dnc is a versatile command-line tool designed to facilitate network communication across a Distributed Hash Table (DHT) network. It mirrors the functionality of the traditional nc
(netcat) utility, enabling users to initiate TCP connections and create sockets on remote devices within a DHT network framework.
Main Features:
<ip>
and <port>
.<ip>:<port>
is authorized based on its rules.<ip>:<port>
and links it to the DHT socket.dnc supports a range of command-line arguments:
-h, --help
: Display help information and exit.-v, --version
: Show the version of the program.-P, --port [PORT]
: Define the port for socket creation.-i, --ip [IP]
: Define the IP address for socket creation.-l, --listen
: Launch the program in listening mode.-b, --bootstrap [ADDRESS]
: Set the bootstrap node.-t, --turn_host [ADDRESS]
: Define the TURN server host.-u, --turn_user [USER]
: Define the TURN server username.-w, --turn_pass [SECRET]
: Define the TURN server password.-r, --turn_realm [REALM]
: Specify the TURN server realm.-c, --certificate [FILE]
: Specify the Certificate.-p, --privateKey [FILE]
: Provide a private key.-d, --configuration [FILE]
: Define the dnc configuration with a YAML file path.-a, --anonymous
: Activate anonymous connection mode.-vv, --verbose
: Enable verbose mode.For additional options, use the -d
flag with a YAML configuration file:
dnc -d <YAML_FILE> <PEER_IDENTIFIER>
Note: If anonymous mode is off, the server's CA must be shared with the client.
The authorized services <ip>:<port>
can only be specified in the YAML configuration file. If none are specified, the server will accept all connections.
To facilitate SSH connections to a remote device, dnc establishes a DHT network connection followed by socket creation on port 22 by default, assuming an OpenSSH server is operational.
To initiate, generate a certificate authority and a server certificate:
sudo dhtnet-crtmgr --setup -o /usr/local/etc/dhtnet/
The server will cache some values in /var/run/dhtnet
. If this must be changed, you can remove the line Environment="DHTNET_CACHE_DIR=/var/run/dhtnet"
in dnc.service.in
. Then, launch the dnc service:
systemctl start dnc.service
Obtain the user identifier with the following command:
dhtnet-crtmgr -a -p <privateKey_path> -c <cert_path>
For the server, use:
dhtnet-crtmgr -a -c /usr/local/etc/dhtnet/id/id-server.crt -p /usr/local/etc/dhtnet/id/id-server.pem
To establish a secure connection from the client side, it's necessary to generate a certificate authority (CA) and a certificate. Execute the following commands to set up your identity:
dhtnet-crtmgr -o <repo_ca> -n ca dhtnet-crtmgr -o <repo_crt> -n certificate -c <repo_ca>/ca.crt -p <repo_ca>/ca.pem
Replace <repo_ca> with the directory path for storing the CA files and <repo_crt> with the path for the client certificate files. Update your YAML configuration file to include <repo_crt>/certificate.pem as the privateKey and <repo_crt>/certificate.crt as the certificate.
To integrate dnc with your SSH workflow, append the following configuration to your SSH configuration file (~/.ssh/config), enhancing the utility of SSH through dnc:
Host dnc/* IdentityFile /home/<local_user>/.ssh/<key>.pub ProxyCommand dnc -d /path/to/yaml/config $(basename %h)
This setup allows you to use the "dnc" alias for seamless SSH connections to remote servers. Simply replace <peer_identifier> with the actual server identifier and <ssh_remote_user> with the intended SSH username when initiating a connection:
ssh <ssh_remote_user>@dnc/<peer_identifier>
For exemple:
ssh mypeer@dnc/2f4975e7b11a0908bd400b27130fe9a496d0f415