You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+22-22Lines changed: 22 additions & 22 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ $ go get -v github.com/jpillora/chisel
21
21
* Easy to use
22
22
*[Performant](#performance)*
23
23
*[Encrypted connections](#security) using `crypto/ssh`
24
-
*[Authenticated connections](#authentication) using a users config file
24
+
*[Authenticated connections](#authentication), authenticate clients with a users config file, authenticate servers with fingerprint matching.
25
25
* Client auto-reconnects with [exponential backoff](https://github.com/jpillora/backoff)
26
26
* Client can create multiple tunnel endpoints over one TCP connection
27
27
* Server optionally doubles as a [reverse proxy](http://golang.org/pkg/net/http/httputil/#NewSingleHostReverseProxy)
@@ -78,7 +78,7 @@ and then visit [localhost:3000](http://localhost:3000/), we should see a directo
78
78
79
79
--port, Defines the HTTP listening port (defaults to 8080).
80
80
81
-
--key, An optional string to seed the generation of a ECC public
81
+
--key, An optional string to seed the generation of a ECDSA public
82
82
and private key pair. All commications will be secured using this
83
83
key pair. Share the resulting fingerprint with clients to prevent
84
84
man-in-the-middle attacks.
@@ -155,7 +155,7 @@ See also [programmatic usage](https://github.com/jpillora/chisel/wiki/Programmat
155
155
156
156
### Security
157
157
158
-
Encryption is enabled by default, when you start up a chisel server, it will generate an in-memory ECC public/private key pair. The public key fingerprint will be displayed as the server starts. Instead of always generating a random key, the server may optionally specify a key seed, using the `--key`, which will be used to seed the key generation. When clients connect, they will also display the server's public key fingerprint. The client can force a particular fingerprint using the `--fingerprint` option. See the `--help` above for more information.
158
+
Encryption is always enabled. When you start up a chisel server, it will generate an in-memory ECDSA public/private key pair. The public key fingerprint will be displayed as the server starts. Instead of generating a random key, the server may optionally specify a key seed, using the `--key` option, which will be used to seed the key generation. When clients connect, they will also display the server's public key fingerprint. The client can force a particular fingerprint using the `--fingerprint` option. See the `--help` above for more information.
159
159
160
160
### Authentication
161
161
@@ -184,29 +184,29 @@ Note, we're using an in-memory "file" server on localhost for these tests
184
184
*direct*
185
185
186
186
```
187
-
:3000 => 1 bytes in 1.008883ms
188
-
:3000 => 10 bytes in 543.198µs
189
-
:3000 => 100 bytes in 675.957µs
190
-
:3000 => 1000 bytes in 584.13µs
191
-
:3000 => 10000 bytes in 580.56µs
192
-
:3000 => 100000 bytes in 743.902µs
193
-
:3000 => 1000000 bytes in 1.962673ms
194
-
:3000 => 10000000 bytes in 19.192986ms
195
-
:3000 => 100000000 bytes in 158.428239ms
187
+
:3000 => 1 bytes in 1.440608ms
188
+
:3000 => 10 bytes in 658.833µs
189
+
:3000 => 100 bytes in 669.6µs
190
+
:3000 => 1000 bytes in 570.242µs
191
+
:3000 => 10000 bytes in 655.795µs
192
+
:3000 => 100000 bytes in 693.761µs
193
+
:3000 => 1000000 bytes in 2.156777ms
194
+
:3000 => 10000000 bytes in 18.562896ms
195
+
:3000 => 100000000 bytes in 146.355886ms
196
196
```
197
197
198
198
`chisel`
199
199
200
200
```
201
-
:2001 => 1 bytes in 1.190288ms
202
-
:2001 => 10 bytes in 1.17237ms
203
-
:2001 => 100 bytes in 821.369µs
204
-
:2001 => 1000 bytes in 1.029366ms
205
-
:2001 => 10000 bytes in 1.281065ms
206
-
:2001 => 100000 bytes in 2.14094ms
207
-
:2001 => 1000000 bytes in 9.538984ms
208
-
:2001 => 10000000 bytes in 86.500426ms
209
-
:2001 => 100000000 bytes in 814.630443ms
201
+
:2001 => 1 bytes in 1.393731ms
202
+
:2001 => 10 bytes in 1.002992ms
203
+
:2001 => 100 bytes in 1.082757ms
204
+
:2001 => 1000 bytes in 1.096081ms
205
+
:2001 => 10000 bytes in 1.215036ms
206
+
:2001 => 100000 bytes in 2.09334ms
207
+
:2001 => 1000000 bytes in 9.136138ms
208
+
:2001 => 10000000 bytes in 84.170904ms
209
+
:2001 => 100000000 bytes in 796.713039ms
210
210
```
211
211
212
212
~100MB in **0.8 seconds**
@@ -250,7 +250,7 @@ See more [test/](test/)
250
250
### Changelog
251
251
252
252
*`1.0.0` - Init
253
-
*`1.1.0` - Swapped out simple symmetric encryption for ECC SSH
253
+
*`1.1.0` - Swapped out simple symmetric encryption for ECDSA SSH
0 commit comments