerprints for GitHub, GitLab, and Codeberg are embedded; no TOFU (Trust On First Use) for known hosts.
- Narrow scope — only exec channels; no PTY, SFTP, or port forwarding.
- Post-quantum ready — uses
aws-lc-rsfor cryptography. - Metric / SI / ISO 8601 throughout all timestamps and measurements.
Re-exports§
pub use config::GitwayConfig;pub use error::GitwayError;pub use session::GitwaySession;
Modules§
- agent
- SSH-agent wire-protocol support.
- allowed_
signers - Parser for the OpenSSH
allowed_signersfile format. - auth
- Identity resolution (FR-9 through FR-12).
- config
- Configuration builder for a Gitway session.
- diagnostic
- Single-line failure diagnostic for every Gitway binary.
- error
- Error types for
anvil-ssh. - hostkey
- SSH host-key fingerprint pinning for well-known Git hosting services (FR-6, FR-7).
- keygen
- OpenSSH key generation, loading, and fingerprinting.
- relay
- Bidirectional stdin/stdout relay over an SSH exec channel (FR-14 through FR-17).
- session
- SSH session management (FR-1 through FR-5, FR-9 through FR-17).
- sshsig
- SSHSIG (OpenSSH file-signature) sign/verify.
- time
- ISO 8601 timestamp helpers with no external crate dependency.