Hacker News new | past | comments | ask | show | jobs | submit login

It's kinda hard to tell what this actually does and why you'd want to use it. Is it an SSH alternative that punches through NAT?



Also having a hard time groking it, but from the README looks like maybe the equivalent to setting up a TOR node to front an ssh daemon and routing a shell through the onion network to get to a host behind a NAT.

Edit:

Ah yes, that appears to be exactly what they're doing. Looks like they're using a DHT for peer discovery and using nodes in the network as rendezvous points to get through NAT: https://github.com/holepunchto/hypershell/blob/main/lib/clie...

The code is incredibly straightforward for what it is doing. Expected the ./lib folder to be a lot more intimidating.


It seems interesting, but I’m having a hard time imagining what an appealing use case would be.


I'm thinking the same thing. Is there some kind of circumstance where I'd want to use this instead of SSH? I'm hardly inclined to fix what isn't broken at the best of times, but the p2p element just seems weirdly superfluous.


It would seem useful to control a large botnet of compromised hosts.


Opening shells on cellular devices perhaps, almost always they'll be on NAT, on an unfixed IP, which you can't port forward through.


Accessing a “home computer” behind a NAT you don’t control or has a dynamic IP, eg. computers/devices that only have mobile connection and many (most?) broadband home connections.


I sometimes need to connect to a CI runner to debug some CI build script. I made a (quick hack of a) tool [0] for doing that by creating an Onion service on the runner listening to SSHD, and printing a one-liner I can paste on my dev machine to connect to it via Tor. This sounds like basically the same idea, but using a DHT and hole punching instead of onion routing.

[0] https://github.com/milesrichardson/shonion


Nodes that are behind unconfigurable CGNATs usually have IPv6. So DDNS + listening on v6 + PMP could achieve same.


*and if you don’t want to sign up for DDNS :)


Seems so: I like the idea. Would be, however, to integrate with mosh [1] and feel much better if there was a well audited SSH implementation beneath the hole punching and rendezvous layer.

[1] https://github.com/mobile-shell/mosh




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: