MCPcopy Index your code
hub / github.com/antoniomika/sish

github.com/antoniomika/sish @v2.23.0 sqlite

repository ↗ · DeepWiki ↗ · release v2.23.0 ↗
121 symbols 466 edges 20 files 106 documented · 88%
README

sish

Open source SSH tunneling for HTTP(S), WS(S), TCP, aliases, and SNI.

If you like the simplicity of serveo/ngrok-style sharing but want to use plain SSH and run your own infrastructure, sish is built for that.

  • No custom client required for end users
  • Public and private tunnel workflows
  • Docker and binary releases
  • Designed for production-grade self-hosting

Docs | Managed Service | Releases | Docker Images | Sponsored by pico.sh

Why sish

sish runs an SSH server focused on forwarding and multiplexing. Users connect with commands they already know, and sish handles the routing.

Typical use cases

  • Share a local web app instantly over HTTPS
  • Expose a TCP service to a fixed or random external port
  • Create private TCP aliases that are only reachable through authenticated SSH
  • Route TLS traffic by SNI to multiple backends without terminating TLS

Quick Start

1) Try the managed service

The fastest way to validate your workflow:

ssh -R 80:localhost:8080 tuns.sh

This creates a public URL for your local app running on port 8080.

2) Self-host with Docker

Pull image:

docker pull antoniomika/sish:latest

Prepare directories:

mkdir -p ~/sish/ssl ~/sish/keys ~/sish/pubkeys
cp ~/.ssh/id_ed25519.pub ~/sish/pubkeys

Run:

docker run -itd --name sish \
    -v ~/sish/ssl:/ssl \
    -v ~/sish/keys:/keys \
    -v ~/sish/pubkeys:/pubkeys \
    --net=host antoniomika/sish:latest \
    --ssh-address=:2222 \
    --http-address=:80 \
    --https-address=:443 \
    --https=true \
    --https-certificate-directory=/ssl \
    --authentication-keys-directory=/pubkeys \
    --private-keys-directory=/keys \
    --bind-random-ports=false \
    --domain=example.com

Then connect:

ssh -p 2222 -R 80:localhost:8080 example.com

Forwarding Examples

HTTP tunnel

ssh -R myapp:80:localhost:8080 tuns.sh

Your app at localhost:8080 becomes available at https://myapp.tuns.sh.

TCP tunnel

ssh -R 2222:localhost:22 tuns.sh

localhost:22 is available at tuns.sh:2222

Private TCP alias

ssh -R mylaptop:22:localhost:22 tuns.sh

Access from another client:

ssh -J tuns.sh mylaptop

Feature Highlights

  • HTTP(S), WS(S), TCP forwarding, and multiplexing
  • TCP aliases for private internal-only access patterns
  • SNI proxy support for TLS-based backend routing
  • Optional load balancing modes for HTTP/TCP/SNI aliases
  • Service console support for inspecting forwarded requests
  • Key and password authentication with dynamic key reloading
  • Restrictive binding policies for safer multi-tenant setups

Local Development

Clone:

git clone git@github.com:antoniomika/sish.git
cd sish

Start locally:

go run main.go --http-address localhost:3000 --domain testing.ssi.sh

Or use:

make dev

Test a tunnel:

ssh -p 2222 -R 80:localhost:8080 testing.ssi.sh

testing.ssi.sh is configured to point to localhost for development.

Learn More

Community

Core symbols most depended-on inside this repo

Close
called by 39
utils/conn.go
RemoteAddr
called by 31
utils/conn.go
SendMessage
called by 25
utils/conn.go
Addr
called by 18
httpmuxer/https.go
CleanUp
called by 15
utils/conn.go
Accept
called by 8
httpmuxer/https.go
LocalAddr
called by 7
utils/conn.go
Listen
called by 6
utils/listen.go

Shape

Function 65
Method 36
Struct 19
TypeAlias 1

Languages

Go100%

Modules by API surface

utils/utils.go23 symbols
utils/conn.go22 symbols
utils/console.go17 symbols
utils/state.go11 symbols
sshmuxer/handle_test.go7 symbols
utils/authentication_key_request_test.go5 symbols
sshmuxer/requests.go5 symbols
sshmuxer/handle.go5 symbols
sshmuxer/channels.go5 symbols
httpmuxer/https.go4 symbols
cmd/sish.go4 symbols
utils/listen.go3 symbols

Dependencies from manifests, versioned

github.com/HdrHistogram/hdrhistogram-gov1.2.0 · 1×
github.com/antoniomika/multilistenerv0.0.0-2024030722263 · 1×
github.com/antoniomika/syncmapv1.0.0 · 1×
github.com/bytedance/gopkgv0.1.4 · 1×
github.com/caddyserver/zerosslv0.1.5 · 1×
github.com/cloudwego/base64xv0.1.7 · 1×
github.com/dlclark/regexp2v1.12.0 · 1×

For agents

$ claude mcp add sish \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact