Rust● activev0.4.0GPL-3.0since 2024 // ★ 4,022 // ⑂ 271
ghostshell
encrypted shell wrapper
ssh-like ergonomics, but over tcp / websockets / quic / anything that moves bytes. session keys derived per-connection. forward secrecy by default. paranoid by construction, but you don't have to feel paranoid using it.
01 / install
$ cargo install ghostshell
# server:
$ gsd --listen :8088 --transport quic
# client:
$ gs nj@nullbox:8088 --transport quic
02 / usage
$ gs --keygen ~/.gs/id
$ gs add-peer alice@core 'ed25519:AAAAC3Nz...'
$ gs alice@core
$ gs alice@core --transport websocket
03 / features
- ed25519 identity, x25519 ECDH, chacha20-poly1305
- pluggable transports: tcp, quic, websocket, named pipes
- yubikey hardware key support (0.4)
- session resumption with rotating ratchets
- no plaintext on disk. ever.
04 / changelog
v0.4.02026.05yubikey + piv card support. session resumption v2.
v0.3.02026.01quic transport via quinn. faster handshakes.
v0.2.02025.07websocket transport for behind-the-proxy use
v0.1.02024.11first usable release. don't use it.