wush: Fast, Secure File Transfer and Shells over WireGuard
Summary
wush is a command-line tool designed for rapid and secure file transfers and shell access between computers. It leverages WireGuard for peer-to-peer connections, eliminating the need for trusted relay servers. This tool offers a robust and versatile solution for network communication.
Repository Info
Tags
Click on any tag to explore related repositories
Introduction
wush is a powerful command-line tool that simplifies transferring files and opening shells over a peer-to-peer WireGuard connection. It offers a secure, fast, and reliable alternative to traditional file transfer methods, distinguishing itself by not requiring any setup or trust in relay servers for authentication. Powered by WireGuard, wush establishes automatic peer-to-peer connections over UDP, opening up possibilities for various network operations like rsync and ssh.
wush utilizes Tailscale's tsnet package and public DERP relays, but importantly, no Tailscale account is required to use it.
Installation
Installing wush is straightforward. You can use the provided install script or Homebrew.
Using install script:
curl -fsSL https://github.com/coder/wush/raw/refs/heads/main/install.sh | sh
Using Homebrew:
brew install wush
For manual installation, refer to the latest release on GitHub.
To optimize transfer speeds, wush attempts to increase the buffer size of its UDP sockets. For best performance on Linux, ensure wush has CAP_NET_ADMIN:
# Linux only
sudo setcap cap_net_admin=eip $(which wush)
Examples
Here's how to get started with wush for basic file transfers and shell access.
On the host machine, start the wush server:
$ wush serve
Picked DERP region Toronto as overlay home
Your auth key is:
> 112v1RyL5KPzsbMbhT7fkEGrcfpygxtnvwjR5kMLGxDHGeLTK1BvoPqsUcjo7xyMkFn46KLTdedKuPCG5trP84mz9kx
Use this key to authenticate other wush commands to this instance.
On the client machine, use the generated auth key:
Copy a file to the host:
# Copy a file to the host
$ wush cp 1gb.txt
Uploading "1gb.txt" 100% |??????????????????????????????????????????????| (2.1/2.1 GB, 376 MB/s)
Open a shell to the host:
# Open a shell to the host
$ wush ssh
? Enter the Auth key:
? > 112v1RyL5KPzsbMbhT7fkEGrcfpygxtnvwjR5kMLGxDHGeLTK1BvoPqsUcjo7xyMkFn46KLTdedKuPCG5trP84mz9kx
coder@colin:~$
You can also watch a demonstration of wush in action:
Why Use wush?
While many excellent file transfer tools exist, wush addresses several common limitations:
- Speed: It avoids the slowdowns often associated with relay servers by establishing direct peer-to-peer connections.
- Trust: It eliminates the need to trust a third-party server for authentication, using x25519 keys for secure communication.
- Versatility: Beyond simple file transfers, wush provides a foundation for more advanced functionalities like remote shell access, thanks to its WireGuard-powered network overlay.
wush leverages advancements in userspace networking to offer a tool that is not only fast and secure but also highly adaptable to various networking needs.
Links
- GitHub Repository: https://github.com/coder/wush
- Go Reference: https://pkg.go.dev/badge/github.com/coder/wush.svg