Introduction
TinySSH is small SSH server using state-of-the-art cryptographic library NaCl / TweetNaCl.
TinySSH offers good security on TCP and is designed for perfect security on CurveCP.
Twitter: @tinyssh
Features
- easy auditable - TinySSH has less than 100000 words of code
- no dynamic memory allocation - TinySSH has all memory statically allocated (less than 1MB)
- simple configuration - TinySSH can't be misconfigured
- reusing code - TinySSH is reusing build mechanism from NaCl and libraries from CurveCP implementation
- reusing software - TinySSH is using tcpserver/curvecpserver for TCP/CurveCP connection
- limited amount of features - TinySSH doesn't have features such: SSH1 protocol, compression, scp, sftp, ...
- no older cryptographic primitives - rsa, dsa, classic diffie-hellman, md5, sha1, 3des, arcfour, ...
- no copyright restrictions - TinySSH is in the public domain
- no dependency on OpenSSL - TinySSH is using NaCl / TweetNaCl
Security features
- using NaCl / TweetNaCl cryptographic library (minimum 128-bit security, side-channel attack resistant, state-of-the-art crypto, ...)
- public-key authentication only (no password or hostbased authentication)
Crypto primitives
- ssh-ed25519 + curve25519-sha256@libssh.org + chacha20-poly1305@openssh.com
- ready for ecdsa-sha2-nistp256, ecdh-sha2-nistp256, aes128-ctr/aes256-ctr, but disabled at this time
Project timelime
- experimental: 2014.01.01 - 2014.12.31 (experimentation)
- alpha: expected 2015.01.01 - 2015.12.31 (not ready for production use, ready for testing)
- beta: expected 2016.01.01 - ????.??.?? (ready for production use)
- stable: expected ????.??.?? - (ready for production use - including post-quantum crypto)
Current release (20140501experimental)
- based only on TweetNaCl crypto, NaCl will be added soon.
- has 48996 words of code
- experimental