nodesh-server v1.0.7

NodeSH-Server

A Node.js Secure Shell Access server that provides :

• Secure Shell Access
• Encrypted Download
• Encrypted Upload

using Nodejs + Diffie-Hellman key exchange + AES encryption

wroks on Windows, macOS, Linux

Table of Contents

• Installation
• API
  • Key Exchange
  • Send Requests To Server
    • Authentication Fields
    • cmd , cmdIn , tray
    • download , upload
  • Server Response
    • cmd , cmdIn , tray , screen , upload
    • download
• Contribution

Installation

To install this package, simply run :

npm install nodesh-server

To run the server, run npm start

Do not forget to set the host IP address or domain name in configuration file ('./config/index.js'), Consider that username and password in this file, should be the same on server and client machines in order to connect.

API

You can use NodeSH-Client to connect and communicate with NodeSH-Server but if you prefer to write a client yourself, here is the API :

Key Exchange

Since client is the connection starter, first you should calculate Generator, Prime and Client Public Key and post them to Key Exchange Port of server setted in configuration file, field names should be as follows :

P = PRIME
G = GENERATOR
public = CLIENT_PUBLIC

Server will calculate its own public key and send back a JSON object containing Generator (you sent), Prime (you sent) and Server Public Key as response

{
    public: SERVER_PUBLIC,
    P: PRIME,
    G: Generator
}

Finally you grab the Server Public Key, calculate Secret Key and keep it somewhere, now secure connection is established

Consider the Prime BitLength and Encryption Algorithm setted in configuration file should be the same on both sides

Send Requests To Server

To send requests to server, you should send a POST Request with values Encrypted using the secret key you exchanged in 'Key Exchange' API

First three fields are authentication fields. You should send user and pass fields together or sessionCode field. The rest are based on the Usage Type :

• Authentication Fields

  • user : The username. Will be compared with username setted in configuration file on server. consider this is not necessary if a session code exists
  • pass : The password. Will be compared with password setted in configuration file on server. consider this is not necessary if a session code exists
  • sessionCode : The session code. Will be compared with the session code stored in a variable server side. Session code will be returned in response after every time you send a request to server. So you should use user and pass fields at first requests and grab the session code from response. Once you caught session code, you can send it instead of user and pass

• cmd , cmdIn , tray

  • type : Command type. Should be one of valid Command Usage Types mentioned in Client Guide (cmd, cmdIn and tray)
  • command : The command to be executed on server

• download , upload

  • path : A file path on server to be downloaded
  • dest : A file path on server to save uploaded file
  • enc : Determines if file should be encrypted during transfer
  • file : Supplies a readable stream to send file to server. Consider you should use multipart/form-data to send stream and necessary fields beside

Consider, To request server to take an screenshot and send it back Encrypted, only Authentication Fields are necessary

Also Remember that any request should be sendt to its own port setted in configuration file

Server Response

Server's respond will differ based on usage type :

• cmd , cmdIn , tray , screen , upload

  Response will be a JSON object in the following format :

      {
          sessionCode: SESSION_CODE,
          auth: TRUE|FALSE,
          message: RESPONSE_MESSAGE
      }

  sessionCode is the session code to use in further requests for authentication

  auth says whether authentication succeeded (true) or failed (false)

  message is the main response from server, it contains response data

  Consider you might get several JSON objects during a connection until it ends. So you might want to add chunks to a string until it become a valid JSON, then do whatever you want with JSON object (after decryption), empty the string and do these again until connection ends

• download

  Response will be a JSON object first, formatted in the exact same way as above. Then if the message in response JSON is the string 'stream'then next chunks will be the file from server, otherwise, something has went wrong and message describes the problem, no further chunks will arrive and connection will end

Contribution

This project was born in my very first days in node.js and at first, was actually something fun to do after I studied more and earned a better understanding of computer networks and network security. Recently I beautified it, changed some algorithms, added some new features and finally uploaded on Github. it might still have some bugs or issues to be solved so feel free to open issues if detected

Besides, there are many other cool features to add to this project