diff --git a/docs/ANONYMOUS_ACCESS_SUMMARY.md b/docs/ANONYMOUS_ACCESS_SUMMARY.md index df736a2..9b34d6e 100644 --- a/docs/ANONYMOUS_ACCESS_SUMMARY.md +++ b/docs/ANONYMOUS_ACCESS_SUMMARY.md @@ -164,9 +164,12 @@ TNT_ACCESS_TOKEN="secret" tnt # 限制连接数 TNT_MAX_CONNECTIONS=100 tnt -# 限制每IP连接数 +# Limit concurrent sessions per IP TNT_MAX_CONN_PER_IP=10 tnt +# Limit new connections per IP per 60 seconds +TNT_MAX_CONN_RATE_PER_IP=30 tnt + # 只允许本地访问 TNT_BIND_ADDR=127.0.0.1 tnt ``` diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 1b1fe6a..47b002d 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## 2026-03-10 - SSH Runtime & Unix Interface Update + +### Fixed +- moved SSH handshake/auth/channel setup out of the main accept loop +- replaced synchronous room-wide fan-out with room update sequencing and per-client refresh +- switched idle session handling to `ssh_channel_poll_timeout()` plus blocking reads so quiet sessions are not dropped incorrectly +- made `-d/--state-dir` create the runtime state directory automatically + +### Added +- SSH exec commands: `help`, `health`, `users`, `stats --json`, `tail`, `post` +- PTY window-change handling for terminal resize +- `TNT_MAX_CONN_RATE_PER_IP` for per-IP connection-rate control +- `tests/test_exec_mode.sh` +- `tests/test_connection_limits.sh` + +### Changed +- `TNT_MAX_CONN_PER_IP` now means concurrent sessions per IP +- stress tests now disable rate-based blocking so they exercise concurrency instead of self-throttling + ## 2026-01-22 - Security Audit Fixes Comprehensive security hardening addressing 23 identified vulnerabilities across 6 categories. diff --git a/docs/EASY_SETUP.md b/docs/EASY_SETUP.md index 538f3aa..4ce4229 100644 --- a/docs/EASY_SETUP.md +++ b/docs/EASY_SETUP.md @@ -181,9 +181,12 @@ PORT=3333 tnt # Limit max connections TNT_MAX_CONNECTIONS=100 tnt -# Limit connections per IP +# Limit concurrent sessions per IP TNT_MAX_CONN_PER_IP=10 tnt +# Limit new connections per IP per 60 seconds +TNT_MAX_CONN_RATE_PER_IP=30 tnt + # Bind to localhost only TNT_BIND_ADDR=127.0.0.1 tnt diff --git a/docs/IMPLEMENTATION_SUMMARY.txt b/docs/IMPLEMENTATION_SUMMARY.txt index 43d63d0..52ce785 100644 --- a/docs/IMPLEMENTATION_SUMMARY.txt +++ b/docs/IMPLEMENTATION_SUMMARY.txt @@ -59,10 +59,10 @@ Branch 4: fix/resource-management (Medium Priority) Branch 5: fix/auth-protection (Critical Priority) -------------------------------------------------- ✅ Add optional access token (TNT_ACCESS_TOKEN) -✅ IP-based rate limiting (10 conn/IP/60s) +✅ IP-based connection-rate limiting (10 new conn/IP/60s) ✅ Auth failure tracking (5 failures → 5 min block) -✅ Connection counting (total and per-IP) -✅ Configurable limits (TNT_MAX_CONNECTIONS, TNT_MAX_CONN_PER_IP) +✅ Connection counting (total, per-IP active sessions, per-IP recent attempts) +✅ Configurable limits (TNT_MAX_CONNECTIONS, TNT_MAX_CONN_PER_IP, TNT_MAX_CONN_RATE_PER_IP) ✅ Rate limit toggle (TNT_RATE_LIMIT) Branch 6: fix/concurrency-safety (High Priority) @@ -84,7 +84,8 @@ TNT_BIND_ADDR - Configurable bind address (default: 0.0.0.0) TNT_SSH_LOG_LEVEL - SSH logging verbosity 0-4 (default: 1) TNT_RATE_LIMIT - Enable/disable rate limiting (default: 1) TNT_MAX_CONNECTIONS - Global connection limit (default: 64) -TNT_MAX_CONN_PER_IP - Per-IP connection limit (default: 5) +TNT_MAX_CONN_PER_IP - Concurrent sessions allowed per IP (default: 5) +TNT_MAX_CONN_RATE_PER_IP - New connections allowed per IP per 60s (default: 10) Security Enhancements: --------------------- diff --git a/docs/TEST_RESULTS.md b/docs/TEST_RESULTS.md index 67ae597..e30ec28 100644 --- a/docs/TEST_RESULTS.md +++ b/docs/TEST_RESULTS.md @@ -75,8 +75,8 @@ | **Crypto** | RSA Key Size | 4096-bit (upgraded from 2048) | ✅ | | **Crypto** | Key Permissions | Atomic generation with 0600 perms | ✅ | | **Auth** | Access Token | Optional password protection | ✅ | -| **Auth** | Rate Limiting | IP-based connection throttling | ✅ | -| **Auth** | Connection Limits | Global and per-IP limits | ✅ | +| **Auth** | Rate Limiting | Per-IP connection-rate throttling | ✅ | +| **Auth** | Connection Limits | Global and per-IP concurrent session limits | ✅ | | **Input** | Username Validation | Shell metacharacter rejection | ✅ | | **Input** | Log Sanitization | Pipe/newline replacement | ✅ | | **Input** | UTF-8 Validation | Overlong encoding prevention | ✅ | @@ -114,9 +114,10 @@ TNT_BIND_ADDR=127.0.0.1 ./tnt ### Strict Limits ```bash -TNT_MAX_CONNECTIONS=10 TNT_MAX_CONN_PER_IP=2 ./tnt +TNT_MAX_CONNECTIONS=10 TNT_MAX_CONN_PER_IP=2 TNT_MAX_CONN_RATE_PER_IP=10 ./tnt # Max 10 total connections -# Max 2 connections per IP address +# Max 2 concurrent sessions per IP address +# Max 10 new connections per IP per 60 seconds ``` ### Disabled Rate Limiting (Testing) @@ -155,7 +156,7 @@ gcc -fsanitize=thread -g -O1 -c src/chat_room.c ## Known Limitations -1. **Interactive Only:** Server requires PTY sessions (no command execution via SSH) +1. **Exec Surface Is Minimal:** The SSH exec interface is intentionally small and currently focused on operational commands 2. **libssh Deprecations:** Uses deprecated PTY width/height functions (4 warnings) 3. **UTF-8 Unit Test:** Skipped in automated tests (requires manual compilation) @@ -165,7 +166,7 @@ gcc -fsanitize=thread -g -O1 -c src/chat_room.c ✅ **All 23 security vulnerabilities fixed and verified** -✅ **100% test pass rate** (10/10 tests) +✅ **100% security-suite pass rate** (12/12 tests) ✅ **Backward compatible** - server remains open by default