Expand description
§Irosh: Peer-to-Peer Secure Shell Library
irosh is a high-level networking library that combines the Iroh networking stack with the SSH protocol to provide secure, ad-hoc, and persistent P2P shells.
§Key Features
- Self-Authenticating Nodes: Uses Ed25519 keys for both network identity and SSH authentication.
- NAT Traversal: Automatic hole-punching and relaying via the Iroh stack.
- Wormhole Pairing: Secure out-of-band trust establishment using short human-friendly codes.
- Unified Auth: A flexible authentication system supporting Public Keys, Passwords, and TOFU.
§Usage
Add irosh to your Cargo.toml. To start a basic P2P server:
use irosh::{Server, ServerOptions, StateConfig};
#[tokio::main]
async fn main() -> irosh::Result<()> {
let options = ServerOptions::new(StateConfig::new("./state".into()));
let (ready, server) = Server::bind(options).await?;
println!("Server Ticket: {}", ready.ticket());
server.run().await
}§Crate Architecture
This crate follows a “Fat Library” design. All logic related to networking, cryptography, and protocol state resides here. The accompanying CLI (irosh-cli) is a thin wrapper around this library, handling only UI and OS-specific setup.
§Core Components
- server: The P2P SSH server implementation.
- client: The P2P SSH client implementation.
- auth: Pluggable authentication backends and security policies.
- transport: Low-level P2P ticket management and data transfer protocols.
- storage: Persistence layer for identities, trust records, and peer profiles.
§Feature Flags
server: Enables the P2P SSH server and PTY orchestration.client: Enables the P2P SSH client and interactive session handlers.storage: Enables persistent storage for identities and trust records.transport: Enables the underlying Iroh networking stack.
§Security Notice
Irosh is built on top of iroh and russh. While the underlying protocols are industry-standard, this library is in early development. Users should perform their own security audits before using it for mission-critical infrastructure.
Re-exports§
pub use config::SecurityConfig;pub use config::StateConfig;pub use error::IroshError;pub use error::Result;pub use auth::AuthMethod;pub use auth::Authenticator;pub use auth::CombinedAuth;pub use auth::ConfirmationCallback;pub use auth::Credentials;pub use auth::KeyOnlyAuth;pub use auth::PasswordAuth;pub use auth::PasswordPrompter;pub use auth::UnifiedAuthenticator;pub use server::Server;pub use server::ServerOptions;pub use server::ServerReady;pub use server::ServerShutdown;pub use client::Client;pub use client::ClientOptions;pub use client::ResolvedTarget;pub use client::Session;pub use client::SessionEvent;pub use client::TransferProgress;pub use client::ipc::IpcClient;pub use session::PtyOptions;pub use session::SessionState;pub use transport::metadata::PeerMetadata;pub use transport::ticket::Ticket;pub use transport::transfer::GetRequest;pub use transport::transfer::PutRequest;pub use transport::transfer::TransferComplete;pub use transport::transfer::TransferFailure;pub use transport::transfer::TransferFailureCode;pub use transport::transfer::TransferReady;pub use russh;pub use iroh;
Modules§
- auth
- Pluggable authentication backends for irosh.
- client
- P2P SSH Client implementation.
- config
- Configuration data structures for the library.
- diagnostic
- Network and environment diagnostics for irosh.
- error
- Top-level and subsystem error types for the irosh library.
- server
- P2P SSH Server implementation.
- session
- Session orchestration, terminal allocations, and signals.
- storage
- Persistent storage and security trust management.
- sys
- transport
- Networking transports and protocol implementation.
Structs§
- PtySize
- Represents the size of the visible display area in the pty
Enums§
- Internal
Command - Internal version of IpcCommand that includes a response channel.
- IpcCommand
- Commands that can be sent to the irosh daemon via IPC.
- IpcResponse
- Responses sent by the irosh daemon back to the IPC client.