DOKK / manpages / debian 11 / tinysshd / tinysshd.8.en
tinysshd(8) System Manager's Manual tinysshd(8)

tinysshd - Tiny SSH daemon

tinysshd [ options ] keydir

tinysshd is a minimalistic SSH server which implements only a subset of SSHv2 features.

tinysshd supports only secure cryptography (minimum 128-bit security, protected against cache-timing attacks)

tinysshd doesn't implement unnecessary features (such as SSH1 protocol, compression, ...)

tinysshd doesn't implement older crypto (such as RSA, DSA, HMAC-MD5, HMAC-SHA1, 3DES, RC4, ...)

tinysshd doesn't implement unsafe features (such as password or hostbased authentication)

tinysshd doesn't use dynamic memory allocation (no allocation failures, etc.)

no error messages
print error messages (default)
print extra information
enable state-of-the-art crypto - ssh-ed25519, curve25519-sha256, chacha20-poly1305@openssh.com (default)
disable state-of-the-art crypto
enable post-quantum crypto - TODO, sntrup4591761x25519-sha512@tinyssh.org, chacha20-poly1305@openssh.com (default)
disable post-quantum crypto
use syslog instead of standard error output (useful for running from inetd)
don't use syslog, use standard error output (default)
add subsystem command (e.g.: sftp=/usr/libexec/openssh/sftp-server)
directory containing TinySSH keys, typically /etc/tinyssh/sshkeydir

tinysshd supports only public-key authorization via AuthorizedKeysFile ~/.ssh/authorized_keys. Each line of the file contains one key in format "keytype base64-encoded-key comment". tinyssh supports only "ssh-ed25519" keytype.

~/.ssh/authorized_keys example:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV5AGhGQ1QVXjBWhTKJP3vrqE3isL4ivisBailQ14gS comment

tcpserver -HRDl0 0.0.0.0 22 /usr/sbin/tinysshd -v /etc/tinyssh/sshkeydir &
busybox tcpsvd 0 22 tinysshd -v /etc/tinyssh/sshkeydir &
/etc/inetd.conf:
ssh stream tcp nowait root /usr/sbin/tinysshd tinysshd -l -v /etc/tinyssh/sshkeydir
tinysshd.socket: 
[Unit]
Description=TinySSH server socket
ConditionPathExists=!/etc/tinyssh/disable_tinysshd
[Socket]
ListenStream=22
Accept=yes
[Install]
WantedBy=sockets.target

tinysshd@.service: 
[Unit]
Description=Tiny SSH server
After=network.target auditd.service
[Service]
ExecStartPre=-/usr/sbin/tinysshd-makekey -q /etc/tinyssh/sshkeydir
EnvironmentFile=-/etc/default/tinysshd
ExecStart=/usr/sbin/tinysshd ${TINYSSHDOPTS} -- /etc/tinyssh/sshkeydir
KillMode=process
StandardInput=socket
StandardError=journal
[Install]
WantedBy=multi-user.target

tinysshd-makekey(1), tinysshd-printkey(1)

https://tinyssh.org/