irosh 0.2.0

SSH sessions over Iroh peer-to-peer transport
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

# Irosh: Peer-to-Peer Secure Shell Library

`irosh` is a high-level networking library that combines the [Iroh](https://iroh.computer) networking stack with the [SSH](https://en.wikipedia.org/wiki/Secure_Shell) protocol to provide secure, ad-hoc, and persistent P2P shells.

## Key Features

- **Self-Authenticating Nodes**: Uses Ed25519 keys for both network identity and SSH authentication.
- **NAT Traversal**: Automatic hole-punching and relaying via the Iroh stack.
- **Wormhole Pairing**: Secure out-of-band trust establishment using short human-friendly codes.
- **Unified Auth**: A flexible authentication system supporting Public Keys, Passwords, and TOFU.

## Usage

Add `irosh` to your `Cargo.toml`. To start a basic P2P server:

```rust,no_run
use irosh::{Server, ServerOptions, StateConfig};

#[tokio::main]
async fn main() -> irosh::Result<()> {
    let options = ServerOptions::new(StateConfig::new("./state".into()));
    let (ready, server) = Server::bind(options).await?;
    
    println!("Server Ticket: {}", ready.ticket());
    server.run().await
}
```

## Crate Architecture

This crate follows a **"Fat Library"** design. All logic related to networking, cryptography, and protocol state resides here. The accompanying CLI (`irosh-cli`) is a thin wrapper around this library, handling only UI and OS-specific setup.

### Core Components

- **server**: The P2P SSH server implementation.
- **client**: The P2P SSH client implementation.
- **auth**: Pluggable authentication backends and security policies.
- **transport**: Low-level P2P ticket management and data transfer protocols.
- **storage**: Persistence layer for identities, trust records, and peer profiles.

## Feature Flags

- `server`: Enables the P2P SSH server and PTY orchestration.
- `client`: Enables the P2P SSH client and interactive session handlers.
- `storage`: Enables persistent storage for identities and trust records.
- `transport`: Enables the underlying Iroh networking stack.

## Security Notice

Irosh is built on top of `iroh` and `russh`. While the underlying protocols are industry-standard, this library is in early development. Users should perform their own security audits before using it for mission-critical infrastructure.