Skip to main content

Crate anvil_ssh

Crate anvil_ssh 

Source
Expand description

§anvil-ssh

Pure-Rust SSH library for Git: transport, keys, signing, agent.

Built on russh v0.59, it replaces the general-purpose ssh binary in the Git transport pipeline, plus the subset of ssh-keygen, ssh-add, and ssh-agent that day-to-day Git workflows need. Works against GitHub, GitLab, Codeberg, AUR, sourcehut, and self-hosted Git instances.

§Quick start

use anvil_ssh::{AnvilConfig, AnvilSession};

// GitHub
let config = AnvilConfig::github();
// GitLab
let config = AnvilConfig::gitlab();
// Codeberg
let config = AnvilConfig::codeberg();

let mut session = AnvilSession::connect(&config).await?;
session.authenticate_best(&config).await?;

let exit_code = session.exec("git-upload-pack 'user/repo.git'").await?;
session.close().await?;

§Design principles

  • Pinned host keys — SHA-256 fingerprints for GitHub, GitLab, and Codeberg are embedded; no TOFU (Trust On First Use) for known hosts.
  • Narrow scope — only exec channels; no PTY, SFTP, or port forwarding.
  • Post-quantum ready — uses aws-lc-rs for cryptography.
  • Metric / SI / ISO 8601 throughout all timestamps and measurements.

Re-exports§

pub use config::AnvilConfig;
pub use error::AnvilError;
pub use session::AnvilSession;
pub use ssh_config::AlgList;
pub use ssh_config::DirectiveSource;
pub use ssh_config::ResolvedSshConfig;
pub use ssh_config::SshConfigPaths;
pub use ssh_config::StrictHostKeyChecking;
pub use AnvilSession as GitwaySession;
pub use AnvilConfig as GitwayConfig;
pub use AnvilError as GitwayError;

Modules§

agent
SSH-agent wire-protocol support.
allowed_signers
Parser for the OpenSSH allowed_signers file format.
auth
Identity resolution (FR-9 through FR-12).
cert_authority
@cert-authority and @revoked markers in known_hosts-style files (PRD §5.8.3 / FR-60, FR-64).
config
Configuration builder for an AnvilSession.
diagnostic
Single-line failure diagnostic for every Gitway binary.
error
Error types for anvil-ssh.
hostkey
SSH host-key fingerprint pinning for well-known Git hosting services (FR-6, FR-7).
keygen
OpenSSH key generation, loading, and fingerprinting.
log
Structured tracing categories + log/tracing bridge installer (FR-65, FR-69 of Gitway PRD §5.8.4).
proxy
ProxyCommand and ProxyJump consumers (PRD §5.8.2, M13).
relay
Bidirectional stdin/stdout relay over an SSH exec channel (FR-14 through FR-17).
session
SSH session management (FR-1 through FR-5, FR-9 through FR-17).
ssh_config
ssh_config(5) parser and resolver for Anvil.
sshsig
SSHSIG (OpenSSH file-signature) sign/verify.
time
ISO 8601 timestamp helpers with no external crate dependency.