{"id":20949781,"url":"https://github.com/heiher/hev-fsh","last_synced_at":"2026-05-24T06:00:49.018Z","repository":{"id":48747100,"uuid":"104837651","full_name":"heiher/hev-fsh","owner":"heiher","description":"Fsh helps you access local shell and TCP services behind a NAT or firewall. (Linux/BSD/macOS)","archived":false,"fork":false,"pushed_at":"2026-05-24T04:00:53.000Z","size":460,"stargazers_count":31,"open_issues_count":0,"forks_count":6,"subscribers_count":3,"default_branch":"main","last_synced_at":"2026-05-24T05:25:36.633Z","etag":null,"topics":["end-to-end-encryption","ipv4","ipv6","shell","socks5-proxy","tcp-forwarding"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/heiher.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-09-26T04:55:36.000Z","updated_at":"2026-05-24T04:00:57.000Z","dependencies_parsed_at":"2024-11-17T06:22:25.499Z","dependency_job_id":"ec74a1c3-817a-480c-8730-a472d89734ae","html_url":"https://github.com/heiher/hev-fsh","commit_stats":null,"previous_names":[],"tags_count":98,"template":false,"template_full_name":null,"purl":"pkg:github/heiher/hev-fsh","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiher%2Fhev-fsh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiher%2Fhev-fsh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiher%2Fhev-fsh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiher%2Fhev-fsh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/heiher","download_url":"https://codeload.github.com/heiher/hev-fsh/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heiher%2Fhev-fsh/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33423284,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-23T22:14:44.296Z","status":"online","status_checked_at":"2026-05-24T02:00:06.296Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["end-to-end-encryption","ipv4","ipv6","shell","socks5-proxy","tcp-forwarding"],"created_at":"2024-11-19T00:42:29.266Z","updated_at":"2026-05-24T06:00:49.012Z","avatar_url":"https://github.com/heiher.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HevFsh\n\n[![status](https://github.com/heiher/hev-fsh/actions/workflows/build.yaml/badge.svg?branch=main\u0026event=push)](https://github.com/heiher/hev-fsh)\n\nFsh helps you access local shell and TCP services behind a NAT or firewall.\n\n**Features**\n* Remote shell.\n* TCP port forwarding.\n* SOCKS5 service.\n* IPv4/IPv6. (dual stack)\n* End-to-end encryption. (Linux only, it depends on kernel TLS)\n\n```\n    +-------------+      +-------------+\n    | Connector 1 |      | Connector 2 |\n    +-------------+      +-------------+\n           ^                    ^\n           |                    |\n           +------+      +------+\n           .      |      |      .\n           .      v      v      .\n           .     +--------+     .\n       (Token 1) | Server | (Token 2)\n           .     +--------+     .\n           .      ^      ^      .\n           .      |      |      .\n           +------+      +------+\n           |                    |\n           v                    v\n    +-------------+      +-------------+\n    | Forwarder A |      | Forwarder B |\n    |   (TCP)     |      |   (Shell)   |\n    +-------------+      +-------------+\n           ^\n           |\n           v\n     +----------+\n     | Upstream |\n     |  Server  |\n     +----------+\n```\n\n## How to Build\n\n```bash\ngit clone --recursive git://github.com/heiher/hev-fsh\ncd hev-fsh\nmake\n```\n\n## How to Run\n\n**Server**:\n```bash\nfsh -s [SERVER_ADDR:SERVER_PORT]\n\n# Listen on 0.0.0.0:6339 and log to stdout\nfsh -s\n\n# Listen on specific address:port\nfsh -s 10.0.0.1:8000\n\n# With token allow list\nfsh -s -a tokens-allow-list\n```\n\n**Forwarder**:\n* **Terminal**\n    ```bash\n    fsh -f [-u USER] SERVER_ADDR[:SERVER_PORT/TOKEN]\n\n    # Set token by server\n    fsh -f 10.0.0.1\n\n    # With port and set token by client\n    fsh -f 10.0.0.1:8000/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4\n\n    # Specific user (Need run as root)\n    fsh -f -u jack 10.0.0.1\n\n    # Need login with username and password (Need run as root)\n    # If not run as root, current user used without login\n    fsh -f 10.0.0.1\n    ```\n* **TCP Port**\n    ```bash\n    fsh -f -p [-w ADDR:PORT,... | -b ADDR:PORT,...] SERVER_ADDR[:SERVER_PORT/TOKEN\n\n    # Accept all TCP ports\n    fsh -f -p 10.0.0.1\n\n    # Accept the TCP ports in white list (others rejected)\n    fsh -f -p -w 192.168.0.1:22,192.168.1.3:80 10.0.0.1\n\n    # Reject the TCP ports in black list (others allowed)\n    fsh -f -p -b 192.168.0.1:22,192.168.1.3:80 10.0.0.1\n    ```\n* **Socks v5**\n    ```bash\n    fsh -f -x SERVER_ADDR[:SERVER_PORT/TOKEN\n    ```\n\n**Connector**:\n* **Terminal**\n    ```bash\n    fsh SERVER_ADDR[:SERVER_PORT]/TOKEN\n\n    # Connect to forwarder's terminal\n    fsh 10.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4\n    ```\n* **TCP Port**\n    ```bash\n    fsh -p [LOCAL_ADDR:]LOCAL_PORT:REMOTE_ADD:REMOTE_PORT SERVER_ADDR[:SERVER_PORT]/TOKEN\n    fsh -p REMOTE_ADD:REMOTE_PORT SERVER_ADDR[:SERVER_PORT]/TOKEN\n\n    # Map the TCP port to forwarder's network service\n    fsh -p 2200:192.168.0.1:22 10.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4\n    fsh -p 0.0.0.0:2200:192.168.0.1:22 10.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4\n\n    # Splice to stdio (Support SSH ProxyCommand)\n    fsh -p 192.168.0.1:22 10.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4\n    ```\n* **Socks v5**\n    ```bash\n    fsh -x [LOCAL_ADDR:]LOCAL_PORT SERVER_ADDR[:SERVER_PORT]/TOKEN\n    ```\n\n**Common**:\n```bash\nfsh [-4 | -6] [-k KEY] [-t TIMEOUT] [-l LOG] [-c TCP_CONGESTION] [-v]\n\n# Resolve names to IPv4 addresses only\nfsh -4\n\n# Resolve names to IPv6 addresses only\nfsh -6\n\n# End-to-end encryption\n# key: random 20-byte\nfsh -k /path/to/key\n\n# Session timeout (seconds)\nfsh -t 1000\n\n# Log to file\nfsh -l /var/log/fsh.log\n\n# TCP congestion control\nfsh -c bbr\n\n# Log verbose\nfsh -v\n\n# Ugly kTLS workaround for kTLS + splice on older Linux kernels\nfsh -U\n```\n\n**IPv6**:\n```bash\nfsh -s [::]:6339\n\nfsh -f [::1]:6339/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4\n\nfsh -f -p -w 127.0.0.1:22,[::1]:22 127.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4\n\nfsh -p [::1]:22 127.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4\nfsh -p 2200:[::1]:22 127.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4\nfsh -p [::1]:2200:[::1]:22 127.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4\n```\n\n### OpenWrt 24.10+\n\nRepo: https://github.com/openwrt/packages/tree/master/net/fsh\n\n```sh\n# Install package\nopkg install fsh\n\n# Edit /etc/config/fsh\n\n# Restart server\n/etc/init.d/fshs restart\n\n# Restart client\n/etc/init.d/fshc restart\n```\n\n## Classes\n\n```\n          +-\u003e HevSocks5 -\u003e HevSocks5Server -\u003e HevSocks5ServerUS\nHevObject +-\u003e HevFshBase +-\u003e HevFshServer\n          |              +-\u003e HevFshClient\n          +-\u003e HevFshTokenManager\n          +-\u003e HevFshSessionManager\n          +-\u003e HevFshClientFactory\n          +-\u003e HevFshIO +-\u003e HevFshSession\n                       +-\u003e HevFshClientBase +-\u003e HevFshClientAccept +-\u003e HevFshClientPortAccept\n                                            |                      +-\u003e HevFshClientSockAccept\n                                            |                      +-\u003e HevFshClientTermAccept\n                                            |\n                                            +-\u003e HevFshClientConnect +-\u003e HevFshClientPortConnect\n                                            |                       +-\u003e HevFshClientSockConnect\n                                            |                       +-\u003e HevFshClientTermConnect\n                                            |\n                                            +-\u003e HevFshClientListen +-\u003e HevFshClientPortListen\n                                            |                      +-\u003e HevFshClientSockListen\n                                            |\n                                            +-\u003e HevFshClientForward\n```\n\n## Contributors\n\n* **hev** - https://hev.cc\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheiher%2Fhev-fsh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fheiher%2Fhev-fsh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheiher%2Fhev-fsh/lists"}