OpenSSH/Development

From Wikibooks, open books for an open world
Jump to: navigation, search

It is possible to advance OpenSSH through donations of hardware or money. See the OpenSSH project web site at www.openssh.org for details.

OpenSSH is a volunteer project with the goal of making quality software. In that way it relies upon hardware and cash donations to keep the project rolling. Funds are needed for daily operation to cover network line subscriptions and electrical costs. Hardware is needed for development and porting to new architectures and platforms always requires new hardware.

OpenSSH is currently developed by two teams. The first team works providing code that is as clean, simple and secure as possible as part of the OpenBSD project. The second team works using this core version and ports it to a great many other operating systems. Thus there are two development tracks, the OpenBSD core and the portable version. The work is all done in countries that permit export of cryptography.

Use the Source, Luke[edit]

The main development branch of OpenSSH is part of the OpenBSD project. So the "-current" branch of OpenBSD, available as source code, is where to look for current activity.

The source code for the portable releases of OpenSSH are published using anonymous CVS, so no password is needed to download source from the read-only repository. It is provided and maintained by Damien Miller. Nightly, bleeding-edge snapshots of OpenSSH itself are publicly available from its own CVS tree. Use a mirror when possible.

 
export CVSROOT=anoncvs@anoncvs.mindrot.org:/cvs
export CVS_RSH=/usr/bin/ssh
cvs get openssh

The fingerprints for the keys used by the OpenSSH source code repository, as of this writing, are:

2048 8e:09:e9:fb:dc:af:e4:a5:e6:a0:e2:28:59:63:84:17 ssh_host_rsa_key.pub
1024 3e:38:50:b8:d7:b7:dc:bc:13:c4:d8:76:c8:31:e3:44 ssh_host_dsa_key.pub

We ask anyone wishing to report security bugs in OpenSSH to please use the contact address given in the source and to practice responsible disclosure.

libssh[edit]

libssh is a mulitplatform C library implementing the SSHv2 and SSHv1 protocol for client and server implementations. With libssh, developers can remotely execute programs, transfer files and use a secure and transparent tunnel for your remote applications.

libssh is available under LGPL 2.1 license, on the web page https://www.libssh.org/

Features:

  • Key Exchange Methods: curve25519-sha256@libssh.org, ecdh-sha2-nistp256, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
  • Hostkey Types: ecdsa-sha2-nistp256, ssh-dss, ssh-rsa
  • Ciphers: aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-cbc, des-cbc-ssh1, blowfish-cbc
  • Compression Schemes: zlib, zlib@openssh.com, none
  • MAC hashes: hmac-sha1, none
  • Authentication: none, password, public-key, hostbased, keyboard-interactive, gssapi-with-mic
  • Channels: shell, exec (incl. SCP wrapper), direct-tcpip, subsystem, auth-agent-req@openssh.com
  • Global Requests: tcpip-forward, forwarded-tcpip
  • Channel Requests: x11, pty, exit-status, signal, exit-signal, keepalive@openssh.com, auth-agent-req@openssh.com
  • Subsystems: sftp(version 3), publickey(version 2), OpenSSH Extensions
  • SFTP: statvfs@openssh.com, fstatvfs@openssh.com
  • Thread-safe: Just don’t share sessions
  • Non-blocking: it can be used both blocking and non-blocking
  • Your sockets: the app hands over the socket, or uses libssh sockets
  • OpenSSL or gcrypt: builds with either

Additional Features:

  • Client and server support
  • SSHv2 and SSHv1 protocol support
  • Supports Linux, UNIX, BSD, Solaris, OS/2 and Windows
  • Full API documentation and a tutorial
  • Automated test cases with nightly tests
  • Event model based on poll(2), or a poll(2)-emulation.

libssh2[edit]

libssh2 is an independent project providing a lean C library implementing the SSH2 protocol for embedding specific SSH capabilities into other tools. It has a stable, well-documented API for working on the client side with the different SSH subsystems: Session, Userauth, Channel, SFTP, and Public Key. The API can be set to either blocking or non-blocking. The code uses strict name spaces, is C89-compatible and builds using regular GNU Autotools.

libssh2 is available under a modified BSD license. The functions are each documented in their own manual pages. The project web site contains the documentation, source code and examples: http://www.libssh2.org/

There is a mailing list for libssh2 in addition to an IRC channel. The project is small, low-key and, as true to the spirit of the Internet, a meritocracy. Hundreds of specific functions allow specific activities and components to be cherry-picked and added to an application:

  • Shell and SFTP sessions
  • Port forwarding
  • Password, public-key, host-based keys, and keyboard-interactive authentication methods.
  • Key Exchange Methods diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, diffie-hellman-group-exchange-sha1
  • Host Key Types: ssh-rsa and ssh-dss
  • Ciphers: aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, or without a cipher.
  • Compression Scheme zlib or without compression
  • Message Authentication Code (MAC) algorithms for hashes: hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96, hmac-ripemd160 (hmac-ripemd160@openssh.com), or none at all
  • Channels: Shell, Exec – including the SCP wrapper, direct TCP/IP, subsystem
    • Channel Requests: x11, pty
  • Subsystems: sftp version 3, public-key version 2
  • Thread-safe, blocking or non-blocking API
  • Your sockets: the app hands over the socket, calls select() etc.
  • Builds with either OpenSSL or gcrypt

See also the library libcurl which supports SFTP and SCP URLs.

Other language bindings for the SSH protocols[edit]

What follows is a list of resources by programming language:

Perl[edit]

  • Net::SSH2: a wrapper module for libssh2.
  • Net::SSH::Perl: a full SSH/SFTP implementation in pure Perl. Unfortunately this module is not being maintained any more and has several open bugs. Also, installing it can be a daunting task due to some of its dependencies.
  • Net::OpenSSH: a wrapper for OpenSSH binaries and other handy programs (scp, rsync, sshfs). It uses OpenSSH multiplexing feature in order to reuse connections.
  • Net::OpenSSH::Parallel a module build on top of Net::OpenSSH that allows to transfer files and run programs on several machines in parallel efficiently.
  • SSH::Batch another module build on top of Net::OpenSSH that allows to run programs on several hosts in parallel.
  • Net::SSH::Expect: this module uses Expect to drive interactive shell sessions run on top of SSH.
  • Net::SSH: a simple wrapper around any SSH client. It does not support password authentication and is very slow as it establishes a new SSH connection for every remote program invoked.
  • Net::SCP and Net::SCP::Expect: modules wrapping the scp program. Note that Net::SSH2, Net::SSH::Perl and Net::OpenSSH already support file transfers via scp natively.
  • Net::SFTP::Foreign: a full SFTP client written in Perl with lots of bells and whistles. By default is uses ssh to connect to the remote machines but it can also run on top of Net::SSH2 and Net::OpenSSH.
  • GRID::Machine, IPC::PerlSSH and SSH::RPC: these modules allow to distribute and run Perl code on remote machines through SSH.

Python[edit]

Paramiko

Fabric

libssh2

Ruby[edit]

Net::SSH

Capistrano

Java[edit]

Jaramiko

JSch - a pure Java implementation of SSH2.