!}      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|None=?MSX}~SafeNNoneM-  !"#$%&'()*+,None-./0NoneHV` 123456789 NoneSX_i:;<=>?@ABCDEFGHIJKLMNOPQRSTUVW None 2=?EMX_` 1234XYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      None$hsshAn k is something that is capable of cryptographic signing using a public key algorithm like Ed25519 or RSA. Currently, 5 is the only instance, but the method signatures have been designed with other mechanisms like HSM's or agent-forwarding in mind.hsshVGet a list of public keys for which the agent holds the corresponding private keys.6The list contents may change when called subsequently.hssh2Sign the given hash with the requested public key.The signature may be denied in case the key is no longer available. This method shall not throw exceptions, but rather return  if possible. None$ NoneX_<7hssh0Configuration for the user authentication layer.EAfter a successful key exchange the client will usually request the  user-auth? service to authenticate against. In this implementation, the  user-auth. service is the only service available after key exchange and the client must request the connection layer through the authentication layer. Except for transport messages, all other message types will result in a disconnect as long as user authentication is in progress (looking at you, libssh ;-)!hssh<This handler will be called for each authentication attempt. ;The client might try several methods and keys: Just return Q for every request that is not sufficient to determine the user's identity.%When access shall be granted, return . The identity8 may contain whatever is desired; it may be just the d.When the client uses public key authentication, the transport layer has already determined that the client is in posession of the corresponding private key (by requesting and validating a signature).@The default rejects all authentication attempts unconditionally."hssh;Timeout for user authentication in seconds (default is 60). A SSH_DISCONNECT_BY_APPLICATIONX will be sent to the client when the timeout occurs before successful authentication.#hsshIA limit for the number of failed attempts per connection (default is 20). A SSH_DISCONNECT_BY_APPLICATION< will be sent to the client when limit has been exceeded. #"!$%None]7 &hsshAn &* is something that bytes can be read from.'hsshLike (A, but does not actually remove anything from the input buffer. EUse with care! There are very few legitimate use cases for this.(hssh)Receive a chunk of bytes from the stream. dThis method shall block until at least one byte becomes available or the connection got closed.As with sockets, the chunk boundaries are not guaranteed to be preserved during transmission although this will be most often the case. Never rely on this behaviour!PThe second parameter determines how many bytes to receive at most, but the  returned might be shorter.<Returns a chunk which is guaranteed to be shorter or equal than the given limit. It is empty when the connection got closed and all subsequent attempts to read shall return the empty string. This must be checked when collecting chunks in a loop or the program will get stuck in endless recursion!)hsshLike (r, but allows for more efficiency with less memory allocations when working with builders and re-usable buffers.*hsshAn *5 is something that chunks of bytes can be written to.+hssh&Send a chunk of bytes into the stream. `This method shall block until at least one byte could be sent or the connection got closed.Returns the number of bytes sent or 0 if the other side closed the connection. The return value must be checked when using a loop for sending or the program will get stuck in endless recursion!,hsshLike +r, but allows for more efficiency with less memory allocations when working with builders and re-usable buffers.-hsshA -O is an abstraction over all things that behave like file handles or sockets..hsshTry to send the complete .Blocks until either the d has been sent or throws an exception when the connection got terminated while sending it./hsshTry to receive a # of the designated length in bytes.!Blocks until either the complete s has been received or throws an exception when the connection got terminated before enough bytes arrived. &)('*,+-./ BSD-style#Vincent Hanquez <vincent@snarc.org>stablegoodNone^r  BSD-style#Vincent Hanquez <vincent@snarc.org> experimentalunknownNone_Safe`(None`NoneEX_``0123NoneEPX_`aq0123456789:;<=>NoneaG -./12345679cdopqr&'()*+,-./456789:; case mcmd of Just "echo" -> do bs <- receive stdin 1024 sendAll stdout bs pure  Nothing -> pure ( 1) lhssh0Information associated with the session request.Might be exteded in the future.phssh9This callback will be executed for every session request. Return a j or ! to reject the request (default).qhssh>This callback will be executed for every direct-tcpip request. Return a \ or ! to reject the request (default).rhsshPThe maximum number of channels that may be active simultaneously (default: 256).Any requests that would exceed the limit will be rejected. Setting the limit to high values might expose the server to denial of service issues!shsshjThe maximum size of the internal buffers in bytes (also limits the maximum window size, default: 32 kB)Increasing this value might help with performance issues (if connection delay is in a bad ration with the available bandwidth the window resizing might cause unncessary throttling).thsshAThe maximum size of inbound channel data payload (default: 32 kB)Values that are larger than sn or the maximum message size (35000 bytes) will be automatically adjusted to the maximum possible value."TUVWXYZ[\]^_`abcdefghijklmnopqrstuNone_€vhsshThe server configuration.The type variable identity represents the return type of the user authentication process. It may be chosen freely. The identity object will be supplied to all subsequent service handler functions and can be used as connection state.{hssh+Serve a single connection represented by a -. The actual server behaviour is only determined by its configuration. The default configuration rejects all authentication and service requests, so you will need to adapt it to your use-case.The V will be used to authenticate to the client. It is usually sufficient to use a  as agent.This operation does not return unless the other side either gracefully closes the connection or an error occurs (like connection loss). All expected exceptional conditions get caught and are reflected in the return value.>If the connection needs to be terminated by the server, this can be achieved by throwing an asynchronous exception to the executing thread. All depdendant threads and resources will be properly freed and a disconnect message will be delivered to the client (if possible). It is a good idea to run { within an ! which can be canceled on demand.Example: @runServer :: Socket -> IO () runServer sock = do keyPair <-  {, conf keyPair sock where conf =  { userAuthConfig =  { !G = handleAuthRequest } , connectionConfig =  { pK = handleSessionRequest , qv = handleDirectTcpIpRequest } } handleAuthRequest ::  ->  ->  -> IO (Maybe ) handleAuthRequest user service pubkey = case user of "simon" -> pure (Just user) _ -> pure Nothing handleSessionRequest :: identity -> l -> IO (Maybe ji) handleSessionRequest _ _ = pure $ Just $ SessionHandler $ env mterm mcmd stdin stdout stderr -> do .# stdout "Hello, world!\n" pure  * handleDirectTcpIpRequest :: identity -> ^ -> IO (Maybe DirectTcpIpHandler) handleDirectTcpIpRequest _ req = | port (dstPort req) == 80 = pure $ Just $ DirectTcpIpHandler $ stream -> do bs <- ( stream 4096 . stream "HTTP/1.1 200 OK\n" sendAll stream "Content-Type: text/plain\n\n" sendAll stream "Hello, world!\n" sendAll stream "\n" sendAll stream bs pure () | otherwise = pure Nothing # !"#\]^_`abcdefhijklmnopqrstvwxyz{#{vwxyz !"#nopqrstlmjkhifde^_`abc\]Nones  !"#$%&'()*+,-./0123456789:<;=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstu=:;<>?@ABCDEFGHIJKLMNOPQRSTUVW  !"#$%&'()*+,567123498      }~{|yzstuvwxXYZ[efb^_ghijklmn1234\]opqr`acd/0-.[nopqrstlmjkhifgde^_`abc\]TUVWXYZu #"!$%-*,+&)('./=456789:;<>0123?@FEDCBAGHIJKLMNOPQRS!!"#$%&'()*+,-./01234566789:;<=>?@ABCDEFGHIJKLMNNOPQRST U V W X Y Z [ \ ] ^ _ ` a b c d e f g h i j k l m n o p q r s s t t u u v v w w x   y z { { | } ~                                                                                                                                             !"#$$%&'()*+,-../0123456789:;<=>?@ABCDEFGHIJJKKLMNOPPQQRRSSTTUUVWXYZ[\\]^_`abbccdeefghijklmnopqrstustvwxyzz{|}~zz~s s#hssh-0.1.0.0-EZ69pIDxG87JjPQz70pN58 Network.SSHNetwork.SSH.InternalNetwork.SSH.ServerNetwork.SSH.BuilderNetwork.SSH.ClientNetwork.SSH.ExceptionNetwork.SSH.NameNetwork.SSH.KeyNetwork.SSH.EncodingNetwork.SSH.MessageNetwork.SSH.AuthAgentNetwork.SSH.Algorithms#Network.SSH.Server.Service.UserAuthNetwork.SSH.Stream#Network.SSH.Transport.Crypto.ChaCha%Network.SSH.Transport.Crypto.Poly1305 Paths_hsshNetwork.SSH.ConstantsNetwork.SSH.Transport.CryptoNetwork.SSH.TransportNetwork.SSH.TStreamingQueue%Network.SSH.Server.Service.ConnectionInternalKeyPairControl.Concurrent.AsyncAsync newKeyPairUserName ServiceName PublicKey System.Exit ExitSuccessDisconnectMessageDisconnectReason!DisconnectHostNotAllowedToConnectDisconnectProtocolErrorDisconnectKeyExchangeFailedDisconnectReservedDisconnectMacErrorDisconnectCompressionErrorDisconnectServiceNotAvailable%DisconnectProtocolVersionNotSupportedDisconnectHostKeyNotVerifiableDisconnectConnectionLostDisconnectByApplicationDisconnectTooManyConnectionDisconnectAuthCancelledByUser$DisconnectNoMoreAuthMethodsAvailableDisconnectIllegalUsernameDisconnectOtherReasonDisconnectPartyLocalRemote Disconnect$exceptionProtocolVersionNotSupportedexceptionConnectionLostexceptionKexInvalidTransitionexceptionKexInvalidSignatureexceptionKexNoSignature exceptionKexNoCommonKexAlgorithm'exceptionKexNoCommonEncryptionAlgorithmexceptionMacErrorexceptionInvalidPacketexceptionPacketLengthExceededexceptionAuthenticationTimeout$exceptionAuthenticationLimitExceededexceptionServiceNotAvailableexceptionInvalidChannelIdexceptionInvalidChannelRequestexceptionWindowSizeOverflowexceptionWindowSizeUnderrunexceptionPacketSizeExceededexceptionDataAfterEofexceptionAlreadyExecutingexceptionUnexpectedMessageHasNamenameNamePublicKeyEd25519 PublicKeyRSAPublicKeyOtherKeyPairEd25519 toPublicKeydecodePrivateKeyFileEncodingputgetGetrunPutrunGet putExitCode getExitCode getFramedputWord8getWord8 expectWord8 getWord32putBytesgetBytes lenByteString putByteString getByteStringgetRemainingByteString putStringputShortStringgetShortString getStringgetNameputNameputBoolgetBoolgetTruegetFalse putAsMPInt ChannelId ChannelType SessionIdPasswordVersionCookieChannelPacketSizeChannelWindowSize PtySettingsptyEnv ptyWidthCols ptyHeightRowsptyWidthPixelsptyHeightPixelsptyModes SignatureSignatureEd25519 SignatureRSASignatureOther AuthMethodAuthNone AuthHostBased AuthPassword AuthPublicKey AuthOtherChannelFailureChannelSuccessChannelRequestExitSignal crSignalName crCodeDumpedcrErrorMessage crLanguageTagChannelRequestExitStatus crExitStatusChannelRequestSignalcrSignalChannelRequestExec crCommandChannelRequestShellChannelRequestWindowChangecrWidthcrHeight crWidthPixelscrHeightPixelsChannelRequestPty crPtySettingsChannelRequestEnvcrVariableNamecrVariableValueChannelRequest crChannelcrType crWantReplycrData ChannelClose ChannelEofChannelExtendedData ChannelDataChannelWindowAdjustChannelOpenFailureReason%ChannelOpenAdministrativelyProhibitedChannelOpenConnectFailedChannelOpenUnknownChannelTypeChannelOpenResourceShortageChannelOpenOtherFailureChannelOpenFailureChannelOpenConfirmationChannelOpenTypeChannelOpenSessionChannelOpenDirectTcpIpChannelOpenOthercoDestinationAddresscoDestinationPortcoSourceAddress coSourcePort ChannelOpenUserAuthPublicKeyOkUserAuthBannerUserAuthSuccessUserAuthFailureUserAuthRequest KexEcdhReplykexServerHostKeykexServerEphemeralKeykexHashSignature KexEcdhInitkexClientEphemeralKey KexNewKeysKexInit kexCookiekexKexAlgorithmskexServerHostKeyAlgorithms%kexEncryptionAlgorithmsClientToServer%kexEncryptionAlgorithmsServerToClientkexMacAlgorithmsClientToServerkexMacAlgorithmsServerToClient&kexCompressionAlgorithmsClientToServer&kexCompressionAlgorithmsServerToClientkexLanguagesClientToServerkexLanguagesServerToClientkexFirstPacketFollows ServiceAcceptServiceRequestDebugdebugAlwaysDisplay debugMessagedebugLanguageTag UnimplementedIgnore DisconnecteddisconnectedReasondisconnectedDescriptiondisconnectedLanguageTagMessage MsgDisconnect MsgIgnoreMsgUnimplementedMsgDebugMsgServiceRequestMsgServiceAccept MsgKexInit MsgKexNewKeysMsgKexEcdhInitMsgKexEcdhReplyMsgUserAuthRequestMsgUserAuthFailureMsgUserAuthSuccessMsgUserAuthBannerMsgUserAuthPublicKeyOkMsgChannelOpenMsgChannelOpenConfirmationMsgChannelOpenFailureMsgChannelWindowAdjustMsgChannelDataMsgChannelExtendedData MsgChannelEofMsgChannelCloseMsgChannelRequestMsgChannelSuccessMsgChannelFailure MsgUnknown MessageStream sendMessagereceiveMessage newCookie nilCookie AuthAgent getPublicKeys getSignatureCompressionAlgorithmNoneEncryptionAlgorithmChacha20Poly1305AtOpensshDotComKeyExchangeAlgorithmCurve25519Sha256AtLibsshDotOrgHostKeyAlgorithm SshEd25519UserAuthConfig onAuthRequestuserAuthMaxTimeuserAuthMaxAttemptswithAuthenticationverifyAuthSignature InputStreampeekreceive receiveUnsafe OutputStreamsend sendUnsafe DuplexStreamsendAll receiveAllplainEncryptionContextplainDecryptionContext$newChaCha20Poly1305EncryptionContext$newChaCha20Poly1305DecryptionContextTransportConfigserverHostKeyAlgorithms kexAlgorithmsencryptionAlgorithmsmaxTimeBeforeRekeymaxDataBeforeRekeyonSend onReceive Transport withTransportTStreamingQueue qCapacityqWindowqSizeqEofqHeadqTailnewTStreamingQueuecapacitygetSizegetFreegetWindowSpaceaddWindowSpaceaskWindowSpaceAdjustRecommendedfillWindowSpace terminateenqueuedequeue dequeueShort lookAhead ConnectionMsgConnectionChannelOpenConnectionChannelCloseConnectionChannelEofConnectionChannelDataConnectionChannelRequestConnectionChannelWindowAdjust ConnectionDirectTcpIpHandlerDirectTcpIpRequest dstAddressdstPort srcAddresssrcPortCommandTermInfo EnvironmentSessionHandlerSessionRequestConnectionConfigonSessionRequestonDirectTcpIpRequestchannelMaxCountchannelMaxQueueSizechannelMaxPacketSizeserveConnectionConfigtransportConfiguserAuthConfigconnectionConfigserve$fDefaultConfigByteArrayBuilder PtrWriter runPtrWriterLengthlengthBuilderzeroes byteArray byteStringshortByteStringword64BEword32BEword16BEword8 toByteArray copyToPtr babLengthbase GHC.MaybeNothingJustbytestring-0.10.8.2Data.ByteString.Internal ByteString MutableStateccryptonite_chacha_generateccryptonite_chacha_combineccryptonite_chacha_initnew initializegenerateUnsafe combineUnsafec_poly1305_finalizec_poly1305_updatec_poly1305_init authUnsafeversion getBinDir getLibDir getDynLibDir getDataDir getLibexecDir getSysconfDirgetDataFileNamemaxPacketLengthmaxBoundIntWord32EncryptionContextDecryptionContext KeyStreamsGHC.IO.Exception ExitFailure1data-default-class-0.1.2.0-FeIQ5tLoVZBHMSgrT9zptQData.Default.Classdef