Using Caddy To Create a Secure Socket Server
Why?
Telnet wasn't all bad. Simple socket servers are handy for debugging or remote access purposes, but sadly telnet is insecure, having no encryption. SSH is a viable alternative, but it is a little bloated and is different on various platforms.
So what to do?
Use Caddy!
Caddy is a small but powerful server written in Go. It works by chaining 'middlewares' (plugins). It is mainly a web server, but it can also serve basic TCP using the 'net' plugin.
In this short guide, I will explain how to setup a basic secure socket server using Caddy. The server works on Linux but any OS with openssl can connect.
Setup the server
Dependencies
For the server you will need:
Caddy
The 'caddyfile' just has these 4 lines:
proxy :1337 :1338 {
host example.com
tls
}
'tls' can also be 'tls self_signed' for testing purposes or to not rely on a certificate authority (even SSH does not rely on a CA by default)
Start Caddy by doing $ ./caddy -conf='caddyfile' -type='net'
Python Script
Our Python server script will require 0 net code. Simple I/O example:
#!/usr/bin/python
print('Hello World!')
print('Enter your name:')
user = input(">")
print("Nice to meet you \"" + user + "\"")
tcpserver
Caddy will be a tls proxy to our simple tcpserver (part of ucspi-tcp) which will serve our Python script.
Run tcpserver by doing $ tcpserver 127.0.0.1 1338 ./server.py
Connect to the server
Any client with openssl (or similar) can connect. For openssl, do $ openssl s_client -connect example.com:1337
-quiet can be specified to reduce openssl information output.
Conclusion
Caddy + tcpserver is a good telnet replacement for when one just wants to provide a standard i/o program over a secure network connection without ssh.
Netcat can be used instead of tcpserver, but netcat only supports 1 connection at a time.
This setup is more secure than telnet, but there is likely to be some issues such as in openssl, Caddy, or tcpserver. Security sensitive scripts should be secured with some type of authentication.