Anonymous SSH
anonssh builds a mini jail on FreeBSD.
It can be used to launch terminal-based applications in a constrained environment that has nothing other than your application, and its runtime dependencies. The application can be accessed over a publically accessible sshd instance.
The jail includes only the files needed to run a single program
behind sshd. The sshd instance locks the user into the given program
via ForceCommand.
Quick start
bootstrap
Bootstrap a mini jail with only what your program needs. This command discovers shared libraries, sets up device nodes, generates SSH host keys, and installs only the dependencies your program needs.
$ anonssh bootstrap -p /path/to/jail -b /path/to/binary| Option | Description |
|---|---|
-p PATH |
Jail root directory. |
-b BINARY |
The program to run over SSH. |
-u USER |
SSH username. Defaults to anonssh. |
-f FILE |
File listing extra files to copy into the jail, one per line. |
serve
Start the jail with sshd running. The jail inherits the host network and binds sshd to port 22.
$ anonssh serve -n jailname -p /path/to/jail| Option | Description |
|---|---|
-n NAME |
Jail name. |
-p PATH |
Jail root directory. |
Network
The jail shares the host network stack with ip4: inherit
and its sshd binds to port 22. The host should run its own sshd on a
different port, such as 2222, to avoid conflicts.
Build
Prerequisite: an mruby checkout in a sibling ../mruby
directory.
$ make
$ make install