mirror of https://github.com/m1ngsama/TNT.git synced 2026-02-08 00:54:03 +00:00

TNT's Not Tunnel

Find a file

m1ngsama a50f8c9c56 fix(security): implement comprehensive authentication protection - Add IP-based rate limiting system: * Track up to 256 IPs with connection counts and auth failures * Rate limit: max 10 connections per IP per 60-second window * Block for 5 minutes after 5 auth failures * Auto-unblock when duration expires - Add global connection limit (default: 64, configurable) - Add per-IP connection limit (default: 5, configurable) - Implement optional access token authentication: * If TNT_ACCESS_TOKEN set, require password matching token * If not set, maintain open access (backward compatible) * Rate limit auth attempts (max 3 per session) * Add 2-second delay after failed auth to slow brute force - Add client IP tracking and logging - Implement connection count management with proper cleanup Environment variables: - TNT_ACCESS_TOKEN: Access token for password authentication (optional) - TNT_MAX_CONNECTIONS: Maximum concurrent connections (default: 64) - TNT_MAX_CONN_PER_IP: Maximum connections per IP (default: 5) - TNT_RATE_LIMIT: Enable/disable rate limiting (default: 1) These changes address: - Weak authentication allowing unrestricted access - No protection against brute force attacks - No rate limiting or connection throttling - No IP-based access controls Prevents: - Brute force password attacks - Connection flooding DoS - Resource exhaustion - Unauthorized access when token is configured Design maintains backward compatibility: without TNT_ACCESS_TOKEN, server remains fully open as before. With token, it's protected.		2026-01-22 14:04:15 +08:00
.github/workflows	Add CI/CD and deployment automation	2025-12-02 12:47:15 +08:00
include	Fix critical memory and concurrency bugs	2025-11-30 09:00:00 +08:00
src	fix(security): implement comprehensive authentication protection	2026-01-22 14:04:15 +08:00
.gitignore	Add development and testing infrastructure	2025-12-02 10:00:00 +08:00
CHANGELOG.md	Add developer documentation	2025-12-02 15:00:00 +08:00
CICD.md	Add CI/CD and deployment automation	2025-12-02 12:47:15 +08:00
DEPLOYMENT.md	Add CI/CD and deployment automation	2025-12-02 12:47:15 +08:00
HACKING	Add developer documentation	2025-12-02 15:00:00 +08:00
install.sh	Add CI/CD and deployment automation	2025-12-02 12:47:15 +08:00
LICENSE	Initial commit	2025-07-01 09:00:00 +08:00
Makefile	Add development and testing infrastructure	2025-12-02 10:00:00 +08:00
QUICKREF	Add developer documentation	2025-12-02 15:00:00 +08:00
README	Rewrite README in classic Unix style	2025-12-02 12:57:18 +08:00
README.md	Rewrite README in classic Unix style	2025-12-02 12:57:18 +08:00
test_basic.sh	Add development and testing infrastructure	2025-12-02 10:00:00 +08:00
test_stress.sh	Add development and testing infrastructure	2025-12-02 10:00:00 +08:00
tnt.service	Add CI/CD and deployment automation	2025-12-02 12:47:15 +08:00

README.md

TNT

Terminal chat server. Vim-style interface. SSH-based.

Install

curl -sSL https://raw.githubusercontent.com/m1ngsama/TNT/main/install.sh | sh

Or download from releases.

Run

tnt              # port 2222
tnt -p 3333      # custom port
PORT=3333 tnt    # env var

Connect: ssh -p 2222 localhost

Keys

INSERT (default)

ESC → NORMAL
Enter → send
Backspace → delete

NORMAL

i → INSERT
: → COMMAND
j/k → scroll
g/G → top/bottom
? → help

COMMAND

:list → users
:help → commands
ESC → back

Build

make              # normal
make debug        # with symbols
make asan         # sanitizer
make check        # static analysis

Requires: libssh

Deploy

See DEPLOYMENT.md for systemd setup.

Files

messages.log      chat history
host_key          SSH key (auto-gen)
tnt.service       systemd unit

Test

./test_basic.sh         # functional
./test_stress.sh 50     # 50 clients

Docs

README - man page style
HACKING - dev guide
DEPLOYMENT.md - production
CICD.md - automation
QUICKREF - cheat sheet

License

MIT