1. FSCONS Gteborg, November 14 th2009

2. Your humble presenter

Daniel Stenberg

3. Consultant at Haxx 4. Open Source since 15 years 5. Contributed to 20+ projects 6. 15K public commits 7. cURL, Rockbox etc 8. Questions Please do interrupt and ask if you have questions! 9. Agenda

What is SSH

10. Background 11. Why a lib is needed 12. The project 13. Basic design

License

14. App examples 15. Competitors 16. Future 17. Contributors 18. SSH explained

Secure Shell or SSH is anetwork protocol that allows data to be exchanged using a secure channel between two networked devices

19. On top of TCP/IP 20. Invented by Tatu Ylnen in 1995 21. OpenSSH 1999 22. Internet Standard 2002, RFC4251 and friends 23. SSH is not SSL but similarities exist 24. 25. A little story Once upon a time... 26. 1997 Wouldn't it be nice with a tool that grabs HTTP? 27. 1998 Wouldn't it be nice if it did FTP too? 28. 1999 And Gopher! 29. 1999 Wouldn't it be nice if it did HTTPS too? 30. 2000 You get the picture. Time moved on. It was now also a lib 31. 2006 Supporting HTTP, HTTPS, FTP, FTPS, TELNET, LDAP, LDAPS, DICT, TFTP and FILE. Using several underlying libraries. Wouldn't it be nice if it did SCP and SFTP too? 32. How to select a SSH lib

OpenSSH no lib

33. Putty no lib 34. Libssh (license, blocking, thread-safety...) 35. Libssh2 there you go 36. Why libssh2

Because neither OpenSSH nor Putty did it right

37. Embeddable, command line tools aren't enough 38. Portability not limited to POSIX (C89) 39. Use SSH for SSL-like stuff 40. License as free as possible 41. Only 20K LOC 42. Libssh2 Background

Created by Sara Golemon, Dec 2004

43. Client and server 44. SSH2 only (no v1) 45. For PHP 46. Sara set the API, made it run 47. Daniel entered Nov 2006 48. For libcurl (non-blocking!) 49. Client-side only (for simplicity) 50. The project

Small

51. Plain ANSI C89 C 52. Low key 53. Mailing list driven 54. Meritocracy 55. Start-up feeling 56. Dealing with changes

Responsive to new ideas and features

57. Not many users (apps) 58. git 59. Individual copyrights 60. No umbrella org 61. Protocol support

Sessions

62. Channels 63. SCP 64. X11 65. SFTP 66. Publickey 67. More on design

(non-)blocking

68. pass in socket 69. external poll() 70. Crypto-layer abstracted 71. Knownhost 72. Blocking API SCP client /* create a socket */ sockfd = socket(); /* connect to server */ connect(sockfd, address); /* get a libssh2 session handle (blocking behavior is default) */ session = libssh2_session_init(); /* pass in the socket to the SSH2 session */ libssh2_session_startup(session, sockfd); /* password authentication (known host handling skipped) */ libssh2_userauth_password(session, username, password)); /* request a file with SCP */ channel = libssh2_scp_recv(session, /home/daniel/textfile, &fileinfo); while (!done)libssh2_channel_read(channel, mem, amount); /* free the SCP channel */ libssh2_channel_free(channel); /* disconnect session */ libssh2_session_disconnect(session, "shutdown); /* free the session */ libssh2_session_free(session); /* close the socket */ close(socket); 73. /* create a socket */ sockfd = socket(); /* connect to server */ connect(sockfd, address); /* get a libssh2 session handle (blocking behavior is default) */ session = libssh2_session_init(); /* pass in the socket to the SSH2 session */ libssh2_session_startup(session, sockfd); /* password authentication (known host handling skipped) */ libssh2_userauth_password(session, username, password)); /* request a file with SCP */ channel = libssh2_scp_recv(session, /home/daniel/textfile, &fileinfo); while (!done)libssh2_channel_read(channel, mem, amount); /* free the SCP channel */ libssh2_channel_free(channel); /* disconnect session */ libssh2_session_disconnect(session, "shutdown); /* free the session */ libssh2_session_free(session); /* close the socket */ close(socket); Blocking API SFTP client /* create the SFTP session */ sftp_session = libssh2_sftp_init(session); sftp_handle = libssh2_sftp_open(sftp_session, /home/daniel/file, LIBSSH2_FXF_READ, 0); while (!done)libssh2_sftp_read(sftp_handle, mem, amount); /* close the SFTP handle */ libssh2_sftp_close(sftp_handle); /* close the SFTP session */ libssh2_sftp_shutdown(sftp_session); 74. Or use libcurl! Libcurl supports SCP and SFTP URLs http://curl.haxx.se/ 75. How does it do?

Speed wise?

76. Feature wise? 77. Bug and stability wise? 78. License

Modified BSD

79. Free for virtually every use 80. Sara G picked it 81. Suitable for re-use by other libs/platforms 82. Competitor(s)

Libssh

Slower

83. License 84. non-blocking 85. Name-space polluting 86. Unstable API Others? Mostly non-C (Java, .NET ...) 87. Commercial? 88. Contributors

Sara G

89. Me 90. Simon J 91. A few other happy campers 92. No particular company backing 93. Company-funded features 94. Future

Remain client-side?

95. Make more stable 96. Improve speed (esp SFTP) 97. Use less mallocs 98. Use less memory (adjust windows etc) 99. Missing features? 100. Scratch itches 101. Summary

Open source library for SSH2

102. Written in C 103. The best one available 104. Small team 105. www.libssh2.org 106. Join in! libssh2 needs you!