sshbind 0.1.0

SSHBind is a Rust library that securely binds remote services behind multiple SSH jump hosts to a local socket, enabling seamless access with encrypted credential management, TOTP-based two-factor authentication, and automatic reconnection.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

# SSHBind

[![Build Status](https://github.com/Xyhlon/SSHBind/actions/workflows/ci.yml/badge.svg)](https://github.com/Xyhlon/SSHBind/actions/workflows/ci.yml)
[![SSHBind on crates.io](https://img.shields.io/crates/v/sshbind.svg)](https://crates.io/crates/sshbind)
[![SSHBind on docs.rs](https://docs.rs/sshbind/badge.svg)](https://docs.rs/sshbind/)
[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://www.tldrlegal.com/license/mit-license)

SSHBind is a Rust library that enables developers to programmatically bind services
located behind multiple SSH connections to a local socket. This facilitates secure and
seamless access to remote services, even those that are otherwise unreachable.

## Platform Support

- **Library**: Supports macOS, Linux, and Windows
- **CLI Application**: Currently supported on Linux and Windows only

## Features

- **Multiple Jump Host Support**: Navigate through a series of SSH jump hosts to reach
  the target service.
- **Local Socket Binding**: Expose remote services on local Unix sockets, making them
  accessible as if they were running locally.
- **Encrypted Credential Management**: Utilize SOPS-encrypted YAML files for secure and
  reproducible environment configurations.
- **Programmatic Two-Factor Authentication**: Support for TOTP-based 2FA, with plans to
  include user agent support in future releases.
- **Automatic Reconnection**: Seamlessly handle connection interruptions by
  automatically reconnecting to the service.

## Prerequisites

To build and use SSHBind, ensure the following dependencies are installed:

- **OpenSSL**: Provides the necessary cryptographic functions.
- **SOPS**: Used for decrypting the credentials file at runtime.
- **Rust Toolchain**: Required for building the library.

With Nix, building the project is straightforward:

```sh
nix build
```

Alternatively, using Cargo:

```sh
cargo build
```

## Configuration

SSHBind requires an encrypted YAML file containing the credentials for each host. This
file should be encrypted using SOPS to ensure security.

**Sample `secrets.yaml` Structure:**

```yaml
host:
  username: your_username
  password: your_password
  totp_key: optional_base32_totp_key
```

- `host`: The hostname or IP address of the target machine.
- `username`: The SSH username.
- `password`: The SSH password.
- `totp_key`: (Optional) The base-32 encoded key for TOTP 2FA.

Ensure this file is encrypted with SOPS before use.

## Usage

As a library, SSHBind exposes two primary functions:

- `bind`: Establishes the binding of a remote service to a local socket.
- `unbind`: Removes the existing binding.

**Example Usage:**

```rust
use sshbind::{bind, unbind};

fn main() {
    let local_addr = "127.0.0.1:8000";
    let jump_hosts = vec!["jump1:22".to_string(), "jump2:22".to_string()];
    let remote_addr = "remote.service:80";
    let sopsfile = "secrets.yaml";

    // Bind the remote service to the local address
    bind(local_addr, jump_hosts, remote_addr, sopsfile);

    // ... use the bound service ...

    // Unbind when done
    unbind(local_addr);
}
```

For detailed API documentation and advanced usage, refer to the
[official documentation](https://docs.rs/sshbind).

## License

SSHBind is licensed under the MIT License. For more details, see the
[LICENSE](./LICENSE) file.

Dependencies of the code are subject to additional licenses as noted in the
[THIRD_PARTY_LICENSES](./THIRD_PARTY_LICENSES) folder.

## Contributing

Contributions are welcome! To contribute:

1. Fork the repository.
1. Create a new branch.
1. Make your changes.
1. Submit a pull request.

Please ensure your code adheres to the project's coding standards and includes
appropriate tests.