ch.at/ssh.go

package main

import (
	"crypto/rand"
	"crypto/rsa"
	"fmt"
	"net"
	"strings"

	"golang.org/x/crypto/ssh"
)

func StartSSHServer(port int) error {
	// SSH server configuration
	config := &ssh.ServerConfig{
		NoClientAuth: true, // Anonymous access
	}

	// Get or create persistent host key
	privateKey, err := getOrCreateHostKey()
	if err != nil {
		return fmt.Errorf("failed to get host key: %v", err)
	}
	config.AddHostKey(privateKey)

	// Listen for connections
	listener, err := net.Listen("tcp", fmt.Sprintf(":%d", port))
	if err != nil {
		return err
	}
	defer listener.Close()

	fmt.Printf("SSH server listening on :%d\n", port)

	// Simple connection limiting
	sem := make(chan struct{}, 100) // Max 100 concurrent SSH connections
	
	for {
		conn, err := listener.Accept()
		if err != nil {
			// Connection error - continue accepting others
			continue
		}
		
		select {
		case sem <- struct{}{}:
			go func() {
				defer func() { <-sem }()
				handleConnection(conn, config)
			}()
		default:
			// Too many connections
			conn.Close()
		}
	}
}

func handleConnection(netConn net.Conn, config *ssh.ServerConfig) {
	defer netConn.Close()

	// Rate limiting
	if !rateLimitAllow(netConn.RemoteAddr().String()) {
		netConn.Write([]byte("Rate limit exceeded\r\n"))
		return
	}

	// Perform SSH handshake
	sshConn, chans, reqs, err := ssh.NewServerConn(netConn, config)
	if err != nil {
		// Handshake failed - continue accepting others
		return
	}
	defer sshConn.Close()

	go ssh.DiscardRequests(reqs)

	// Handle channels (sessions)
	for newChannel := range chans {
		if newChannel.ChannelType() != "session" {
			newChannel.Reject(ssh.UnknownChannelType, "unknown channel type")
			continue
		}

		channel, requests, err := newChannel.Accept()
		if err != nil {
			// Channel error - continue
			continue
		}

		go handleSession(channel, requests)
	}
}

func handleSession(channel ssh.Channel, requests <-chan *ssh.Request) {
	defer channel.Close()

	// Handle session requests
	go func() {
		for req := range requests {
			switch req.Type {
			case "shell", "pty-req":
				req.Reply(true, nil)
			default:
				req.Reply(false, nil)
			}
		}
	}()

	fmt.Fprintf(channel, "Welcome to ch.at\r\n")
	fmt.Fprintf(channel, "Type your message and press Enter.\r\n")
	fmt.Fprintf(channel, "Exit: type 'exit', Ctrl+C, or Ctrl+D\r\n")
	fmt.Fprintf(channel, "> ")

	// Read line by line
	var input strings.Builder
	buf := make([]byte, 1024)

	for {
		n, err := channel.Read(buf)
		if err != nil {
			// EOF (Ctrl+D) or other error - exit cleanly
			return
		}

		data := string(buf[:n])
		for _, ch := range data {
			if ch == 3 { // Ctrl+C
				fmt.Fprintf(channel, "^C\r\n")
				return
			} else if ch == '\n' || ch == '\r' {
				fmt.Fprintf(channel, "\r\n") // Echo newline
				if input.Len() > 0 {
					query := strings.TrimSpace(input.String())
					input.Reset()

					if query == "exit" {
						return
					}
					
					// Get LLM response with streaming
					ch := make(chan string)
					go func() {
						if _, err := LLM(query, ch); err != nil {
							fmt.Fprintf(channel, "Error: %s\r\n", err.Error())
						}
					}()
					
					// Stream response as it arrives
					for chunk := range ch {
						fmt.Fprint(channel, chunk)
					}
					
					fmt.Fprintf(channel, "\r\n> ")
				}
			} else if ch == '\b' || ch == 127 { // Backspace or Delete
				if input.Len() > 0 {
					// Remove last rune (UTF-8 safe)
					str := input.String()
					runes := []rune(str)
					input.Reset()
					input.WriteString(string(runes[:len(runes)-1]))
					// Move cursor back, overwrite with space, move back again
					fmt.Fprintf(channel, "\b \b")
				}
			} else {
				// Echo the character back to the user
				fmt.Fprintf(channel, "%c", ch)
				input.WriteRune(ch)
			}
		}
	}
}

// getOrCreateHostKey generates a new ephemeral host key
func getOrCreateHostKey() (ssh.Signer, error) {
	// Generate new ephemeral key each time
	// Users will see "host key changed" warnings on each restart
	key, err := rsa.GenerateKey(rand.Reader, 2048)
	if err != nil {
		return nil, err
	}

	return ssh.NewSignerFromKey(key)
}