Crate sshbind

Crate sshbind 

Source
Expand description

§SSHBind Library

SSHBind is a Rust library that enables developers to programmatically bind services located behind multiple SSH connections to a local socket. This facilitates secure and seamless access to remote services, even those that are otherwise unreachable.

§Features

  • Multiple Jump Host Support: Navigate through a series of SSH jump hosts to reach the target service
  • Local Socket Binding: Expose remote services on local sockets, making them accessible as if they were running locally
  • Encrypted Credential Management: Utilize SOPS-encrypted YAML files for secure credential storage
  • TOTP-based 2FA Support: Programmatic two-factor authentication using time-based one-time passwords
  • Automatic Reconnection: Seamlessly handle connection interruptions by automatically reconnecting to services
  • Session Reuse: Efficiently reuse SSH sessions to avoid overwhelming SSH servers

§Platform Support

  • Library: Supports macOS, Linux, and Windows
  • CLI Application: Currently supported on Linux and Windows only

§Basic Usage

use sshbind::{bind, unbind};

// Bind a remote service to a local address
let local_addr = "127.0.0.1:8000";
let jump_hosts = vec!["jump1:22".to_string(), "jump2:22".to_string()];
let remote_addr = Some("remote.service:80".to_string());
let sopsfile = "secrets.yaml";

bind(local_addr, jump_hosts, remote_addr, sopsfile, None);

// Use the bound service...

// Unbind when done
unbind(local_addr);

§Credential Management

Credentials are stored in SOPS-encrypted YAML files with the following structure:

host:22:  # hostname:port format
  username: your_username
  password: your_password
  totp_key: optional_base32_totp_key  # For 2FA

§Architecture Notes

  • SSH sessions are reused across multiple connections to prevent overwhelming SSH servers
  • The library implements automatic session healing when connection issues are detected
  • All connections are handled asynchronously using the async/await model
  • Background monitoring ensures session health and triggers reconnections when needed

Structs§

Creds
SSH authentication credentials for a single host.
HostPort
Represents a host and port combination for SSH connections.
TotpPromptHandler
Handles TOTP-based keyboard-interactive authentication prompts.

Functions§

bind
Binds a local address to a server that forwards incoming TCP connections through a chain of SSH jump hosts to a specified remote address. The server runs in a separate thread.
unbind
Gracefully shuts down a previously established SSH tunnel binding.

Type Aliases§

YamlCreds
A map of credentials loaded from a YAML file.