What should be in your sish directory? I see there are 3 subdirs (ssl, keys, pubkeys). What did you use to generate these folders? Thanks

When using a TCP tunnel on sish I lost the original IP address because every request looks like they come from localhost.

The HAPROXY team developed the PROXY protocol to resolve that issue.

Would it be possible to implement the proxy protocol into sish for TCP tunnels? This would allow the applications that are compatible with the PROXY protocol to keep the original IP address.

I gathered some resources about the proxy protocol if you are interested:

• golang library for the proxy protocol: https://github.com/pires/go-proxyproto
• another golang library for the proxy protocol : https://github.com/armon/go-proxyproto

How to deploy sish on google app engine?

Now that there are admin features implemented with a basic admin interface, we probably want to make the UI/UX better than it currently is. I'm attaching some screenshots here of what the interface currently looks like:

• The generic admin page listing all connected clients and their respective tunnels. The unix sockets are included, but those are for handling the HTTP(S)/TCP aliasing (which can be disconnected from their respective entries).
  • The reason we use unix sockets is for allowing other applications running on the server host to interface with connected tunnels in a unix transparent way.

• The admin panel specifically for HTTP(S) tunnels.

The following command is giving "unknown shorthand flag: 's' in -sish.addr=:2222" error

docker run -itd --name sish \
  --net=host \
  -sish.addr=:2222 \
  -sish.https=:443 \
  -sish.http=:8080 \
  -sish.httpsenabled=false \
  -sish.httpspems=/ssl \
  -sish.keysdir=/pubkeys \
  -sish.pkloc=/keys/ssh_key \
  -sish.bindrandom=false \
  -sish.forcerandomsubdomain=false \
  -sish.domain=capcloud.live \
  -sish.password=sishcapcloud antoniomika/sish:latest``

I am new to linux and ssh port forwarding. I am using raspbian os for this "sish". Previously I have used SERVEO port forwarding to expose my port. As I found this alternative I tried to use sish.

my docker works well and I also have successfully installed sish according to the instruction. But the command "ssh -p 2222 -R 80:localhost:8080 ssi.sh" gives no response and any output. I am stuck here.

please help me to solve this.

The following output doesn't seem to honour the -sish.https=:8443 and -sish.http=:8080 parameters.

HTTP: http://sish-host.com:80
HTTPS: https://sish-host.com:443

I was actually looking for a way to remove the port if it uses the default 80/443.

How to make the tunnels persistent? I want them to run even after I exit from SSH. And also how can I create the tunnels at system startup?

hi @antoniomika,

not sure if its directly related to the software you've created but probably something obvious and I just can't figure this out.

I've configured sish on DO droplet (centos 7) using docker. Problem that I'm experiencing is a little bit weird.

Opened tunnel from my local machine port 6767 to remote server with sish. When I try to check the page in the browser, I'm seeing loading state of the tab for eternity. When I close tunnel, content of the page appears immediately.

Test page is a simple PHP script in one line which does echo and that's it, its working as it should when accessed directly.

It looks like browser sits and waits when connection will be closed by server. Same thing appears when I try to debug http connection with httpstat.

debug output of ssh client started with -vvv looks like this

Starting SSH Fowarding service for http:80. Forwarded connections can be accessed via the following methods:
HTTP: http://xxx:80
HTTPS: https://xxx:443
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug3: receive packet: type 90
debug1: client_input_channel_open: ctype forwarded-tcpip rchan 1 win 2097152 max 32768
debug1: client_request_forwarded_tcpip: listen localhost port 80, originator localhost port 80
debug2: fd 9 setting O_NONBLOCK
debug2: fd 9 setting TCP_NODELAY
debug1: connect_next: host 127.0.0.1 ([127.0.0.1]:6767) in progress, fd=9
debug3: fd 9 is O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: channel 1: new [localhost]
debug1: confirm forwarded-tcpip
debug3: channel 1: waiting for connection
debug1: channel 1: connected to 127.0.0.1 port 6767
debug3: send packet: type 91
debug2: channel 1: read<=0 rfd 9 len 0
debug2: channel 1: read failed
debug2: channel 1: chan_shutdown_read (i0 o0 sock 9 wfd 9 efd -1 [closed])
debug2: channel 1: input open -> drain
debug2: channel 1: ibuf empty
debug2: channel 1: send eof
debug3: send packet: type 96
debug2: channel 1: input drain -> closed
debug2: channel 1: rcvd adjust 175

When I try to setup ssh tunnel without using sish (on same server), everything works like a charm so its definitely not a server misconfiguration.

Thank you for your help in advance.

We want to setup a tunnel without the use of ssh session because we don't have a terminal/tty on client side (tunnel started as part of systemd) and pseudo tty seems to be not supported.

Steps to reproduce

1. Connect via : ssh -p 2222 -R test:80:localhost:9000 localhost -N
2. Perform a request HTTP request to http test.testing.ssi.sh:8081

Issues we see in light of our requirement:

1. SSHConnection.Messages chan blocks requests.handleRemoteForward if there is no session (chan consumer setup in handleSession)
2. Currently the connection management & architecture of sish relies on the fact that there is a session and as long as it is open, the tunnel is kept open.

We have the following questions:

1. Does our use case make sense? Would you be willing to add support for it
2. What changes would have to be done to the architecture to support it?
3. How could we help with implementing this (we are rather new new to go)

We have hacked around a bit with the code. By making the messages chan non-blocking and some small other tweaks we could at least get the tunnel to work. But we lack the ability to detect when a ssh connection is closed and then remove it.

How to run sish server on heroku?

The certificate expired 2 days ago. Not sure how it effects other users since I was using a self hosted instance. Thought I'd bring this up though!

Hey,

Great solution, trying to make it work. I have setup the pubkey and keys, but when I start the portforward then I got this.

  Starting SSH Fowarding service for http:80. Forwarded connections can be accessed via the following methods:
  HTTP: http://g5u.ssi.sh:80

I run following on the server.

  docker run -itd \
    -v ~/keys/priv:/keys \
    -v ~/keys/pub:/pubkeys \
    -e "DOMAIN=verstraeten.io" \
    --net=host antoniomika/sish:latest \
    -sish.httpsenabled=false \
    -sish.addr=:2222 \
    -sish.http=:80 \
    -sish.keysdir=/pubkeys 

From the client I run.

  ssh -p 2222 -R 80:localhost:3000 178.62.x.y

I have setup my DNS to support wildcards from (verstraeten.io -> 178.62.x.y) and I disabled the firewall for testing (ufw disable).

Any idea?

Kind regards
Cédric

Hello,
I use your server to expose my socket.io backend. I noticed that the Websocket communications do not work.
I have this error:

WebSocket connection to 'wss://backend.tunnel.hellomybot.io/socket.io/?EIO=3&transport=websocket&sid=5bfX1h9MO5yyIxkpAADU' failed: Error during WebSocket handshake: Unexpected response code: 403

Smartly socket.io uses another tech. So it's not blocking but it's problematic.

You can test this, with this client code:

const socket = io.connect("http://foo.ssi.sh", {transports: ["websocket"]});

Number of allowed sessions from authorized users -sish.noofallowedsessions
-sish.auth Whether or not to require auth on the SSH service
-sish.pkloc string SSH server private key (default "keys/ssh_key")

or allowed sessions per key/named tunnel configured from key file?

You can choose your own subdomain instead of relying on a randomly assigned one by setting the -sish.bindrandom option to false and then selecting a subdomain by prepending it to the remote port specifier:

should be:
-sish.forcerandomsubdomain=false

Is possible to add 443 as an alternative port for people without 22 port access (like in public WIFI)?

The release builds do not contains the html templates, and sish cannot start.

Support SSH remote address setting to force a specific subdomain:

i.e. ssh -R foo:80:localhost:80 ssi.sh will allocate foo.ssi.sh as long as it is available.

is the specific location where this comes into play. Just needs to be set around this piece of code:

Hi @antoniomika,

can you add versions to your binaries and Docker images to track changes?

Error from the log: "The subdomain foo.bar.com is unavailable. Assigning a random subdomain".

The subdomain foo was used earlier and ssh connection was lost, but sish assumes it is still in use.

Suggested features:
kill tunnel, list of active tunnels, number of active tunnels, info about specified tunnel (like in log - 2019/12/14 - 19:34:00 | host.com | 200 | 6.792909ms | ip | GET /api/v2/test) ,tunnel stats with bytes in/out , list of dropped tunnels with timestamp and reason

How can I change ssi.sh domain name and deploy on custom domain name or use server IP address instead?

Hello,

I our deployment, Sish listens on port 443, but it is behind a firewall that does a PAT on port 30443.
It would be nice to have a new option, something like -sish.https_access=30443 (or a better name).
This wouldn't change any of the operations done by Sish, it would just change the message when connection is done:

HTTP requests for 80 and **30443** can be reached on host: <hidden>
Press Ctrl-C to close the session.

Recent error found in demo instance:

panic: send on closed channel

goroutine 4128 [running]:
main.main.func4.1(0xc00024f380, 0xc000150880)
	/usr/local/go/src/github.com/antoniomika/sish/main.go:152 +0xa1
created by main.main.func4
	/usr/local/go/src/github.com/antoniomika/sish/main.go:142 +0x2d2

In regards to this change:

A quick fix for this would be to change this function to have

select {
case <-holderConn.Close:
	return
default:
	holderConn.Messages <- "No forwarding requests sent. Closing connection."
	time.Sleep(1 * time.Millisecond)
	holderConn.CleanUp(state)
}

or similar. A quick fix in the meantime would be to start the process with -sish.cleanupunbound=false

Hello sir
How can i use this application without Docker on ubuntu please.Is there any init.d script too.How many tunnels at a time can be used sir.

Currently bindrange does nothing if bindrandom=true, it would be good if when bindrange is specified bindrandom allocates one of the unused ports in that range. This makes it easier for firewall rules since we don't have to open a massive range and we can still have a random port assigned.

Currently my work around is to generate a random port in bash and assign that to the SSH command.

Hey, love the project and mostly working well! I have got the server up and running (currently on an AWS EC2 instance). I can connect to it from all of the following with a standard ssh -oStrictHostKeyChecking=no -p 2222 -R ben:80:localhost:80 sish-host.com

• Remote CentOS Server
• Windows PowerShell
• Local docker container (docker exec -it xxxxxxx sh)

But the second I run this within a container (docker run or compose), it just fails. I've tried just about everything I could think of, but can't work it out. This is the ssh -v output

debug1: Reading configuration data /etc/ssh/ssh_config
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Connecting to sish-host.com [99.99.99.99] port 2222.
debug1: Connection established.
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: identity file /root/.ssh/id_ed25519 type -1
debug1: identity file /root/.ssh/id_ed25519-cert type -1
debug1: identity file /root/.ssh/id_xmss type -1
debug1: identity file /root/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version Go
debug1: no match: Go
debug1: Authenticating to sish-host.com:2222 as 'root'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
debug1: checking without port identifier
Warning: Permanently added '[sish-host.com]:2222,[99.99.99.99]:2222' (RSA) to the list of known hosts.
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /root/.ssh/id_rsa
debug1: Will attempt key: /root/.ssh/id_dsa
debug1: Will attempt key: /root/.ssh/id_ecdsa
debug1: Will attempt key: /root/.ssh/id_ed25519
debug1: Will attempt key: /root/.ssh/id_xmss
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentication succeeded (none).
Authenticated to sish-host.com ([99.99.99.99]:2222).
debug1: Remote connections from ben:80 forwarded to local address localhost:80
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
Press Ctrl-C to close the session.
Starting SSH Fowarding service for http:80. Forwarded connections can be accessed via the
following methods:
HTTP: http://ben.sish-host.com:80
HTTPS: https://ben.sish-host.com:443
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 2 clearing O_NONBLOCK
Connection to sish-host.com closed by remote host.
Transferred: sent 1700, received 1512 bytes, in 0.0 seconds
Bytes per second: sent 42334.2, received 37652.5
debug1: Exit status -1
sish_1 exited with code 255

This is the server-side

15:44:05 Accepted SSH connection for: 44.44.44.44:58208
15:44:05 Main Channel Info session
15:44:05 Handling session for connection: &{session [] 0 0 32768 32768 0xc000162a10 true 0 0xc000205740 {0 0} 0xc0002056e0 false {0xc00014be40 2097152 0 false} 0xc000208f00 0xc000208f40 {0 0} 2097152 {0 0} false map[]}
15:44:05 Main Request Info tcpip-forward true benP
15:44:05 Error trying to write message to socket: read tcp 10.0.2.4:2222->44.44.44.44:58208: use of closed network connection
15:44:05 Closed SSH connection for: 44.44.44.44:58208 user: root
15:44:13 =======Start=========
15:44:13 ===Goroutines=====
15:44:13 10
15:44:13 ===Listeners======
15:44:13 [::]:2222 &{0xc0000cf500 {<nil> 0}}
15:44:13 ===Clients========
15:44:13 ===HTTP Clients===
15:44:13 ========End==========

Where 99.99.99.99 is sish on the EC2 server and 44.44.44.44 is my local IP.

I have been using this as a basis https://github.com/jacobtomlinson/docker-serveo. It works fine with my serveo instance on the same 99.99.99.99 server. For the purposes of testing, I created a minimal Dockerfile, which is confirmed and working with Serveo, but not with sish.

FROM alpine:3

RUN apk --no-cache add openssh
ENTRYPOINT ["ssh", "-v", "-oStrictHostKeyChecking=no", "-p", "2222", "-R", "ben:80:localhost:80", "sish-host.com"]

Here are my sish params

      -sish.addr=:2222
      -sish.auth=false
      -sish.https=:443
      -sish.http=:80
      -sish.httpsenabled=true
      -sish.httpspems=/etc/letsencrypt/live/sish-host.com
      -sish.keysdir=/pubkeys
      -sish.password=""
      -sish.pkloc=/keys/ssh_key
      -sish.bindrandom=false
      -sish.domain=sish-host.com
      -sish.forcerandomsubdomain=false
      -sish.debug=true

If I can do anything to support, please let me know. Thanks again!

It would be nice to have the option to append the SSH username to the subdomain.
This way a multi-user team that works on the same project could use the same subdomain and would not get a random hosts assigned.

Example (current):

• User Alice wants to expose "project" and receives project.ssi.sh
• User Bob wants to expose "project" and receives 52f.ssi.sh

The next day Bob wakes up early:

• User Bob wants to expose "project" and receives project.ssi.sh
• User Alice wants to expose "project" and receives 7km.ssi.sh

=> Links / webhooks etc. for both of them are broken

Example (proposal):

• User Alice wants to expose "project" and receives project-alice.ssi.sh
• User Bob wants to expose "project" and receives project-bob.ssi.sh

This feature would be opt-in per instance and ensures, that a developer does not always need to care of making the hostname unique enough in order to receive a stable hostname. Of course there is no garantuee and the fallback will still generate a random hostname. But this will decrease the likelihood of collisions.

Is there a way to use it on Windows 7+ without Docker?

2019/09/01 20:35:22 [Recovery] 2019/09/01 - 20:35:22 panic recovered:
GET /include/Orbitron700.woff HTTP/2.0
Host: bule40.ip2.io
Accept: /
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Origin: https://bule40.ip2.io
Referer: https://bule40.ip2.io/include/base.css
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36
X-Forwarded-Proto: https

net/http: abort Handler
/root/go/src/net/http/httputil/reverseproxy.go:309 (0x8300a3f)
(*ReverseProxy).ServeHTTP: panic(http.ErrAbortHandler)
/root/goworkspace/pkg/mod/github.com/gin-gonic/[email protected]/utils.go:48 (0x853d6cd)
WrapH.func1: h.ServeHTTP(c.Writer, c.Request)
/root/sish/http.go:113 (0x85570b9)
startHTTPHandler.func2: gin.WrapH(proxy)(c)
/root/goworkspace/pkg/mod/github.com/gin-gonic/[email protected]/context.go:108 (0x852f7e4)
(*Context).Next: c.handlersc.index
/root/goworkspace/pkg/mod/github.com/gin-gonic/[email protected]/recovery.go:48 (0x853d509)
RecoveryWithWriter.func1: c.Next()
/root/goworkspace/pkg/mod/github.com/gin-gonic/[email protected]/context.go:108 (0x852f7e4)
(*Context).Next: c.handlersc.index
/root/goworkspace/pkg/mod/github.com/gin-gonic/[email protected]/logger.go:84 (0x853cb16)
LoggerWithWriter.func1: c.Next()
/root/goworkspace/pkg/mod/github.com/gin-gonic/[email protected]/context.go:108 (0x852f7e4)
(*Context).Next: c.handlersc.index
/root/sish/http.go:40 (0x8556a72)
startHTTPHandler.func1: c.Next()
/root/goworkspace/pkg/mod/github.com/gin-gonic/[email protected]/context.go:108 (0x852f7e4)
(*Context).Next: c.handlersc.index
/root/goworkspace/pkg/mod/github.com/gin-gonic/[email protected]/gin.go:397 (0x85366ab)
serveError: c.Next()
/root/goworkspace/pkg/mod/github.com/gin-gonic/[email protected]/gin.go:390 (0x853647b)
(*Engine).handleHTTPRequest: serveError(c, http.StatusNotFound, default404Body)
/root/goworkspace/pkg/mod/github.com/gin-gonic/[email protected]/gin.go:326 (0x8535ff9)
(*Engine).ServeHTTP: engine.handleHTTPRequest(c)
/root/go/src/net/http/server.go:2774 (0x82d7293)
serverHandler.ServeHTTP: handler.ServeHTTP(rw, req)
/root/go/src/net/http/server.go:3323 (0x82d88bc)
initNPNRequest.ServeHTTP: h.h.ServeHTTP(rw, req)
/root/go/src/net/http/h2_bundle.go:5688 (0x82b3fbc)
(*http2serverConn).runHandler: handler(rw, req)
/root/go/src/runtime/asm_386.s:1321 (0x8099860)
goexit: BYTE $0x90 // NOP

[GIN] 2019/09/01 - 20:35:22 | 500 | 19.199853728s | 106.77.180.107 | GET /include/Orbitron700.woff

It would be handy if we logged the new connections on the server-side.

Something like log.Printf("HTTP forwarding started: http://%s:%d -> %s", host, *httpPort, chanListener.Addr().String()) after requestMessages += fmt.Sprintf("HTTP: http://%s:%d\r\n", host, *httpPort) on line 129 of requests.go (not sure we need anything extra for HTTPS, but might be useful).

I guess we should also do something similar around the TCP handling a few lines later.

Hello，Will you support arm64?

Hello @antoniomika,

Can you add TCP aliases to your great tool? I found this functionality by another tool.
Here are examples to explain what I want:

• Create a TCP tunnel with alias: ssh -p 2222 -R myalias:22:localhost:22 ssi.sh
• Connect to the tunnel: ssh -o ProxyCommand="ssh -W myalias:22 -p 2222 ssi.sh" user@myalias

I see a lot of advantages to this approach:

• use the same port to create TCP tunnels
• TCP tunnels could be named like subdomains for HTTP(S)

1. As noted in #46, could we remove the port if it is the standard 80 or 443
2. Could we remove scrap Starting SSH Forwarding service for http:80. as it is essentially repeated when the endpoints are announced
3. Could update Forwarded connections can be accessed via the following methods: to Forwarding HTTP/TCP traffic from: and colour it and the following lines green? 😄 😆

So the output would look something like the following (sorry for the misuse of diff formatting haha)

# Press Ctrl-C to close the session.
+ Forwarding HTTP traffic from:
+ HTTP: http://abc.sish-host.com
+ HTTPS: https://abc.sish-host.com

Or even slicker with

# Press Ctrl-C to close the session.
+ Forwarding HTTP traffic from http://abc.sish-host.com and https://abc.sish-host.com

I'm running sish with the command

docker run -it --name sish \
 -v ~/sish/ssl:/ssl \
 -v ~/sish/keys:/keys \
 -v ~/sish/pubkeys:/pubkeys \
 --net=host antoniomika/sish:latest \
 -sish.addr=:8080 \
 -sish.https=:443 \
 -sish.http=:80 \
 -sish.httpsenabled=true \
 -sish.httpspems=/ssl \
 -sish.keysdir=/pubkeys \
 -sish.pkloc=/keys/ssh_key \
 -sish.bindrandom=false \
 -sish.domain=micro.mydomain.com \
 -sish.forcerandomsubdomain=false

on a Google Cloud always free vm instance and make a forwarding request with ssh -p 8080 -R foo:80:localhost:8082 micro.mydomain.com but get a 404 when trying to visit foo.micro.mydomain.com.

@sardaukar @antoniomika
ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60 -R 80:localhost:1111 ssi.sh > link.url 2> /dev/null &

I get output in link.url file but ssh connection closed after outputting link.
SSH does not close if I use serveo.net with 2> /dev/null &.

I want the output but at the same time ssh should not close.

Hi, I created a tunnel using 22000 as ssh port in my client machine. I exited the session and I used the same port in another machine, but now I am not able to ssh the machine. I am not able to reallocate the port previously used.

I hosted my sish server on my aws server.

Is there any free host other than AWS or GCP or Digitalocean? Some PaaS on which sish works?

I wanted to try the demo as mentioned in the README.md but fail to do so:

$ ssh -p 2222 -R 80:localhost:8080 ssi.sh
ssh: connect to host ssi.sh port 2222: Connection refused
$ ssh -p 22 -R 80:localhost:8080 ssi.sh
The authenticity of host 'ssi.sh (206.81.15.43)' can't be established.
RSA key fingerprint is SHA256:23rmQ2ZJeHxivPDcv9xKeas2/KS419hovKJiKPlcdLE.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ssi.sh,206.81.15.43' (RSA) to the list of known hosts.
Authentication failed.
$ ssh -R 80:localhost:8080 ssi.sh
[email protected]'s password: 
Authentication failed.

I am also surprised it did not ask for a password the 1st time I tried port 22.

Hello
-sish.bindrandom = flase is not the correct one as in Readme sish.bindrandom", true, "Bind ports randomly (OS chooses)"

own subdomain Correct -sish.forcerandomsubdomain =false (Whether or not to force a random subdomain)

Thank you for the excellent project.Thanks again

Will sish work on Clever Cloud?

Hello,

When Sish is accessed on the HTTPs port, the X-Forwarded-Proto: https header should be added to the request to the upstream server.
This allows the upstream server to know that the connection is secured with HTTPs, even if the last connection (from Sish to upstream) is not.

Hi there,

thanks for the work that you put into this project!

I just wanted to have a look at the console but actually I can't seem to find any information about how to access it.

I have set these parameters which should hopefully activate it:

-sish.adminenabled=true
-sish.admintoken=1234ABCD
-sish.serviceconsoleenabled=true

How would I access the console?

I have seen some routes in the code which may imply that it is accessed by adding /_sish/console to the URL. But there I only get an error 404.

Any help is highly appreciated. Thanks

Sep 30 15:52:06 OS001 sudo[1719]: Can't load file go.mod as public key: ssh: no key found
Sep 30 15:52:06 OS001 sudo[1719]: Can't load file go.sum as public key: ssh: no key found
Sep 30 15:52:06 OS001 sudo[1719]: Can't load file handle.go as public key: ssh: no key found
Sep 30 15:52:06 OS001 sudo[1719]: Can't load file http.go as public key: ssh: no key found
Sep 30 15:52:06 OS001 sudo[1719]: Can't load file main.go as public key: ssh: no key found
Sep 30 15:52:06 OS001 sudo[1719]: Can't load file requests.go as public key: ssh: no key found
Sep 30 15:52:06 OS001 sudo[1719]: Can't load file sish as public key: ssh: no key found
Sep 30 15:52:06 OS001 sudo[1719]: Can't load file utils.go as public key: ssh: no key found
Sep 30 15:52:06 OS001 sudo[1719]: Starting SSH service on address: :22
Sep 30 15:52:07 OS001 sudo[1719]: Generated RSA Keypair

A user on IRC mentioned it would be nice to add Automatic LE wildcard certs for sish. I originally had given this some time, in thinking that it would be best implemented in sish itself. Soon I was bogged down by the complexity users would face doing automated wildcard challenges which require programmatic DNS access.

They however mentioned the use of docker-compose with certbot to handle this situation, which I believe is the much better solution. Preliminary research shows adferrand/docker-letsencrypt-dns as a viable candidate for achieving this. It uses Lexicon to handle all of the DNS challenges, which hopefully means that most services are supported.

For some examples of what this could look like (haven't been tested yet, from adferrand/dnsrobocert#41):

The loadCerts function iterates only twice over the public key file and as such will only support a maximum of two keys per file.

The function should iterate over the file as long as new keys are found to support any amount of keys per file.

SISh is crashing a lot .It's not stable as serveo.net. Time to Time it crashes and generate new keys sir is it possible to use the same old generated keys from SISH instead of new keys from SISH when it restart.

query /?test=test
Will become to /?test=test&test=test

Hello sir
is it possible to use SISH with nginx possible please