nodesh-server v1.0.7
NodeSH-Server
A Node.js Secure Shell Access server that provides :
- Secure Shell Access
- Encrypted Download
- Encrypted Upload
using Nodejs + Diffie-Hellman key exchange + AES encryption
wroks on Windows, macOS, Linux
Table of Contents
Installation
To install this package, simply run :
npm install nodesh-server
To run the server, run npm start
Do not forget to set the host IP address or domain name in configuration file ('./config/index.js'), Consider that username and password in this file, should be the same on server and client machines in order to connect.
API
You can use NodeSH-Client to connect and communicate with NodeSH-Server but if you prefer to write a client yourself, here is the API :
Key Exchange
Since client is the connection starter, first you should calculate Generator, Prime and Client Public Key and post them to Key Exchange Port of server setted in configuration file, field names should be as follows :
P = PRIME
G = GENERATOR
public = CLIENT_PUBLIC
Server will calculate its own public key and send back a JSON object containing Generator (you sent), Prime (you sent) and Server Public Key as response
{
public: SERVER_PUBLIC,
P: PRIME,
G: Generator
}
Finally you grab the Server Public Key, calculate Secret Key and keep it somewhere, now secure connection is established
Consider the Prime BitLength and Encryption Algorithm setted in configuration file should be the same on both sides
Send Requests To Server
To send requests to server, you should send a POST Request with values Encrypted using the secret key you exchanged in 'Key Exchange' API
First three fields are authentication fields. You should send user and pass fields together or sessionCode field. The rest are based on the Usage Type :
Authentication Fields
- user : The username. Will be compared with username setted in configuration file on server. consider this is not necessary if a session code exists
- pass : The password. Will be compared with password setted in configuration file on server. consider this is not necessary if a session code exists
- sessionCode : The session code. Will be compared with the session code stored in a variable server side. Session code will be returned in response after every time you send a request to server. So you should use user and pass fields at first requests and grab the session code from response. Once you caught session code, you can send it instead of user and pass
cmd , cmdIn , tray
- type : Command type. Should be one of valid Command Usage Types mentioned in Client Guide (cmd, cmdIn and tray)
- command : The command to be executed on server
download , upload
- path : A file path on server to be downloaded
- dest : A file path on server to save uploaded file
- enc : Determines if file should be encrypted during transfer
- file : Supplies a readable stream to send file to server. Consider you should use multipart/form-data to send stream and necessary fields beside
Consider, To request server to take an screenshot and send it back Encrypted, only Authentication Fields are necessary
Also Remember that any request should be sendt to its own port setted in configuration file
Server Response
Server's respond will differ based on usage type :
cmd , cmdIn , tray , screen , upload
Response will be a JSON object in the following format :
{ sessionCode: SESSION_CODE, auth: TRUE|FALSE, message: RESPONSE_MESSAGE }
sessionCode is the session code to use in further requests for authentication
auth says whether authentication succeeded (true) or failed (false)
message is the main response from server, it contains response data
Consider you might get several JSON objects during a connection until it ends. So you might want to add chunks to a string until it become a valid JSON, then do whatever you want with JSON object (after decryption), empty the string and do these again until connection ends
download
Response will be a JSON object first, formatted in the exact same way as above. Then if the message in response JSON is the string 'stream'then next chunks will be the file from server, otherwise, something has went wrong and message describes the problem, no further chunks will arrive and connection will end
Contribution
This project was born in my very first days in node.js and at first, was actually something fun to do after I studied more and earned a better understanding of computer networks and network security. Recently I beautified it, changed some algorithms, added some new features and finally uploaded on Github. it might still have some bugs or issues to be solved so feel free to open issues if detected
Besides, there are many other cool features to add to this project