update doc

tls
Dingjun 7 years ago
parent fb6c630cec
commit 4a182a8ef7

@ -1,38 +1,39 @@
package obfssh package obfssh
/* /*
Package obfssh is wrapper for ssh protocol, use AES or RC4 to encrypt the transport data, Package obfssh is wrapper for ssh protocol, support connect to server via TLS
ssh is a good designed protocol and with the good encryption, but the protocol has a especially figerprint,
the firewall can easily identify the protocol and block it or QOS it, especial when we use its port forward function to escape from the state censorship.
obfssh encrypt the ssh protocol and hide the figerprint, the firewall can not identify the protocol.
We borrow the idea from https://github.com/brl/obfuscated-openssh, but not compatible with it,
beause the limitions of golang ssh library.
server usage example server usage example
import "github.com/fangdingjun/obfssh" import "github.com/fangdingjun/obfssh"
import "golang.org/x/crypto/ssh" import "golang.org/x/crypto/ssh"
// key for encryption
obfs_key := "some keyword"
// encrypt method
obfs_method := "rc4"
config := &ssh.ServerConfig{ config := &ssh.ServerConfig{
// add ssh server configure here // add ssh server configure here
// for example auth method, cipher, MAC // for example auth method, cipher, MAC
... ...
} }
l, err := net.Listen(":2022") var l net.Listener
c, err := l.Accept() var err error
if useTLS {
sc, err := obfssh.NewServer(c, config, obfs_method, obfs_key) cert, err := tls.LoadX509KeyPair(certFile, keyFile)
l, err = tls.Listen("tcp", ":2022", &tls.Config{
sc.Run() Certificates: []tls.Certificate{cert},
})
}else{
l, err = net.Listen(":2022")
}
defer l.Close()
for{
c, err := l.Accept()
go func(c net.Conn){
defer c.Close()
sc, err := obfssh.NewServer(c, config, &obfssh.Conf{})
sc.Run()
}(c)
}
client usage example client usage example
@ -42,22 +43,26 @@ client usage example
addr := "localhost:2022" addr := "localhost:2022"
// key for encryption
obfs_key := "some keyword"
// encrypt method
obfs_method := "rc4"
config := ssh.ClientConfig{ config := ssh.ClientConfig{
// add ssh client config here // add ssh client config here
// for example auth method // for example auth method
... ...
} }
c, err := net.Dial("tcp", addr) var c net.Conn
var err error
if useTLS{
c, err = tls.Dial("tcp", addr, &tls.Config{
ServerName: "localhost",
InsecureSkipVerify: true,
})
}else{
c, err = net.Dial("tcp", addr)
}
// create connection // create connection
client, err := obfssh.NewClient(c, config, addr, obfs_method, obfs_key) client, err := obfssh.NewClient(c, config, addr, &obfssh.Conf{})
// local to remote port forward // local to remote port forward
client.AddLocalForward(":2234:10.0.0.1:3221") client.AddLocalForward(":2234:10.0.0.1:3221")

Loading…
Cancel
Save