openssh-portable
ngrok
Our great sponsors
openssh-portable | ngrok | |
---|---|---|
39 | 11 | |
2,779 | 23,894 | |
2.7% | - | |
9.4 | 3.7 | |
7 days ago | 3 days ago | |
C | Go | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
openssh-portable
-
Terrapin Attack for prefix injection in SSH
Unless I'm misunderstanding what this is about RFC5647 merely points out that the sequence number is included as AAD due to RFC4253 requirements. The [email protected] specification is not exactly the most rigorous thing I've ever seen (https://github.com/openssh/openssh-portable/blob/master/PROT...) but reading it, the sequence number is only included in the IV, and not as AAD, which directly runs afoul of the RFC4253 section 6.4 requirement for it to be included in the MAC.
- SSH3: SSH using HTTP/3 and QUIC
-
SSH keys stolen by stream of malicious PyPI and NPM packages
The key layout is described in https://github.com/openssh/openssh-portable/blob/master/PROT... and you can view it pretty easily via
cat private_key_here | head -n -1 | tail -n +2 | base64 -d | xxd
One I created in 2016 is using aes256-cbc with bcrypt for the kdf, which isn't awful at all.
-
Microsoft signing keys were leaked
Interestingly, it looks like ssh-agent disables core dumps[1], but I don't see similar usage for sshd
1: https://github.com/openssh/openssh-portable/blob/694150ad927...
-
An Excruciatingly Detailed Guide to SSH (But Only the Things I Find Useful)
There's a current pull request for adding AF_UNIX support, which should make all kinds of exciting forwarding possible, since it will make it easy to proxy ssh connections through an arbitrary local process which can do anything to forward the data to the remote end.
-
Project on GitHub - Customizable Arch Linux Podman images based on the official Arch Linux Docker image
OpenSSH server (allows connecting to containers)
-
Funds of every Trust Wallet browser extension could have been stolen
It doesn't, at least not for generic/unmodified cryptographic applications.
WebAuthN signatures are of a very specific challenge/response format that applications need to explicitly support. For example, SSH had to add new key and signature formats [1] to support it.
Theoretically, a blockchain/cryptocurrency application could adopt the WebAuthN signature format as its canonical or an alternative signature format, but I'm not aware of any popular one having done so.
[1] https://github.com/openssh/openssh-portable/blob/master/PROT...
-
We updated our RSA SSH host key
I just tested it and looked at the code briefly; the client fortunately does seem to remove all keys not provided by the server: https://github.com/openssh/openssh-portable/blob/36c6c3eff5e...
It seems like at least a `known_hosts` compromise would be "self-healing" after connecting to the legitimate github.com server once.
- What do you think 1.20 will be called?
-
OpenAI Execs Say They're Shocked by ChatGPT's Popularity
And OpenVAS and OpenSSH and OpenBSD and OpenNN and OpenAFS and on and on and on
ngrok
-
Portr – open-source ngrok alternative designed for teams
Thanks for the history. I maintain this list[0], and wasn't aware of OG localtunnel, likely because there's a somewhat newer and now more popular project with the same name[1]. You appear to be correct on timing. Here's the earliest commits on GitHub for each of the projects:
OG localtunnel (2010): https://github.com/progrium/localtunnel/tree/fb82920d9d3e538...
Other localtunnel (2012): https://github.com/localtunnel/localtunnel/tree/93d62b9dbb9f...
ngrok (2012): https://github.com/inconshreveable/ngrok/tree/8f4795ecac7f92...
I'll see that OG localtunnel gets added to the list for posterity.
-
What is the coolest Go open source projects you have seen?
ngrok
-
ngrok open source alternative for SSH tunnelling?
if you're worried about the line "ngrok captures and analyzes all traffic over the tunnel for later inspection and replay" in https://github.com/inconshreveable/ngrok, I'd say that's a valid concern but not for ssh if you make sure the client knows what the host key is and does not accept a different one
-
Alternative to ngrok's web interface that doesn't require a public URL?
Looks like it's open source so it could be just a fork away https://github.com/inconshreveable/ngrok
-
Building a HTTP Tunnel with WebSocket and Node.JS
To get a fix domain, we can deploy HTTP tunnel in our own server. ngrok also provides an open source version for server side deployment. But it is old 1.x version and not recommended to deploy at production with some serious reliability issues.
-
Real-time logs sharing by just piping stdout (my first golang project)
I ended up inspired by ngork structure here: https://github.com/inconshreveable/ngrok it doesn't really work well with go modules, since i will end up running project like this:
-
I'm losing my mind (help post)
Maybe https://github.com/inconshreveable/ngrok/issues/408
-
Reverse HTTP proxy over WebSocket in Go (Part 1)
In Go, inconshreveable/ngrok and coyove/goflyway is well known, especially ngrok is popular among developers as a SaaS service.
- 15 Command Line Tools which Spark Joy in Your Terminal
-
Cozy, an AI Camera for the Pi
> > DO NOT RUN THIS VERSION OF NGROK (1.X) IN PRODUCTION
> I don't see that anywhere.
I didn't find it on the website, but I did find it on the GitHub:
What are some alternatives?
gentoo - [MIRROR] Official Gentoo ebuild repository
go-cron - A simple Cron library for go that can execute closures or functions at varying intervals, from once a second to once a year on a specific date and time. Primarily for web applications and long running daemons.
guardian-agent - [beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH
pdfcpu - A PDF processor written in Go.
wezterm - A GPU-accelerated cross-platform terminal emulator and multiplexer written by @wez and implemented in Rust
go-torch
ssh-mitm - SSH-MITM - ssh audits made simple
fzf - :cherry_blossom: A command-line fuzzy finder
mac-ssh-confirm - Protect against SSH Agent Hijacking on Mac OS X with the ability to confirm agent identities prior to each use
hub - A command-line tool that makes git easier to use with GitHub.
ports - Read-only git conversion of OpenBSD's official cvs ports repository. Pull requests not accepted - send diffs to the ports@ mailing list.
excelize - Go language library for reading and writing Microsoft Excel™ (XLAM / XLSM / XLSX / XLTM / XLTX) spreadsheets