This makes me think about something I thought of a while back, is there any library/app which lets me expose a TUI/cli-app over ssh without actually caring about securing OpenSSH for this use case?
Are you thinking of something like the Blinkenlights Star Wars telnet demo from a while ago?
The "securing" part aside, ssh still gives you a whole terminal experience very similar to the telnet one & the ability to draw into it (like if you were using Emacs on the shell host).
You can set something like that up by forcing a command on ssh instead of a shell (like what github does for git).
Yeah I was thinking of something like that. But I still feel a bit uneasy with configuring OpenSSH securely, I’ve escaped such setups before, gaining full shell access through exploits. Maybe I’m overly paranoid.
Something like Apache Guacamole as a https web to SSH "something" gateway?
Go to http-something in your web browser which is a Guacamole install and log in to Guacamole as "guest" / "guest" then in guac the only connection option is some SSH login that'll appear in your web browser
As a warning people have tried to supply "nethack as-a-service" or whatever and people are really creative about gaining shell access somehow anyway, via buffer overflows or who knows what. You can do it, just be careful.
https://github.com/shazow/ssh-chat
https://github.com/zachlatta/sshtron
https://github.com/quackduck/devzat
https://github.com/donuts-are-good/shhhbb/
There's also a assembly library:
https://2ton.com.au/sshtalk/
And for rust there's trush, and for python paramiko as mentioned.
> expose a TUI/cli-app over ssh without actually caring about securing OpenSSH
If you already have an app, see maybe:
https://drewdevault.com/2019/09/02/Interactive-SSH-programs....