README.md 5.14 KB
Newer Older
hev's avatar
hev committed
1
2
# HevFsh

hev's avatar
hev committed
3
4
[![status](https://gitlab.com/hev/hev-fsh/badges/master/pipeline.svg)](https://gitlab.com/hev/hev-fsh/commits/master)

hev's avatar
hev committed
5
Fsh is to help you access local Shell and TCP services behind NAT or firewall.
hev's avatar
hev committed
6

hev's avatar
hev committed
7
8
9
**Features**
* Shell.
* TCP Port.
hev's avatar
hev committed
10
* Socks v5.
hev's avatar
hev committed
11
* IPv4/IPv6. (dual stack)
hev's avatar
hev committed
12
* End-to-end encryption. (Linux only, it depends on kernel TLS)
hev's avatar
hev committed
13

hev's avatar
hev committed
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
```
    +-------------+      +-------------+
    | Connector 1 |      | Connector 2 |
    +-------------+      +-------------+
           ^                    ^
           |                    |
           +------+      +------+
           .      |      |      .
           .      v      v      .
           .     +--------+     .
       (Token 1) | Server | (Token 2)
           .     +--------+     .
           .      ^      ^      .
           .      |      |      .
           +------+      +------+
           |                    |
           v                    v
    +-------------+      +-------------+
    | Forwarder A |      | Forwarder B |
    |   (TCP)     |      |    (Term)   |
    +-------------+      +-------------+
           ^
           |
           v
     +----------+
     | Upstream |
     |  Server  |
     +----------+
```

hev's avatar
hev committed
44
45
## How to Build
```bash
hev's avatar
hev committed
46
git clone --recursive git://github.com/heiher/hev-fsh
hev's avatar
hev committed
47
48
49
50
51
52
cd hev-fsh
make
```

## How to Run

hev's avatar
hev committed
53
**Server**:
hev's avatar
hev committed
54
```bash
hev's avatar
hev committed
55
fsh -s [SERVER_ADDR:SERVER_PORT]
hev's avatar
hev committed
56
57
58

# Listen on 0.0.0.0:6339 and log to stdout
fsh -s
hev's avatar
hev committed
59

hev's avatar
hev committed
60
61
# Listen on specific address:port
fsh -s 10.0.0.1:8000
hev's avatar
hev committed
62
63
```

hev's avatar
hev committed
64
**Forwarder**:
hev's avatar
hev committed
65
66
67
* **Terminal**
    ```bash
    fsh -f [-u USER] SERVER_ADDR[:SERVER_PORT/TOKEN]
hev's avatar
hev committed
68

hev's avatar
hev committed
69
70
    # Set token by server
    fsh -f 10.0.0.1
hev's avatar
hev committed
71

hev's avatar
hev committed
72
73
    # With port and set token by client
    fsh -f 10.0.0.1:8000/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4
hev's avatar
hev committed
74

hev's avatar
hev committed
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
    # Specific user (Need run as root)
    fsh -f -u jack 10.0.0.1

    # Need login with username and password (Need run as root)
    # If not run as root, current user used without login
    fsh -f 10.0.0.1
    ```
* **TCP Port**
    ```bash
    fsh -f -p [-w ADDR:PORT,... | -b ADDR:PORT,...] SERVER_ADDR[:SERVER_PORT/TOKEN

    # Accept all TCP ports
    fsh -f -p 10.0.0.1

    # Accept the TCP ports in white list (others rejected)
hev's avatar
hev committed
90
    fsh -f -p -w 192.168.0.1:22,192.168.1.3:80 10.0.0.1
hev's avatar
hev committed
91
92

    # Reject the TCP ports in black list (others allowed)
hev's avatar
hev committed
93
    fsh -f -p -b 192.168.0.1:22,192.168.1.3:80 10.0.0.1
hev's avatar
hev committed
94
    ```
hev's avatar
hev committed
95
96
97
98
* **Socks v5**
    ```bash
    fsh -f -x SERVER_ADDR[:SERVER_PORT/TOKEN
    ```
hev's avatar
hev committed
99

hev's avatar
hev committed
100
**Connector**:
hev's avatar
hev committed
101
102
103
104
105
106
107
108
109
110
* **Terminal**
    ```bash
    fsh SERVER_ADDR[:SERVER_PORT]/TOKEN

    # Connect to forwarder's terminal
    fsh 10.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4
    ```
* **TCP Port**
    ```bash
    fsh -p [LOCAL_ADDR:]LOCAL_PORT:REMOTE_ADD:REMOTE_PORT SERVER_ADDR[:SERVER_PORT]/TOKEN
hev's avatar
hev committed
111
    fsh -p REMOTE_ADD:REMOTE_PORT SERVER_ADDR[:SERVER_PORT]/TOKEN
hev's avatar
hev committed
112
113
114
115

    # Map the TCP port to forwarder's network service
    fsh -p 2200:192.168.0.1:22 10.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4
    fsh -p 0.0.0.0:2200:192.168.0.1:22 10.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4
hev's avatar
hev committed
116

hev's avatar
hev committed
117
    # Splice to stdio (Support SSH ProxyCommand)
hev's avatar
hev committed
118
    fsh -p 192.168.0.1:22 10.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4
hev's avatar
hev committed
119
    ```
hev's avatar
hev committed
120
121
122
123
* **Socks v5**
    ```bash
    fsh -x [LOCAL_ADDR:]LOCAL_PORT SERVER_ADDR[:SERVER_PORT]/TOKEN
    ```
hev's avatar
hev committed
124

hev's avatar
hev committed
125
126
**Common**:
```bash
hev's avatar
hev committed
127
fsh [-4 | -6] [-k KEY] [-t TIMEOUT] [-l LOG] [-v]
hev's avatar
hev committed
128
129
130
131
132
133
134

# Resolve names to IPv4 addresses only
fsh -4

# Resolve names to IPv6 addresses only
fsh -6

hev's avatar
hev committed
135
136
137
138
# End-to-end encryption
# key: random 20-byte
fsh -k /path/to/key

hev's avatar
hev committed
139
140
# Session timeout (seconds)
fsh -t 1000
hev's avatar
hev committed
141
142
143
144
145
146

# Log to file
fsh -l /var/log/fsh.log

# Log verbose
fsh -v
hev's avatar
hev committed
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
```

**IPv6**:
```bash
fsh -s [::]:6339

fsh -f [::1]:6339/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4

fsh -f -p -w 127.0.0.1:22,[::1]:22 127.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4

fsh -p [::1]:22 127.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4
fsh -p 2200:[::1]:22 127.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4
fsh -p [::1]:2200:[::1]:22 127.0.0.1/8b9bf4e7-b2b2-4115-ac97-0c7f69433bc4
```

hev's avatar
hev committed
162
163
164
## Classes

```
hev's avatar
hev committed
165
          +-> HevSocks5 -> HevSocks5Server -> HevSocks5ServerUS
hev's avatar
hev committed
166
167
168
169
170
171
HevObject +-> HevFshBase +-> HevFshServer
          |              +-> HevFshClient
          +-> HevFshSessionManager
          +-> HevFshClientFactory
          +-> HevFshIO +-> HevFshSession
                       +-> HevFshClientBase +-> HevFshClientAccept +-> HevFshClientPortAccept
hev's avatar
hev committed
172
                                            |                      +-> HevFshClientSockAccept
hev's avatar
hev committed
173
174
175
                                            |                      +-> HevFshClientTermAccept
                                            |
                                            +-> HevFshClientConnect +-> HevFshClientPortConnect
hev's avatar
hev committed
176
                                            |                       +-> HevFshClientSockConnect
hev's avatar
hev committed
177
178
                                            |                       +-> HevFshClientTermConnect
                                            |
hev's avatar
hev committed
179
180
181
                                            +-> HevFshClientListen +-> HevFshClientPortListen
                                            |                      +-> HevFshClientSockListen
                                            |
hev's avatar
hev committed
182
183
184
                                            +-> HevFshClientForward
```

hev's avatar
hev committed
185
186
## Contributors
* **hev** - https://hev.cc
hev's avatar
hev committed
187
188

## License
hev's avatar
hev committed
189
MIT