The SSH session functions.
Overview
Functions that manage a session. More…
// global functions int ssh_blocking_flush( ssh_session session, int timeout ); void ssh_clean_pubkey_hash(unsigned char** hash); int ssh_connect(ssh_session session); void ssh_disconnect(ssh_session session); void ssh_free(ssh_session session); const char* ssh_get_cipher_in(ssh_session session); const char* ssh_get_cipher_out(ssh_session session); const char* ssh_get_clientbanner(ssh_session session); const char* ssh_get_disconnect_message(ssh_session session); socket_t ssh_get_fd(ssh_session session); char* ssh_get_hexa( const unsigned char* what, size_t len ); const char* ssh_get_hmac_in(ssh_session session); const char* ssh_get_hmac_out(ssh_session session); char* ssh_get_issue_banner(ssh_session session); const char* ssh_get_kex_algo(ssh_session session); int ssh_get_openssh_version(ssh_session session); int ssh_get_poll_flags(ssh_session session); int ssh_get_pubkey_hash( ssh_session session, unsigned char** hash ); int ssh_get_publickey( ssh_session session, ssh_key* key ); int ssh_get_publickey_hash( const ssh_key key, enum ssh_publickey_hash_type type, unsigned char** hash, size_t* hlen ); const char* ssh_get_serverbanner(ssh_session session); int ssh_get_status(ssh_session session); int ssh_get_version(ssh_session session); int ssh_is_blocking(ssh_session session); int ssh_is_connected(ssh_session session); int ssh_is_server_known(ssh_session session); ssh_session ssh_new(void); int ssh_options_copy( ssh_session src, ssh_session* dest ); int ssh_options_get( ssh_session session, enum ssh_options_e type, char** value ); int ssh_options_get_port( ssh_session session, unsigned int* port_target ); int ssh_options_getopt( ssh_session session, int* argcptr, char** argv ); int ssh_options_parse_config( ssh_session session, const char* filename ); int ssh_options_set( ssh_session session, enum ssh_options_e type, const void* value ); void ssh_print_hexa( const char* descr, const unsigned char* what, size_t len ); int ssh_select( ssh_channel* channels, ssh_channel* outchannels, socket_t maxfd, fd_set* readfds, struct timeval* timeout ); int ssh_send_debug( ssh_session session, const char* message, int always_display ); int ssh_send_ignore( ssh_session session, const char* data ); void ssh_set_blocking( ssh_session session, int blocking ); void ssh_set_counters( ssh_session session, ssh_counter scounter, ssh_counter rcounter ); void ssh_set_fd_except(ssh_session session); void ssh_set_fd_toread(ssh_session session); void ssh_set_fd_towrite(ssh_session session); void ssh_silent_disconnect(ssh_session session); int ssh_write_knownhost(ssh_session session); static void ssh_client_connection_callback(ssh_session session); static int ssh_connect_termination(void* user); const char* ssh_copyright(void); static int ssh_select_cb( socket_t fd, int revents, void* userdata ); static int alldigits(const char* s); static int check_public_key( ssh_session session, char** tokens ); static int match_hashed_host( const char* host, const char* sourcehash ); static char** ssh_get_knownhost_line( FILE** file, const char* filename, const char** found_type ); char** ssh_knownhosts_algorithms(ssh_session session); static void tokens_free(char** tokens); int ssh_options_apply(ssh_session session); int ssh_options_set_algo( ssh_session session, int algo, const char* list ); static int ssh_flush_termination(void* c); int ssh_handle_packets( ssh_session session, int timeout ); int ssh_handle_packets_termination( ssh_session session, int timeout, ssh_termination_function fct, void* user ); void ssh_socket_exception_callback( int code, int errno_code, void* user ); // macros #define KNOWNHOSTS_MAXTYPES
Detailed Documentation
Functions that manage a session.
Global Functions
int ssh_blocking_flush( ssh_session session, int timeout )
Blocking flush of the outgoing buffer.
Parameters:
session |
The SSH session |
timeout |
Set an upper limit on the time for which this function will block, in milliseconds. Specifying -1 means an infinite timeout. This parameter is passed to the poll() function. |
Returns:
SSH_OK on success, SSH_AGAIN if timeout occurred, SSH_ERROR otherwise.
void ssh_clean_pubkey_hash(unsigned char** hash)
Deallocate the hash obtained by ssh_get_pubkey_hash.
This is required under Microsoft platform as this library might use a different C library than your software, hence a different heap.
Parameters:
hash |
The buffer to deallocate. |
See also:
int ssh_connect(ssh_session session)
Connect to the ssh server.
Parameters:
session |
The ssh session to connect. |
Returns:
SSH_OK on success, SSH_ERROR on error.
SSH_AGAIN, if the session is in nonblocking mode, and call must be done again.
See also:
void ssh_disconnect(ssh_session session)
Disconnect from a session (client or server).
The session can then be reused to open a new session.
Parameters:
session |
The SSH session to use. |
void ssh_free(ssh_session session)
Deallocate a SSH session handle.
Parameters:
session |
The SSH session to free. |
See also:
const char* ssh_get_cipher_in(ssh_session session)
get the name of the input cipher for the given session.
Parameters:
session |
The SSH session. |
Returns:
Returns cipher name or NULL.
const char* ssh_get_cipher_out(ssh_session session)
get the name of the output cipher for the given session.
Parameters:
session |
The SSH session. |
Returns:
Returns cipher name or NULL.
const char* ssh_get_clientbanner(ssh_session session)
get the client banner
Parameters:
session |
The SSH session |
Returns:
Returns the client banner string or NULL.
const char* ssh_get_disconnect_message(ssh_session session)
Get the disconnect message from the server.
Parameters:
session |
The ssh session to use. |
Returns:
The message sent by the server along with the disconnect, or NULL in which case the reason of the disconnect may be found with ssh_get_error.
See also:
socket_t ssh_get_fd(ssh_session session)
Get the fd of a connection.
In case you’d need the file descriptor of the connection to the server/client.
Parameters:
session |
The ssh session to use. |
Returns:
The file descriptor of the connection, or -1 if it is not connected
char* ssh_get_hexa( const unsigned char* what, size_t len )
Convert a buffer into a colon separated hex string.
The caller has to free the memory.
Parameters:
what |
What should be converted to a hex string. |
len |
Length of the buffer to convert. |
Returns:
The hex string or NULL on error.
See also:
const char* ssh_get_hmac_in(ssh_session session)
get the name of the input HMAC algorithm for the given session.
Parameters:
session |
The SSH session. |
Returns:
Returns HMAC algorithm name or NULL if unknown.
const char* ssh_get_hmac_out(ssh_session session)
get the name of the output HMAC algorithm for the given session.
Parameters:
session |
The SSH session. |
Returns:
Returns HMAC algorithm name or NULL if unknown.
char* ssh_get_issue_banner(ssh_session session)
Get the issue banner from the server.
This is the banner showing a disclaimer to users who log in, typically their right or the fact that they will be monitored.
Parameters:
session |
The SSH session to use. |
Returns:
A newly allocated string with the banner, NULL on error.
const char* ssh_get_kex_algo(ssh_session session)
get the name of the current key exchange algorithm.
Parameters:
session |
The SSH session |
Returns:
Returns the key exchange algorithm string or NULL.
int ssh_get_openssh_version(ssh_session session)
Get the version of the OpenSSH server, if it is not an OpenSSH server then 0 will be returned.
You can use the SSH_VERSION_INT macro to compare version numbers.
int openssh = ssh_get_openssh_version(); if (openssh == SSH_INT_VERSION(6, 1, 0)) { printf("Version match!\m"); }
Parameters:
session |
The SSH session to use. |
Returns:
The version number if available, 0 otherwise.
int ssh_get_poll_flags(ssh_session session)
Get poll flags for an external mainloop.
Parameters:
session |
The ssh session to use. |
Returns:
A bitmask including SSH_READ_PENDING or SSH_WRITE_PENDING. For SSH_READ_PENDING, your invocation of poll() should include POLLIN. For SSH_WRITE_PENDING, your invocation of poll() should include POLLOUT.
int ssh_get_pubkey_hash( ssh_session session, unsigned char** hash )
Deprecated Use ssh_get_publickey_hash()
int ssh_get_publickey( ssh_session session, ssh_key* key )
Get the server public key from a session.
Parameters:
session |
The session to get the key from. |
key |
A pointer to store the allocated key. You need to free the key. |
Returns:
SSH_OK on success, SSH_ERROR on errror.
See also:
int ssh_get_publickey_hash( const ssh_key key, enum ssh_publickey_hash_type type, unsigned char** hash, size_t* hlen )
Allocates a buffer with the hash of the public key.
This function allows you to get a hash of the public key. You can then print this hash in a human-readable form to the user so that he is able to verify it. Use ssh_get_hexa() or ssh_print_hexa() to display it.
Warning
It is very important that you verify at some moment that the hash matches a known server. If you don’t do it, cryptography wont help you at making things secure. OpenSSH uses SHA1 to print public key digests.
Parameters:
key |
The public key to create the hash for. |
type |
The type of the hash you want. |
hash |
A pointer to store the allocated buffer. It can be freed using ssh_clean_pubkey_hash(). |
hlen |
The length of the hash. |
Returns:
0 on success, -1 if an error occured.
See also:
const char* ssh_get_serverbanner(ssh_session session)
get the server banner
Parameters:
session |
The SSH session |
Returns:
Returns the server banner string or NULL.
int ssh_get_status(ssh_session session)
Get session status.
Parameters:
session |
The ssh session to use. |
Returns:
A bitmask including SSH_CLOSED, SSH_READ_PENDING, SSH_WRITE_PENDING or SSH_CLOSED_ERROR which respectively means the session is closed, has data to read on the connection socket and session was closed due to an error.
int ssh_get_version(ssh_session session)
Get the protocol version of the session.
Parameters:
session |
The ssh session to use. |
Returns:
1 or 2, for ssh1 or ssh2, < 0 on error.
int ssh_is_blocking(ssh_session session)
Return the blocking mode of libssh.
Parameters:
session |
The SSH session |
Returns:
0 if the session is nonblocking,
1 if the functions may block.
int ssh_is_connected(ssh_session session)
Check if we are connected.
Parameters:
session |
The session to check if it is connected. |
Returns:
1 if we are connected, 0 if not.
int ssh_is_server_known(ssh_session session)
Check if the server is known.
Checks the user’s known host file for a previous connection to the current server.
Bug There is no current way to remove or modify an entry into the known host table.
Parameters:
session |
The SSH session to use. |
Returns:
SSH_SERVER_KNOWN_OK: The server is known and has not changed.
SSH_SERVER_KNOWN_CHANGED: The server key has changed. Either you are under attack or the administrator changed the key. You HAVE to warn the user about a possible attack.
SSH_SERVER_FOUND_OTHER: The server gave use a key of a type while we had an other type recorded. It is a possible attack.
SSH_SERVER_NOT_KNOWN: The server is unknown. User should confirm the MD5 is correct.
SSH_SERVER_FILE_NOT_FOUND: The known host file does not exist. The host is thus unknown. File will be created if host key is accepted.
SSH_SERVER_ERROR: Some error happened.
See also:
ssh_session ssh_new(void)
Create a new ssh session.
Returns:
A new ssh_session pointer, NULL on error.
int ssh_options_copy( ssh_session src, ssh_session* dest )
Duplicate the options of a session structure.
If you make several sessions with the same options this is useful. You cannot use twice the same option structure in ssh_session_connect.
Parameters:
src |
The session to use to copy the options. |
dest |
A pointer to store the allocated session with duplicated options. You have to free the memory. |
Returns:
0 on sucess, -1 on error with errno set.
See also:
ssh_session_connect()
int ssh_options_get( ssh_session session, enum ssh_options_e type, char** value )
This function can get ssh options, it does not support all options provided for ssh options set, but mostly those which a user-space program may care about having trusted the ssh driver to infer these values from underlaying configuration files.
It operates only on those SSH_OPTIONS_* which return char*. If you wish to receive the port then please use ssh_options_get_port() which returns an unsigned int.
SSH_OPTIONS_HOST: The hostname or ip address to connect to (const char *).
SSH_OPTIONS_USER: The username for authentication (const char *).
when not explicitly set this will be inferred from the ~/.ssh/config file.
SSH_OPTIONS_IDENTITY: Set the identity file name (const char *,format string).
By default identity, id_dsa and id_rsa are checked.
The identity file used authenticate with public key. It may include “%s” which will be replaced by the user home directory.
SSH_OPTIONS_PROXYCOMMAND: Get the proxycommand necessary to log into the remote host. When not explicitly set, it will be read from the ~/.ssh/config file.
Parameters:
session |
An allocated SSH session structure. |
type |
The option type to get. This could be one of the following: |
value |
The value to get into. As a char**, space will be allocated by the function for the value, it is your responsibility to free the memory using ssh_string_free_char(). |
Returns:
SSH_OK on success, SSH_ERROR on error.
int ssh_options_get_port( ssh_session session, unsigned int* port_target )
This function can get ssh the ssh port.
It must only be used on a valid ssh session. This function is useful when the session options have been automatically inferred from the environment or configuration files and one
Parameters:
session |
An allocated SSH session structure. |
port_target |
An unsigned integer into which the port will be set from the ssh session. |
Returns:
0 on success, < 0 on error.
int ssh_options_getopt( ssh_session session, int* argcptr, char** argv )
Parse command line arguments.
This is a helper for your application to generate the appropriate options from the command line arguments.
The argv array and argc value are changed so that the parsed arguments wont appear anymore in them.
The single arguments (without switches) are not parsed. thus, myssh -l user localhost
The command wont set the hostname value of options to localhost.
Parameters:
session |
The session to configure. |
argcptr |
The pointer to the argument count. |
argv |
The arguments list pointer. |
Returns:
0 on success, < 0 on error.
See also:
ssh_session_new()
int ssh_options_parse_config( ssh_session session, const char* filename )
Parse the ssh config file.
This should be the last call of all options, it may overwrite options which are already set. It requires that the host name is already set with ssh_options_set_host().
Parameters:
session |
SSH session handle |
filename |
The options file to use, if NULL the default ~/.ssh/config will be used. |
Returns:
0 on success, < 0 on error.
See also:
ssh_options_set_host()
int ssh_options_set( ssh_session session, enum ssh_options_e type, const void* value )
This function can set all possible ssh options.
SSH_OPTIONS_HOST: The hostname or ip address to connect to (const char *).
SSH_OPTIONS_PORT: The port to connect to (unsigned int).
SSH_OPTIONS_PORT_STR: The port to connect to (const char *).
SSH_OPTIONS_FD: The file descriptor to use (socket_t).
If you wish to open the socket yourself for a reason or another, set the file descriptor. Don’t forget to set the hostname as the hostname is used as a key in the known_host mechanism.
SSH_OPTIONS_BINDADDR: The address to bind the client to (const char *).
SSH_OPTIONS_USER: The username for authentication (const char *).
If the value is NULL, the username is set to the default username.
SSH_OPTIONS_SSH_DIR: Set the ssh directory (const char *,format string).
If the value is NULL, the directory is set to the default ssh directory.
The ssh directory is used for files like known_hosts and identity (private and public key). It may include “%s” which will be replaced by the user home directory.
SSH_OPTIONS_KNOWNHOSTS: Set the known hosts file name (const char *,format string).
If the value is NULL, the directory is set to the default known hosts file, normally ~/.ssh/known_hosts.
The known hosts file is used to certify remote hosts are genuine. It may include “%s” which will be replaced by the user home directory.
SSH_OPTIONS_IDENTITY: Set the identity file name (const char *,format string).
By default identity, id_dsa and id_rsa are checked.
The identity file used authenticate with public key. It may include “%s” which will be replaced by the user home directory.
SSH_OPTIONS_TIMEOUT: Set a timeout for the connection in seconds (long).
SSH_OPTIONS_TIMEOUT_USEC: Set a timeout for the connection in micro seconds (long).
SSH_OPTIONS_SSH1: Allow or deny the connection to SSH1 servers (int, 0 is false).
SSH_OPTIONS_SSH2: Allow or deny the connection to SSH2 servers (int, 0 is false).
SSH_OPTIONS_LOG_VERBOSITY: Set the session logging verbosity (int).
The verbosity of the messages. Every log smaller or equal to verbosity will be shown.
SSH_LOG_NOLOG: No logging
SSH_LOG_RARE: Rare conditions or warnings
SSH_LOG_ENTRY: API-accessible entrypoints
SSH_LOG_PACKET: Packet id and size
SSH_LOG_FUNCTIONS: Function entering and leaving
SSH_OPTIONS_LOG_VERBOSITY_STR: Set the session logging verbosity (const char *).
The verbosity of the messages. Every log smaller or equal to verbosity will be shown.
SSH_LOG_NOLOG: No logging
SSH_LOG_RARE: Rare conditions or warnings
SSH_LOG_ENTRY: API-accessible entrypoints
SSH_LOG_PACKET: Packet id and size
SSH_LOG_FUNCTIONS: Function entering and leaving
See the corresponding numbers in
libssh.h.
SSH_OPTIONS_AUTH_CALLBACK: Set a callback to use your own authentication function (function pointer).
SSH_OPTIONS_AUTH_USERDATA: Set the user data passed to the authentication function (generic pointer).
SSH_OPTIONS_LOG_CALLBACK: Set a callback to use your own logging function (function pointer).
SSH_OPTIONS_LOG_USERDATA: Set the user data passed to the logging function (generic pointer).
SSH_OPTIONS_STATUS_CALLBACK: Set a callback to show connection status in realtime (function pointer).
fn(void *arg, float status)
During ssh_connect(), libssh will call the callback with status from 0.0 to 1.0.
SSH_OPTIONS_STATUS_ARG: Set the status argument which should be passed to the status callback (generic pointer).
SSH_OPTIONS_CIPHERS_C_S: Set the symmetric cipher client to server (const char *, comma-separated list).
SSH_OPTIONS_CIPHERS_S_C: Set the symmetric cipher server to client (const char *, comma-separated list).
SSH_OPTIONS_KEY_EXCHANGE: Set the key exchange method to be used (const char *, comma-separated list). ex: “ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1”
SSH_OPTIONS_HOSTKEYS: Set the preferred server host key types (const char *, comma-separated list). ex: “ssh-rsa,ssh-dss,ecdh-sha2-nistp256”
SSH_OPTIONS_COMPRESSION_C_S: Set the compression to use for client to server communication (const char *, “yes”, “no” or a specific algorithm name if needed (“zlib”,”zlib@openssh.com”,”none”).
SSH_OPTIONS_COMPRESSION_S_C: Set the compression to use for server to client communication (const char *, “yes”, “no” or a specific algorithm name if needed (“zlib”,”zlib@openssh.com”,”none”).
SSH_OPTIONS_COMPRESSION: Set the compression to use for both directions communication (const char *, “yes”, “no” or a specific algorithm name if needed (“zlib”,”zlib@openssh.com”,”none”).
SSH_OPTIONS_COMPRESSION_LEVEL: Set the compression level to use for zlib functions. (int, value from 1 to 9, 9 being the most efficient but slower).
SSH_OPTIONS_STRICTHOSTKEYCHECK: Set the parameter StrictHostKeyChecking to avoid asking about a fingerprint (int, 0 = false).
SSH_OPTIONS_PROXYCOMMAND: Set the command to be executed in order to connect to server (const char *).
SSH_OPTIONS_GSSAPI_SERVER_IDENTITY Set it to specify the GSSAPI server identity that libssh should expect when connecting to the server (const char *).
SSH_OPTIONS_GSSAPI_CLIENT_IDENTITY Set it to specify the GSSAPI client identity that libssh should expect when connecting to the server (const char *).
SSH_OPTIONS_GSSAPI_DELEGATE_CREDENTIALS Set it to specify that GSSAPI should delegate credentials to the server (int, 0 = false).
Parameters:
session |
An allocated SSH session structure. |
type |
The option type to set. This could be one of the following: |
value |
The value to set. This is a generic pointer and the datatype which is used should be set according to the type set. |
Returns:
0 on success, < 0 on error.
void ssh_print_hexa( const char* descr, const unsigned char* what, size_t len )
Print a buffer as colon separated hex string.
Parameters:
descr |
Description printed in front of the hex string. |
what |
What should be converted to a hex string. |
len |
Length of the buffer to convert. |
int ssh_select( ssh_channel* channels, ssh_channel* outchannels, socket_t maxfd, fd_set* readfds, struct timeval* timeout )
A wrapper for the select syscall.
This functions acts more or less like the select(2) syscall.
There is no support for writing or exceptions.
Warning
libssh is not reentrant here. That means that if a signal is caught during the processing of this function, you cannot call libssh functions on sessions that are busy with ssh_select().
Parameters:
channels |
Arrays of channels pointers terminated by a NULL. It is never rewritten. |
outchannels |
Arrays of same size that “channels”, there is no need to initialize it. |
maxfd |
Maximum +1 file descriptor from readfds. |
readfds |
A fd_set of file descriptors to be select’ed for reading. |
timeout |
The timeout in milliseconds. |
Returns:
SSH_OK on success, SSH_ERROR on error, SSH_EINTR if it was interrupted. In that case, just restart it.
See also:
select(2)
int ssh_send_debug( ssh_session session, const char* message, int always_display )
Send a debug message.
Parameters:
session |
The SSH session |
message |
Data to be sent |
always_display |
Message SHOULD be displayed by the server. It SHOULD NOT be displayed unless debugging information has been explicitly requested. |
Returns:
SSH_OK on success, SSH_ERROR otherwise.
int ssh_send_ignore( ssh_session session, const char* data )
Send a message that should be ignored.
Parameters:
session |
The SSH session |
data |
Data to be sent |
Returns:
SSH_OK on success, SSH_ERROR otherwise.
void ssh_set_blocking( ssh_session session, int blocking )
Set the session in blocking/nonblocking mode.
Parameters:
session |
The ssh session to change. |
blocking |
Zero for nonblocking mode. |
void ssh_set_counters( ssh_session session, ssh_counter scounter, ssh_counter rcounter )
Set the session data counters.
This functions sets the counter structures to be used to calculate data which comes in and goes out through the session at different levels.
struct ssh_counter_struct scounter = { .in_bytes = 0, .out_bytes = 0, .in_packets = 0, .out_packets = 0 }; struct ssh_counter_struct rcounter = { .in_bytes = 0, .out_bytes = 0, .in_packets = 0, .out_packets = 0 }; ssh_set_counters(session, &scounter, &rcounter);
Parameters:
session |
The SSH session. |
scounter |
Counter for byte data handled by the session sockets. |
rcounter |
Counter for byte and packet data handled by the session, prior compression and SSH overhead. |
void ssh_set_fd_except(ssh_session session)
Tell the session it has an exception to catch on the file descriptor.
Parameters:
session |
The ssh session to use. |
void ssh_set_fd_toread(ssh_session session)
Tell the session it has data to read on the file descriptor without blocking.
Parameters:
session |
The ssh session to use. |
void ssh_set_fd_towrite(ssh_session session)
Tell the session it may write to the file descriptor without blocking.
Parameters:
session |
The ssh session to use. |
void ssh_silent_disconnect(ssh_session session)
Disconnect impolitely from a remote host by closing the socket.
Suitable if you forked and want to destroy this session.
Parameters:
session |
The SSH session to disconnect. |
int ssh_write_knownhost(ssh_session session)
Write the current server as known in the known hosts file.
This will create the known hosts file if it does not exist. You generaly use it when ssh_is_server_known() answered SSH_SERVER_NOT_KNOWN.
Parameters:
session |
The ssh session to use. |
Returns:
SSH_OK on success, SSH_ERROR on error.
static int check_public_key( ssh_session session, char** tokens )
Check the public key in the known host line matches the public key of the currently connected server.
Parameters:
session |
The SSH session to use. |
tokens |
A list of tokens in the known_hosts line. |
Returns:
1 if the key matches, 0 if the key doesn’t match and -1 on error.
static int match_hashed_host( const char* host, const char* sourcehash )
Check if a hostname matches a openssh-style hashed known host.
Parameters:
host |
The host to check. |
hashed |
The hashed value. |
Returns:
1 if it matches, 0 otherwise.