Files
alknet/docs/architecture/crates/alknet-ssh/spec.md
glm-5.1 f77b515968 docs(architecture): add Phase 0 architecture specs for ALPN-as-service model
Foundational architecture documents following the SDD process:

ADRs:
- 001: ALPN-based protocol dispatch (one endpoint, ALPN negotiation)
- 002: ProtocolHandler trait (replaces StreamInterface/MessageInterface)
- 003: Crate decomposition (one crate per handler, core provides shared infra)
- 004: Auth as shared core (IdentityProvider, hybrid resolution model)
- 005: irpc as call protocol foundation
- 006: ALPN string convention and connection model (alknet/ prefix, one ALPN per connection)

Docs:
- overview.md: crate graph, shared types, ALPN registry, failure modes
- README.md: index with doc table, ADR table, lifecycle definitions
- open-questions.md: 10 OQs across 7 themes (3 resolved, 7 open)

Crate spec stubs for all 11 planned crates (alknet-core through alknet CLI).

Key decisions resolved during self-review:
- AuthContext resolution is hybrid: endpoint resolves TLS-level auth,
  handlers resolve protocol-level auth (resolves OQ-02)
- ALPN is per-connection not per-stream, corrected ADR-001 (resolves OQ-06)
- ALPN naming uses alknet/ prefix without versions (resolves OQ-03)
- HandlerError return type on ProtocolHandler trait
- alknet/secret removed from ALPN registry until OQ-08 resolved
2026-06-15 22:14:58 +00:00

29 lines
912 B
Markdown

---
status: planned
last_updated: 2026-06-15
---
# alknet-ssh
> **Status: Planned** — This spec has not been written yet. It will be produced as part of Phase 2 architecture work.
## Purpose
SSH handler implementing `ProtocolHandler` on ALPN `alknet/ssh`. Provides russh-based SSH-2 handshake, channel multiplexing, SOCKS5 proxy, and port forwarding (direct-tcpip, forwarded-tcpip, streamlocal-forward).
## Port Source
| Old module | Lines | Notes |
|---|---|---|
| `src/interface/ssh.rs` | 982 | SSH channel handling |
| `src/server/handler.rs` | 974 | SSH server handler |
| `src/server/channel_proxy.rs` | 555 | Channel proxy |
| `src/client/*` | ~1900 | SOCKS5 client, connect logic |
| `src/socks5/*` | ~800 | SOCKS5 protocol |
## References
- [overview.md](../../overview.md)
- ADR-002: ProtocolHandler trait
- ADR-004: Auth as shared core
- russh reference: `docs/research/references/ssh/russh/`