[vc_row][vc_column][vc_column_text]
Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single executable including both client and server. Written in Go (golang). Chisel is mainly useful for passing through firewalls, though it can also be used to provide a secure endpoint into your network. Chisel is very similar to crowbar though achieves much higher performance.
Features
- Easy to use
- Performant*
- Encrypted connections using the SSH protocol (via
crypto/ssh
) - Authenticated connections; authenticated client connections with a users config file, authenticated server connections with fingerprint matching.
- Client auto-reconnects with exponential backoff
- Client can create multiple tunnel endpoints over one TCP connection
- Client can optionally pass through HTTP CONNECT proxies
- Server optionally doubles as a reverse proxy
- Server optionally allows SOCKS5 connections (See guide below)
- Reverse port forwarding
To Install Chisel
Binaries:
Check the latest release or download and install it now with
curl https://i.jpillora.com/chisel! | bash
Docker
docker run --rm -it jpillora/chisel --help
Source
$ go get -v github.com/jpillora/chisel
Demo:
A demo app on Heroku is running this chisel server
:
$ chisel server --port $PORT --proxy http://example.com
# listens on $PORT, proxy web requests to http://example.com
Chisel Usage:
$ chisel --help
Usage: chisel [command] [--help]
Version: X.Y.Z
Commands:
server - runs chisel in server mode
client - runs chisel in client mode
Read more:
https://github.com/jpillora/chisel
Security
Encryption is always enabled. When you start up a chisel server, it will generate an in-memory ECDSA public/private key pair. The public key fingerprint will be displayed as the server starts. Instead of generating a random key, the server may optionally specify a key seed, using the --key
option, which will be used to seed the key generation. When clients connect, they will also display the server’s public key fingerprint. The client can force a particular fingerprint using the --fingerprint
option. See the --help
above for more information.
Authentication
Using the --authfile
option, the server may optionally provide a user.json
configuration file to create a list of accepted users. The client then authenticates using the --auth
option. See users.json for an example authentication configuration file. See the --help
above for more information.
Internally, this is done using the Password authentication method provided by SSH. Learn more about crypto/ssh
here http://blog.gopheracademy.com/go-and-ssh/.
[/vc_column_text][vc_btn title=”Download at Github” align=”center” i_icon_fontawesome=”fa fa-download” add_icon=”true” link=”url:https%3A%2F%2Fgithub.com%2Fjpillora%2Fchisel||target:%20_blank|”][/vc_column][/vc_row]