I know it might look like I am running OS X 10.7, but that is because I used theming tools to theme my system. I tried several times, but it just won't work!

I'm sure I saw a bot known as Hubot last time I logged in, amongst the now-frequent spam from various miscreants.

I wonder, is it using the regular human interface?

Perhaps we could have some kind of API to make a bot, remote or local.

Hey there, I've been trying to get this to work but everytime i get the issue which throws this: package github.com/shazow/ssh-chat/common: cannot find package "github.com/shazow/ssh-chat/common" in any of: /root/go/src/github.com/shazow/ssh-chat/common (from $GOROOT) /home/go/src/github.com/shazow/ssh-chat/common (from $GOPATH) make: *** [deps] Error 1

I've looked all around by can't seem where these files are, even looking through the repo. Hope you can help! 👍

Password auth for ssh is comparatively very insecure, especially if you must share one password between everyone. (Supporting many passwords is probably more work than it's worth, adds edge cases, and doesn't actually increase security that much.)

Is it worth adding as a low-security option?

How do we discourage people from using it by default? (Maybe a loud warning message when ssh-chat is started with this feature?)

Can we do something to make key-based whitelists more user friendly so people aren't tempted to use password auth?

I have built the current source 64bit and 32bit and tried servers on OS X and on debian 7 wheezy. In both cases I'm using --verbose --MOTD --whitelist --admin --log options. After a few minutes/hours a client is instantly disconnected upon connection. This is on 2 different servers. I also notice the demo test server shows /about in help and version displays version number. Builds from current source there is no /about and version displays as blank. Such a brilliant idea would love to figure out why it's not stable.

prompt> ssh-chat --bind=0.0.0.0:2022
Enter passphrase: 
Listening for connections on [::]:2022

prompt> sudo netstat -plunt | grep 2022
tcp6       0      0 :::2022                 :::*                    LISTEN      29542/ssh-chat

I don't see ssh-chat listening on IPv4. Is there a way to make this happen?

Here as we have a webserver within the lib paramiko/paramiko to connect the ssh-chat,but it failed in Auth process in paramiko/paramiko. we typed user name and password in web form, the Auth method have to be choiced. Not sure what kind of actions will be doing in the ssh-chat service site One more point is that we have a piece of code demo_simple.py in paramiko/paramiko, run it with type user name and password. it works.I mean that it can connect ssh-chat server The point is that what happened in the server ssh-chat site when the Auth method is being choiced. The log information as connecting sshd

[I 201022 16:56:20 web:2243] 200 POST / (192.168.0.104) 228.54ms
[I 201022 16:58:08 handler:446] Connecting to 192.168.0.105:22
[I 201022 16:58:08 transport:1819] Connected (version 2.0, client OpenSSH_7.4)
[I 201022 16:58:09 handler:86] Trying password authentication
[I 201022 16:58:09 transport:1819] Authentication (password) successful!
[I 201022 16:58:09 web:2243] 200 POST / (192.168.0.104) 994.67ms
[I 201022 16:58:09 web:2243] 101 GET /ws?id=140332369092224 (192.168.0.104) 1.82ms
[I 201022 16:58:09 handler:531] Connected from 192.168.0.104:55724
[I 201022 17:40:59 web:2243] 200 GET / (192.168.0.104) 4.14ms
[I 201022 17:40:59 web:2243] 304 GET /static/css/bootstrap.min.css (192.168.0.104) 6.01ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/jquery.min.js (192.168.0.104) 6.82ms
[I 201022 17:40:59 web:2243] 304 GET /static/css/xterm.min.css (192.168.0.104) 6.95ms
[I 201022 17:40:59 web:2243] 304 GET /static/css/fullscreen.min.css (192.168.0.104) 7.38ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/popper.min.js (192.168.0.104) 7.46ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/bootstrap.min.js (192.168.0.104) 5.45ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/xterm.min.js (192.168.0.104) 6.31ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/xterm-addon-fit.min.js (192.168.0.104) 7.07ms
[I 201022 17:40:59 web:2243] 304 GET /static/js/main.js (192.168.0.104) 7.36ms

the log information as connecting ssh-chat

[I 201022 16:28:50 web:2243] 200 POST / (192.168.0.104) 158.50ms
Connected[I 201022 16:55:58 web:2243] 200 GET / (192.168.0.104) 6.64ms
[I 201022 16:55:58 web:2243] 200 GET /static/css/bootstrap.min.css (192.168.0.104) 33.55ms
[I 201022 16:55:58 web:2243] 200 GET /static/css/xterm.min.css (192.168.0.104) 3.90ms
[I 201022 16:55:58 web:2243] 200 GET /static/css/fullscreen.min.css (192.168.0.104) 4.58ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/jquery.min.js (192.168.0.104) 11.39ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/popper.min.js (192.168.0.104) 13.89ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/bootstrap.min.js (192.168.0.104) 17.34ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/xterm-addon-fit.min.js (192.168.0.104) 4.05ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/main.js (192.168.0.104) 7.34ms
[I 201022 16:55:58 web:2243] 200 GET /static/js/xterm.min.js (192.168.0.104) 36.48ms
[I 201022 16:55:58 web:2243] 200 GET /static/img/favicon.png (192.168.0.104) 2.62ms
[I 201022 16:56:20 handler:446] Connecting to 192.168.0.105:22
[I 201022 16:56:20 transport:1819] Connected (version 2.0, client Go)
/usr/local/lib/python3.6/site-packages/paramiko-2.7.2-py3.6.egg/paramiko/client.py:837: UserWarning: Unknown ssh-ed25519 host key for 192.168.0.105: b'bde23c07f54658f2f391d95c6e84bf54'
  key.get_name(), hostname, hexlify(key.get_fingerprint())
[I 201022 16:56:20 handler:86] Trying password authentication
[I 201022 16:56:20 transport:1819] Authentication (password) failed.
[E 201022 16:56:20 handler:510] Traceback (most recent call last):

👋 Just wanted to discuss this before I submit a PR. I spent a little while setting up a scripted deployment using Terraform to deploy ssh-chat to AWS on an EC2 instance.

Just wondering if the core team would be interested in this being part of the project?

Here's what it does:

• sets up ssh keys & permissions
• downloads the latest binaries of ssh-chat (doesn't compile it on the server)
• sets up ssh-chat to automatically startup with systemd
• it also modifies the system sshd daemon to run on port 2222 so that ssh-chat can run on port 22

The downside to the work that I've done here is that it is AWS specific. I feel like a great solution would include multiple providers (eg: DigitalOcean, etc..)

Thoughts?

Added the command /color which toggles client coloring (as requested in #37).

Also fixes bug reported in #40. It seems like the contributer just forgot to replace two s.lock with just s.

closes #270 also closes #256

user-facing changes

Ops have a new /whitelist command to modify the whitelist. Help text:

Usage: /whitelist help | on | off | add {PUBKEY|USER}... | remove {PUBKEY|USER}... | import [AGE] | reload {keep|flush} | reverify | status
help: this help message
on, off: set whitelist mode (applies to new connections)
add, remove: add or remove keys from the whitelist
import: add all keys of users connected since AGE (default 0) ago to the whitelist
reload: re-read the whitelist file and keep or discard entries in the current whitelist but not in the file
reverify: kick all users not in the whitelist if whitelisting is enabled
status: show status information

Essentially #270 commands plus reload, reverify (which might have been implicit in on?) and status.

This whitelist is enabled by default at startup if a file is specified (previous behaviour: whitelist enabled == people in the whitelist set). This means that you will see the whitelist enabled when it wasn't before iff you specify a whitelist file without keys.

inside changes

Files (op and whitelist) are now loaded from auth.go instead of from cmd/ssh-chat/cmd.go. Apart from moving, I also put more of the loading code in the same place.

The whitelist mode is saved as a bool, instead of being determined by the whitelist set.

Obviously, there is a new command, /whitelist. The handler uses three inner functions for convenience:

• sendMsg adds a string to a slice that is sent at the end. This makes sure the lines arrive in order.
• forConnectedUsers executes a function for every connected user. Used for "import", "reverify" and "status"
• forPubkeyUser executes a function for every public key specified as argument to the command. A key may be specified either as ssh-whatever base64== (with the space, i.e. as two arguments) or as username of a connected user with public key. Used for "add" and "remove".

open questions

• The command handler is quite large. If that isn't OK, how should I break it up?
• Should there be a "panic" (or something else) subcommand for "on" + "import" + "reverify" (which is the use-case mentioned in #270)?
• Which commands should print a reply? Currently, some are quite detailed and others are silent.
• Should "add" and "remove" accept other arguments (e.g. fingerprints or a duration)? Fingerprints would require editing the whitelist set directly, while a duration would complicate the argument handling.

In addition to these major questions, there are also some TODO comments in the code. Most of them are changes/additions I don't consider necessary. If there isn't anything you'd like to have in them, I'll just silently remove them in one of my next commits.

Neither ssh chat.shazow.net Nor ssh [email protected] Worked.

Response: Permission denied (publickey,keyboard-interactive).

Is there a private key available to login this demo or how should I submit my public key? Thank you.

I started using ssh-chat just a day ago and missed this feature, why private messages "/msg" have a bell sound, but I can't turn it off, or why I can't turn it on for ALL messages?

I notice that the code already have a variable "Bell" in "UserConfig", but it's value was hard-coded, so, what I did was:

1. make command to change "Bell" value (/bell [off|pm|all]), so now users can toggle it (default is "pm", just like before).
2. add another option to "Bell", only priv msg had a bell sound, so I added an "all" option, now bell can be set to: "off", "pm" or "all".
3. add an environment variable to make it easier to initialize bell value (in my case I have a shell script to connect to ssh-chat, been able to add -o SetEnv=SSHCHAT_BELL=all to the script just makes my life easier.

All features are tested and working as expected.

Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...6841] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...3:55819] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...55127] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...51013] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:24 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:24 [...SNIP...8010] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...2:53523] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...4630] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...2:53522] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...38010] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...:34787] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...50821] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...7950] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...2:53524] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...8014] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...:38089] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...848] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...55974] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...3682] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...53958] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...45584] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...42336] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...55139] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...51018] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...546] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...8016] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...:40832] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...6410] Failed to handshake: ssh: overflow reading version string
Nov 23 02:48:25 ssh-chat2 ssh-chat[2342]: [sshd] 2021/11/23 02:48:25 [...SNIP...53932] Failed to handshake: ssh: overflow reading version string

Past some point it prevents people from joining, will need to fix before I reboot the server again.

Hope I don't have to email anyone's principal.

Update: Looks like a SYN flood.

Describe the bug The whitelist is not applying. I canot understand its behavior... If the whitelist file is blank, authentication is OK... If i put several ssh keys, authentication is ok too...

Versions

• Client version: OpenSSH_8.7p1, OpenSSL 1.1.1l FIPS 24 Aug 2021
• Server version: v1.10
• Latest server version available: v1.10

To Reproduce Steps to reproduce the behavior:

1. ./ssh-chat --whitelist=users.list

 debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 52
Authenticated to localhost ([::1]:2022) using "keyboard-interactive".

It looks like "keyboard-interactive" is allowing everyone to connect ? What is it ?

Expected behavior Filtering by ssh public keys.

This PR emerged cause I wanted a docker image that can be used to deploy ssh-chat quickly and reliably.

Related: https://github.com/shazow/ssh-chat/issues/111 https://github.com/shazow/ssh-chat/issues/253

Since the workflow runs on tag creation, a release is as easy as pushing a new tag in the form of v*.*.

• use github actions and goreleaser to automatically build and publish release on new tags
• build binaries
• build dep/rpm packages for linux
• build docker images tagged with release version and 'latest' tag
• publish release on github releases
• publish docker images on github container registry
• replace Dockerfile with Dockerfile.goreleaser
• update docker-compose.yml to use ghcr.io

Release example: https://github.com/aymanbagabas/ssh-chat/releases Containers example: https://github.com/aymanbagabas/ssh-chat/pkgs/container/ssh-chat

This publishes 2 docker images for Linux amd64 and arm64. Along with Github release artifacts for Linux, Darwin, Windows, and FreeBSD.

CAVEATS: This might make break publishing releases through Github Releases. Whenever I try to create a new release on my fork I get We weren’t able to create the release for you. Make sure you have a valid tag. even though I have a valid tag.

Docker deployments

As the docker-compose.yml file show, deployment can be as easy as mapping a volume that contains the identity file, admins, motd, etc and customizing the command parameter in Docker.

panic: runtime error: slice bounds out of range [:6] with capacity 2
goroutine 227357 [running]:
github.com/shazow/ssh-chat/sshd/terminal.(*Terminal).moveCursorToPos(0xc0001c7680, 0x6)
        /home/shazow/projects/ssh-chat/sshd/terminal/terminal.go:267 +0x154
github.com/shazow/ssh-chat/sshd/terminal.(*Terminal).setLine(0xc0001c7680, 0xc0008c9498, 0x2, 0x2, 0x6)
        /home/shazow/projects/ssh-chat/sshd/terminal/terminal.go:357 +0xf4
github.com/shazow/ssh-chat/sshd/terminal.(*Terminal).handleKey(0xc0001c7680, 0x9, 0x100, 0x0, 0x9)
        /home/shazow/projects/ssh-chat/sshd/terminal/terminal.go:620 +0x892
github.com/shazow/ssh-chat/sshd/terminal.(*Terminal).readLine(0xc0001c7680, 0xc00002d400, 0x0, 0xc000df1560, 0xc000c17ca8)
        /home/shazow/projects/ssh-chat/sshd/terminal/terminal.go:806 +0x148
github.com/shazow/ssh-chat/sshd/terminal.(*Terminal).ReadLine(0xc0001c7680, 0x0, 0x0, 0x0, 0x0)
        /home/shazow/projects/ssh-chat/sshd/terminal/terminal.go:763 +0x76
github.com/shazow/ssh-chat.(*Host).Connect(0xc0000882c0, 0xc0001c7680)
        /home/shazow/projects/ssh-chat/host.go:187 +0x545
github.com/shazow/ssh-chat/sshd.(*SSHListener).Serve.func1(0xc00005bbf0, 0x845460, 0xc00000e2b8)
        /home/shazow/projects/ssh-chat/sshd/net.go:72 +0x149
created by github.com/shazow/ssh-chat/sshd.(*SSHListener).Serve
        /home/shazow/projects/ssh-chat/sshd/net.go:65 +0x7d

We have a terminal fork, wonder if this is fixed upstream.

cc @umarovm, in case you wanna try to fix it