jmarya/knowledge
jmarya/knowledge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

update chisel

Browse source
This commit is contained in:
JMARyA 2024-03-18 10:14:15 +01:00
parent c7a3ff7723
commit 238ce6b7ca
Signed by: jmarya
GPG key ID: 901B2ADDF27C2263
1 changed files with 36 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
technology/applications/cli/network/chisel.md
View file

@ -1,7 +1,7 @@
--- ---
obj: application obj: application
repo: https://github.com/jpillora/chisel repo: https://github.com/jpillora/chisel
rev: 2024-03-15 rev: 2024-03-17
--- ---
# chisel # chisel
@ -82,11 +82,44 @@ When stdio is used as local-host, the tunnel will connect standard input/output
| `--pid` | Generate pid file in current working directory | | `--pid` | Generate pid file in current working directory |
| `-v` | Enable verbose [logging](../../../dev/Log.md) | | `-v` | Enable verbose [logging](../../../dev/Log.md) |
### Security ## Security
Encryption is always enabled. When you start up a chisel server, it will generate an in-memory ECDSA public/private key pair. The public key fingerprint ([base64](../../../files/Base64.md) encoded [SHA256](../../../cryptography/SHA.md)) will be displayed as the server starts. Instead of generating a random key, the server may optionally specify a key file, using the `--keyfile` option. When clients connect, they will also display the server's public key fingerprint. The client can force a particular fingerprint using the `--fingerprint` option. Encryption is always enabled. When you start up a chisel server, it will generate an in-memory ECDSA public/private key pair. The public key fingerprint ([base64](../../../files/Base64.md) encoded [SHA256](../../../cryptography/SHA.md)) will be displayed as the server starts. Instead of generating a random key, the server may optionally specify a key file, using the `--keyfile` option. When clients connect, they will also display the server's public key fingerprint. The client can force a particular fingerprint using the `--fingerprint` option.
### Authentication ## Authentication
Using the `--authfile` option, the server may optionally provide a `user.json` configuration file to create a list of accepted users. The client then authenticates using the `--auth` option. See [users.json](https://github.com/jpillora/chisel/blob/master/example/users.json) for an example authentication configuration file. Using the `--authfile` option, the server may optionally provide a `user.json` configuration file to create a list of accepted users. The client then authenticates using the `--auth` option. See [users.json](https://github.com/jpillora/chisel/blob/master/example/users.json) for an example authentication configuration file.
Internally, this is done using the _Password_ authentication method provided by [SSH](../../network/SSH.md). Internally, this is done using the _Password_ authentication method provided by [SSH](../../network/SSH.md).
## [Systemd](../../../linux/systemd/Systemd.md) Unit
Client:
```
[Unit]
Description=Chisel Port Forwarding Service
After=network.target
[Service]
Type=simple
ExecStart=chisel client --auth <auth> <server> <forward>
Restart=always
[Install]
WantedBy=multi-user.target
```
## [Docker Compose](../../../tools/Docker%20Compose.md)
Server:
```yml
version: "3"
services:
chisel:
image: jpillora/chisel
command: "server --reverse --authfile /users.json"
environment:
- HOST=0.0.0.0
- PORT=8080
ports:
- 8080:8080 # Proxy
volumes:
- ./users.json:/users.json
restart: unless-stopped
```