canonical / libssh Goto Github PK

mulitplatform C library implementing the SSHv2 and SSHv1 protocol on client and server side http://libssh.org

License: Other

CMake 4.34% C 94.83% C++ 0.79% Shell 0.03% Python 0.01%

libssh's Introduction

  _   _   _                          _
 (_) (_) (_)                        (_)
 (_)  _  (_) _         _  _   _  _  (_) _
 (_) (_) (_)(_) _     (_)(_) (_)(_) (_)(_) _
 (_) (_) (_)   (_)  _ (_)  _ (_)    (_)   (_)
 (_) (_) (_)(_)(_) (_)(_) (_)(_)    (_)   (_).org

 The SSH library

Why?

Why not ? :) I've began to work on my own implementation of the ssh protocol because i didn't like the currently public ones. Not any allowed you to import and use the functions as a powerful library, and so i worked on a library-based SSH implementation which was non-existing in the free and open source software world.

How/Who?

If you downloaded this file, you must know what it is : a library for accessing ssh client services through C libraries calls in a simple manner. Everybody can use this software under the terms of the LGPL - see the COPYING file

If you ask yourself how to compile libssh, please read INSTALL before anything.

Where ?

https://www.libssh.org

Contributing

Please read the file 'SubmittingPatches' next to this README file. It explains our copyright policy and how you should send patches for upstream inclusion.

Have fun and happy libssh hacking!

The libssh Team

libssh's People

Contributors

Stargazers

Watchers

Forkers

marsdxf deadsix27

libssh's Issues

how to connect multiple clients to one server?

how to connect multiple clients to one server? Could you provide a code examples? Thanks.

Any plans to support OpenSSL 3.0 + FIPS Module?

Thanks for the lib!

So, I was trying to link libssh against OpenSSL 3.0 and I found I was getting the following link error:

../lib/libssh.so.4.9.4: undefined reference to `FIPS_mode'
collect2: error: ld returned 1 exit status

After investigating this, I found that OpenSSL 3.0 has a breaking change where they've separated their FIPS functions out to a separate lib that typically lives at /usr/lib/ossl-modules/fips.so. See https://www.openssl.org/docs/man3.0/man7/fips_module.html It appears that libssh only links against libssl and libcrypto. No attempt is made to detect/link against fips.so.

So my question is, is there any plan to do so or should I just stick with linking against OpenSSL 1.X? Thanks.

channel_write_common: Remote window is 37450 bytes. going to write 38400 bytes

hello ,
I am using libssh-0.7.7 with libnetconf2-0.11-r1 and sysrepo-0.7.4 ,.
we are sending data to netconf client .
while sending data I am getting below error in libssh.

channel_write_common:  Remote window is 37450 bytes. going to write 38400 bytes
channel_write_common:  Remote window is 4692 bytes. going to write 5642 bytes
channel_write_common:  Remote window is 0 bytes. going to write 950 bytes
channel_write_common:  Wait for a growing window message...
channel_rcv_change_window:  Adding 90551 bytes to channel (44:101) (from 0 bytes)

Can you please help me figure out , what I am doing wrong?

thank you,
Gaurav .

ISO C90 forbids mixed declarations and code

Compiling the origin/multipass 6f4ec9b

in Ubunutu 22.04.3LTS I run in this error:

libssh/src/sftpserver.c:509

error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
509 | void **tmp = realloc(sftp->handles, sftp->total_allocated_handles * sizeof(void *));
| ^~~~

I guess it should be:

void **tmp;
tmp = realloc(sftp->handles, sftp->total_allocated_handles * sizeof(void *));

libssh slow for file operations download and upload

I followed the documentation here https://api.libssh.org/master/libssh_tutor_sftp.html
to write a small program in c to download a remote file, the program is working but downloading a 120MB file takes 12-14 seconds to complete, compared to winscp, filezila or pscp which only takes 2 seconds to complete.
How to improve this speed?

PS D:\MyDartProjects\fsbackup\libssh_binding\libssh_c_wrapper\x64\Release> Measure-Command {pscp -pw Ins257257 [email protected]:/home/isaque.neves/go1.11.4.linux-amd64.tar.gz ./go1.11.4.linux-amd64.tar.gz }

Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 2
Milliseconds      : 575
Ticks             : 25755922
TotalDays         : 2,98100949074074E-05
TotalHours        : 0,000715442277777778
TotalMinutes      : 0,0429265366666667
TotalSeconds      : 2,5755922
TotalMilliseconds : 2575,5922


PS D:\MyDartProjects\fsbackup\libssh_binding\libssh_c_wrapper\x64\Release> Measure-Command {./libssh_wrapper.exe}

Days              : 0
Hours             : 0
Minutes           : 0
Seconds           : 14
Milliseconds      : 360
Ticks             : 143600026
TotalDays         : 0,000166203733796296
TotalHours        : 0,00398888961111111
TotalMinutes      : 0,239333376666667
TotalSeconds      : 14,3600026
TotalMilliseconds : 14360,0026

#define _CRT_SECURE_NO_WARNINGS
#define _CRT_NONSTDC_NO_DEPRECATE
#include <stdlib.h>
#include <stdio.h>
#include <iostream>
#include <stdexcept>
#include <string.h>
#include <exception>
#include <fstream>
#include <libssh/callbacks.h>
#include <libssh/libssh.h>
#include <libssh/sftp.h>
#include "custom_exception.cpp"
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <io.h>
#include <time.h>
#include <chrono>

using std::chrono::high_resolution_clock;
using std::chrono::duration_cast;
using std::chrono::duration;
using std::chrono::milliseconds;

//using namespace std;
using std::string;
using std::cout;
using std::endl;
using std::cin;


// Good chunk size
#define MAX_XFER_BUF_SIZE 16384
int sftpDownloadFileTo(ssh_session session, const char* fullRemotePath, const char* fullLocalPath)
{
	 
	int access_type;
	sftp_file file;
	char buffer[MAX_XFER_BUF_SIZE * 8];//128KB
	ssize_t nbytes, nwritten, rc;
	int fd;
	access_type = O_RDONLY;

	 sftp_session sftp = sftp_new(session);
	if (sftp == NULL)
	{
		fprintf(stderr, "Error allocating SFTP session: %s\n",
			ssh_get_error(session));
		return SSH_ERROR;
	}
	rc = sftp_init(sftp);
	if (rc != SSH_OK)
	{
		fprintf(stderr, "Error initializing SFTP session: %d.\n",
			sftp_get_error(sftp));
		sftp_free(sftp);
		return rc;
	}
		

	file = sftp_open(sftp, fullRemotePath, access_type, 0);

	if (file == NULL) {
		fprintf(stderr, "Can't open file for reading: %s\n", ssh_get_error(session));
		return SSH_ERROR;
	}

	fd = open(fullLocalPath, O_CREAT | O_RDWR, 0777);
	if (fd < 0) {
		fprintf(stderr, "Can't open file for writing: %s\n",
			strerror(errno));
		return SSH_ERROR;
	}

	for (;;) {
		nbytes = sftp_read(file, buffer, sizeof(buffer));
		if (nbytes == 0) {
			break; // EOF
		}
		else if (nbytes < 0) {
			fprintf(stderr, "Error while reading file: %s\n",
				ssh_get_error(session));
			sftp_close(file);
			return SSH_ERROR;
		}
		nwritten = write(fd, buffer, nbytes);
		if (nwritten != nbytes) {
			fprintf(stderr, "Error writing: %s\n",
				strerror(errno));
			sftp_close(file);
			return SSH_ERROR;
		}
	}
	rc = sftp_close(file);
	if (rc != SSH_OK) {
		fprintf(stderr, "Can't close the read file: %s\n",
			ssh_get_error(session));
		return rc;
	}

	sftp_free(sftp);
	return SSH_OK;
}

int main()
{

	ssh_session my_ssh_session;
	int rc;
	int port = 22;
	string password = "Ins257257";
	auto host = "192.168.133.13";
	auto username = "isaque.neves";

	int verbosity = SSH_LOG_PROTOCOL;
	// Abra a sessão e defina as opções
	my_ssh_session = ssh_new();
	if (my_ssh_session == NULL)
		exit(-1);
	ssh_options_set(my_ssh_session, SSH_OPTIONS_HOST, host);
	//ssh_options_set(my_ssh_session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
	ssh_options_set(my_ssh_session, SSH_OPTIONS_PORT, &port);
	// Conecte-se ao servidor
	rc = ssh_connect(my_ssh_session);
	if (rc != SSH_OK)
	{
		
		fprintf(stderr, "Error connecting to host: %s\n",
			ssh_get_error(my_ssh_session));
		exit(-1);
		
	}
	// Autenticar-se

	rc = ssh_userauth_password(my_ssh_session, username, password.c_str());
	if (rc != SSH_AUTH_SUCCESS)
	{
		fprintf(stderr, "Error authenticating with password: %s\n",
			ssh_get_error(my_ssh_session));
		ssh_disconnect(my_ssh_session);
		ssh_free(my_ssh_session);
		exit(-1);
	}

	clock_t tic = clock();
	auto t1 = high_resolution_clock::now();
	sftpDownloadFileTo(my_ssh_session, "/home/isaque.neves/go1.11.4.linux-amd64.tar.gz", "D:/MyDartProjects/fsbackup/libssh_binding/go1.11.4.linux-amd64.tar.gz");
	auto t2 = high_resolution_clock::now();
	clock_t toc = clock();
	
	duration<double, std::milli> ms_double = t2 - t1;	
	std::cout << ms_double.count() << " ms\r\n";

	printf("Elapsed: %f seconds\n", (double)(toc - tic) / CLOCKS_PER_SEC);

	ssh_disconnect(my_ssh_session);
	ssh_free(my_ssh_session);

	std::cout << "End\n";

	return 0;
}

https://github.com/insinfo/fsbackup/tree/main/libssh_binding/libssh_c_wrapper

Config keywords `Tag` and `Match tagged` are not supported

While using Wireshark I ran into an issue of my config not being parsable. I traced this down to ssh_options_parse_config returning an error. Upon further investigation it looks like the Tag keyword is not present in the ssh_config_keyword_table. There also appears to be no other logic to handle the Tag keyword in an ssh config.

The following config example can be used to reproduce:

Math host 192.0.2.2
    Tag test

Match tagged test
    UserKnownHostsFile /dev/null
    StrictHostKeyChecking no

Issue with ssh_userauth_try_publickey always returning SSH_AUTH_AGAIN

I would like to establish connection following the procedure listed in libssh documentation:
https://api.libssh.org/stable/libssh_tutor_authentication.html

Chapter: "Authenticating with public keys"

Steps:

if you wish to authenticate with public key by your own, follow these steps:

-Retrieve the public key with ssh_pki_import_pubkey_file()
-Offer the public key to the SSH server using ssh_userauth_try_publickey(). If the return value is SSH_AUTH_SUCCESS, the SSH server accepts to authenticate using the public key and you can go to the next step.

function ssh_pki_import_pubkey_file() returns success

function ssh_userauth_try_publickey() returns SSH_AUTH_AGAIN

function ssh_pki_export_pubkey_blob() returns success

Causes ssh connection error:
ERROR: Starting the SSH session failed (No public key in packet).

Based on ssh_userauth_try_publickey() documentation:
https://api.libssh.org/stable/group__libssh__auth.html#ga592f673c4d417a6a46cd4876ac8287aa
SSH_AUTH_AGAIN exit code is described as:
SSH_AUTH_AGAIN: In nonblocking mode, you've got to call this again later.
Repeating ssh_userauth_try_publickey() with or without delay between calls does not change anything.

I modified the code in curve25519.c, function static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init)
by replacing the following line:

rc = ssh_dh_get_next_server_publickey_blob(session, &server_pubkey_blob);

with
rc = ssh_pki_import_pubkey_file( pubkey, &public_key);
rc = ssh_userauth_try_publickey(session, NULL, public_key);
rc = ssh_pki_export_pubkey_blob (public_key, &server_pubkey_blob);
in order to use public key specified by myself.

Variable pubkey points to test.pub - rsa 2048 public key generated with:
ssh-keygen -t rsa -b 2048 -f test

I use libssh version 0.9.5
tag: https://github.com/CanonicalLtd/libssh/releases/tag/libssh-0.9.5
hash: 0cceefd

Could you please verify if ssh_userauth_try_publickey() function works. If not, could you please fix it?
Or maybe there is yet another way of authenticating I could use? If so, Could you please suggest how to do it?

I've added several traces to the library to debug the issue but haven't found the solution yet. That's why I am asking you for help guys.

Traces below:
pki.c ssh_pki_export_pubkey_blob: inside function
pki.c ssh_pki_export_pubkey_blob: key: 0xffff8c009480
pki.c ssh_pki_export_pubkey_blob: pblob: 0xffff9f690440
pki_crypto.c pki_publickey_to_blob
pki_crypto.c pki_publickey_to_blob: ssh_key: 0xffff8c009480
pki_crypto.c pki_publickey_to_blob: buffer: 0xffff8c003f00
pki_crypto.c pki_publickey_to_blob: key->cert: (nil)
pki_crypto.c pki_publickey_to_blob: key->type_c: ssh-rsa
pki_crypto.c pki_publickey_to_blob: ssh_buffer_add_ssh_string: 0
pki_crypto.c pki_publickey_to_blob: switch (key->type)
pki_crypto.c pki_publickey_to_blob: SSH_KEYTYPE_RSA
pki_crypto.c pki_publickey_to_blob: inside makestring
pki_crypto.c pki_publickey_to_blob: ssh_string_fill rc: 0
pki.c ssh_pki_export_pubkey_blob: assign pblob = blob
pki.c ssh_pki_export_pubkey_blob: return SSH_OK
pki.c ssh_pki_export_pubkey_blob: inside function
pki.c ssh_pki_export_pubkey_blob: key: 0xffff8c009480
pki.c ssh_pki_export_pubkey_blob: pblob: 0xffff9f690420
pki_crypto.c pki_publickey_to_blob
pki_crypto.c pki_publickey_to_blob: ssh_key: 0xffff8c009480
pki_crypto.c pki_publickey_to_blob: buffer: 0xffff8c00a6d0
pki_crypto.c pki_publickey_to_blob: key->cert: (nil)
pki_crypto.c pki_publickey_to_blob: key->type_c: ssh-rsa
pki_crypto.c pki_publickey_to_blob: ssh_buffer_add_ssh_string: 0
pki_crypto.c pki_publickey_to_blob: switch (key->type)
pki_crypto.c pki_publickey_to_blob: SSH_KEYTYPE_RSA
pki_crypto.c pki_publickey_to_blob: inside makestring
pki_crypto.c pki_publickey_to_blob: ssh_string_fill rc: 0
pki.c ssh_pki_export_pubkey_blob: assign pblob = blob
pki.c ssh_pki_export_pubkey_blob: return SSH_OK
pki.c ssh_pki_import_pubkey_file: filename: /etc/keys/test.pub
pki.c ssh_pki_import_pubkey_file: pkey:
pki.c ssh_pki_import_pubkey_file: file size: 381
pki.c ssh_pki_import_pubkey_file: cmp: 140
pki.c ssh_pki_import_pubkey_file: type: 2
pki.c ssh_pki_import_pubkey_base64: b64_key: BASE64 encoded content read from test.pub file here
pki.c ssh_pki_import_pubkey_base64: type: 2
pki.c ssh_pki_import_pubkey_base64: pkey:
pki.c ssh_pki_import_pubkey_base64: pkey: sizeof 8
pki.c ssh_pki_import_pubkey_base64 buffer:
pki.c ssh_pki_import_pubkey_base64 type_s:
pki.c ssh_pki_import_pubkey_base64 pki_import_pubkey_buffer: 0
pki.c ssh_pki_import_pubkey_file: ssh_pki_import_pubkey_base64 rc: 0
curve25519.c ssh_pki_import_pubkey_file rc: 0
curve25519.c public_key
curve25519.c type: 2
curve25519.c flags: 1
curve25519.c type_c: ssh-rsa
curve25519.c ecdsa_nid: 0
curve25519.c ed25519_pubkey: (nil)
curve25519.c ed25519_pubkey: (null)
curve25519.c ed25519_pubkey is NULL
curve25519.c ed25519_pubkey sizeof: 8
curve25519.c ed25519_privkey: (nil)
curve25519.c ed25519_privkey: (null)
curve25519.c ed25519_privkey is NULL
curve25519.c ed25519_privkey sizeof: 8
curve25519.c cert: (nil)
curve25519.c cert: (null)
curve25519.c cert sizeof: 8
curve25519.c cert is NULL
curve25519.c cert_type: 0
curve25519.c ssh_userauth_try_publickey call
auth.c ssh_userauth_try_publickey function call
auth.c ssh_userauth_try_publickey sig_type_c: rsa-sha2-512
auth.c ssh_userauth_try_publickey ssh_userauth_request_service function call
client.c ssh_service_request function body
client.c session->auth.service_state 0
client.c ssh_service_request ssh_buffer_pack: rc: 0
client.c Sent SSH_MSG_SERVICE_REQUEST (service ssh-userauth)
client.c ssh_handle_packets_termination: rc: -2
client.c ssh_service_request SSH_AUTH_SERVICE_SENT
client.c ssh_service_request end of function: rc: -2
auth.c ssh_userauth_try_publickey ssh_userauth_request_service function rc: -2
auth.c ssh_userauth_try_publickey SSH_AUTH_AGAIN
curve25519.c ssh_userauth_try_publickey rc: 4
pki.c ssh_pki_export_pubkey_blob: inside function
pki.c ssh_pki_export_pubkey_blob: key: 0xffff8c009590
pki.c ssh_pki_export_pubkey_blob: pblob: 0xffff9f690498
pki_crypto.c pki_publickey_to_blob
pki_crypto.c pki_publickey_to_blob: ssh_key: 0xffff8c009590
pki_crypto.c pki_publickey_to_blob: buffer: 0xffff8c004390
pki_crypto.c pki_publickey_to_blob: key->cert: (nil)
pki_crypto.c pki_publickey_to_blob: key->type_c: ssh-rsa
pki_crypto.c pki_publickey_to_blob: ssh_buffer_add_ssh_string: 0
pki_crypto.c pki_publickey_to_blob: switch (key->type)
pki_crypto.c pki_publickey_to_blob: SSH_KEYTYPE_RSA
pki_crypto.c pki_publickey_to_blob: inside makestring
pki_crypto.c pki_publickey_to_blob: ssh_string_fill rc: 0
pki.c ssh_pki_export_pubkey_blob: assign pblob = blob
pki.c ssh_pki_export_pubkey_blob: return SSH_OK
curve25519.c ssh_pki_export_pubkey_blob rc: 0
curve25519.c ssh_buffer_add_ssh_string rc: 0
curve25519.c ssh_buffer_add_ssh_string rc: 0
curve25519.c ssh_buffer_add_ssh_string rc: 0
curve25519.c ssh_packet_send rc: 0
curve25519.c ssh_buffer_add_u8 rc: 0
curve25519.c ssh_packet_send rc: 0
curve25519.c SSH_LOG_PROTOCOL rc: 0

on client errors, libssh closes socket set via options

As reported in the curl issue curl/curl#13086, libssh seems to close the socket supplied by curl with ssh_options_set(ssh->ssh_session, SSH_OPTIONS_FD, &sock) on error conditions.

This leads to a "double" close in curl and, in multi-threaded applications, a possible close on a socket that has been opened in another thread between the ssh shutdown and curls own cleanup.

AFAICT, the most likely place this happens is in client.c:489:

error:
    ssh_socket_close(session->socket);
    session->alive = 0;
    session->session_state = SSH_SESSION_STATE_ERROR;
}

missing the guard that is in place in client.c:780:

        /* Do not close the socket, if the fd was set via options. */
        if (session->opts.fd == SSH_INVALID_SOCKET) {
            ssh_socket_close(session->socket);
        }