:: xs - the alternate PQC secure shell ::

🖜 Back

Intro

I have worked in the past on IPsec and integration of crypto algs into

wire protocols. I wanted to experiment with openssh, adding post-quantum

key exchanges and extra session (symmetric) crypto algs to it.

I sort of hit a wall trying to figure out how the openssh login phase

passed through session keys to the rest of the system. Fork hell.

I was just getting into Go ('golang') at the time, so I thought to

myself, "self, why don't you try writing your *own* secure shell in

pure Go, it might be a great learning experience!". Well, it was, and

the result is _xs_, the eXperimental Secure shell. I think it's pretty

darn nifty, and now use it full-time on my servers *instead* of ssh.

Go has a really great crypto library, and its structural typing system

made it quite easy to implement and/or integrate new crypto algs into

the program. It's easier to build than ssh, and I would argue is also

much easier to understand (source code is under 5% total SLOCC compared

to that of openssh, which is written in C).

It should also benefit from the built-in security of Go's safe runtime

(much less likelihood of buffer overflows and such).

Project is here, fetchable via 'go get':

Gogs git repository