{"id":51202065,"url":"https://github.com/gedigi/noissh","last_synced_at":"2026-06-28T01:01:23.198Z","repository":{"id":365723108,"uuid":"1273375597","full_name":"gedigi/noissh","owner":"gedigi","description":"A remote shell that survives network changes — instant feel on lossy/high-latency links, roams across IP changes and sleep/resume, secured end-to-end by the Noise Protocol. 100% safe Rust.","archived":false,"fork":false,"pushed_at":"2026-06-27T16:16:18.000Z","size":359,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-27T18:05:28.984Z","etag":null,"topics":["mosh","networking","noise-protocol","remote-shell","roaming","rust","security","ssh","terminal","udp"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gedigi.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"docs/SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-06-18T13:12:41.000Z","updated_at":"2026-06-27T16:16:21.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/gedigi/noissh","commit_stats":null,"previous_names":["gedigi/noissh"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/gedigi/noissh","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gedigi%2Fnoissh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gedigi%2Fnoissh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gedigi%2Fnoissh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gedigi%2Fnoissh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gedigi","download_url":"https://codeload.github.com/gedigi/noissh/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gedigi%2Fnoissh/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34873663,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-27T02:00:06.362Z","response_time":126,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mosh","networking","noise-protocol","remote-shell","roaming","rust","security","ssh","terminal","udp"],"created_at":"2026-06-28T01:01:16.973Z","updated_at":"2026-06-28T01:01:23.193Z","avatar_url":"https://github.com/gedigi.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# noissh\n\n[![CI](https://github.com/gedigi/noissh/actions/workflows/ci.yml/badge.svg)](https://github.com/gedigi/noissh/actions/workflows/ci.yml)\n[![Release](https://img.shields.io/github/v/release/gedigi/noissh?sort=semver)](https://github.com/gedigi/noissh/releases/latest)\n[![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)\n\n**A remote shell that doesn't drop when your network does.**\n\nClose your laptop, hop from Wi-Fi to cellular, change networks, walk through a\ndead spot — your session is still right there when you come back. No reconnect,\nno lost work. noissh gives you a resilient session with the everyday feel of a\nnormal shell, secured end-to-end by the modern\n[Noise Protocol](https://noiseprotocol.org/).\n\n```sh\n# Just connect. If a noissh server is already running it's used directly;\n# otherwise noissh starts one over your existing SSH access — installing the\n# server component automatically on first use if it isn't there yet:\nnoissh you@server\n```\n\nYou get a normal shell — except it shrugs off flaky links and survives your\nlaptop going to sleep.\n\n## Why you'll like it\n\n- **It survives everything.** IP changes, NAT timeouts, Wi-Fi↔cellular handoff,\n  suspend/resume — the session just keeps going. And if your client itself\n  restarts, **reconnect and you're back in the same running session.**\n- **It feels instant.** Your keystrokes show up immediately, even on a laggy or\n  lossy connection, instead of waiting for a round trip to the server.\n- **It tells you what's happening.** When the link goes quiet, a status line\n  shows `last contact Ns ago — reconnecting…` so you're never staring at a frozen\n  screen, and a local detach key (`Ctrl-^ .`) cleanly drops a wedged session.\n- **It knows your `~/.ssh/config`.** Host aliases (`HostName`, `User`, `Port`,\n  `ProxyJump`, …) work just like they do with `ssh`. Authorize a key for direct\n  connections with `--copy-id`, like `ssh-copy-id`.\n- **It tunnels too.** Local, remote, and dynamic SOCKS **port forwarding**\n  (`-L`/`-R`/`-D`) ride the same resilient, encrypted session.\n- **It runs commands.** Run a single remote command non-interactively, ssh-style\n  (`noissh user@server \u003ccmd\u003e`), streaming its output and exiting with its status\n  — handy for scripts.\n- **It moves files.** Copy files to and from the server (`--put`/`--get`) over\n  the same authenticated channel — no second tool, no extra login.\n- **It forwards your keys.** **Agent forwarding** (`-A`) lets commands on the\n  server use the SSH keys on your laptop, without copying them anywhere.\n- **It's secure by design.** Every connection is mutually authenticated and\n  encrypted. Servers are pinned on first use (like SSH's `known_hosts`); only\n  authorized keys can connect.\n- **It's easy to start.** A single command connects over your existing SSH\n  access — and installs the server component for you on first use if it's\n  missing. No daemon to keep running, no keys to copy around.\n- **It's safe code.** Written in 100% safe Rust (`#![forbid(unsafe_code)]`),\n  thoroughly tested, with zero compiler/linter warnings.\n\n## Install\n\nOne line — downloads a prebuilt binary for your platform (Linux and macOS,\n`x86_64` and `arm64`), or builds from source if one isn't available:\n\n```sh\ncurl -fsSL https://raw.githubusercontent.com/gedigi/noissh/main/install.sh | sh\n```\n\nPrebuilt binaries are on the [releases page](https://github.com/gedigi/noissh/releases/latest).\nThe installer verifies each download's SHA-256 checksum before installing.\n\n**Debian/Ubuntu (`.deb`):** each release also ships `amd64`/`arm64` packages:\n\n```sh\nsudo apt install ./noissh-x86_64-unknown-linux-gnu.deb   # or the aarch64 package\n```\n\nThis installs `noissh`, `noisshd`, `noissh-keygen`, and their man pages.\n\n### Verifying a download\n\nEvery release archive ships a `.sha256` checksum and a Sigstore **build\nprovenance attestation** (proving it was built by this repo's release workflow).\nTo verify a manual download:\n\n```sh\n# checksum\nshasum -a 256 -c noissh-\u003ctarget\u003e.tar.gz.sha256\n\n# provenance (requires the GitHub CLI)\ngh attestation verify noissh-\u003ctarget\u003e.tar.gz --repo gedigi/noissh\n```\n\nPrefer something else?\n\n```sh\ncargo install --git https://github.com/gedigi/noissh   # with Rust's cargo\nmake install PREFIX=~/.local                            # from a clone\n```\n\nPut `noissh` on your laptop and `noisshd` on the server. (To remove it later:\n`./install.sh --uninstall`.)\n\n## Getting started\n\n**Just connect — if you can already SSH to the host:**\n\n```sh\nnoissh you@server\n```\n\nnoissh first tries a direct session to a server that's already running; if none\nanswers, it uses your existing SSH access to start one for you and then runs the\nsession over its own resilient, encrypted channel. **If `noisshd` isn't on the\nserver yet, the first connect installs it for you** over the same SSH session\n(fetching the matching, checksum-verified release into `~/.local/bin`).\n\nUse `--ssh` to force the SSH path, `--direct` to require a direct connection (no\nSSH fallback), and `--no-install` to skip the automatic install.\n\n**Running your own always-on server:**\n\n```sh\n# on the server\nnoisshd --listen 0.0.0.0:51820\n\n# on your machine — connects directly (first connect remembers the server's key)\nnoissh you@server\n```\n\nAuthorize a client by adding its public key (printed on first run, stored at\n`~/.config/noissh/id`) to `~/.config/noissh/authorized_keys` on the server.\n\n\u003e **Tip:** noissh talks over **UDP**. If SSH works but noissh times out, the\n\u003e usual culprit is a firewall blocking the UDP port. Open a port and pin the\n\u003e server to it with `--server-port N` (e.g. `noissh --server-port 51820 you@server`).\n\n**Port forwarding** works like SSH's `-L`/`-R` and rides the same session:\n\n```sh\n# Local: localhost:8080 (your machine) -\u003e 10.0.0.5:80 (reachable from the server)\nnoissh --ssh -L 8080:10.0.0.5:80 user@server\n\n# Remote: server:9000 -\u003e localhost:3000 (on your machine)\nnoissh --ssh -R 9000:localhost:3000 user@server\n\n# Dynamic: a local SOCKS proxy on :1080 whose connections tunnel via the server\nnoissh --ssh -D 1080 user@server\n```\n\nOptions go before the host; adding `-L`/`-R`/`-D` makes the session forward-only\n(no shell), like `ssh -N`.\n\n**Copying files** rides the same session — no separate transfer tool:\n\n```sh\n# Upload local -\u003e remote\nnoissh --ssh --put ./report.pdf:/home/user/report.pdf user@server\n\n# Download remote -\u003e local\nnoissh --ssh --get /var/log/app.log:./app.log user@server\n```\n\n**Running a single command** non-interactively, with byte-exact output:\n\n```sh\nnoissh --ssh user@server uname -a\n```\n\nAnything after the host is the remote command (ssh-style); options like `-L` go\n*before* the host. It streams the command's stdout and stderr separately and\nexits with its exit code, so it's safe to use in scripts and pipelines.\n\n**Agent forwarding** (`-A`) lets remote `git`/`ssh` use your local keys:\n\n```sh\nnoissh --ssh -A user@server\n```\n\nFull walkthrough, configuration, and troubleshooting:\n**[User Guide »](docs/USER_GUIDE.md)**\n\n## How it works (the short version)\n\nThe server keeps the real terminal; your client shows a live picture of it and\npredicts your typing locally so it feels instant. Every packet is encrypted and\ntagged with a session id, so the server recognizes you no matter which network\naddress you appear from — that's what lets the connection roam. Packet loss never\nstalls anything, because only the *latest* screen matters.\n\nWant the details? See the **[Architecture](docs/ARCHITECTURE.md)** and\n**[Protocol](docs/PROTOCOL.md)** docs.\n\n## Project status\n\nWorking and tested end-to-end: the resilient interactive shell, predictive\ntyping, roaming, local/remote/dynamic port forwarding (`-L`/`-R`/`-D`), remote\ncommand execution (`noissh user@server \u003ccmd\u003e`), file transfer (`--put`/`--get`), and SSH agent\nforwarding (`-A`) — all over the same reliable-stream layer. This\nis young software and hasn't had an independent security audit yet — see the\n**[Security model](docs/SECURITY.md)** before relying on it for anything\nsensitive.\n\n## Documentation\n\n| Guide | What's inside |\n|---|---|\n| [User Guide](docs/USER_GUIDE.md) | Install, connect, configure, troubleshoot |\n| [Architecture](docs/ARCHITECTURE.md) | How the pieces fit together (with diagrams) |\n| [Protocol](docs/PROTOCOL.md) | The wire format and handshake, in detail |\n| [Security](docs/SECURITY.md) | Trust model and threat model |\n| [Contributing](CONTRIBUTING.md) · [Changelog](CHANGELOG.md) | Hacking on noissh · history |\n\n## License\n\nMIT — see [LICENSE](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgedigi%2Fnoissh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgedigi%2Fnoissh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgedigi%2Fnoissh/lists"}