The libssh server API
Overview
// typedefs typedef void (*ssh_bind_incoming_connection_callback)( ssh_bind sshbind, void *userdata ); // enums enum ssh_bind_options_e; // structs struct ssh_bind_callbacks_struct; // global functions LIBSSH_API int ssh_bind_accept( ssh_bind ssh_bind_o, ssh_session session ); LIBSSH_API int ssh_bind_accept_fd( ssh_bind ssh_bind_o, ssh_session session, socket_t fd ); LIBSSH_API void ssh_bind_fd_toaccept(ssh_bind ssh_bind_o); LIBSSH_API void ssh_bind_free(ssh_bind ssh_bind_o); LIBSSH_API socket_t ssh_bind_get_fd(ssh_bind ssh_bind_o); LIBSSH_API int ssh_bind_listen(ssh_bind ssh_bind_o); LIBSSH_API ssh_bind ssh_bind_new(void); LIBSSH_API int ssh_bind_options_set( ssh_bind sshbind, enum ssh_bind_options_e type, const void* value ); LIBSSH_API void ssh_bind_set_blocking( ssh_bind ssh_bind_o, int blocking ); LIBSSH_API int ssh_bind_set_callbacks( ssh_bind sshbind, ssh_bind_callbacks callbacks, void* userdata ); LIBSSH_API void ssh_bind_set_fd( ssh_bind ssh_bind_o, socket_t fd ); LIBSSH_API int ssh_channel_open_reverse_forward( ssh_channel channel, const char* remotehost, int remoteport, const char* sourcehost, int localport ); LIBSSH_API int ssh_channel_open_x11( ssh_channel channel, const char* orig_addr, int orig_port ); LIBSSH_API int ssh_channel_request_send_exit_signal( ssh_channel channel, const char* signum, int core, const char* errmsg, const char* lang ); LIBSSH_API int ssh_channel_request_send_exit_status( ssh_channel channel, int exit_status ); LIBSSH_API int ssh_channel_write_stderr( ssh_channel channel, const void* data, uint32_t len ); LIBSSH_API ssh_gssapi_creds ssh_gssapi_get_creds(ssh_session session); LIBSSH_API int ssh_handle_key_exchange(ssh_session session); LIBSSH_API const char* ssh_message_auth_password(ssh_message msg); LIBSSH_API ssh_key ssh_message_auth_pubkey(ssh_message msg); LIBSSH_API const char* ssh_message_auth_user(ssh_message msg); LIBSSH_API int ssh_message_reply_default(ssh_message msg); LIBSSH_API void ssh_set_auth_methods( ssh_session session, int auth_methods ); LIBSSH_API void ssh_set_message_callback( ssh_session session, int(*)(ssh_session session, ssh_message msg, void*data) ssh_bind_message_callback, void* data ); static socket_t bind_socket( ssh_bind sshbind, const char* hostname, int port ); ssh_poll_handle ssh_bind_get_poll(ssh_bind sshbind); static int ssh_bind_import_keys(ssh_bind sshbind); static int ssh_bind_poll_callback( ssh_poll_handle sshpoll, socket_t fd, int revents, void* user ); int channel_write_stderr( ssh_channel channel, const void* data, uint32_t len ); int ssh_accept(ssh_session session); static int ssh_bind_set_key( ssh_bind sshbind, char** key_loc, const void* value ); static int callback_receive_banner( const void* data, size_t len, void* user ); static int dh_handshake_server(ssh_session session); static int server_set_kex(ssh_session session); int ssh_auth_reply_default( ssh_session session, int partial ); int ssh_auth_reply_success( ssh_session session, int partial ); LIBSSH_API int ssh_execute_message_callbacks(ssh_session session); int ssh_get_key_params( ssh_session session, ssh_key* privkey ); LIBSSH_API int ssh_message_auth_interactive_request( ssh_message msg, const char* name, const char* instruction, unsigned int num_prompts, const char** prompts, char* echo ); LIBSSH_API int ssh_message_auth_kbdint_is_response(ssh_message msg); ssh_public_key ssh_message_auth_publickey(ssh_message msg); LIBSSH_API enum ssh_publickey_state_e ssh_message_auth_publickey_state(ssh_message msg); LIBSSH_API int ssh_message_auth_reply_pk_ok( ssh_message msg, ssh_string algo, ssh_string pubkey ); LIBSSH_API int ssh_message_auth_reply_pk_ok_simple(ssh_message msg); LIBSSH_API int ssh_message_auth_reply_success( ssh_message msg, int partial ); LIBSSH_API int ssh_message_auth_set_methods( ssh_message msg, int methods ); LIBSSH_API ssh_channel ssh_message_channel_request_channel(ssh_message msg); LIBSSH_API const char* ssh_message_channel_request_command(ssh_message msg); LIBSSH_API const char* ssh_message_channel_request_env_name(ssh_message msg); LIBSSH_API const char* ssh_message_channel_request_env_value(ssh_message msg); LIBSSH_API const char* ssh_message_channel_request_open_destination(ssh_message msg); LIBSSH_API int ssh_message_channel_request_open_destination_port(ssh_message msg); LIBSSH_API const char* ssh_message_channel_request_open_originator(ssh_message msg); LIBSSH_API int ssh_message_channel_request_open_originator_port(ssh_message msg); static int ssh_message_channel_request_open_reply_default(ssh_message msg); LIBSSH_API int ssh_message_channel_request_pty_height(ssh_message msg); LIBSSH_API int ssh_message_channel_request_pty_pxheight(ssh_message msg); LIBSSH_API int ssh_message_channel_request_pty_pxwidth(ssh_message msg); LIBSSH_API const char* ssh_message_channel_request_pty_term(ssh_message msg); LIBSSH_API int ssh_message_channel_request_pty_width(ssh_message msg); static int ssh_message_channel_request_reply_default(ssh_message msg); LIBSSH_API const char* ssh_message_channel_request_subsystem(ssh_message msg); LIBSSH_API const char* ssh_message_channel_request_x11_auth_cookie(ssh_message msg); LIBSSH_API const char* ssh_message_channel_request_x11_auth_protocol(ssh_message msg); LIBSSH_API int ssh_message_channel_request_x11_screen_number(ssh_message msg); LIBSSH_API int ssh_message_channel_request_x11_single_connection(ssh_message msg); LIBSSH_API const char* ssh_message_global_request_address(ssh_message msg); LIBSSH_API int ssh_message_global_request_port(ssh_message msg); static int ssh_message_global_request_reply_default(ssh_message msg); LIBSSH_API int ssh_message_global_request_reply_success( ssh_message msg, uint16_t bound_port ); LIBSSH_API int ssh_message_service_reply_success(ssh_message msg); static int ssh_message_service_request_reply_default(ssh_message msg); LIBSSH_API const char* ssh_message_service_service(ssh_message msg); SSH_PACKET_CALLBACK(ssh_packet_kexdh_init); LIBSSH_API int ssh_send_keepalive(ssh_session session); static void ssh_server_connection_callback(ssh_session session); static int ssh_server_kex_termination(void* s); static int ssh_server_kexdh_init( ssh_session session, ssh_buffer packet ); // macros #define SERVERBANNER #define SOCKOPT_TYPE_ARG4
Detailed Documentation
Typedefs
typedef void (*ssh_bind_incoming_connection_callback)( ssh_bind sshbind, void *userdata )
Incoming connection callback.
This callback is called when a ssh_bind has a new incoming connection.
Parameters:
sshbind |
Current sshbind session handler |
userdata |
Userdata to be passed to the callback function. |
Global Functions
LIBSSH_API int ssh_bind_accept( ssh_bind ssh_bind_o, ssh_session session )
Accept an incoming ssh connection and initialize the session.
Parameters:
ssh_bind_o |
The ssh server bind to accept a connection. |
session |
A preallocated ssh session |
Returns:
SSH_OK when a connection is established
See also:
LIBSSH_API int ssh_bind_accept_fd( ssh_bind ssh_bind_o, ssh_session session, socket_t fd )
Accept an incoming ssh connection on the given file descriptor and initialize the session.
Parameters:
ssh_bind_o |
The ssh server bind to accept a connection. |
session |
A preallocated ssh session |
fd |
A file descriptor of an already established TCP inbound connection |
Returns:
SSH_OK when a connection is established
See also:
LIBSSH_API void ssh_bind_fd_toaccept(ssh_bind ssh_bind_o)
Allow the file descriptor to accept new sessions.
Parameters:
ssh_bind_o |
The ssh server bind to use. |
LIBSSH_API void ssh_bind_free(ssh_bind ssh_bind_o)
Free a ssh servers bind.
Parameters:
ssh_bind_o |
The ssh server bind to free. |
LIBSSH_API socket_t ssh_bind_get_fd(ssh_bind ssh_bind_o)
Recover the file descriptor from the session.
Parameters:
ssh_bind_o |
The ssh server bind to get the fd from. |
Returns:
The file descriptor.
LIBSSH_API int ssh_bind_listen(ssh_bind ssh_bind_o)
Start listening to the socket.
Parameters:
ssh_bind_o |
The ssh server bind to use. |
Returns:
0 on success, < 0 on error.
LIBSSH_API ssh_bind ssh_bind_new(void)
Creates a new SSH server bind.
Returns:
A newly allocated ssh_bind session pointer.
LIBSSH_API int ssh_bind_options_set( ssh_bind sshbind, enum ssh_bind_options_e type, const void* value )
Set options for an SSH server bind.
SSH_BIND_OPTIONS_HOSTKEY: Set the path to an ssh host key, regardless of type. Only one key from per key type (RSA, DSA, ECDSA) is allowed in an ssh_bind at a time, and later calls to this function with this option for the same key type will override prior calls (const char *).
SSH_BIND_OPTIONS_BINDADDR: Set the IP address to bind (const char *).
SSH_BIND_OPTIONS_BINDPORT: Set the port to bind (unsigned int *).
SSH_BIND_OPTIONS_BINDPORT_STR: Set the port to bind (const char *).
SSH_BIND_OPTIONS_LOG_VERBOSITY: Set the session logging verbosity (int *). The logging verbosity should have one of the following values, which are listed in order of increasing verbosity. Every log message with verbosity less than or equal to the logging verbosity will be shown.
SSH_LOG_NOLOG: No logging
SSH_LOG_WARNING: Only warnings
SSH_LOG_PROTOCOL: High level protocol information
SSH_LOG_PACKET: Lower level protocol infomations, packet level
SSH_LOG_FUNCTIONS: Every function path
SSH_BIND_OPTIONS_LOG_VERBOSITY_STR: Set the session logging verbosity via a string that will be converted to a numerical value (e.g. “3”) and interpreted according to the values of SSH_BIND_OPTIONS_LOG_VERBOSITY above (const char *).
SSH_BIND_OPTIONS_DSAKEY: Set the path to the ssh host dsa key, SSHv2 only (const char *).
SSH_BIND_OPTIONS_RSAKEY: Set the path to the ssh host rsa key, SSHv2 only (const char *).
SSH_BIND_OPTIONS_ECDSAKEY: Set the path to the ssh host ecdsa key, SSHv2 only (const char *).
SSH_BIND_OPTIONS_BANNER: Set the server banner sent to clients (const char *).
Parameters:
sshbind |
The ssh server bind to configure. |
type |
The option type to set. This should be one of the following: |
value |
The value to set. This is a generic pointer and the datatype which should be used is described at the corresponding value of type above. |
Returns:
0 on success, < 0 on error, invalid option, or parameter.
LIBSSH_API void ssh_bind_set_blocking( ssh_bind ssh_bind_o, int blocking )
Set the session to blocking/nonblocking mode.
Parameters:
ssh_bind_o |
The ssh server bind to use. |
blocking |
Zero for nonblocking mode. |
LIBSSH_API int ssh_bind_set_callbacks( ssh_bind sshbind, ssh_bind_callbacks callbacks, void* userdata )
Set the callback for this bind.
struct ssh_callbacks_struct cb = { .userdata = data, .auth_function = my_auth_function }; ssh_callbacks_init(&cb); ssh_bind_set_callbacks(session, &cb);
Parameters:
sshbind |
The bind to set the callback on. |
callbacks |
An already set up ssh_bind_callbacks instance. |
userdata |
A pointer to private data to pass to the callbacks. |
Returns:
SSH_OK on success, SSH_ERROR if an error occured.
LIBSSH_API void ssh_bind_set_fd( ssh_bind ssh_bind_o, socket_t fd )
Set the file descriptor for a session.
Parameters:
ssh_bind_o |
The ssh server bind to set the fd. |
fd |
The file descriptssh_bind B |
LIBSSH_API int ssh_channel_open_reverse_forward( ssh_channel channel, const char* remotehost, int remoteport, const char* sourcehost, int localport )
Open a TCP/IP reverse forwarding channel.
Warning
This function does not bind the local port and does not automatically forward the content of a socket to the channel. You still have to use channel_read and channel_write for this.
Parameters:
channel |
An allocated channel. |
remotehost |
The remote host to connected (host name or IP). |
remoteport |
The remote port. |
sourcehost |
The source host (your local computer). It’s optional and for logging purpose. |
localport |
The source port (your local computer). It’s optional and for logging purpose. |
Returns:
SSH_OK on success, SSH_ERROR if an error occurred, SSH_AGAIN if in nonblocking mode and call has to be done again.
LIBSSH_API int ssh_channel_open_x11( ssh_channel channel, const char* orig_addr, int orig_port )
Open a X11 channel.
Warning
This function does not bind the local port and does not automatically forward the content of a socket to the channel. You still have to use channel_read and channel_write for this.
Parameters:
channel |
An allocated channel. |
orig_addr |
The source host (the local server). |
orig_port |
The source port (the local server). |
Returns:
SSH_OK on success, SSH_ERROR if an error occurred, SSH_AGAIN if in nonblocking mode and call has to be done again.
LIBSSH_API int ssh_channel_request_send_exit_signal( ssh_channel channel, const char* signum, int core, const char* errmsg, const char* lang )
Send an exit signal to remote process (RFC 4254, section 6.10).
This sends the exit status of the remote process. Note, that remote system may not support signals concept. In such a case this request will be silently ignored. Only SSH-v2 is supported (I’m not sure about SSH-v1).
Parameters:
channel |
The channel to send signal. |
sig |
The signal to send (without SIG prefix) (e.g. “TERM” or “KILL”). |
core |
A boolean to tell if a core was dumped |
errmsg |
A CRLF explanation text about the error condition |
lang |
The language used in the message (format: RFC 3066) |
Returns:
SSH_OK on success, SSH_ERROR if an error occurred (including attempts to send signal via SSH-v1 session).
LIBSSH_API int ssh_channel_request_send_exit_status( ssh_channel channel, int exit_status )
Send the exit status to the remote process.
Sends the exit status to the remote process (as described in RFC 4254, section 6.10). Only SSH-v2 is supported (I’m not sure about SSH-v1).
Parameters:
channel |
The channel to send exit status. |
exit_status |
The exit status to send |
Returns:
SSH_OK on success, SSH_ERROR if an error occurred. (including attempts to send exit status via SSH-v1 session).
LIBSSH_API int ssh_channel_write_stderr( ssh_channel channel, const void* data, uint32_t len )
Blocking write on a channel stderr.
Parameters:
channel |
The channel to write to. |
data |
A pointer to the data to write. |
len |
The length of the buffer to write to. |
Returns:
The number of bytes written, SSH_ERROR on error.
See also:
LIBSSH_API ssh_gssapi_creds ssh_gssapi_get_creds(ssh_session session)
returns the client credentials of the connected client.
If the client has given a forwardable token, the SSH server will retrieve it.
Returns:
gssapi credentials handle.
NULL if no forwardable token is available.
LIBSSH_API int ssh_handle_key_exchange(ssh_session session)
Handles the key exchange and set up encryption.
Parameters:
session |
A connected ssh session |
Returns:
SSH_OK if the key exchange was successful
See also:
LIBSSH_API const char* ssh_message_auth_password(ssh_message msg)
Get the password of the authenticated user.
Parameters:
msg |
The message to get the password from. |
Returns:
The username or NULL if an error occured.
See also:
LIBSSH_API ssh_key ssh_message_auth_pubkey(ssh_message msg)
Get the publickey of the authenticated user.
If you need the key for later user you should duplicate it.
Parameters:
msg |
The message to get the public key from. |
Returns:
The public key or NULL.
See also:
LIBSSH_API const char* ssh_message_auth_user(ssh_message msg)
Get the name of the authenticated user.
Parameters:
msg |
The message to get the username from. |
Returns:
The username or NULL if an error occured.
See also:
LIBSSH_API int ssh_message_reply_default(ssh_message msg)
Reply with a standard reject message.
Use this function if you don’t know what to respond or if you want to reject a request.
Parameters:
msg |
The message to use for the reply. |
Returns:
0 on success, -1 on error.
See also:
LIBSSH_API void ssh_set_auth_methods( ssh_session session, int auth_methods )
Set the acceptable authentication methods to be sent to client.
Parameters:
session |
the SSH server session |
auth_methods |
Bitfield of authentication methods to be accepted, e.g. SSH_AUTH_METHOD_PUBLICKEY |
LIBSSH_API void ssh_set_message_callback( ssh_session session, int(*)(ssh_session session, ssh_message msg, void*data) ssh_bind_message_callback, void* data )
defines the ssh_message callback
Parameters:
session |
the current ssh session |
ssh_bind_message_callback |
a function pointer to a callback taking the current ssh session and received message as parameters. the function returns 0 if the message has been parsed and treated successfully, 1 otherwise (libssh must take care of the response). |
data |
void pointer to be passed to callback functions |