Seems cute. Might be a fun gadget to host on a Pi or whatnot.

> Hand-written in x86_64 assembly language

Oh.

Not sure if cross-internet capable communication tools constitutes the "worst" example of hand written assembly, exactly, but... yeah, it has to be up there. I'm sure it was fun to hack, though.

The only thing really worse there is that the number of people who could audit the code is much smaller. That guy wrote a whole SSL library in assember, so he probably didn't just finish some assembler tutorial and decided this was a good first lil project.

Assember is usually just considered bad/dangerous by people who have no clue about it and consider it something magical. It's not. At least not significantly more dangerous than C, which is still the language the most fundamental components of everyday computing are based on.

No, I think portability is definitely the worst thing. It's a communication tool. It's perfectly reasonable to want to run this on your Pi or your phone or in your browser or your IoT device of the week. And you can't because of an implementation choice.

I'm certainly not afraid of machine code, I actually get paid to write it. But this just isn't a good choice technically. Though it's impressive and like I said was surely a lot of fun and worth showing off.

Ah yes, I'm probably too focused on just x86 desktop/server with my everyday work that this didn't even occur to me, so I assumed you were meaning to refer to maintainability/security.

This is some bloke's project and he decided to code it in the tool he was either most comfortable with or wanted to glean exercise on. If you want to take inspiration from his work and write an analogous program in ARM assembler for the amusement of running it on whichever device most amuses you, you're free to read his code, learn from it, and then go off to re-implement it in a steam-powered balanced-ternary analytical engine, if you so please.

Please. We are in a world where heartbleed happen, as well as an untold number of buffer over flow / memory management vulnerabilities through the years. Companies have spent millions developing languages like Rust and Go to replace C & C++ in more security sensitive applications. Assembly is definitely not just "just considered bad/dangerous by people who have no clue about it and consider it something magical".

how the hell did I get three downvotes for this

Run it on qemu on Pi? Qemu can run individual binaries.

Can qemu do system call passthrough though?

Sure.

Only the boilerplate. The crypto is using Crypto++ https://www.cryptopp.com, which is good, and was even FIPS 140–2 validated.

I love how you can SSH to a server and be presented with a login / registration screen. I would love to adapt this for use with an open source project I'm making, but don't think I have the fortitude for assembly. Anyone have any tips on how something like this is achievable using a more modern/approachable tooling stack?

If golang is your thing, take a look at this[0] or that[1]. You can probably find similar ones with some quick research.

The neat part is that you can easily pull down someone's github keys and automatically authenticate them against that identity. You can follow up with an email/password registration as a backup identity provider, if you really want to push the envelope (and save the public key for future automatic authentication).

Of course, if you're just looking to hack something together quickly, you can simply force a specific command to be run.

[0]: https://github.com/shazow/ssh-chat [1]: https://github.com/gliderlabs/ssh

Perfect, golang definitely is my thing, I've been using that to build my cli tool. Thanks!

If you want to do this the traditional way, you would setup a user, then properly secure it (you might end up becoming a proxy) and then set a ForceCommand. After that, verify your config works, then set the password for that user to an empty password. After that, allow empty passwords on your ssh config so you can ssh to this user without any authentication.

This is how eg anoncvs works. After that point, it's just a matter of writing the application you want to run, with stdio being connected to your user.

I built one in Python awhile ago on a lark: https://github.com/kryptographik/ShuSSH

Well I think I was banned from the server 2ton.com.au. Not sure why but it was fun while it lasted. sshtalk is a pretty cool utility!

This whole conversation was getting a little out of hand, maybe the admin banned all users in the room?

LOL eigenmachter here. Pouring one out for john2 and his gf

I leave for 10 minutes to get lunch, and everything blows up? Too bad. This makes me want to host my own instance now.

EDIT: Don't think it was banning, I can't hit the server from anywhere now.

EDIT2: Why not. Give this a shot:

    ssh human.org.in -p 4001

Meet in the room "test".

If you make one, post it here! I'll join

Same here

Ditto, y’all were a good crowd

It's down now... :(

What happened?

Definitely not banned, sshtalk kakked itself under the HN glow (that and I left it open in a terminal window here and had an insane number of tiled chats open, might have a bug in there too)

A growing number of users are showing up in the room named "hn", if you want to see it with multiple users ...

Was fun while it lasted...

> ssh: connect to host 2ton.com.au port 22: Connection refused

Why implement it in assembly language?

Why not?

Because it limits the amount of people who can audit the code, contribute to it, or just use it?

For fun.

anyone have a server setup anywhere?

EDIT: RTFA "ssh 2ton.com.au" EDIT AGAIN: Anyone have a room name to join?

I had to run "ssh -oCiphers=+aes256-cbc 2ton.com.au", seems like it's disabled by default in my version (OpenSSH_7.6p1 Debian-2).

Try the "hn" room