💾 Archived View for blitter.com › xs.gmi captured on 2022-07-16 at 13:36:33. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
I have worked in the past on IPsec and integration of crypto algs into
wire protocols. I wanted to experiment with openssh, adding post-quantum
key exchanges and extra session (symmetric) crypto algs to it.
I sort of hit a wall trying to figure out how the openssh login phase
passed through session keys to the rest of the system. Fork hell.
I was just getting into Go ('golang') at the time, so I thought to
myself, "self, why don't you try writing your *own* secure shell in
pure Go, it might be a great learning experience!". Well, it was, and
the result is _xs_, the eXperimental Secure shell. I think it's pretty
darn nifty, and now use it full-time on my servers *instead* of ssh.
Go has a really great crypto library, and its structural typing system
made it quite easy to implement and/or integrate new crypto algs into
the program. It's easier to build than ssh, and I would argue is also
much easier to understand (source code is under 5% total SLOCC compared
to that of openssh, which is written in C).
It should also benefit from the built-in security of Go's safe runtime
(much less likelihood of buffer overflows and such).
Project is here, fetchable via 'go get':