v1.0.10

This release incorporates a number of small changes and bug fixes. The most notable feature is that the rssh clients now support URI scheme handlers.

connect --shell https://your.host/program <rssh_client_id>
ssh -J your.rssh.server:3232 <rssh_client_id> https://your.host/program 

This allows the rssh client to download additional resources to execute instead of on-host executable (this will also attempt to download resources in a fileless way on linux.)

Features

• Clients now support http/https/rssh URI schemes when connecting to clients

Bug Fixes

• HTTP proxy has been fixed (thanks @exploide)
• The automatic shell script is now POSIX shell compatible (thanks @lachlan2k and @exploide)

v1.0.9

Tiny release that updates dependencies to fix windows service errors.

v1.0.8

Small release that adds --shell to the connect.

Features

• Adds --shell to the connect command to allow users to specify what shell they start

Bug Fixes

• When a user specifies a command with pty ssh -t, ssh now properly allocates a pty

v1.0.7

A small release that adds garble to the link command.

Features

• --garble flag will now compile the client binary with garble if found in the system path.

v1.0.6

This release has brought docker to the RSSH server. Now, instead of having to clone and make, it is possible to pull directly from dockerhub with docker pull reversessh/reverse_ssh.
This brings easy windows binary compilation, among other things.

Thanks to @lachlan2k for this addition!

Features

• Client timeout detection is now configurable with the server flag --timeout which is in minutes.
• TCPKeepalive has changed from 15 seconds (golang default) to 2 hours on the client, or --timeout value if defined on server
• link command will now regenerate a new public for every client that is created
• Dockerfile and general docker compatibility

Bug Fixes

• Windows powershell will now be correctly selected if the system drive letter is not C:\ thanks @shajunmel
• Fix small race condition when the rssh server starts up, which may have resulted in an empty config.json file to be created stopping the server from starting
• Fix link command not supporting filenames with extensions

Changes

• The server flags --authorizedkeys, --config and --key have been removed in favor of --datadir, which specifies a folder that the files authorized_keys, id_ed25519 and config.json files must exist
• Readme now has details about rsa-sha2 compatibility issues

External Contributions

• @lachlan2k Added the --datadir flag to replace other flags
• @lachlan2k Added Docker Support!

Full Changelog: v1.0.5...v1.0.6

v1.0.5

Bug Fixes

• Marshal ssh public keys to non-binary format to make duplicate key error more readable

Features

• link command now has an optional --upx flag, to compress binaries
• Public key hash can now be used to connect/act upon clients

Changes

• Webhooks now follow more standard format and can be directory to any URL
• .sh extension will now search for writable locations before writing client binary to execute

v1.0.4

This release merges some external work, and most importantly has new TUN functionality, allowing you set to use -w in ssh and set up full VPNs with your reverse ssh clients.

Unfortunately, this has increased binary size somewhat. So I would recommend compiling in release (make release), and using upx if that matters to you.

Features

• Implement support for TUN devices in the client, allowing full ICMP/UDP/TCP forwarding
• Full IDs are no longer needed when forwarding/connecting to a client, partial matches now work #49

Bug Fixes

• link -l will now print what callback server the binary was generated with #48
• Stop client if connect back address is invalid, rather than endlessly retrying it
• Timeout on initial local forward so that things like nmap dont wait forever

Changes

• Remove process hiding, the client fork will no longer pick a random benign process to change its argv[0] to

External Contributions

• @TechSupportJosh Changed timeouts on the webserver to 20 seconds in #47
• @exploide Improved RSSH client compatibility by improving the makefile in #51

Full Changelog: v1.0.3...v1.0.4

v1.0.3

This release has a bunch of fixes for bugs that people have sent in. It also has the starting work for versioning of clients with the new version command.

Bug Fixes

• Fix child dying on parent exit (caused by child using parents stdout/stderr)
• Check that shells in /etc/shell actually exist
• Properly remove webserver from mux when not in use
• Normalize client hostname when in fancy ls -t
• Increase initial timeout for ssh handshake for people who have to enter their ssh key password

Features

• New version command shows the current version of the server (git tag + git short hash)
• ls now shows client versions
• Improved multiplexer flood protection
• Add watch command, to show clients coming and going
• Add webhook support
• listen command can start/stop the rssh server port
• Makefile flag IGNORE will now cause clients to ignore all argv input
• authorized_keys now understands and respects the ssh from directive (allow/deny list for managing rssh clients)

Changes

• link expiry option removed as its not useful

Full Changelog: v1.0.2...v1.0.3

v1.0.2

This release adds a new subsystem (no, nothing to do with WSL) for windows, and a bug fix for the server.

• Adds windows service compatibility
• Adds subsystem to install and remove windows services
• Improve multi-protocol multiplexer (say that fast 5 times) to stop slow clients from deadlocking the server

The binary release are amd64 windows and linux binaries compiled with CGO and in debug.

v1.0.1

Small bump that fixes some rather important bugs.

• Fixes hostname normalization (hopefully once and for all)
• Fixes odd bug that would hang clients after multiple connections
• Adds sftp
• Adds setuid and setgid subsystem commands for linux

The binary release are amd64 windows and linux binaries compiled with CGO and in debug.

Full Changelog: v1.0.0...v1.0.1