[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A couple of newbie questions about libssh in server mode.




Not sure about the in-memory private key, the libssh code was built to be independent of the underlying cryptographic library, examine ssh_key_struct in pki.h, note that it has preprocessor conditionals for OpenSSL or GCrypt.

You could probably modify the source to expose these attributes but I doubt it would be allowed into the mainline (I may be wrong!).

With regards to SSH sub-systems, I think these are defined in the rfc documents, it is unlikely that the code will support the introduction of arbitrary sub-systems, I don't think you need to, if you're using port forwarding to open the connection, the protocol is agnostic about what goes through the channel, as long as there's some port open on the remote site which can accept the data.

On 08/08/2012 09:29 PM, drbob wrote:
I've solved Issue (3),  by freeing the session, and creating a new one...
	- the docs say you shouldn't need to do this.

Thoughts about (1) & (2) ?

On 8 Aug 2012, at 19:30, drbob wrote:

Dear libssh developers.

Thanks for this great library...
Only took me an hour or so, to get an SSH server embedded into our Software.

I'm a developer for Retroshare (http://retroshare.sourceforge.net), and we are planning to use libssh to provide
a remote terminal interface so people can run RS on routers, and Raspberry-PI's, etc, and access from anywhere.

Would like to ask a few questions:

1) SSH server private key.  At the moment, I'm using a rsa_host_key file which is registered using
	ssh_bind_options_set(..., SSH_BIND_OPTIONS_RSAKEY, ...)

  Can we load the private key from memory using a EVP_PKEY * structure (or similar)?

2) For this initial code, I've just adapted your samplesshd.c code.
	-> open SSH_CHANNEL_SESSION.
	-> open a SHELL.

This is great for our initial Terminal style application. In the future we plan to stream data over this link,
and would like to create our own subsystem (or just explicitly name it, so it cannot be confused):
	-> open SSH_CHANNEL_SESSION.
	-> open a RS_DATA_LINK

The Tutorial, says this is outside its scope (fair enough ;), but I can't find any other documentation.
Is there an example of how to do somewhere?
What is the best way to do this?


3) Using the samplesshd.c code, I can successfully connect once from an ssh client, but a second attempt hangs.
I'm assuming this is because I haven't cleaned up libssh properly after the first connection:

Real Code:
http://retroshare.svn.sourceforge.net/viewvc/retroshare/branches/v0.5-gxs-b1/retroshare-nogui/src/ssh/rssshd.cc?revision=5396&view=markup

Pseudo code:
	mBind = ssh_bind_new();
       mSession = ssh_new();
       ssh_bind_options_set( ....);

       while(1)
	{
       	ssh_bind_listen(mBind);
               ssh_bind_accept(...);
               ssh_handle_key_exchange(...);
               ...
		authUser();
               setupChannel();
               setupShell();

               read/write

               ssh_disconnect(mSession);
      }


Output for the Second Connection is:

[3] Enabling POLLOUT for socket
[3] ssh_handle_key_exchange: Actual state : 2
[3] ssh_handle_key_exchange: Actual state : 2
[3] Received banner: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
[1] SSH client banner: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
[1] Analyzing banner: SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu7
[1] We are talking to an OpenSSH client version: 5.3 (50300)
[3] Writing on the wire a packet having 339 bytes before
[3] 339 bytes after comp + 8 padding bytes = 348 bytes packet
[3] Enabling POLLOUT for socket
[3] ssh_handle_key_exchange: Actual state : 4
[3] ssh_handle_key_exchange: Actual state : 4
[3] Packet size decrypted: 788 (0x314)
[3] Read a 788 bytes packet
[3] 8 bytes padding, 787 bytes left in buffer
[3] After padding, 779 bytes left in buffer
[3] Final size 779
[3] Type 20
[3] Dispatching handler for packet type 20
[3] Set output algorithm aes128-ctr
[3] Set input algorithm aes128-ctr
[3] ssh_handle_key_exchange: Actual state : 6
[3] Packet size decrypted: 140 (0x8c)
[3] Read a 140 bytes packet
[3] 6 bytes padding, 139 bytes left in buffer
[3] After padding, 133 bytes left in buffer
[3] Final size 133
[3] Type 30
[3] Dispatching handler for packet type 30
[3] Received SSH_MSG_KEXDH_INIT
[1] Invalid state for SSH_MSG_KEXDH_INIT     <-------------- The Error ???
[3] ssh_handle_key_exchange: Actual state : 6
[3] ssh_handle_key_exchange: Actual state : 6
[1] Socket exception callback: 1 (0)                      <------------- Ctrl-C on ssh client.
[1] Error : Socket error: Success
[3] ssh_handle_key_exchange: Actual state : 9

Any clues?
other info required?


Thanks in advance.
drBob.














Archive administrator: postmaster@lists.cynapses.org