Releases: NHAS/reverse_ssh
v1.0.12
v1.0.10
This release incorporates a number of small changes and bug fixes. The most notable feature is that the rssh clients now support URI scheme handlers.
connect --shell https://your.host/program <rssh_client_id>
ssh -J your.rssh.server:3232 <rssh_client_id> https://your.host/program
This allows the rssh client to download additional resources to execute instead of on-host executable (this will also attempt to download resources in a fileless way on linux.)
Features
- Clients now support
http
/https
/rssh
URI schemes when connecting to clients
Bug Fixes
- HTTP proxy has been fixed (thanks @exploide)
- The automatic shell script is now POSIX shell compatible (thanks @lachlan2k and @exploide)
v1.0.9
v1.0.8
v1.0.7
v1.0.6
This release has brought docker to the RSSH server. Now, instead of having to clone and make
, it is possible to pull directly from dockerhub with docker pull reversessh/reverse_ssh
.
This brings easy windows binary compilation, among other things.
Thanks to @lachlan2k for this addition!
Features
- Client timeout detection is now configurable with the server flag
--timeout
which is in minutes. - TCPKeepalive has changed from 15 seconds (golang default) to 2 hours on the client, or
--timeout
value if defined on server link
command will now regenerate a new public for every client that is createdDockerfile
and general docker compatibility
Bug Fixes
- Windows powershell will now be correctly selected if the system drive letter is not
C:\
thanks @shajunmel - Fix small race condition when the rssh server starts up, which may have resulted in an empty
config.json
file to be created stopping the server from starting - Fix
link
command not supporting filenames with extensions
Changes
- The server flags
--authorizedkeys
,--config
and--key
have been removed in favor of--datadir
, which specifies a folder that the filesauthorized_keys
,id_ed25519
andconfig.json
files must exist - Readme now has details about rsa-sha2 compatibility issues
External Contributions
- @lachlan2k Added the
--datadir
flag to replace other flags - @lachlan2k Added Docker Support!
Full Changelog: v1.0.5...v1.0.6
v1.0.5
Bug Fixes
- Marshal ssh public keys to non-binary format to make duplicate key error more readable
Features
link
command now has an optional--upx
flag, to compress binaries- Public key hash can now be used to connect/act upon clients
Changes
- Webhooks now follow more standard format and can be directory to any URL
.sh
extension will now search for writable locations before writing client binary to execute
v1.0.4
This release merges some external work, and most importantly has new TUN functionality, allowing you set to use -w
in ssh and set up full VPNs with your reverse ssh clients.
Unfortunately, this has increased binary size somewhat. So I would recommend compiling in release (make release
), and using upx
if that matters to you.
Features
- Implement support for
TUN
devices in the client, allowing full ICMP/UDP/TCP forwarding - Full IDs are no longer needed when forwarding/connecting to a client, partial matches now work #49
Bug Fixes
link -l
will now print what callback server the binary was generated with #48- Stop client if connect back address is invalid, rather than endlessly retrying it
- Timeout on initial local forward so that things like nmap dont wait forever
Changes
- Remove process hiding, the client fork will no longer pick a random benign process to change its
argv[0]
to
External Contributions
- @TechSupportJosh Changed timeouts on the webserver to 20 seconds in #47
- @exploide Improved RSSH client compatibility by improving the makefile in #51
Full Changelog: v1.0.3...v1.0.4
v1.0.3
This release has a bunch of fixes for bugs that people have sent in. It also has the starting work for versioning of clients with the new version
command.
Bug Fixes
- Fix child dying on parent exit (caused by child using parents stdout/stderr)
- Check that shells in
/etc/shell
actually exist - Properly remove webserver from mux when not in use
- Normalize client hostname when in fancy
ls -t
- Increase initial timeout for ssh handshake for people who have to enter their ssh key password
Features
- New
version
command shows the current version of the server (git tag + git short hash) ls
now shows client versions- Improved multiplexer flood protection
- Add
watch
command, to show clients coming and going - Add webhook support
listen
command can start/stop the rssh server port- Makefile flag
IGNORE
will now cause clients to ignore all argv input authorized_keys
now understands and respects the sshfrom
directive (allow/deny list for managing rssh clients)
Changes
link
expiry option removed as its not useful
Full Changelog: v1.0.2...v1.0.3
v1.0.2
This release adds a new subsystem (no, nothing to do with WSL) for windows, and a bug fix for the server.
- Adds windows service compatibility
- Adds subsystem to install and remove windows services
- Improve multi-protocol multiplexer (say that fast 5 times) to stop slow clients from deadlocking the server
The binary release are amd64 windows and linux binaries compiled with CGO and in debug.