libssh

This is the online reference for developing with the libssh library. It documents the libssh C API and the C++ wrapper.

Linking

We created a small howto how to link libssh against your application, read The Linking HowTo.

Tutorial

You should start by reading The Tutorial, then reading the documentation of the interesting functions as you go.

Features

The libssh library provides:

  • Key Exchange Methods : curve25519-sha256@libssh.org, ecdh-sha2-nistp256, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1

  • Hostkey Types : ecdsa-sha2-nistp256, ssh-dss, ssh-rsa

  • Ciphers : aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, des-cbc-ssh1, blowfish-cbc, none

  • Compression Schemes : zlib, zlib@openssh.com, none

  • MAC hashes : hmac-sha1, none

  • Authentication : none, password, public-key, hostbased, keyboard-interactive, gssapi-with-mic

  • Channels : shell, exec (incl. SCP wrapper), direct-tcpip, subsystem, auth-agent-req@openssh.com

  • Global Requests : tcpip-forward, forwarded-tcpip

  • Channel Requests : x11, pty, exit-status, signal, exit-signal, keepalive@openssh.com, auth-agent-req@openssh.com

  • Subsystems : sftp(version 3), publickey(version 2), OpenSSH Extensions

  • SFTP : statvfs@openssh.com, fstatvfs@openssh.com

  • Thread-safe : Just don’t share sessions

  • Non-blocking : it can be used both blocking and non-blocking

  • Your sockets : the app hands over the socket, or uses libssh sockets

  • OpenSSL or gcrypt : builds with either

Additional Features

How to sign your work

Once you have permission to contribute to libssh from your employer, simply email a copy of the following text from your corporate email address to:

contributing@libssh.org

libssh Developer's Certificate of Origin. Version 1.0

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the appropriate
    version of the GNU General Public License; or

(b) The contribution is based upon previous work that, to the best of
    my knowledge, is covered under an appropriate open source license
    and I have the right under that license to submit that work with
    modifications, whether created in whole or in part by me, under
    the GNU General Public License, in the appropriate version; or

(c) The contribution was provided directly to me by some other
    person who certified (a) or (b) and I have not modified it.

(d) I understand and agree that this project and the contribution are
    public and that a record of the contribution (including all
    metadata and personal information I submit with it, including my
    sign-off) is maintained indefinitely and may be redistributed
    consistent with the libssh Team's policies and the requirements of
    the GNU GPL where they are relevant.

(e) I am granting this work to this project under the terms of the
    GNU Lesser General Public License as published by the
    Free Software Foundation; either version 2.1 of
    the License, or (at the option of the project) any later version.

http://www.gnu.org/licenses/lgpl-2.1.html

We will maintain a copy of that email as a record that you have the rights to contribute code to libssh under the required licenses whilst working for the company where the email came from.

Then when sending in a patch via the normal mechanisms described above, add a line that states:

Signed-off-by: Random J Developer <random@developer.example.org>

using your real name and the email address you sent the original email you used to send the libssh Developer’s Certificate of Origin to us (sorry, no pseudonyms or anonymous contributions.)

That’s it! Such code can then quite happily contain changes that have copyright messages such as:

(c) Example Corporation.

and can be merged into the libssh codebase in the same way as patches from any other individual. You don’t need to send in a copy of the libssh Developer’s Certificate of Origin for each patch, or inside each patch. Just the sign-off message is all that is required once we’ve received the initial email.

Have fun and happy libssh hacking!

The libssh Team

Internet standard

Secure Shell (SSH)

The following RFC documents described SSH-2 protcol as an Internet standard.

  • RFC 4250, The Secure Shell (SSH) Protocol Assigned Numbers

  • RFC 4251, The Secure Shell (SSH) Protocol Architecture

  • RFC 4252, The Secure Shell (SSH) Authentication Protocol

  • RFC 4253, The Secure Shell (SSH) Transport Layer Protocol

  • RFC 4254, The Secure Shell (SSH) Connection Protocol

  • RFC 4255, Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints

  • RFC 4256, Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)

  • RFC 4335, The Secure Shell (SSH) Session Channel Break Extension

  • RFC 4344, The Secure Shell (SSH) Transport Layer Encryption Modes

  • RFC 4345, Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol

It was later modified and expanded by the following RFCs.

  • RFC 4419, Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol

  • RFC 4432, RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol

  • RFC 4462, Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol

  • RFC 4716, The Secure Shell (SSH) Public Key File Format

  • RFC 5647, AES Galois Counter Mode for the Secure Shell Transport Layer Protocol

  • RFC 5656, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer

Interesting cryptography documents:

  • PKCS #11, PKCS #11 reference documents, describing interface with smartcards.

Secure Shell File Transfer Protocol (SFTP)

The protocol is not an Internet standard but it is still widely implemented. OpenSSH and most other implementation implement Version 3 of the protocol. We do the same in libssh.

Secure Shell Extensions

The libssh project has an extension to support Curve25519 which is also supported by the OpenSSH project.

The OpenSSH project has defined some extensions to the protocol. We support some of them like the statvfs calls in SFTP or the ssh-agent.

Related Pages:

Further Reading:

Related Pages:

Reference and Index: