Features

  • Support for Linux, BSD, Solaris and Windows
  • Client and Server implementation
  • Kerberos support (GSSAPI)
  • OpenSSL and GCrypt
  • Public Key infrastructure
  • Elliptic Curve DSA (ECDSA) support (with OpenSSL)
  • Elliptic Curve Diffie Hellman (ECDH) support
  • Asynchronous (non-blocking) support
  • SCP and SFTP support (client and server)

What is this?

libssh is a mulitplatform C library implementing the SSHv2 and SSHv1 protocol for client and server implementations. With libssh, you can remotely execute programs, transfer files and use a secure and transparent tunnel for your remote applications.


Read our Tutorial and take a look at our testing infrastructure or the code in git.


Who uses libssh?






News

libssh 0.5.3 (SECURITY RELEASE)

This is an important SECURITY and maintenance release in order to address CVE-2012-4559, CVE-2012-4560, CVE-2012-4561 and CVE-2012-4562.

The double free in sftp_parse_attr_3() could be used for a Denial of Service attack against a libssh client implementation. The sftp server implementations are probably not vulnerable. However we suggest everyone to update to version 0.5.3.

Thanks to Xi Wang and Florian Weimer for the reports, help and fixes.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.3 here. For Windows binaries we suggest to use the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora and for openSUSE are available here.

The security patches are available as a tarball here.

ChangeLog

  • CVE-2012-4559 Fixed multiple double free() flaws.
  • CVE-2012-4560 Fixed multiple buffer overflow flaws.
  • CVE-2012-4561 Fixed multiple invalid free() flaws.
  • BUG #84 – Fix bug in sftp_mkdir not returning on error.
  • BUG #85 – Fixed a possible channel infinite loop if the connection dropped.
  • BUG #88 – Added missing channel request_state and set it to accepted.
  • BUG #89 – Reset error state to no error on successful SSHv1 authentiction.
  • Fixed a possible use after free in ssh_free().
  • Fixed multiple possible NULL pointer dereferences.
  • Fixed multiple memory leaks in error paths.
  • Fixed timeout handling.
  • Fixed regression in pre-connected socket setting.
  • Handle all unknown global messages.

flattr this!

libssh 0.5.2

This is another bugfix release of libssh version 0.5.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.2 here. For Windows binaries we suggest to use our MSVC build or the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora and for openSUSE are available here.

ChangeLog:

  • Increased window size x10.
  • Fixed SSHv1.
  • Fixed bugged lists.
  • Fixed use-after-free + inconsistent callbacks call in poll.
  • Fixed scp documentation.
  • Fixed possible infinite loop in channel_read().
  • Fixed handling of short reads of sftp_async_read().
  • Fixed handling request service timeout in blocking mode.
  • Fixed ssh_auth_list() documentation.
  • Fixed incorrect return values in ssh_channel_write().
  • Fixed an infinite loop in the termination callback.
  • Fixed handling of SSH_AGAIN in channel_open().
  • Fixed “status -5 inflating zlib packet”

flattr this!

libssh 0.5.1

This is our first libssh bugfix release of the 0.5 version.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.1 here (gpg asc). For Windows binaries we suggest to use our MSVC build or the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora and for openSUSE are available here.

ChangeLog:

  • Added checks for NULL pointers in string.c.
  • Set the channel max packet size to 32768.
  • Don’t (de)compress empty buffers.
  • Fixed ssh_scp_write so it works when doing recursive copy.
  • Fixed another source of endless wait.
  • Fixed an endless loop in case of a channel_open error.
  • Fixed session timeout handling.
  • Fixed ssh_channel_from_local() loop.
  • Fixed permissions of scp example when we copy a file.
  • Workaround ssh_get_user_home_dir on LDAP users.
  • Added pkg-config support for libssh_threads.
  • Fixed compilation without server and sftp modes.
  • Fix static .lib overwriting on Windows.

flattr this!

libssh 0.5.0

We are proud to finally announce libssh in version 0.5. It took a lot of time to get this version stable and out. We have rewritten huge parts of the libssh internals to be able to be completely async in future. The whole network design passed from synchronous calls to an event-based asynchronous system. We also welcomed Milo as a new developer in our team. He is working on the server support and ssh_pki, which will provide a complete API to manipulate SSH keys. We also have to thank Oliver Stöneberg who tested 0.5 over the last months and sent a big amount of patches, and Eric Bischoff who authored many pages of the tutorial.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.0 here. For Windows binaries we suggest to use our MSVC build or the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora and for openSUSE are available here.

ChangeLog:

  • Added ssh_ prefix to all public functions.
  • Added complete Windows support.
  • Added improved server support.
  • Added unit tests for a lot of functions.
  • Added asynchronous service request.
  • Added a multiplatform ssh_getpass() function.
  • Added a tutorial.
  • Added a lot of documentation.
  • Fixed a lot of bugs.
  • Fixed several memory leaks.

flattr this!

libssh 0.5.0rc1

Today we announce the first release candidate for libssh 0.5.0. We consider 0.5 more stable than 0.4 and hope that this will also be the last release candidate.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.5.0rc1 here.

ChangeLog:

  • Added ssh_ prefix to all public functions.
  • Added complete Windows support.
  • Added improved server support.
  • Added unit tests for a lot of functions.
  • Added asynchronous service request.
  • Added a multiplatform ssh_getpass() function.
  • Added a tutorial.
  • Added a lot of documentation.

flattr this!

libssh at FOSDEM 2011

Your favourite SSH library will be represented by Andreas and myself at Fosdem, and we will even have a few words in the security/hardware crypto devroom. Don’t hesitate to hang around with us and have a beer or two…

See you at FOSDEM !

Aris

flattr this!

libssh 0.4.8

This is a new libssh release which fixes some bugs and some memory leaks.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.4.8 here. For Windows binaries we suggest to use the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora are available here and for openSUSE here.

ChangeLog:

  • Fixed memory leaks in session signing.
  • Fixed memory leak in ssh_print_hexa.
  • Fixed problem with ssh_connect w/ timeout and fd > 1024.
  • Fixed some warnings on OS/2.
  • Fixed installation path for OS/2.

flattr this!

How to contribute to libssh

libssh is an open source project and there are several ways to contribute. We will show you some ways how to do that depending on your hardware access and knowledge.

Users:

As a user you can report bugs to our bugtracking system at http://red.libssh.org/. Another way could be to package libssh for you distribution.

Application Developer:

As above you can report bugs. If you have an exotic platform and you’re not sure if libssh is supported on this platform you can take a look at our dashboard. If you can’t find your platform in the dashboard this doesn’t mean that libssh doesn’t work on it, it is just not actively supported.

If you want support for your platform there are two possibilities:

  1. You report bugs and create patches and check regluarly if it still works on your platform.
  2. You can provide a Nightly Build for libssh.

How does this work:

You need a machine with the following packages installed: cmake, cmockery, git, openssl, zlib
Grab the ctest instructions from: http://git.libssh.org/projects/libssh.git/tree/tests/ctest-default.cmake
Edit the file and change:

CTEST_DIRECTORY: The directory to use to do the git checkout and build
CTEST_SITE: Your hostname –fqdn
CTEST_BUILD_NAME: The build name e.g. Fedora_13-GCC_4.5-x86_64-default
CTEST_CMAKE_GENERATOR: The generator e.g. Unix Makefiles (see man ctest)
CTEST_MODEL: Which should be Nightly

Then run ctest with: ctest -S path/to/cmake-default.cmake

Contributor:

You can start to be an active contributor to libssh. Register at the mailing list and take a look in our bugtracker what needs to be done or fixed :)

flattr this!

libssh 0.4.7

This is a new libssh release which fixes several bugs and some memory leaks.

If you are new to libssh read The Tutorial how to get started. Please join our mailing list or visit our irc channel if you have questions.

You can download libssh 0.4.7 here. For Windows binaries we suggest to use the MSVC and MinGW binaries from the KDE Windows project here. Packages for Fedora are available here and for openSUSE here.

ChangeLog:

  • Fixed a possible memory leak in ssh_get_user_home().
  • Fixed a memory leak in sftp_xstat.
  • Fixed uninitialized fd->revents member.
  • Fixed timout value in ssh_channel_accept().
  • Fixed length checks in ssh_analyze_banner().
  • Fixed a possible data overread and crash bug.
  • Fixed setting max_fd which breaks ssh_select().
  • Fixed some pedantic build warnings.
  • Fixed a memory leak with session->bindaddr.

flattr this!

Bug Tracker

Our new system for bug tracking and development coordination is up and running:

http://red.libssh.org/

We are using Redmine as the bug tracking system running with mod_passenger.

flattr this!