Home Original page

tinyssh

Introduction

TinySSH is a minimalistic SSH server which implements only a subset of SSHv2 features.
Twitter: @tinyssh
Github: https://github.com/janmojzis/tinyssh

Features

  • easy auditable - TinySSH has less than 100000 words of code
  • no dynamic memory allocation - TinySSH has all memory statically allocated (less than 1MB)
  • simple configuration - TinySSH can’t be misconfigured
  • reusing code - TinySSH is reusing libraries from CurveCP implementation
  • reusing software - TinySSH is using tcpserver/systemd socket/inetd for TCP connection
  • limited amount of features - TinySSH doesn’t have features such: SSH1 protocol, compression, …
  • no older cryptographic primitives - rsa, dsa, classic diffie-hellman, hmac-md5, hmac-sha1, 3des, arcfour, …
  • no copyright restrictions - TinySSH is in the public domain (see the licence)
  • no dependency on OpenSSL - TinySSH has its own crypto library compatible with NaCl, Libsodium
  • speed - TinySSH can be also compiled using high-speed NaCl library instead of internal.

Security features

  • cryptographic library (minimum 128-bit security, side-channel attack resistant, state-of-the-art crypto, …)
  • public-key authentication only (no password or hostbased authentication)

Crypto primitives

  • State-of-the-art crypto: ssh-ed25519, curve25519-sha256, chacha20-poly1305@openssh.com
  • Older standard: ecdsa-sha2-nistp256, ecdh-sha2-nistp256, aes256-ctr, hmac-sha2-256 removed in version 20190101
  • Postquantum crypto: sntrup761x25519-sha512@openssh.com, chacha20-poly1305@openssh.com

Project timelime

  • experimental: 2014.01.01 - 2014.12.31 (experimentation)
  • alpha(updated): 2015.01.01 - 2017.12.31 (not ready for production use, ready for testing)
  • beta(updated): 2018.01.01 - ????.??.?? (ready for production use)
  • stable: expected ????.??.?? - (ready for production use - including post-quantum crypto)

Acknowledgments

TinySSH can be compiled using primitives from NaCl library tnx Tanja Lange, Daniel J. Bernstein and Peter Schwabe
TinySSH uses curve25519-sha256 introduced by libssh.org thx libssh.org developers
TinySSH uses ssh-ed25519/chacha20-poly1305@openssh.com introduced by OpenSSH thx OpenSSH developers

Current release (20240101)

  • has 63899 words of code
  • beta release