Dear Sirs, This must have been asked before but I don't find and FAQ around dealing with the issue. We are building small devices that connects to Internet (www.ipio.nu). The next generation of this we want to base on AVR32 and run a small slimmed version of Linux. We have som program on this device that we want to connect to servers out on Internet. SSL seems to be "quite heavy" for this simple task. We just want a fairly good sequre channel and we are investigating if SSH could do the job. BUT wat we would realy like is to embedd the SSH protocol *into* our applications. The devices could and should not be managed in any way! So we must prepack as mutch as possible. The problem is that we found virtualy no information about how to do this! We were looking for some libssh libraries on OpenSSH site - but find no sutch thing. If anybody could take on sutch a task, to build a libssh from stuf that are on OpenSSH and make some simple example code, please get in contact with us. G?ran Hasse Raditex AB gorhas at raditex.se http://www.ipio.nu http://www.freescada.com -- gorhas at gmail.com Mob: 070-5530148
you might want to take a look at OpenSSL (http://openssl.org). there is also a good oreilly book on openssl. openssl provides many cryptography and certificate funktions, including establishment of secure connections via TCP/IP. if openssl is still too heavy, give google(lightweight SSL or TLS library) a try. david -- Hail Eris, All Hail Discordia. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: not available Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080920/c0d20216/attachment.bin
On Sat, 20 Sep 2008, Goran Hasse wrote:> Dear Sirs, > > This must have been asked before but I don't find and FAQ around > dealing with the issue. > > We are building small devices that connects to Internet (www.ipio.nu). > The next generation of this we want to base on AVR32 and run a small > slimmed version of Linux. We have som program on this device that we > want to connect to servers out on Internet. SSL seems to be "quite > heavy" for this simple task. We just want a fairly good sequre channel > and we are investigating if SSH could do the job. BUT wat we would > realy like is to embedd the SSH protocol *into* our applications. The > devices could and should not be managed in any way! So we must prepack > as mutch as possible.OpenSSH doesn't have any direct programatic interface. If you need a SSH client with a programmatic interface, some options are libssh2 (C) jSSH (Java) and Twisted Conch (Python). I'm not aware of any SSH server libraries, but it is quite easy to interface arbirary code to a SSH server as a shell or subsystem. OpenSSH has never been optimised to run on small devices. It wouldn't be too hard to chop out bits that are non-relevant (SSH1, X11 forwarding, compression, etc.) but nobody has done the work. Also, we still depend on OpenSSL's libcrypto, which is fairly heavyweight. This would be much tricker to disentanle, though I note that the Heimdal Kerberos implemention now has a "hcrypto" library that implements a subset of libcrypto - perhaps it is enough for OpenSSH. There is another SSH server implementation that is focused on code size: dropbear. I've ever used it, but it quite popular on small devices. -d