DOKK / manpages / debian 12 / tinysshd / tinysshd.8.en
tinysshd(8) System Manager's Manual tinysshd(8)

tinysshd - Tiny SSH daemon

tinysshd [ options ] keydir

tinysshd is a minimalistic SSH server which implements only a subset of SSHv2 features.

tinysshd supports only secure cryptography (minimum 128-bit security, protected against cache-timing attacks)

tinysshd doesn't implement older crypto (such as RSA, DSA, HMAC-MD5, HMAC-SHA1, 3DES, RC4, ...)

tinysshd doesn't implement unsafe features (such as password or hostbased authentication)

tinysshd doesn't have features such: SSH1 protocol, compression, port forwarding, agent forwarding, X11 forwarding ...

tinysshd doesn't use dynamic memory allocation (no allocation failures, etc.)

no error messages
print error messages (default)
print extra information
enable state-of-the-art crypto (default)

signing - ssh-ed25519

key-exchange - curve25519-sha256

symmetric - chacha20-poly1305@openssh.com

disable state-of-the-art crypto
enable post-quantum crypto (default)

signing - TODO (not implemented yet)

key-exchange - sntrup761x25519-sha512@openssh.com

symmetric - chacha20-poly1305@openssh.com

disable post-quantum crypto
use syslog instead of standard error output (useful for running from inetd)
don't use syslog, use standard error output (default)
add subsystem command (e.g.: sftp=/usr/libexec/openssh/sftp-server)
execute the given command instead of spawning the shell (disables exec/subsystem channel requests)
directory containing TinySSH keys, typically /etc/tinyssh/sshkeydir

tinysshd supports only public-key authorization via AuthorizedKeysFile ~/.ssh/authorized_keys. Each line of the file contains one key in format "keytype base64-encoded-key comment". tinyssh supports only "ssh-ed25519" keytype.

~/.ssh/authorized_keys example:

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILV5AGhGQ1QVXjBWhTKJP3vrqE3isL4ivisBailQ14gS comment

tcpserver -HRDl0 0.0.0.0 22 /usr/sbin/tinysshd -v /etc/tinyssh/sshkeydir &
busybox tcpsvd 0 22 tinysshd -v /etc/tinyssh/sshkeydir &
/etc/inetd.conf:
ssh stream tcp nowait root /usr/sbin/tinysshd tinysshd -l -v /etc/tinyssh/sshkeydir
tinysshd.socket: 
[Unit]
Description=TinySSH server socket
ConditionPathExists=!/etc/tinyssh/disable_tinysshd
[Socket]
ListenStream=22
Accept=yes
[Install]
WantedBy=sockets.target

tinysshd@.service: 
[Unit]
Description=Tiny SSH server
After=network.target auditd.service
[Service]
ExecStartPre=-/usr/sbin/tinysshd-makekey -q /etc/tinyssh/sshkeydir
EnvironmentFile=-/etc/default/tinysshd
ExecStart=/usr/sbin/tinysshd ${TINYSSHDOPTS} -- /etc/tinyssh/sshkeydir
KillMode=process
SuccessExitStatus=111
StandardInput=socket
StandardError=journal
[Install]
WantedBy=multi-user.target

tinysshd-makekey(8), tinysshd-printkey(8)

https://tinyssh.org/