2009-12-19 01:35:41 +03:00
|
|
|
|
/**
|
|
|
|
|
|
|
2010-08-27 13:45:13 +04:00
|
|
|
|
@mainpage
|
|
|
|
|
|
|
|
|
|
|
|
This is the online reference for developing with the libssh library. It
|
|
|
|
|
|
documents the libssh C API and the C++ wrapper.
|
|
|
|
|
|
|
2010-12-10 22:17:57 +03:00
|
|
|
|
@section main-linking Linking
|
|
|
|
|
|
|
|
|
|
|
|
We created a small howto how to link libssh against your application, read
|
|
|
|
|
|
@subpage libssh_linking.
|
|
|
|
|
|
|
2010-08-27 18:22:38 +04:00
|
|
|
|
@section main-tutorial Tutorial
|
2010-08-27 13:45:13 +04:00
|
|
|
|
|
2010-12-05 12:53:39 +03:00
|
|
|
|
You should start by reading @subpage libssh_tutorial, then reading the documentation of
|
2010-08-27 13:45:13 +04:00
|
|
|
|
the interesting functions as you go.
|
|
|
|
|
|
|
2010-08-27 18:22:38 +04:00
|
|
|
|
@section main-features Features
|
2010-08-27 13:45:13 +04:00
|
|
|
|
|
|
|
|
|
|
The libssh library provides:
|
|
|
|
|
|
|
2018-06-25 14:01:57 +03:00
|
|
|
|
- <strong>Key Exchange Methods</strong>: <i>curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521</i>, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
|
2018-08-31 16:04:12 +03:00
|
|
|
|
- <strong>Public Key Algorithms</strong>: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256,ssh-dss
|
2020-04-28 11:32:06 +03:00
|
|
|
|
- <strong>Ciphers</strong>: <i>aes256-ctr, aes192-ctr, aes128-ctr</i>, aes256-cbc (rijndael-cbc@lysator.liu.se), aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc
|
2013-08-01 16:19:25 +04:00
|
|
|
|
- <strong>Compression Schemes</strong>: zlib, <i>zlib@openssh.com</i>, none
|
2020-04-28 11:32:06 +03:00
|
|
|
|
- <strong>MAC hashes</strong>: hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
|
2018-08-27 11:01:25 +03:00
|
|
|
|
- <strong>Authentication</strong>: none, password, public-key, keyboard-interactive, <i>gssapi-with-mic</i>
|
2013-08-01 16:19:25 +04:00
|
|
|
|
- <strong>Channels</strong>: shell, exec (incl. SCP wrapper), direct-tcpip, subsystem, <i>auth-agent-req@openssh.com</i>
|
|
|
|
|
|
- <strong>Global Requests</strong>: tcpip-forward, forwarded-tcpip
|
|
|
|
|
|
- <strong>Channel Requests</strong>: x11, pty, <i>exit-status, signal, exit-signal, keepalive@openssh.com, auth-agent-req@openssh.com</i>
|
2016-05-02 15:45:47 +03:00
|
|
|
|
- <strong>Subsystems</strong>: sftp(version 3), <i>OpenSSH Extensions</i>
|
2013-08-01 16:19:25 +04:00
|
|
|
|
- <strong>SFTP</strong>: <i>statvfs@openssh.com, fstatvfs@openssh.com</i>
|
|
|
|
|
|
- <strong>Thread-safe</strong>: Just don't share sessions
|
|
|
|
|
|
- <strong>Non-blocking</strong>: it can be used both blocking and non-blocking
|
|
|
|
|
|
- <strong>Your sockets</strong>: the app hands over the socket, or uses libssh sockets
|
|
|
|
|
|
- <b>OpenSSL</b> or <b>gcrypt</b>: builds with either
|
|
|
|
|
|
|
|
|
|
|
|
@section main-additional-features Additional Features
|
|
|
|
|
|
|
|
|
|
|
|
- Client <b>and</b> server support
|
|
|
|
|
|
- SSHv2 and SSHv1 protocol support
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- Supports <a href="https://test.libssh.org/" target="_blank">Linux, UNIX, BSD, Solaris, OS/2 and Windows</a>
|
|
|
|
|
|
- Automated test cases with nightly <a href="https://test.libssh.org/" target="_blank">tests</a>
|
2013-08-01 16:19:25 +04:00
|
|
|
|
- Event model based on poll(2), or a poll(2)-emulation.
|
2010-08-27 13:45:13 +04:00
|
|
|
|
|
2010-12-21 17:40:36 +03:00
|
|
|
|
@section main-copyright Copyright Policy
|
|
|
|
|
|
|
2012-10-12 20:16:16 +04:00
|
|
|
|
libssh is a project with distributed copyright ownership, which means we prefer
|
|
|
|
|
|
the copyright on parts of libssh to be held by individuals rather than
|
|
|
|
|
|
corporations if possible. There are historical legal reasons for this, but one
|
|
|
|
|
|
of the best ways to explain it is that it’s much easier to work with
|
|
|
|
|
|
individuals who have ownership than corporate legal departments if we ever need
|
|
|
|
|
|
to make reasonable compromises with people using and working with libssh.
|
|
|
|
|
|
|
|
|
|
|
|
We track the ownership of every part of libssh via git, our source code control
|
|
|
|
|
|
system, so we know the provenance of every piece of code that is committed to
|
|
|
|
|
|
libssh.
|
|
|
|
|
|
|
|
|
|
|
|
So if possible, if you’re doing libssh changes on behalf of a company who
|
|
|
|
|
|
normally owns all the work you do please get them to assign personal copyright
|
|
|
|
|
|
ownership of your changes to you as an individual, that makes things very easy
|
|
|
|
|
|
for us to work with and avoids bringing corporate legal departments into the
|
|
|
|
|
|
picture.
|
|
|
|
|
|
|
|
|
|
|
|
If you can’t do this we can still accept patches from you owned by your
|
|
|
|
|
|
employer under a standard employment contract with corporate copyright
|
|
|
|
|
|
ownership. It just requires a simple set-up process first.
|
|
|
|
|
|
|
|
|
|
|
|
We use a process very similar to the way things are done in the Linux Kernel
|
|
|
|
|
|
community, so it should be very easy to get a sign off from your corporate
|
|
|
|
|
|
legal department. The only changes we’ve made are to accommodate the license we
|
|
|
|
|
|
use, which is LGPLv2 (or later) whereas the Linux kernel uses GPLv2.
|
|
|
|
|
|
|
|
|
|
|
|
The process is called signing.
|
|
|
|
|
|
|
|
|
|
|
|
How to sign your work
|
|
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
|
|
|
|
Once you have permission to contribute to libssh from your employer, simply
|
|
|
|
|
|
email a copy of the following text from your corporate email address to:
|
|
|
|
|
|
|
|
|
|
|
|
contributing@libssh.org
|
|
|
|
|
|
|
|
|
|
|
|
@verbatim
|
|
|
|
|
|
libssh Developer's Certificate of Origin. Version 1.0
|
|
|
|
|
|
|
|
|
|
|
|
By making a contribution to this project, I certify that:
|
|
|
|
|
|
|
|
|
|
|
|
(a) The contribution was created in whole or in part by me and I
|
|
|
|
|
|
have the right to submit it under the appropriate
|
|
|
|
|
|
version of the GNU General Public License; or
|
|
|
|
|
|
|
|
|
|
|
|
(b) The contribution is based upon previous work that, to the best of
|
|
|
|
|
|
my knowledge, is covered under an appropriate open source license
|
|
|
|
|
|
and I have the right under that license to submit that work with
|
|
|
|
|
|
modifications, whether created in whole or in part by me, under
|
|
|
|
|
|
the GNU General Public License, in the appropriate version; or
|
|
|
|
|
|
|
|
|
|
|
|
(c) The contribution was provided directly to me by some other
|
|
|
|
|
|
person who certified (a) or (b) and I have not modified it.
|
|
|
|
|
|
|
|
|
|
|
|
(d) I understand and agree that this project and the contribution are
|
|
|
|
|
|
public and that a record of the contribution (including all
|
|
|
|
|
|
metadata and personal information I submit with it, including my
|
|
|
|
|
|
sign-off) is maintained indefinitely and may be redistributed
|
|
|
|
|
|
consistent with the libssh Team's policies and the requirements of
|
|
|
|
|
|
the GNU GPL where they are relevant.
|
|
|
|
|
|
|
|
|
|
|
|
(e) I am granting this work to this project under the terms of the
|
|
|
|
|
|
GNU Lesser General Public License as published by the
|
|
|
|
|
|
Free Software Foundation; either version 2.1 of
|
|
|
|
|
|
the License, or (at the option of the project) any later version.
|
|
|
|
|
|
|
2019-11-01 18:01:33 +03:00
|
|
|
|
https://www.gnu.org/licenses/lgpl-2.1.html
|
2012-10-12 20:16:16 +04:00
|
|
|
|
@endverbatim
|
|
|
|
|
|
|
|
|
|
|
|
We will maintain a copy of that email as a record that you have the rights to
|
|
|
|
|
|
contribute code to libssh under the required licenses whilst working for the
|
|
|
|
|
|
company where the email came from.
|
|
|
|
|
|
|
|
|
|
|
|
Then when sending in a patch via the normal mechanisms described above, add a
|
|
|
|
|
|
line that states:
|
|
|
|
|
|
|
|
|
|
|
|
@verbatim
|
|
|
|
|
|
Signed-off-by: Random J Developer <random@developer.example.org>
|
|
|
|
|
|
@endverbatim
|
|
|
|
|
|
|
|
|
|
|
|
using your real name and the email address you sent the original email you used
|
|
|
|
|
|
to send the libssh Developer’s Certificate of Origin to us (sorry, no
|
|
|
|
|
|
pseudonyms or anonymous contributions.)
|
|
|
|
|
|
|
|
|
|
|
|
That’s it! Such code can then quite happily contain changes that have copyright
|
|
|
|
|
|
messages such as:
|
|
|
|
|
|
|
|
|
|
|
|
@verbatim
|
|
|
|
|
|
(c) Example Corporation.
|
|
|
|
|
|
@endverbatim
|
|
|
|
|
|
|
|
|
|
|
|
and can be merged into the libssh codebase in the same way as patches from any
|
|
|
|
|
|
other individual. You don’t need to send in a copy of the libssh Developer’s
|
|
|
|
|
|
Certificate of Origin for each patch, or inside each patch. Just the sign-off
|
|
|
|
|
|
message is all that is required once we’ve received the initial email.
|
|
|
|
|
|
|
|
|
|
|
|
Have fun and happy libssh hacking!
|
|
|
|
|
|
|
|
|
|
|
|
The libssh Team
|
2010-12-21 17:40:36 +03:00
|
|
|
|
|
2010-09-07 12:27:46 +04:00
|
|
|
|
@section main-rfc Internet standard
|
|
|
|
|
|
|
|
|
|
|
|
@subsection main-rfc-secsh Secure Shell (SSH)
|
|
|
|
|
|
|
|
|
|
|
|
The following RFC documents described SSH-2 protcol as an Internet standard.
|
|
|
|
|
|
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4250" target="_blank">RFC 4250</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
The Secure Shell (SSH) Protocol Assigned Numbers
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4251" target="_blank">RFC 4251</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
The Secure Shell (SSH) Protocol Architecture
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4252" target="_blank">RFC 4252</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
The Secure Shell (SSH) Authentication Protocol
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4253" target="_blank">RFC 4253</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
The Secure Shell (SSH) Transport Layer Protocol
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4254" target="_blank">RFC 4254</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
The Secure Shell (SSH) Connection Protocol
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4255" target="_blank">RFC 4255</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
|
2019-11-01 18:01:33 +03:00
|
|
|
|
(not implemented in libssh)
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4256" target="_blank">RFC 4256</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4335" target="_blank">RFC 4335</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
The Secure Shell (SSH) Session Channel Break Extension
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4344" target="_blank">RFC 4344</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
The Secure Shell (SSH) Transport Layer Encryption Modes
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4345" target="_blank">RFC 4345</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol
|
|
|
|
|
|
|
|
|
|
|
|
It was later modified and expanded by the following RFCs.
|
|
|
|
|
|
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4419" target="_blank">RFC 4419</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
|
|
|
|
|
|
Protocol
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4432" target="_blank">RFC 4432</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol
|
2019-11-01 18:00:13 +03:00
|
|
|
|
(not implemented in libssh)
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4462" target="_blank">RFC 4462</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
Generic Security Service Application Program Interface (GSS-API)
|
|
|
|
|
|
Authentication and Key Exchange for the Secure Shell (SSH) Protocol
|
2019-11-01 18:00:13 +03:00
|
|
|
|
(only the authentication implemented in libssh)
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc4716" target="_blank">RFC 4716</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
The Secure Shell (SSH) Public Key File Format
|
2019-11-01 18:00:13 +03:00
|
|
|
|
(not implemented in libssh)
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc5647" target="_blank">RFC 5647</a>,
|
2013-11-03 12:35:35 +04:00
|
|
|
|
AES Galois Counter Mode for the Secure Shell Transport Layer Protocol
|
2019-11-01 18:00:13 +03:00
|
|
|
|
(the algorithm negotiation implemented according to openssh.com)
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc5656" target="_blank">RFC 5656</a>,
|
2010-09-07 12:27:46 +04:00
|
|
|
|
Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
|
2019-11-01 18:00:13 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc6594" target="_blank">RFC 6594</a>,
|
|
|
|
|
|
Use of the SHA-256 Algorithm with RSA, DSA, and ECDSA in SSHFP Resource Records
|
|
|
|
|
|
(not implemented in libssh)
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc6668" target="_blank">RFC 6668</a>,
|
|
|
|
|
|
SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc7479" target="_blank">RFC 7479</a>,
|
|
|
|
|
|
Using Ed25519 in SSHFP Resource Records
|
|
|
|
|
|
(not implemented in libssh)
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc8160" target="_blank">RFC 8160</a>,
|
|
|
|
|
|
IUTF8 Terminal Mode in Secure Shell (SSH)
|
|
|
|
|
|
(not handled in libssh)
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc8270" target="_blank">RFC 8270</a>,
|
|
|
|
|
|
Increase the Secure Shell Minimum Recommended Diffie-Hellman Modulus Size to 2048 Bits
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc8308" target="_blank">RFC 8308</a>,
|
|
|
|
|
|
Extension Negotiation in the Secure Shell (SSH) Protocol
|
|
|
|
|
|
(only the "server-sig-algs" extension implemented)
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc8332" target="_blank">RFC 8332</a>,
|
|
|
|
|
|
Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol
|
2020-02-27 18:48:11 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/rfc8709" target="_blank">RFC 8709</a>,
|
|
|
|
|
|
Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol
|
2019-11-01 18:00:13 +03:00
|
|
|
|
|
|
|
|
|
|
There are also drafts that are being currently developed and followed.
|
|
|
|
|
|
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-10" target="_blank">draft-ietf-curdle-ssh-kex-sha2-10</a>
|
|
|
|
|
|
Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/draft-miller-ssh-agent-03" target="_blank">draft-miller-ssh-agent-03</a>
|
|
|
|
|
|
SSH Agent Protocol
|
|
|
|
|
|
- <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves-12" target="_blank">draft-ietf-curdle-ssh-curves-12</a>
|
|
|
|
|
|
Secure Shell (SSH) Key Exchange Method using Curve25519 and Curve448
|
2010-09-07 12:27:46 +04:00
|
|
|
|
|
2011-01-07 12:42:19 +03:00
|
|
|
|
Interesting cryptography documents:
|
|
|
|
|
|
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://www.cryptsoft.com/pkcs11doc/" target="_blank">PKCS #11</a>, PKCS #11 reference documents, describing interface with smartcards.
|
2010-09-07 12:27:46 +04:00
|
|
|
|
|
|
|
|
|
|
@subsection main-rfc-sftp Secure Shell File Transfer Protocol (SFTP)
|
|
|
|
|
|
|
|
|
|
|
|
The protocol is not an Internet standard but it is still widely implemented.
|
|
|
|
|
|
OpenSSH and most other implementation implement Version 3 of the protocol. We
|
|
|
|
|
|
do the same in libssh.
|
|
|
|
|
|
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://tools.ietf.org/html/draft-ietf-secsh-filexfer-02" target="_blank">
|
2010-09-07 12:27:46 +04:00
|
|
|
|
draft-ietf-secsh-filexfer-02.txt</a>,
|
|
|
|
|
|
SSH File Transfer Protocol
|
|
|
|
|
|
|
|
|
|
|
|
@subsection main-rfc-extensions Secure Shell Extensions
|
|
|
|
|
|
|
|
|
|
|
|
The OpenSSH project has defined some extensions to the protocol. We support some of
|
|
|
|
|
|
them like the statvfs calls in SFTP or the ssh-agent.
|
|
|
|
|
|
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://api.libssh.org/rfc/PROTOCOL" target="_blank">
|
2010-09-07 12:27:46 +04:00
|
|
|
|
OpenSSH's deviations and extensions</a>
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://api.libssh.org/rfc/PROTOCOL.certkeys" target="_blank">
|
2011-07-19 14:20:00 +04:00
|
|
|
|
OpenSSH's pubkey certificate authentication</a>
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://api.libssh.org/rfc/PROTOCOL.chacha20poly1305" target="_blank">
|
2019-11-01 18:00:13 +03:00
|
|
|
|
chacha20-poly1305@openssh.com authenticated encryption mode</a>
|
2019-11-01 18:01:33 +03:00
|
|
|
|
- <a href="https://api.libssh.org/rfc/PROTOCOL.key" target="_blank">
|
2019-11-01 18:00:13 +03:00
|
|
|
|
OpenSSH private key format (openssh-key-v1)</a>
|
2010-09-07 12:27:46 +04:00
|
|
|
|
|
2010-08-27 13:45:13 +04:00
|
|
|
|
*/
|
