{"id":13786677,"url":"https://github.com/ferama/rospo","last_synced_at":"2025-05-15T23:08:33.463Z","repository":{"id":42192221,"uuid":"354024488","full_name":"ferama/rospo","owner":"ferama","description":"🐸 Effortless persistent SSH tunnels with embedded server for seamless connectivity","archived":false,"fork":false,"pushed_at":"2025-05-05T12:03:26.000Z","size":16556,"stargazers_count":329,"open_issues_count":7,"forks_count":27,"subscribers_count":8,"default_branch":"main","last_synced_at":"2025-05-05T13:23:24.381Z","etag":null,"topics":["developer-tools","devtools","embedded-sshd-server","golang","networking","port-forwarding","portable-executable","proxy","reverse-shell","socks4","socks5","socks5-proxy","ssh","ssh-client","ssh-server","ssh-tunnels","tunnel"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ferama.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-04-02T13:16:14.000Z","updated_at":"2025-05-05T12:03:23.000Z","dependencies_parsed_at":"2023-10-10T13:34:17.315Z","dependency_job_id":"e4893040-70be-4d0b-aeb8-eae5d19c8332","html_url":"https://github.com/ferama/rospo","commit_stats":{"total_commits":552,"total_committers":7,"mean_commits":78.85714285714286,"dds":"0.18840579710144922","last_synced_commit":"0ddfd5d4f5c5d41b8daa9b6458d76a9c80d9f5ad"},"previous_names":[],"tags_count":34,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ferama%2Frospo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ferama%2Frospo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ferama%2Frospo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ferama%2Frospo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ferama","download_url":"https://codeload.github.com/ferama/rospo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254436949,"owners_count":22070947,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["developer-tools","devtools","embedded-sshd-server","golang","networking","port-forwarding","portable-executable","proxy","reverse-shell","socks4","socks5","socks5-proxy","ssh","ssh-client","ssh-server","ssh-tunnels","tunnel"],"created_at":"2024-08-03T19:01:28.038Z","updated_at":"2025-05-15T23:08:27.663Z","avatar_url":"https://github.com/ferama.png","language":"Go","funding_links":[],"categories":["Utilities","proxy","公用事业公司","Utility"],"sub_categories":["HTTP Clients","Utility/Miscellaneous","Fail injection","实用程序/Miscellaneous"],"readme":"# [Rospo](https://github.com/ferama/rospo)\n[![Go Reference](https://pkg.go.dev/badge/github.com/ferama/rospo.svg)](https://pkg.go.dev/github.com/ferama/rospo)\n[![Go Report Card](https://goreportcard.com/badge/github.com/ferama/rospo)](https://goreportcard.com/report/github.com/ferama/rospo)\n\nRospo is a tool meant to create secure and reliable SSH tunnels. A single binary includes both client and server.\nIt's meant to make SSH tunnels fun and understandable again\n\n### Table of Contents  \n1. [Features](#features)\n2. [How to Install](#how-to-install)\n3. [Quick command line usage](#quick-command-line-usage)\n4. [Example Scenarios](#scenarios)\n    * [Windows (WSL || PowerShell) reverse shell](#example-scenario-windows-reverse-shell)\n    * [Windows service to reverse tunnel Remote Desktop](#example-scenario-windows-service)\n    * [Multiple complex tunnels](#example-scenario-multiple-complex-tunnels)\n\n\n## Features\n\n  * Easy to use (single binary client/server functionalities)\n  * Encrypted connections through ssh ( `crypto/ssh` package )\n  * Automatic connection monitoring to keep it always up\n  * Embedded sshd server\n  * Forward and reverse tunnels support\n  * JumpHosts support\n  * Command line options or `human readable` yaml config file\n  * Run as a Windows Service support\n  * Pty on Windows through conpty apis\n  * Sftp subsystem support server side\n  * File transfer support client side (get and put sftp subcommands)\n  * SOCKS5/SOCKS4 proxy server trough SSH\n  * DNS over SSH proxy\n\n## How to Install\n\nRospo actually full supports *nix oses and Windows 10+\n\n### macOS\n#### Homebrew\nInstall rospo using [Homebrew](http://brew.sh/)\n\n```\nbrew install rospo\n```\n\n### GNU/Linux\n#### Binary Download\n| Platform | Architecture | URL |\n| ---------- | -------- |------|\n|GNU/Linux|amd64|https://github.com/ferama/rospo/releases/latest/download/rospo-linux-amd64 |\n||arm64|https://github.com/ferama/rospo/releases/latest/download/rospo-linux-arm64|\n||arm|https://github.com/ferama/rospo/releases/latest/download/rospo-linux-arm|\n\n\n### Microsoft Windows\n#### Binary Download\n| Platform | Architecture | URL |\n| ---------- | -------- |------|\n|Microsoft Windows|amd64|https://github.com/ferama/rospo/releases/latest/download/rospo-windows-amd64.exe|\n\n\n### Docker Container\nYou can use the docker ditribution where useful/needed\n```\ndocker run ghcr.io/ferama/rospo --help\n```\n\n## Quick command line usage\nRospo supports keys based auth and password auth. Keys based one is always the preferred, so it is better if *identity*, *authorized_keys* etc are always correctly setup.\n\nUsage example:\n\nStarts an embedded ssh server and reverse proxy the port (2222 by default) to remote_server\n\n```\n$ rospo revshell user@server:port\n```\n\nForwards the local 5000 port to the remote 6000 on the remote_server\n\n```\n$ rospo tun forward -l :5000 -r :6000 user@server:port\n```\n\nGet more detailed help on each command runnig\n```\n$ rospo tun forward --help\n$ rospo tun reverse --help\n$ rospo sshd --help\n```\n\nFor more complex use cases and more options, you can use a config file\n```\n$ rospo run config.yaml\n```\n\nLook at the [config_template.yaml](https://github.com/ferama/rospo/blob/main/cmd/configs/config_template.yaml) for all the available options.\n\n## Scenarios\n\n### Example scenario: Windows reverse shell\nWhy use an embedded sshd server you might ask me. \nSuppose you have a Windows WSL instance that you want to access remotely without complicated setups on firewalls and other hassles and annoyances. With **rospo** you can do it in ONE simple step:\n\n```\n$ rospo revshell remote_ssh_server\n```\n\nThis command will run an embedded sshd server on your wsl instance and reverse proxy its port to the `remote_ssh_server`\n\nThe only assumption here is that you have access to `remote_ssh_server`.\nThe command will open a socket (on port 2222 by default) into `remote_ssh_server` that you can use to log back to WSL using a standard ssh client with a command like:\n\n```\n$ ssh -p 2222 localhost\n```\n\nOr even better (why not!) with rospo you can reverse proxy a powershell.\nUsing rospo for windows:\n```\nrospo.exe revshell remote_ssh_server\n```\n\n### Example scenario: Windows service\nRospo support execution as a service on windows. This means that you can create\na persistent tunnel that can be installed as a service and started automatically with\nthe machine.\n\nLet's do this with the Windows Remote Desktop service.\n\nCreate a rospo conf file like this:\n```yaml\nsshclient:\n  server: your-rospo-or-sshd-server-uri:2222\n  identity: \"c:\\\\absolute_path_to_your\\\\id_rsa\"\n  known_hosts: \"C:\\\\absolute_path_to_your\\\\known_hosts\"\n\ntunnel:\n  - remote: :3389\n    local: :3389  # the windows remote desktop port\n    forward: false\n```\n\nLaunch a terminal (powershell) with Administrative rights.\nYou can then perform the following actions:\n\n```powershell\n# create the rospo service\nsc.exe create rospo start= auto DisplayName= Rospo binpath= \"C:\\rospo.exe run C:\\conf.yaml\"\n\n# start service\nsc.exe start rospo\n\n# query service status\nsc.exe query rospo\n\n# stop and delete the service\nsc.exe stop rospo; sc.exe delete rospo\n```\n\n### Example scenario: multiple complex tunnels\n\nRospo supports multiple tunnels on the same ssh connetion. To exploit the full power of rospo for more complex cases, you should/need to use a scenario config file.\nLet's define one. Create a file named `config.yaml` with the following contents\n```yaml\nsshclient:\n  server: myuser@remote_server_address\n  identity: \"~/.ssh/id_rsa\"\n  jump_hosts:\n    - uri: anotheruser@jumphost_address\n      identity: \"~/.ssh/id_rsa\"\n\ntunnel:\n  - remote: \":8000\"\n    local: \":8000\"\n    forward: yes\n  - remote: \":9999\"\n    local: \":9999\"\n    forward: yes\n  - remote: \":5000\"\n    local: \":5000\"\n    forward: no\n    # use custom sshclient for this tunnel\n    sshclient:\n      server: myuser@another_server\n      identity: \"~/another_identity\"\n\n# starts a socks proxy ...\nsocksproxy:\n  listen_address: :1080\n  # ...using a dedicated client\n  sshclient:\n    server: localhost:9999\n```\n\nLaunch rospo using the config file instead of the cli parameters:\n```\n$ rospo run config.yaml\n```\n\nWhat's happens here is that rospo will connect to `remote_server_address` through the `jumphost_address` server and will:\n\n1. open a socket on the local machine listening on port 8000 that forwards all the traffic to the service listening on port 8000 on the `remote_server_address` machine\n2. open a socket on the local machine listening on port 9999 that forwards all the traffic to the service listening on port 9999 on the `remote_server_address` machine\n3. open a socket on the remote machine listening on port 5000 that forwards all the traffic from remote machine to a local service (on the local machine) listening on port 5000\n\nBut these are just an examples. Rospo can do a lot more.\n\nTunnels are fully secured using standard ssh mechanisms. Rospo will generate server identity file on first run and uses standard `authorized_keys` and user `known_hosts` files.\n\nRospo tunnel are monitored and kept up in the event of network issues.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fferama%2Frospo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fferama%2Frospo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fferama%2Frospo/lists"}