2009-12-19 01:35:41 +03:00
|
|
|
|
/**
|
|
|
|
|
|
|
2010-08-27 13:45:13 +04:00
|
|
|
|
@mainpage
|
|
|
|
|
|
|
|
|
|
|
|
This is the online reference for developing with the libssh library. It
|
|
|
|
|
|
documents the libssh C API and the C++ wrapper.
|
|
|
|
|
|
|
2010-12-10 22:17:57 +03:00
|
|
|
|
@section main-linking Linking
|
|
|
|
|
|
|
|
|
|
|
|
We created a small howto how to link libssh against your application, read
|
|
|
|
|
|
@subpage libssh_linking.
|
|
|
|
|
|
|
2010-08-27 18:22:38 +04:00
|
|
|
|
@section main-tutorial Tutorial
|
2010-08-27 13:45:13 +04:00
|
|
|
|
|
2010-12-05 12:53:39 +03:00
|
|
|
|
You should start by reading @subpage libssh_tutorial, then reading the documentation of
|
2010-08-27 13:45:13 +04:00
|
|
|
|
the interesting functions as you go.
|
|
|
|
|
|
|
2010-08-27 18:22:38 +04:00
|
|
|
|
@section main-features Features
|
2010-08-27 13:45:13 +04:00
|
|
|
|
|
|
|
|
|
|
The libssh library provides:
|
|
|
|
|
|
|
|
|
|
|
|
- Full C library functions for manipulating a client-side SSH connection
|
|
|
|
|
|
- SSH2 and SSH1 protocol compliant
|
|
|
|
|
|
- Fully configurable sessions
|
|
|
|
|
|
- Server support
|
|
|
|
|
|
- SSH agent authentication support
|
|
|
|
|
|
- Support for AES-128, AES-192, AES-256, Blowfish, 3DES in CBC mode, and AES in CTR mode
|
|
|
|
|
|
- Supports OpenSSL and GCrypt
|
|
|
|
|
|
- Use multiple SSH connections in a same process, at same time
|
|
|
|
|
|
- Use multiple channels in the same connection
|
|
|
|
|
|
- Thread safety when using different sessions at same time
|
|
|
|
|
|
- POSIX-like SFTP (Secure File Transfer) implementation with openssh extension support
|
|
|
|
|
|
- SCP implementation
|
|
|
|
|
|
- Large file system support (files bigger than 4GB)
|
|
|
|
|
|
- RSA and DSS server public key supported
|
|
|
|
|
|
- Compression support (with zlib)
|
|
|
|
|
|
- Public key (RSA and DSS), password and keyboard-interactive authentication
|
|
|
|
|
|
- Full poll()/WSAPoll() support and a poll-emulation for Win32.
|
|
|
|
|
|
- Runs and tested under x86_64, x86, ARM, Sparc32, PPC under Linux, BSD, MacOSX, Solaris and Windows
|
|
|
|
|
|
|
2010-12-21 17:40:36 +03:00
|
|
|
|
@section main-copyright Copyright Policy
|
|
|
|
|
|
|
2012-10-12 20:16:16 +04:00
|
|
|
|
libssh is a project with distributed copyright ownership, which means we prefer
|
|
|
|
|
|
the copyright on parts of libssh to be held by individuals rather than
|
|
|
|
|
|
corporations if possible. There are historical legal reasons for this, but one
|
|
|
|
|
|
of the best ways to explain it is that it’s much easier to work with
|
|
|
|
|
|
individuals who have ownership than corporate legal departments if we ever need
|
|
|
|
|
|
to make reasonable compromises with people using and working with libssh.
|
|
|
|
|
|
|
|
|
|
|
|
We track the ownership of every part of libssh via git, our source code control
|
|
|
|
|
|
system, so we know the provenance of every piece of code that is committed to
|
|
|
|
|
|
libssh.
|
|
|
|
|
|
|
|
|
|
|
|
So if possible, if you’re doing libssh changes on behalf of a company who
|
|
|
|
|
|
normally owns all the work you do please get them to assign personal copyright
|
|
|
|
|
|
ownership of your changes to you as an individual, that makes things very easy
|
|
|
|
|
|
for us to work with and avoids bringing corporate legal departments into the
|
|
|
|
|
|
picture.
|
|
|
|
|
|
|
|
|
|
|
|
If you can’t do this we can still accept patches from you owned by your
|
|
|
|
|
|
employer under a standard employment contract with corporate copyright
|
|
|
|
|
|
ownership. It just requires a simple set-up process first.
|
|
|
|
|
|
|
|
|
|
|
|
We use a process very similar to the way things are done in the Linux Kernel
|
|
|
|
|
|
community, so it should be very easy to get a sign off from your corporate
|
|
|
|
|
|
legal department. The only changes we’ve made are to accommodate the license we
|
|
|
|
|
|
use, which is LGPLv2 (or later) whereas the Linux kernel uses GPLv2.
|
|
|
|
|
|
|
|
|
|
|
|
The process is called signing.
|
|
|
|
|
|
|
|
|
|
|
|
How to sign your work
|
|
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
|
|
|
|
Once you have permission to contribute to libssh from your employer, simply
|
|
|
|
|
|
email a copy of the following text from your corporate email address to:
|
|
|
|
|
|
|
|
|
|
|
|
contributing@libssh.org
|
|
|
|
|
|
|
|
|
|
|
|
@verbatim
|
|
|
|
|
|
libssh Developer's Certificate of Origin. Version 1.0
|
|
|
|
|
|
|
|
|
|
|
|
By making a contribution to this project, I certify that:
|
|
|
|
|
|
|
|
|
|
|
|
(a) The contribution was created in whole or in part by me and I
|
|
|
|
|
|
have the right to submit it under the appropriate
|
|
|
|
|
|
version of the GNU General Public License; or
|
|
|
|
|
|
|
|
|
|
|
|
(b) The contribution is based upon previous work that, to the best of
|
|
|
|
|
|
my knowledge, is covered under an appropriate open source license
|
|
|
|
|
|
and I have the right under that license to submit that work with
|
|
|
|
|
|
modifications, whether created in whole or in part by me, under
|
|
|
|
|
|
the GNU General Public License, in the appropriate version; or
|
|
|
|
|
|
|
|
|
|
|
|
(c) The contribution was provided directly to me by some other
|
|
|
|
|
|
person who certified (a) or (b) and I have not modified it.
|
|
|
|
|
|
|
|
|
|
|
|
(d) I understand and agree that this project and the contribution are
|
|
|
|
|
|
public and that a record of the contribution (including all
|
|
|
|
|
|
metadata and personal information I submit with it, including my
|
|
|
|
|
|
sign-off) is maintained indefinitely and may be redistributed
|
|
|
|
|
|
consistent with the libssh Team's policies and the requirements of
|
|
|
|
|
|
the GNU GPL where they are relevant.
|
|
|
|
|
|
|
|
|
|
|
|
(e) I am granting this work to this project under the terms of the
|
|
|
|
|
|
GNU Lesser General Public License as published by the
|
|
|
|
|
|
Free Software Foundation; either version 2.1 of
|
|
|
|
|
|
the License, or (at the option of the project) any later version.
|
|
|
|
|
|
|
|
|
|
|
|
http://www.gnu.org/licenses/lgpl-2.1.html
|
|
|
|
|
|
@endverbatim
|
|
|
|
|
|
|
|
|
|
|
|
We will maintain a copy of that email as a record that you have the rights to
|
|
|
|
|
|
contribute code to libssh under the required licenses whilst working for the
|
|
|
|
|
|
company where the email came from.
|
|
|
|
|
|
|
|
|
|
|
|
Then when sending in a patch via the normal mechanisms described above, add a
|
|
|
|
|
|
line that states:
|
|
|
|
|
|
|
|
|
|
|
|
@verbatim
|
|
|
|
|
|
Signed-off-by: Random J Developer <random@developer.example.org>
|
|
|
|
|
|
@endverbatim
|
|
|
|
|
|
|
|
|
|
|
|
using your real name and the email address you sent the original email you used
|
|
|
|
|
|
to send the libssh Developer’s Certificate of Origin to us (sorry, no
|
|
|
|
|
|
pseudonyms or anonymous contributions.)
|
|
|
|
|
|
|
|
|
|
|
|
That’s it! Such code can then quite happily contain changes that have copyright
|
|
|
|
|
|
messages such as:
|
|
|
|
|
|
|
|
|
|
|
|
@verbatim
|
|
|
|
|
|
(c) Example Corporation.
|
|
|
|
|
|
@endverbatim
|
|
|
|
|
|
|
|
|
|
|
|
and can be merged into the libssh codebase in the same way as patches from any
|
|
|
|
|
|
other individual. You don’t need to send in a copy of the libssh Developer’s
|
|
|
|
|
|
Certificate of Origin for each patch, or inside each patch. Just the sign-off
|
|
|
|
|
|
message is all that is required once we’ve received the initial email.
|
|
|
|
|
|
|
|
|
|
|
|
Have fun and happy libssh hacking!
|
|
|
|
|
|
|
|
|
|
|
|
The libssh Team
|
2010-12-21 17:40:36 +03:00
|
|
|
|
|
2010-09-07 12:27:46 +04:00
|
|
|
|
@section main-rfc Internet standard
|
|
|
|
|
|
|
|
|
|
|
|
@subsection main-rfc-secsh Secure Shell (SSH)
|
|
|
|
|
|
|
|
|
|
|
|
The following RFC documents described SSH-2 protcol as an Internet standard.
|
|
|
|
|
|
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4250" target="_blank">RFC 4250</a>,
|
|
|
|
|
|
The Secure Shell (SSH) Protocol Assigned Numbers
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4251" target="_blank">RFC 4251</a>,
|
|
|
|
|
|
The Secure Shell (SSH) Protocol Architecture
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4252" target="_blank">RFC 4252</a>,
|
|
|
|
|
|
The Secure Shell (SSH) Authentication Protocol
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4253" target="_blank">RFC 4253</a>,
|
|
|
|
|
|
The Secure Shell (SSH) Transport Layer Protocol
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4254" target="_blank">RFC 4254</a>,
|
|
|
|
|
|
The Secure Shell (SSH) Connection Protocol
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4255" target="_blank">RFC 4255</a>,
|
|
|
|
|
|
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4256" target="_blank">RFC 4256</a>,
|
|
|
|
|
|
Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4335" target="_blank">RFC 4335</a>,
|
|
|
|
|
|
The Secure Shell (SSH) Session Channel Break Extension
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4344" target="_blank">RFC 4344</a>,
|
|
|
|
|
|
The Secure Shell (SSH) Transport Layer Encryption Modes
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4345" target="_blank">RFC 4345</a>,
|
|
|
|
|
|
Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol
|
|
|
|
|
|
|
|
|
|
|
|
It was later modified and expanded by the following RFCs.
|
|
|
|
|
|
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4419" target="_blank">RFC 4419</a>,
|
|
|
|
|
|
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
|
|
|
|
|
|
Protocol
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4432" target="_blank">RFC 4432</a>,
|
|
|
|
|
|
RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4462" target="_blank">RFC 4462</a>,
|
|
|
|
|
|
Generic Security Service Application Program Interface (GSS-API)
|
|
|
|
|
|
Authentication and Key Exchange for the Secure Shell (SSH) Protocol
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc4716" target="_blank">RFC 4716</a>,
|
|
|
|
|
|
The Secure Shell (SSH) Public Key File Format
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/rfc5656" target="_blank">RFC 5656</a>,
|
|
|
|
|
|
Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
|
|
|
|
|
|
|
2011-01-07 12:42:19 +03:00
|
|
|
|
Interesting cryptography documents:
|
|
|
|
|
|
|
|
|
|
|
|
- <a href="http://www.cryptsoft.com/pkcs11doc/" target="_blank">PKCS #11</a>, PKCS #11 reference documents, describing interface with smartcards.
|
2010-09-07 12:27:46 +04:00
|
|
|
|
|
|
|
|
|
|
@subsection main-rfc-sftp Secure Shell File Transfer Protocol (SFTP)
|
|
|
|
|
|
|
|
|
|
|
|
The protocol is not an Internet standard but it is still widely implemented.
|
|
|
|
|
|
OpenSSH and most other implementation implement Version 3 of the protocol. We
|
|
|
|
|
|
do the same in libssh.
|
|
|
|
|
|
|
|
|
|
|
|
- <a href="http://tools.ietf.org/html/draft-ietf-secsh-filexfer-02" target="_blank">
|
|
|
|
|
|
draft-ietf-secsh-filexfer-02.txt</a>,
|
|
|
|
|
|
SSH File Transfer Protocol
|
|
|
|
|
|
|
|
|
|
|
|
@subsection main-rfc-extensions Secure Shell Extensions
|
|
|
|
|
|
|
|
|
|
|
|
The OpenSSH project has defined some extensions to the protocol. We support some of
|
|
|
|
|
|
them like the statvfs calls in SFTP or the ssh-agent.
|
|
|
|
|
|
|
|
|
|
|
|
- <a href="http://api.libssh.org/rfc/PROTOCOL" target="_blank">
|
|
|
|
|
|
OpenSSH's deviations and extensions</a>
|
|
|
|
|
|
- <a href="http://api.libssh.org/rfc/PROTOCOL.agent" target="_blank">
|
|
|
|
|
|
OpenSSH's ssh-agent</a>
|
2011-07-19 14:20:00 +04:00
|
|
|
|
- <a href="http://api.libssh.org/rfc/PROTOCOL.certkeys" target="_blank">
|
|
|
|
|
|
OpenSSH's pubkey certificate authentication</a>
|
2010-09-07 12:27:46 +04:00
|
|
|
|
|
2010-08-27 13:45:13 +04:00
|
|
|
|
*/
|
