tinysshd(8)                 System Manager's Manual                tinysshd(8)

NAME
       tinysshd - Tiny SSH daemon

SYNOPSIS
       tinysshd [ options ] keydir

DESCRIPTION
       tinysshd is a minimalistic SSH server which implements only a subset of
       SSHv2 features.

       tinysshd supports only secure cryptography (minimum 128-bit security,
       protected against cache-timing attacks)

       tinysshd doesn't implement older crypto (such as RSA, DSA, HMAC-MD5,
       HMAC-SHA1, 3DES, RC4, ...)

       tinysshd doesn't implement unsafe features (such as password or
       hostbased authentication)

       tinysshd doesn't have features such: SSH1 protocol, compression, port
       forwarding, agent forwarding, X11 forwarding ...

       tinysshd doesn't use dynamic memory allocation (no allocation failures,
       etc.)

OPTIONS
       -q     no error messages

       -Q     print error messages (default)

       -v     print extra information

       -s     enable state-of-the-art crypto (default)

              signing - ssh-ed25519

              key-exchange - curve25519-sha256

              symmetric - chacha20-poly1305@openssh.com

       -S     disable state-of-the-art crypto

       -p     enable post-quantum crypto (default)

              signing - TODO (not implemented yet)

              key-exchange - sntrup761x25519-sha512@openssh.com

              symmetric -  chacha20-poly1305@openssh.com

       -P     disable post-quantum crypto

       -l     use syslog instead of standard error output (useful for running
              from inetd)

       -L     don't use syslog, use standard error output (default)

       -x name=command
              add subsystem command (e.g.:
              sftp=/usr/libexec/openssh/sftp-server)

       -e command
              execute the given command instead of spawning the shell
              (disables exec/subsystem channel requests)

       keydir directory containing TinySSH keys, typically
              /etc/tinyssh/sshkeydir

AUTHORIZATION
       tinysshd supports only public-key authorization via AuthorizedKeysFile
       ~/.ssh/authorized_keys. Each line of the file contains one key in
       format "keytype base64-encoded-key comment".  tinyssh supports only
       "ssh-ed25519" keytype.

       ~/.ssh/authorized_keys example:
         ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV5AGhGQ1QVXjBWhTKJP3vrqE3isL4ivisBailQ14gS comment

RUNNING
       TCPSERVER
              tcpserver -HRDl0 0.0.0.0 22 /usr/sbin/tinysshd -v
              /etc/tinyssh/sshkeydir &

       BUSYBOX
              busybox tcpsvd 0 22 tinysshd -v /etc/tinyssh/sshkeydir &

       INETD
           /etc/inetd.conf:
               ssh stream tcp nowait root /usr/sbin/tinysshd tinysshd -l -v
               /etc/tinyssh/sshkeydir

       SYSTEMD
           tinysshd.socket:
               [Unit]
               Description=TinySSH server socket
               ConditionPathExists=!/etc/tinyssh/disable_tinysshd

               [Socket]
               ListenStream=22
               Accept=yes

               [Install]
               WantedBy=sockets.target

           tinysshd@.service:
               [Unit]
               Description=Tiny SSH server
               After=network.target auditd.service

               [Service]
               ExecStartPre=-/usr/sbin/tinysshd-makekey -q /etc/tinyssh/sshkeydir
               EnvironmentFile=-/etc/default/tinysshd
               ExecStart=/usr/sbin/tinysshd ${TINYSSHDOPTS} -- /etc/tinyssh/sshkeydir
               KillMode=process
               SuccessExitStatus=111
               StandardInput=socket
               StandardError=journal

               [Install]
               WantedBy=multi-user.target

SEE ALSO
       tinysshd-makekey(8), tinysshd-printkey(8)

       https://tinyssh.org/

                                                                   tinysshd(8)