Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Snawoot/rsp
Rapid SSH Proxy
https://github.com/Snawoot/rsp
socks socks-proxy socks-server socks5 socks5-proxy socks5-server ssh ssh-client ssh-tunnel
Last synced: 30 days ago
JSON representation
Rapid SSH Proxy
- Host: GitHub
- URL: https://github.com/Snawoot/rsp
- Owner: Snawoot
- License: mit
- Created: 2019-07-15T13:44:39.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2023-04-26T09:52:31.000Z (over 1 year ago)
- Last Synced: 2024-11-06T12:50:13.731Z (about 1 month ago)
- Topics: socks, socks-proxy, socks-server, socks5, socks5-proxy, socks5-server, ssh, ssh-client, ssh-tunnel
- Language: Python
- Size: 52.7 KB
- Stars: 329
- Watchers: 10
- Forks: 17
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
rsp
===[![rsp](https://snapcraft.io//rsp/badge.svg)](https://snapcraft.io/rsp)
Rapid SSH Proxy. Like `ssh -ND`, but much faster.
`rsp` is a SSH client which implements SOCKS5 proxy feature of SSH protocol. Key feature of this implementation is use of multiple connections to overcome downsides of multiplexing many tunneled TCP connections in single SSH session. Multiple sessions are not limited with TCP window size of single connection and packet loss does not affect all tunneled connections at once. In order to cut latency of connection establishment `rsp` maintains pool of steady connections, which replenished with configurable rate.
---
:heart: :heart: :heart:
You can say thanks to the author by donations to these wallets:
- ETH: `0xB71250010e8beC90C5f9ddF408251eBA9dD7320e`
- BTC:
- Legacy: `1N89PRvG1CSsUk9sxKwBwudN6TjTPQ1N8a`
- Segwit: `bc1qc0hcyxc000qf0ketv4r44ld7dlgmmu73rtlntw`---
## Features
* High speed as compared to conventional OpenSSH client.
* Cross-platrorm (Windows, Linux, macOS and other Unix-like systems).
* Zero-setup required for server. `rsp` can be used right away with any SSH server.
* Self-sufficient: doesn't require OpenSSH on client side to operate.
* SOCKS5 remote DNS support.
* Connection establishment latency hidden from user with asynchronous connection pool.
* Connection establishment rate limit guards user from being threated as SSH flood.
* Supports transparent mode of operation (Linux only), which means rsp can be used on Linux gateway to wrap traffic of entire network seamlessly.## Performance
Tested with Debian 9 server through 100Mbps connection. Round trip time to server is 128 ms, average packet loss is about 0.5%.
Client is a Linux desktop (Fedora 30, Python 3.7.3, OpenSSH 8.0p1).
| OpenSSH | rsp |
| ------- | --- |
| ![Speedtest - OpenSSH](https://www.speedtest.net/result/8425714040.png) | ![Speedtest - rsp](https://www.speedtest.net/result/8425718956.png) |## Installation
#### From PyPI
```sh
pip3 install rsp
```#### From source
Run in a source directory:
```sh
pip3 install .
```Windows note: make sure you have Python3 installed and executable locations added into your PATH enviroment variable (it's an option available during install). Also make sure to run install command from Administrator command line.
#### From Snap Store
[![Get it from the Snap Store](https://snapcraft.io/static/images/badges/en/snap-store-black.svg)](https://snapcraft.io/rsp)
```sh
sudo snap install rsp
```Note: in snap version `rsp`, `rsp-trust` and `rsp-keygen` binaries have names `rsp.proxy`, `rsp.trust` and `rsp.keygen` respectively.
## Synopsis
### Proxy
```
$ rsp --help
usage: rsp [-h] [-v {debug,info,warn,error,fatal}] [-l FILE]
[--disable-uvloop] [-a BIND_ADDRESS] [-p BIND_PORT] [-T]
[-n POOL_SIZE] [-B BACKOFF] [-w TIMEOUT] [-r CONNECT_RATE]
[-L LOGIN] [-I KEY_FILE] [-P PASSWORD] [-H FILE]
[--client-version CLIENT_VERSION]
dst_address [dst_port]Rapid SSH Proxy
positional arguments:
dst_address target hostname
dst_port target port (default: 22)optional arguments:
-h, --help show this help message and exit
-v {debug,info,warn,error,fatal}, --verbosity {debug,info,warn,error,fatal}
logging verbosity (default: info)
-l FILE, --logfile FILE
log file location (default: None)
--disable-uvloop do not use uvloop even if it is available (default:
False)listen options:
-a BIND_ADDRESS, --bind-address BIND_ADDRESS
bind address (default: 127.0.0.1)
-p BIND_PORT, --bind-port BIND_PORT
bind port (default: 1080)
-T, --transparent transparent mode (default: False)pool options:
-n POOL_SIZE, --pool-size POOL_SIZE
target number of steady connections (default: 30)
-B BACKOFF, --backoff BACKOFF
delay after connection attempt failure in seconds
(default: 5)
-w TIMEOUT, --timeout TIMEOUT
server connect timeout (default: 4)
-r CONNECT_RATE, --connect-rate CONNECT_RATE
limit for new pool connections per second (default:
0.5)SSH options:
-L LOGIN, --login LOGIN
SSH login. Default is name of current user (default:
None)
-I KEY_FILE, --identity KEY_FILE
SSH private key file. By default program looks for SSH
keys in usual locations, including SSH agent socket.
This option may be specified multiple times (default:
None)
-P PASSWORD, --password PASSWORD
SSH password. If not specified, password auth will be
disabled (default: None)
-H FILE, --hosts-file FILE
overrides known_hosts file location (default:
/home/user/.rsp/known_hosts)
--client-version CLIENT_VERSION
override client version string (default: None)
```#### Usage examples
Note: host keys must be added to trusted list before proxy operation. See synopsis for `rsp-trust` utility.
Connect to example.com with SSH on port 22, using default pool size, and accept SOCKS5 connections on port 1080. Authentication is using SSH Agent and username `root`.
```
rsp -L root example.com
```Connect to example.net with SSH on port 2222, using private key in file `proxy_key` and username `user`.
```
rsp -I proxy_key -L user example.net 2222
```Connect to example.com with SSH on port 22, using password and username of current user:
```
rsp -P MyGoodPassword example.com
```#### Transparent mode
In order to use `rsp` in transparent mode you should add `-T` option to command line and redirect TCP traffic to `rsp` port like this:
```sh
iptables -I PREROUTING 1 -t nat -p tcp -s 192.168.0.0/16 '!' -d 192.168.0.0/16 -j REDIRECT --to 1080
```In this example it is assumed your local network is covered by prefix 192.168.0.0/16 and `rsp` is running on it's default port 1080.
**NOTE:** any application which supposed to accept `REDIRECT`-ed connection has to listen address on same interface where connection comes from. So, in this example you should also add command line option like `-a 192.168.0.1` or `-a 0.0.0.0` to rsp command line. Otherwise redirected connection will be refused. See also `man iptables-extension` for details on `REDIRECT` action of iptables.
### Trust management utility
```
$ rsp-trust --help
usage: rsp-trust [-h] [-H FILE] dst_address [dst_port]Rapid SSH Proxy: TOFU key trust utility
positional arguments:
dst_address target hostname
dst_port target port (default: 22)optional arguments:
-h, --help show this help message and exitSSH options:
-H FILE, --hosts-file FILE
overrides known_hosts file location (default:
/home/user/.rsp/known_hosts)
```#### Usage examples
Get host key from example.com, port 22
```
rsp-trust example.com
```Get host key from example.net, port 2222 and use non-default location of trusted keys file:
```
rsp-trust -H myhostkeysfile example.net 2222
```### Key generation utility
```
$ rsp-keygen --help
usage: rsp-keygen [-h] [-f FILE]
[-t {ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss}]
[-b BITS]Rapid SSH Proxy: key generation utility
optional arguments:
-h, --help show this help message and exit
-f FILE, --file FILE output file name (default: proxy_key)
-t {ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss}, --type {ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss}
key type (default: ssh-ed25519)
-b BITS, --bits BITS key type (default: 2048)
```#### Usage examples
Generate SSH key with good default parameters:
```
rsp-keygen
```Private and public key will be saved to `proxy_key` and `proxy_key.pub` respectively.