Is your feature request related to a problem? Please describe.

#186

Describe the solution you'd like

There are multiple levels to this:

Introduce a config file which could allow you to provide your own default configuration of sshnp instead of the flags.

Secondarily, we could provide a new flag which would enable you to provide a config file to use. The use-case for this would be having entirely pre-configured services, such as a config file which RDPs me to my home computer, or a config file which opens SFTP to my web server.

A further extension would be to make these custom config files "executable" which would run sshnp against the config file.

Describe alternatives you've considered

No response

Additional context

This intention is for this feature to be baked into the dart code of sshnp, rather than using a wrapper like my installer.

Is your feature request related to a problem? Please describe.

Single long main methods are difficult to follow and impossible to unit test

Describe the solution you'd like

Code refactored for modularity, readability and testability

NO FUNCTIONAL CHANGES WHATSOEVER, just refactoring

• sshnp.dart (pull request)
• sshnpd.dart ( pull request)
• sshrvd.dart
• sshrv.dart

Is your feature request related to a problem? Please describe.

The sync method which accepts onDone function as a callback to notify the sync completion is deprecated. From now, the sync progress will be notified via the SyncProgressListener.

Following are the files which has onDone usage:

• bin/sshnpd.dart
• bin/sshnp.dart

Describe the solution you'd like

• Refactor the code to remove the usage of onDone callback in the above-mentioned files and use SyncProgressListener to be notified on the sync progress.

The sample code can be found here: sync_progress_listener_sample_usage

Describe the bug

Daemon crashes if asked to connect to a name that can't be found:

WARNING|2022-05-09 13:13:32.752313| sshnpd |ssh session started from: @cpswan session: e7a8f58b-3e99-4675-8aff-96b1533f8903

Unhandled exception:
SocketException: Failed host lookup: 'bad.name.net' (OS Error: Name or service not known, errno = -2)
#0      _NativeSocket.startConnect (dart:io-patch/socket_patch.dart:682)
#1      _NativeSocket.connect (dart:io-patch/socket_patch.dart:948)
#2      _RawSocket.connect (dart:io-patch/socket_patch.dart:1805)
#3      RawSocket.connect (dart:io-patch/socket_patch.dart:21)
#4      Socket._connect (dart:io-patch/socket_patch.dart:2028)
#5      Socket.connect (dart:io/socket.dart:776)
#6      connectNativeSocket (package:dartssh2/src/socket/ssh_socket_io.dart:12)
#7      SSHSocket.connect (package:dartssh2/src/socket/ssh_socket.dart:13)
#8      sshCallback (file:///home/ubuntu/sshnoports/bin/sshnpd.dart:269)
<asynchronous suspension>

To Reproduce
Steps to reproduce the behavior:

1. First I made a typo in the host name I wanted to connect to ./sshnp/sshnp --from @cpswan --to @bareindoornetball --device demovm -h bad.name.net
2. Then I realised that it should have been good.name.com
3. But by then the daemon had crashed.

Expected behavior

Daemon catches the exception and stays up.

Describe the bug

testing

Steps to reproduce

new binaries to test

Expected behavior

should work

Screenshots

No response

Smartphones

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Were you using an atApplication when the bug was found?

No response

Additional context

No response

Is your feature request related to a problem? Please describe.

Can't really tell what devices can be connected to, especially in an organization where you may have had an admin setup sshnpd for you.

Describe the solution you'd like

A subcommand / flag which allows you to list available devices for connecting to.

Describe alternatives you've considered

No response

Additional context

Depending on the implementation, the client may have to state that only devices with version greater than x.x.x will be listed...

Is your feature request related to a problem? Please describe.

N/A

Describe the solution you'd like

Add support for systemd installation mechanism
Add support to install screen similar to tmux.

Describe alternatives you've considered

No response

Additional context

No response

Not all flags in the generated binaries for sshnp and sshnpd work... we should make them configurable.

There are no docs for starting your own sshrvd

Describe the bug

The sshnpd tmux session continuously runs sshnpd and patiently waits for the .atKeys to be generated. If the device atSign is onboarded before the client atSign, then the deviceName is never shared with the client atSign, since the client atSign does not yet have a public:publickey@

If I am correct, the notification of the deviceName is being sent without caring if the client receives it or not. Then goes straight into monitor. Only once the client is setup, then the device's sshnpd has to be restarted

Steps to reproduce

1. On device, run sshnpd installer
2. On device, run ./at_activate
3. On device, tmux session successfully started sshnpd, :)
4. On client, run sshnp installer
5. On client, run ./at_activate
6. On client: Could not receive the device name from sshnpd since sshnpd tried sharing the device name before sshnp's atsign could activate first

Expected behavior

I guess it is working as intended (in that two non-onboarded atSigns are unable to communicate to one another), but if the goal of the do-while inside the tmux session was for it to start up the daemon, then it is not going as planned :(

sshnp recognize deviceName given by sshnpd

Screenshots

No response

Smartphones

No response

Were you using an atApplication when the bug was found?

No response

Additional context

2 fixes:

1. (documentation fix): expect the person to know that both of the atSigns MUST be onboarded before running the sshnpd and sshnp binaries. maybe even avoid starting up the tmux session to let them start it themselves? tell them to specifically that client sshnp HAVE to be setup before device sshnpd

2. (software fix): ensure that the notifications are received and that the receiving-end is indeed an onboarded atSign, by doing final NotificationResult notifResult = await notificationService.notify(...) check for notificationResult.notificationStatusEnum == NotificationStatusEnum.delivered

Is your feature request related to a problem? Please describe.

OpenWRT is a popular basis for networking equipment firmware and other embedded systems based on Linux, so it would be useful to offer sshnp as something that can be installed with opkg.

Describe the solution you'd like

Create an opkg package containing the sshnp binary

Describe alternatives you've considered

It's likely that we'll need a new approach to the sshnp binary in order to get something that works on platforms that aren't supported by Dart such as Armv6 and MIPS, so this could be a first use for new C or Rust SDKs.

Additional context

We should be able to test x64 OpenWRT in a VM.

Armv7 (and Armv8) testing should be possible on Raspberry Pis (preferably in a VM, but on bare metal if need be).

@cpswan has some GL.iNet devices with MIPS SOCs that can be used for testing (if we can create a suitable sshnp binary for that platform).

Is your feature request related to a problem? Please describe.

We do not currently have any automated end to end tests, so all testing is manually intensive and time-consuming

Describe the solution you'd like

A set of tests of the following scenarios

• With 'new' atSigns, full scenario, single sshnp client - establish ssh session via sshrv, verify all worked and cleaned up correctly
• With 'existing' atSigns, same scenario
• For both of the above scenarios, with multiple concurrent sshnp clients
• Compatibility testing for all of the above - i.e. sshnpd from previous releases vs sshnp from latest trunk, sshnpd from latest trunk vs sshnp from previous releases, etc

Describe alternatives you've considered

No response

Additional context

Things that might help:

• There are tests in at_server which create, activate and onboard new atSigns in the staging environment, run the at_server e2e test pack using those atSigns, and then delete those atSigns at the end
• There has been work done on dockerizing sshnpd, sshnp and sshrv

Describe the bug

Line in question: https://github.com/atsign-foundation/sshnoports/blob/5ee87985319f5f3b1ed12d1d8bc3234f58ef0ff7/scripts/install_sshnpd#L215

Logs a potentially infinite size file into a hidden directory.

Is your feature request related to a problem? Please describe.

Docker images will be (re)built for every push to trunk, and we only have a latest tag

Describe the solution you'd like

Use:

on:
  push:
    tags:
      - 'v*.*.*'

Instead of:

on:
  push:
    branches:
      - trunk

And also:

      # Extract version for docker tag
      - name: Get version
        run: echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV

Then:

          tags: |
            atsigncompany/sshnpd:latest
            atsigncompany/sshnpd:release-${{ env.VERSION }}

Describe the solution you'd like
Add binaries for Windows, along with some guidance on installing a suitable SSH server.

Describe the bug

It's kind of obvious that the binaries that aren't OSX must be Linux, but that should be explicit.

Describe the bug

If sshnp is placed in a directory and run via a $PATH it works but does not find the sshrv binary

cconstab@tarial ~ % $(sshnp -f @xxxxxx -t @yyyyy -d host  -h @aaaaa -s id_ed25519.pub)
Unhandled exception:
ProcessException: No such file or directory
  Command: /Users/cconstab/sshrv x.x.x.x 41311
#0      _ProcessImpl._start (dart:io-patch/process_patch.dart:401)
#1      Process.start (dart:io-patch/process_patch.dart:38)
#2      _runNonInteractiveProcess (dart:io-patch/process_patch.dart:578)
#3      Process.run (dart:io-patch/process_patch.dart:49)
#4      main (file:///Users/cconstab/Documents/GitHub/@foundation/sshnoports/bin/sshnp.dart:362)
<asynchronous suspension>
cconstab@tarial ~ %

Steps to reproduce

1. First put sshnp release in you home directory i.e ~/sshnp
2. Then cd to ~/sshnp and run ./sshnp and everything works, also works fine if you specify the full directory ~/sshnp/sshnp
3. And then cd .. and run the same command assuming ~/sshnp is in your PATH
4. Top put it in the path use export PATH="~/sshnp:$PATH" or similar for your shell

Expected behavior

No matter where sshnp is running from it should find itself and the sshrv binary!

Bug probably due to fact that dart has no idea of the PATH so need to find a way !

Screenshots

No response

Smartphones

• Linux
• v3.1.2 sshnp

Were you using an atApplication when the bug was found?

sshnp

Additional context

No response

Describe the bug

Using the installer script with flags does not work for me.

Steps to reproduce

1. Run the sshnp installer with client, device and region options bash -c "$(curl -fsSL https://getsshnp.noports.com)" -c @alice_client -d @alice_device -h am
2. I get Unknown argument: @alice_client

See Screenshots

Expected behavior

Does not start the REPL, instantly starts installation

Screenshots

jeremytubongbanua@Jeremys-M2-Air ~ % bash -c "$(curl -fsSL https://getsshnp.noports.com)" -c @alice_client -d @alice_device -h am
Unknown argument: @alice_client

Smartphones

Got same error inside ubuntu arm64 docker container and Mac OS (m2 air zsh)

Were you using an atApplication when the bug was found?

No response

Additional context

UPDATED

Xavier said I missed -- which was also missing in the instructions

Describe the bug

Unable to determine Host to connect to: please use --local-ssh-port and specify the DNS/IP address with --host

Where --local-ssh-port isn't even listed as an option, and --host isn't marked as mandatory.

To Reproduce
Steps to reproduce the behavior:

1. First I run ./sshnp with no args to get help and see:

-k, --key-file            Sending @sign's atKeys file if not in ~/.atsign/keys/
-f, --from (mandatory)    Sending @sign
-t, --to (mandatory)      Send a trigger to this @sign
-d, --device              Send a trigger to this device
                          (defaults to "default")
-h, --host                DNS Hostname or IP address to connect back to
-p, --port                TCP port to connect back to
                          (defaults to "22")
-l, --local-port          Reverse ssh port to listen on
                          (defaults to "2222")
-s, --ssh-public-key      Public key file from ~/.ssh to be apended to authorized_hosts on the remote device
                          (defaults to "false")
-v, --[no-]verbose        More logging
FormatException: Option from is mandatory.

2. Then I construct a (beyond) minimal command line ./sshnp --from @cpswan --to @bareindoornetball --device demovm which has both of the mandatory flags and a device identifier.
3. And then:

-k, --key-file            Sending @sign's atKeys file if not in ~/.atsign/keys/
-f, --from (mandatory)    Sending @sign
-t, --to (mandatory)      Send a trigger to this @sign
-d, --device              Send a trigger to this device
                          (defaults to "default")
-h, --host                DNS Hostname or IP address to connect back to
-p, --port                TCP port to connect back to
                          (defaults to "22")
-l, --local-port          Reverse ssh port to listen on
                          (defaults to "2222")
-s, --ssh-public-key      Public key file from ~/.ssh to be apended to authorized_hosts on the remote device
                          (defaults to "false")
-v, --[no-]verbose        More logging

Unable to determine Host to connect to: please use --local-ssh-port and specify the DNS/IP address with --host

Expected behavior

If --host is mandatory then say so.
Don't reference a --local-ssh-port in an error message if it's not listed in the help.
Provide examples of minimal command lines, and the use of options.

Describe the bug

Version 2.0.2 was built with at_client version 3.0.48 which had a bug whereby the first notifications sent between atSigns would fail to be decrypted by the recipient

Steps to reproduce

Described in atsign-foundation/at_client_sdk#964

Expected behavior

Notifications work first time

Screenshots

No response

Smartphones

No response

Were you using an atApplication when the bug was found?

No response

Additional context

No response

Describe the bug

If you've previously installed sshnpd (have not yet tested for sshnp), there's some weird FileSystemException.

Doing rm -rf ~/.sshnp then re-running the script/binary (e.g. ./sshnpd@server_0) does the trick

See Additional Context for the logs

Steps to reproduce

1. Run installer script (to install sshnpd, for example)
2. Kill tmux session that it started
3. Rerun the script/binary
4. Get FileSystemException from ~/.sshnp

Expected behavior

Do not run into FileSystemException

Screenshots

No response

Smartphones

No response

Were you using an atApplication when the bug was found?

No response

Additional context

sshnpd: FileSystemException: lock failed, path = '/home/pi/.sshnp/@server_0/storage/commitLog/commit_log_055719601711c762ce6bc501676e84468ea43ee6a20f32649e09e7cf951c9526.lock' (OS Error: Resource temporarily unavailable, errno = 11)
stack trace: #0      _checkForErrorResponse (dart:io/common.dart:55)
#1      _RandomAccessFile.lock.<anonymous closure> (dart:io/file_impl.dart:1022)
<asynchronous suspension>
#2      StorageBackendVm.initialize (package:hive/src/backend/vm/storage_backend_vm.dart:81)
<asynchronous suspension>
#3      HiveImpl._openBox (package:hive/src/hive_impl.dart:111)
<asynchronous suspension>
#4      HiveImpl.openBox (package:hive/src/hive_impl.dart:142)
<asynchronous suspension>
#5      HiveBase.openBox (package:at_persistence_secondary_server/src/keystore/hive_base.dart:34)
<asynchronous suspension>
#6      CommitLogKeyStore.initialize (package:at_persistence_secondary_server/src/log/commitlog/commit_log_keystore.dart:39)
<asynchronous suspension>
#7      HiveBase.init (package:at_persistence_secondary_server/src/keystore/hive_base.dart:15)
<asynchronous suspension>
#8      AtCommitLogManagerImpl.getCommitLog (package:at_persistence_secondary_server/src/log/commitlog/at_commit_log_manager_impl.dart:26)
<asynchronous suspension>
#9      StorageManager._initStorage (package:at_client/src/manager/storage_manager.dart:26)
<asynchronous suspension>
#10     StorageManager.init (package:at_client/src/manager/storage_manager.dart:14)
<asynchronous suspension>
#11     AtClientImpl._init (package:at_client/src/client/at_client_impl.dart:185)
<asynchronous suspension>
#12     AtClientImpl.create (package:at_client/src/client/at_client_impl.dart:146)
<asynchronous suspension>
#13     DefaultAtServiceFactory.atClient (package:at_client/src/manager/at_client_manager.dart:159)
<asynchronous suspension>
#14     AtClientManager.setCurrentAtSign (package:at_client/src/manager/at_client_manager.dart:80)
<asynchronous suspension>
#15     AtOnboardingServiceImpl._initAtClient (package:at_onboarding_cli/src/onboard/at_onboarding_service_impl.dart:60)
<asynchronous suspension>
#16     AtOnboardingServiceImpl._init (package:at_onboarding_cli/src/onboard/at_onboarding_service_impl.dart:72)
<asynchronous suspension>
#17     AtOnboardingServiceImpl.authenticate (package:at_onboarding_cli/src/onboard/at_onboarding_service_impl.dart:317)
<asynchronous suspension>
#18     _main (file:///sshnoports/bin/sshnpd.dart:146)
<asynchronous suspension>
#19     main (file:///sshnoports/bin/sshnpd.dart:25)
<asynchronous suspension>

Unhandled exception:
FileSystemException: lock failed, path = '/home/pi/.sshnp/@server_0/storage/commitLog/commit_log_055719601711c762ce6bc501676e84468ea43ee6a20f32649e09e7cf951c9526.lock' (OS Error: Resource temporarily unavailable, errno = 11)
#0      _checkForErrorResponse (dart:io/common.dart:55)
#1      _RandomAccessFile.lock.<anonymous closure> (dart:io/file_impl.dart:1022)
<asynchronous suspension>
#2      StorageBackendVm.initialize (package:hive/src/backend/vm/storage_backend_vm.dart:81)
<asynchronous suspension>
#3      HiveImpl._openBox (package:hive/src/hive_impl.dart:111)
<asynchronous suspension>
#4      HiveImpl.openBox (package:hive/src/hive_impl.dart:142)
<asynchronous suspension>
#5      HiveBase.openBox (package:at_persistence_secondary_server/src/keystore/hive_base.dart:34)
<asynchronous suspension>
#6      CommitLogKeyStore.initialize (package:at_persistence_secondary_server/src/log/commitlog/commit_log_keystore.dart:39)
<asynchronous suspension>
#7      HiveBase.init (package:at_persistence_secondary_server/src/keystore/hive_base.dart:15)
<asynchronous suspension>
#8      AtCommitLogManagerImpl.getCommitLog (package:at_persistence_secondary_server/src/log/commitlog/at_commit_log_manager_impl.dart:26)
<asynchronous suspension>
#9      StorageManager._initStorage (package:at_client/src/manager/storage_manager.dart:26)
<asynchronous suspension>
#10     StorageManager.init (package:at_client/src/manager/storage_manager.dart:14)
<asynchronous suspension>
#11     AtClientImpl._init (package:at_client/src/client/at_client_impl.dart:185)
<asynchronous suspension>
#12     AtClientImpl.create (package:at_client/src/client/at_client_impl.dart:146)
<asynchronous suspension>
#13     DefaultAtServiceFactory.atClient (package:at_client/src/manager/at_client_manager.dart:159)
<asynchronous suspension>
#14     AtClientManager.setCurrentAtSign (package:at_client/src/manager/at_client_manager.dart:80)
<asynchronous suspension>
#15     AtOnboardingServiceImpl._initAtClient (package:at_onboarding_cli/src/onboard/at_onboarding_service_impl.dart:60)
<asynchronous suspension>
#16     AtOnboardingServiceImpl._init (package:at_onboarding_cli/src/onboard/at_onboarding_service_impl.dart:72)
<asynchronous suspension>
#17     AtOnboardingServiceImpl.authenticate (package:at_onboarding_cli/src/onboard/at_onboarding_service_impl.dart:317)
<asynchronous suspension>
#18     _main (file:///sshnoports/bin/sshnpd.dart:146)
<asynchronous suspension>
#19     main (file:///sshnoports/bin/sshnpd.dart:25)
<asynchronous suspension>
^C
pi@raspberrypi:~/.local/bin $ rm -rf ~/.sshnp
pi@raspberrypi:~/.local/bin $ ./sshnpd@client_0 
INFO|2023-06-13 21:48:40.937808|AtClientManager|setCurrentAtSign called with atSign @server_0 

INFO|2023-06-13 21:48:40.938400|AtClientManager|Switching atSigns from null to @server_0 

INFO|2023-06-13 21:48:40.946731|HiveBase|commit_log_055719601711c762ce6bc501676e84468ea43ee6a20f32649e09e7cf951c9526 initialized successfully 

INFO|2023-06-13 21:48:40.955055|HiveBase|055719601711c762ce6bc501676e84468ea43ee6a20f32649e09e7cf951c9526 initialized successfully 

INFO|2023-06-13 21:48:40.955562|AtClientCommitLogCompaction (@server_0)|Starting commit log compaction job running for every 11 minute(s) 

INFO|2023-06-13 21:48:40.962861|AtClientManager|setCurrentAtSign complete 

INFO|2023-06-13 21:48:40.963044|AtLookup|Creating new connection 

INFO|2023-06-13 21:48:41.364475|AtLookup|New connection created OK 

INFO|2023-06-13 21:48:41.486333|AtLookup|auth success 

INFO|2023-06-13 21:48:41.692299|AbstractAtKeyEncryption (@server_0)|Encrypted shared symmetric key for @server_0 not found in local storage 

INFO|2023-06-13 21:48:41.692396|AbstractAtKeyEncryption (@server_0)|Deleting @client_0:shared_key@server_0 from LocalSecondary 

INFO|2023-06-13 21:48:41.692930|AbstractAtKeyEncryption (@server_0)|Fetching shared symmetric key for @server_0 from atServer 

INFO|2023-06-13 21:48:41.747406|AbstractAtKeyEncryption (@server_0)|Retrieved my encrypted copy of shared symmetric key for @client_0 from atServer - saving to local storage 

INFO|2023-06-13 21:48:41.759718|AbstractAtKeyEncryption (@server_0)|'Their' copy of shared symmetric key for @client_0 not found in local storage - will check atServer 

INFO|2023-06-13 21:48:41.803355|AbstractAtKeyEncryption (@server_0)|Found 'their' copy of shared symmetric key for @client_0 in atServer - saving to local storage 

INFO|2023-06-13 21:48:42.437406| sshnpd |SUCCESS:id: 6ad23625-0115-45da-93fe-5ed7903a25bf status: NotificationStatusEnum.delivered pi 

WARNING|2023-06-13 21:48:42.453654| sshnpd |connection available 

INFO|2023-06-13 21:48:42.661371|Monitor (@server_0)|monitor started for @server_0 with last notification time: null 

INFO|2023-06-13 21:48:50.070280|AtLookup|Creating new connection 

INFO|2023-06-13 21:48:50.194731|AtLookup|New connection created OK 

INFO|2023-06-13 21:48:50.342376|AtLookup|auth success 

INFO|2023-06-13 21:48:50.386543|SyncService (@server_0)|1071820688|Returning serverCommitId 50 

INFO|2023-06-13 21:48:50.431797|SyncService (@server_0)|1071820688|Returning serverCommitId 50 

SEVERE|2023-06-13 21:48:50.614052|EncryptionUtil|Error while decrypting value: Invalid argument(s): Invalid or corrupted pad block 

WARNING|2023-06-13 21:48:50.614762|SyncService (@server_0)|Exception occurred when setting conflict info for @client_0:shared_key@server_0 | Exception: Invalid argument(s): Invalid or corrupted pad block 

INFO|2023-06-13 21:48:50.676073|SyncService (@server_0)|1071820688|Inside syncComplete. syncRequest.requestSource : SyncRequestSource.system; syncRequest.onDone : Closure: (SyncResult) => void from Function '_onDone@120025363':. 

INFO|2023-06-13 21:48:50.720353|SyncService (@server_0)|1071820688|Returning serverCommitId 54

Describe the bug
If you want to send your public key to the server using -s then it only works if the authorized_keys file is already in place.

To Reproduce
Steps to reproduce the behavior:

1. First I deleted authorized_keys file on the sever in .ssh
2. Then I used the -s option on the client but are still prompted for a password
3. Checking the log you see the issue
4. touching the file then re running everything works as it should

Expected behavior
If the file does not exist then the server should create it

logs

INFO|2022-05-21 20:12:05.567675| sshnpd |ssh Public Key recieved from @colin notification id : f7ad4dc8-f0da-4484-8b09-f5ac407caa82 

SEVERE|2022-05-21 20:12:05.569308| sshnpd |Error writting to pi .ssh/authorized_keys file : FileSystemException: Cannot open file, path = '/home/pi/.ssh/authorized_keys' (OS Error: No such file or directory, errno = 2)      

 INFO|2022-05-21 20:12:07.864150| sshnpd |ssh callback request recieved from @colin notification id : 763452cc-45e7-47bc-99a9-5ec6d7ed38d1

Smartphone (please complete the following information):

• Linux PiOS

Is your feature request related to a problem? Please describe.

from @cconstab

sshnp shoukd have a -u option to specify the username if the sshnpd was not sharing it.
This is a bug/oversight in sshnp right now.

Describe the solution you'd like

• add an optional -u option in SSHNP.createArgParser with full option name remote-user-name, description something like, "user name to use in the ssh session on the remote host"
• in SSHNP, change remoteUserName from late final String remoteUsername to String? remoteUserName
• add optional remoteUserName parameter to SSHNP constructor to allow remoteUserName to be supplied, and supply the parsed
• in SSHNP.init - do not call fetchRemoteUserName if a remoteUserName has already been supplied

Describe alternatives you've considered

No response

Additional context

Either wait for #201 to be merged to trunk, or make a new branch based on that PR's branch

Is your feature request related to a problem? Please describe.

If I look at the latest (v2.0.2) release (and its predecessors) I can find:

• linux
  • 86_64
  • arm64
  • armv7
  • riscv64
• OSX
  • arm_64
  • x86_64

These are internally inconsistent (86_64 vs x86_64 and arm64 vs arm_64), and inconsistent with naming conventions elsewhere.

atsign-foundation/at_libraries#313 implicitly proposes that we use uname -m to get architecture, which for Linux will give us:

• linux
  • aarch64
  • armv7l
  • x86_64

Elsewhere (e.g. Dart Docker official image Dockerfile) we can see dpkg --print-architecture being used, which yields:

• linux
  • arm64
  • armhf
  • amd64

Describe the solution you'd like

We could adopt the Dart convention (as used for SDK downloads), which would give us:

• macOS
  • arm64
  • x64
• Linux
  • arm
  • arm64
  • ia32
  • riscv64
  • x64
• Windows
  • arm64
  • ia32
  • x64

Describe alternatives you've considered

Golang appears to use uname -m suffixes and darwin for macOS

Docker uses OS/arch(/version):

linux/386
linux/amd64
linux/arm/v7
linux/arm64/v8

It is difficult to simply restart an sshnpd process for a particular device name if there are multiple instances running.

It might be useful to implement a kill sshnpd command through a notification which would cause it to exit so that it can be restarted by the local restart service.

Leads: @cconstab @XavierChanth

Is your feature request related to a problem? Please describe.
If sshnpd is not running at the other end, sshnp does not know that that is the case, and completes apparently successfully

Describe the solution you'd like
I'd like sshnp to receive a notification from sshnpd that it has received the request and perhaps a second notification from sshnpd saying that it has acted on the request (and if it couldn't, why not)

Is your feature request related to a problem? Please describe.

No unit tests currently

Describe the solution you'd like

Need unit tests which, while they do not test the whole thing end to end, can check the logic and behaviour of the atProtocol interactions - the records that are created and updated, the notifications that are sent and received, etc

Describe alternatives you've considered

No response

Additional context

No response

• Create no sync version
• test
• release

Target make sshnp WAY faster

Is your feature request related to a problem? Please describe.

@cconstab is presently having to manually sign binaries for MacOS using the process documented here

Describe the solution you'd like

A script that can be run in GitHub Actions using a cert (and private key?) stored in GitHub Secrets

Describe alternatives you've considered

Codemagic might have a canned approach to this?

Describe the bug

Experiencing the below issue when starting sshnp server:

Unhandled exception:
Exception: Failed to fetch the current atSign public key - public:publickey@iot_manager
#0      AtClientImpl.get (package:at_client/src/client/at_client_impl.dart:255:7)
<asynchronous suspension>
#1      main (file:///C:/Users/colin/GitHub/@foundation/sshnoports/bin/sshnp.dart:207:26)
<asynchronous suspension>

Additional context
This is inline with the conversation in engg. chat with threads group on Jul 29 2022.

Is your feature request related to a problem? Please describe.

Binary creation is manual and time consuming

Describe the solution you'd like

Use a combination of GitHub Actions and Docker BuildX to create as many binaries as possible

• macOS/x64
• Linux/arm
• Linux/arm64
• Linux/riscv64 (beta)
• Linux/x64

Describe alternatives you've considered

Codemagic would potentially allow a unified build script, and include additional platforms like macOS/arm64

Additional context

Make use of Dart naming convention for releases

Is your feature request related to a problem? Please describe.

Lots of lint warnings in the code right now.

Describe the solution you'd like

No issues found by dart analyze

Describe alternatives you've considered

No response

Additional context

No response

Describe the solution you'd like
Add a section to CONTRIBUTING.md showing how to compile the binaries.

Describe alternatives you've considered
Provide a GitHub Actions workflow that automates the binary creation process for new releases.

Is your feature request related to a problem? Please describe.

create sshrv rendezvous point

Removing the need for the use of ngrok

Add basic security to rv (ngrok has none)

Describe the solution you'd like

Bring new sshrv code into repo

Add basic secirity to sshrv

Extensive testing

Sign and publish 3.2.1

Describe alternatives you've considered

No response

Additional context

No response

Documentation should mention that sshd needs to be started on sshnp client

'your machine running sshnp has to be running sshd even if only listening on localhost on port 22` - @cconstab

Write some python libraries which enable basic configuration and management of sshnpd installations:

Describe the bug
sshnp binary is of Mach-O 64-bit executable arm64 architecture in both sshnp_OSX_arm_64.tar.gz and sshnp_OSX_x86_64.tar.gz files.

To Reproduce

1. Download both archives.
2. Extract both.
3. Run file sshnp/sshnp

Expected behavior
sshnp_OSX_x86_64.tar.gz should contain the correct x86_64 architecture.

Screenshots
Please see a short video demonstrating the issue attached.
https://user-images.githubusercontent.com/1979797/172198065-84c93e75-72e9-4301-a17a-6389b29a68b0.mov

Smartphone (please complete the following information):

• Device: MAC

• OS: MAC OS

A partner requires a GUI for sshnp, that can also forward ports without any ports being needed to be opened on the device or firewalls.

• Create MVP
• Design Nicer GUI
• Code final product
• Automate testing
• Launch

Some useful material in this document

Key enabler: since advent of the rendezvous service, sshd does not need to run on the client. Therefore we can run a client on any platform as we just need an ssh client

Functionality of the GUI needs to include something like the "Tunnel" section of the Putty app (Source, Destination, and local or remote)

Is your feature request related to a problem? Please describe.

N/A

Describe the solution you'd like

Docker image which accepts the arguments required to install sshnpd to a container.

• Doesn't need tmux / to run in the background
• Should be capable of being entirely configured via docker compose
  • For running on the docker host network

Describe alternatives you've considered

No response

Additional context

No response

Is your feature request related to a problem? Please describe.

Install scripts can be updated when trunk is updated, but update scripts require a new release.

Describe the solution you'd like

If we download the update scripts from trunk, then there is no need to require a new release.

Describe alternatives you've considered

No response

Additional context

No response

Sshnp no double ssh option - as we have the rv we do not have to double ssh. Option shpuld still be there and only used if needed. I.E. a direct connectoon (-h with no @)

Is your feature request related to a problem? Please describe.

N/A

Describe the solution you'd like

See title

Describe alternatives you've considered

No response

Additional context

No response

Is your feature request related to a problem? Please describe.

Non piv startuop scripts for sshnod

Describe the solution you'd like

sshnpd startup without root access.. The intent being to provide simple instructions that do not need priv access..

My ideas that I have tested

Just bash on the machine + no root...

sshnpd.sh (chmod 755)

#!/bin/bash
export USER=`whoami` 
while true
do
~/sshnp/sshnpd -a <atSign> -m <atSign>  -u  -d <devicename> -v -s
sleep 10
done

with crontab entry

@reboot /home/<username>/sshnpd.sh > ~/sshnpd.log 2>&1

And with tmux installed again to root access needed

tmux-sshnpd.sh (chmod 755)

#!/bin/bash
tmux new-session -d -s sshnpd
tmux send-keys -t  sshnpd "cd " C-m
tmux send-keys -t  sshnpd "export USER=`whoami` " C-m
tmux send-keys -t  sshnpd "while true" C-m
tmux send-keys -t  sshnpd "do" C-m
tmux send-keys -t  sshnpd "~/sshnp/sshnpd -a <atSign> -m <atSign>  -u  -d <devicename> -v -s" C-m
tmux send-keys -t  sshnpd "sleep 10" C-m
tmux send-keys -t  sshnpd "done" C-m

and crontab entry

@reboot /home/<username>/tmux-sshnpd.sh > ~/sshnpd.log 2>&1

the @reboot crontab entry should these days work on most Linux distro's I tested on Ubuntu

Describe alternatives you've considered

screen version for screen people?

Additional context

No response

Full Installers List:

• install_sshnpd
• install_sshnp
• install_sshrvd

The main purpose of the installers is to

• create directories & files, if they dne
• generate custom ~/.startup.sh script

sshnp installer

Running ./install_sshnpd would:

sshnpd installer

Running ./install_sshnpd would:

• Make dirs if dne (~/.ssh/, ~/sshnp/, ~/.atsign/keys) using mkdir -p
• cp everything that came with the tar and move it to ~/sshnp, ask to overwrite if it is already installed of course
• move sshnpd/tmux-sshnpd to /usr/local/at EDIT: @cconstab i believe your advice was to not move the binaries to /usr/local/at.
• create healthcheck.sh script and put it in ~/sshnp, checks for dirs and files installed
• read args (-a, -m, -u, etc.) then write a custom .startup.sh and put it in /$USER. .startup.sh will utilize healthcheck.sh
• write custom sshnpd.service then tell person to type sudo systemctl enable sshnpd.service to enable EDIT striked as per @cconstab's advice

Runing .startup.sh would:

• make directories (~/.atsign/keys, ~/sshnp, /run/sshd, and ~/.ssh)
• touch ~/.ssh/authorized_keys and chmod 600 if dne
• exit if daemon .atKeys dne
• exit if /usr/sbin/sshd not found
• run all this stuff:

ssh-keygen -A
/usr/sbin/sshd -D -o "ListenAddress 127.0.0.1" -o "PasswordAuthentication no"  &
$sshnpHomeDir/sshnpd -a ${argResults['atsign']} -m ${argResults['manager']} ${argResults['device'] != null ? '-d ${argResults['device']}' : ''} ${argResults['sshpublickey'] ? '-s' : ''} ${argResults['username'] ? '-u' : ''} ${argResults['verbose'] ? '-v' : ''}${argResults['keyFile'] != null ? '-k ${argResults['keyFile']}' : ''}

Then all you would have to do to start up the daemon would be to do sh ~/.startup.sh

sshrvd installer

A Python implementation of sshnpd open to extension/modification for self-hosting

Describe the bug

When building the sshnpd Docker image at the end of Step 12/15:

Adding group `atsign' (GID 1024) ...
Done.
sysctl: permission denied on key "net.ipv4.ping_group_range"

Because we don't (yet) set -eux at the start of the RUN block this doesn't cause the step to fail.

Steps to reproduce

1. First I clone this repo
2. Then I cd sshnoports
3. And then sudo docker build -t atsigncompany/sshnpd .

Expected behavior

The command should succeed, or the build should fail.

Additional context

@JeremyTubongbanua found that the line works with FROM ubuntu, and that it's needed to run things in his demo container atsign-foundation/at_demos#97

@cconstab I think you put this in so that the daemon can be started as a non root user, and that it worked with an Ubuntu base image, and has been failing with Debian, which might explain #USER atsign being commented out

Could this be a build time problem that could be moved to startup.sh?

Describe the bug

sshnpd not processing privateKey or sshPublicKey notifications ... because the keys in notificaions are now being converted to lower case following recent changes to AtClient

Steps to reproduce

Run sshnpd and connect with sshnp

Expected behavior

Should work

Screenshots

No response

Smartphones

No response

Were you using an atApplication when the bug was found?

No response

Additional context

No response