README
¶
go-ws-ssh-transport
Libp2p and IPFS compatible transport using SSH-over-websocket for security and multiplexing.
This is backward compatible with the "ws" transport: client and server will negotiate using the standards ws headers, and if SSH is available on both ends it will be used.
The libp2p transport interface is relatively nice and the higher level infrastructure and protocols are interesting. Like many others attempting to reinvent the internet - the protocol is also repeating many mistakes, in particular creating new security and protocol negotiation schemes, and failing to interoperate with well established standards.
The Libp2p QUIC transport is a good start in fixing this, by reusing a well defined standard, TLS + QUIC, and avoiding the round trips for mux and security negotiation.
This package provides a similar 'combined' transport, using SSH for multiplexing and security and Websocket for low-level communication.
The choice of WS is needed for interop with JS in browsers. There are few SSH implementations in javascript as well.
Another option would be TLS+SPDY over Websocket - the multiplexing provided by SPDY is very similar with SSH. I might add this as an option, using the built-in WS negotiation instead of the one invented by Libp2p.
Notes on libp2p interfaces
-
lower layer: 'transport.Transport' creates transport.CapableConn (Mux + Security), which creates MuxedStream. No metadata except public key of the pair.
-
network is a higher level - implemented by 'swarm' package. It defines Stream as an extension to MuxedStream, having an ID and a protocol. It also has metadata, open time, direction and link to the Conn to get the security.
-
host is the next layer - basic_host and ipfs host implement it. Adds a local ID, a peerstore (database of peers), a Mux (protocol.Switch). Has Connect() and SetStreamHandler, NewStream(peer, protocolID...) Also has a ConnManager and EventBus. High leve introspection as well.
Helper interfaces
-
protocol.Switch - implemented by 'multiformats' package - handles negotiation at high level. This seems inefficient and ignores the standard capabilities of the protocols. Seems the weakest part of the package.
-
PeerStore
-
ConnManager: policy to close/keep alive ( Decay ), Gater, tags for peers. BasicConnMgr implementation using high watermark.
-
crypto - custom representation as a PB, base58. Also supports the PEM and raw format.
-
RoutedHost - Routing FindPeer(ID)->AddrInfo
-
EventBus
TODO
JS
-
https://github.com/billchurch/webssh2 Full HTML terminal. Based on https://github.com/mscdex/ssh2
-
https://github.com/stuicey/SSHy - simpler, only RSA
Documentation
¶
Index ¶
- Constants
- Variables
- func ConvertWebsocketMultiaddrToNetAddr(maddr ma.Multiaddr) (net.Addr, error)
- func ParseWebsocketNetAddr(a net.Addr) (ma.Multiaddr, error)
- func PrivKey2SSH(key ic.PrivKey) (ssh.Signer, error)
- type Addr
- type Conn
- func (c *Conn) Close() error
- func (c *Conn) LocalAddr() net.Addr
- func (c *Conn) Read(b []byte) (int, error)
- func (c *Conn) RemoteAddr() net.Addr
- func (c *Conn) SetDeadline(t time.Time) error
- func (c *Conn) SetReadDeadline(t time.Time) error
- func (c *Conn) SetWriteDeadline(t time.Time) error
- func (c *Conn) Write(b []byte) (n int, err error)
- type SSHConn
- func (c *SSHConn) AcceptStream() (mux.MuxedStream, error)
- func (c *SSHConn) Close() error
- func (c *SSHConn) GetStreams() []network.Stream
- func (c *SSHConn) ID() string
- func (c *SSHConn) IsClosed() bool
- func (c *SSHConn) LocalMultiaddr() ma.Multiaddr
- func (c *SSHConn) LocalPeer() peer.ID
- func (c *SSHConn) LocalPrivateKey() ic.PrivKey
- func (c *SSHConn) NewStream() (network.Stream, error)
- func (c *SSHConn) OpenStream() (mux.MuxedStream, error)
- func (c *SSHConn) RemoteMultiaddr() ma.Multiaddr
- func (c *SSHConn) RemotePeer() peer.ID
- func (c *SSHConn) RemotePublicKey() ic.PubKey
- func (c *SSHConn) Stat() network.Stat
- func (c *SSHConn) Transport() transport.Transport
- type SSHTransport
- func (t *SSHTransport) CanDial(a ma.Multiaddr) bool
- func (t *SSHTransport) Dial(ctx context.Context, raddr ma.Multiaddr, p peer.ID) (transport.CapableConn, error)
- func (t *SSHTransport) Listen(a ma.Multiaddr) (transport.Listener, error)
- func (t *SSHTransport) NewCapableConn(nc net.Conn, isServer bool) (transport.CapableConn, error)
- func (t *SSHTransport) NewConn(nc net.Conn, isServer bool) (mux.MuxedConn, error)
- func (t *SSHTransport) Protocols() []int
- func (t *SSHTransport) Proxy() bool
Constants ¶
const PROTO_SSH = "/ssh/1.0"
Variables ¶
var GracefulCloseTimeout = 100 * time.Millisecond
GracefulCloseTimeout is the time to wait trying to gracefully close a connection before simply cutting it.
var WsCodec = &manet.NetCodec{ NetAddrNetworks: []string{"ws"}, ProtocolName: "ws", ConvertMultiaddr: ConvertWebsocketMultiaddrToNetAddr, ParseNetAddr: ParseWebsocketNetAddr, }
WsCodec is the multiaddr-net codec definition for the websocket transport
WsFmt is multiaddr formatter for WsProtocol
Functions ¶
Types ¶
type Addr ¶
Addr is an implementation of net.Addr for WebSocket.
type Conn ¶
Conn implements net.Conn interface for gorilla/websocket.
func (*Conn) Close ¶
Close closes the connection. Only the first call to Close will receive the close error, subsequent and concurrent calls will return nil. This method is thread-safe.
func (*Conn) RemoteAddr ¶
type SSHConn ¶
type SSHConn struct {
LastSeen time.Time
ConnectTime time.Time
// contains filtered or unexported fields
}
Conn is a connection to a remote peer, implements CapableConn ( MuxedConn, network.ConnSecurity, network.ConnMultiaddrs Transport())
implements MuxedConn (OpenStream/AcceptStream, Close/IsClosed)
func (*SSHConn) AcceptStream ¶
func (c *SSHConn) AcceptStream() (mux.MuxedStream, error)
AcceptStream accepts a stream opened by the other side.
func (*SSHConn) GetStreams ¶
func (*SSHConn) LocalMultiaddr ¶
func (*SSHConn) LocalPrivateKey ¶
func (*SSHConn) OpenStream ¶
func (c *SSHConn) OpenStream() (mux.MuxedStream, error)
OpenStream creates a new stream. This uses the same channel in both directions.
func (*SSHConn) RemoteMultiaddr ¶
func (*SSHConn) RemotePeer ¶
func (*SSHConn) RemotePublicKey ¶
type SSHTransport ¶
type SSHTransport struct {
Prefix string
Mux *http.ServeMux
Gater connmgr.ConnectionGater
Psk pnet.PSK
Key ic.PrivKey
// contains filtered or unexported fields
}
SSHTransport is the actual go-libp2p transport
func NewSSHTransport ¶
func NewSSHTransport(key ic.PrivKey, psk pnet.PSK, gater connmgr.ConnectionGater) (*SSHTransport, error)
NewWsSshTransport creates a new transport using Websocket and SSH Based on QUIC transport.
func (*SSHTransport) Dial ¶
func (t *SSHTransport) Dial(ctx context.Context, raddr ma.Multiaddr, p peer.ID) (transport.CapableConn, error)
Dial creates a secure multiplexed CapableConn to the peer identified by a public key, using an address. The ID is derived from the proto-representation of the key - either SHA256 or the actual key if len <= 42
func (*SSHTransport) NewCapableConn ¶
func (t *SSHTransport) NewCapableConn(nc net.Conn, isServer bool) (transport.CapableConn, error)
NewConn wraps a net.Conn using SSH for MUX and security.
func (*SSHTransport) NewConn ¶
SSH transport implements the Multiplexer interface, can be used with other transports. The result is also a CapableConn, so no need for the extra security.
func (*SSHTransport) Protocols ¶
func (t *SSHTransport) Protocols() []int
func (*SSHTransport) Proxy ¶
func (t *SSHTransport) Proxy() bool
Source Files