Alpha version of SSHD support with wolfSSH#435
Merged
ejohnstown merged 48 commits intowolfSSL:masterfrom Aug 16, 2022
Merged
Conversation
- Moved all wolfsshd source code into apps/wolfsshd/. Then future apps, e.g. an ssh-keygen type utility, will get their own subdirectory under apps/. - Rename wolfauth.(c|h) to auth.(c|h), rename wolfconfig.c to config.c. - Add support for checking user public keys against an authorized keys file. Doesn't support parsing options and comments in the key file, yet. Parsing special tokens (e.g. %h) and absolute paths in the AuthorizedKeysFile string are also not supported. - Comment out currently unused USER_NODE code. Could be useful later on if we integrate wolfsshd in an environment where the OS doesn't have its own username service. - Modify configure.ac to bring in libcrypt if wolfsshd is enabled.
…s after SSH accept
- hostKeyFile and authKeysFile members of the config are now dynamically allocated strings owned by the config. - Break out sshd_config option handling into more modular functions.
- Move function declarations for WOLFSSHD_CONFIG from wolfsshd.h to a new header, configuration.h. Change config.c to configuration.c. (using "configuration" so as not to collide with autotools' config.h) - Make the WOLFSSL_CONFIG* member of WOLFSSHD_AUTH const. At least at the moment, it shouldn't be necessary for this member to be writable. - Replace wolfSSHD_ConfigGetOption with functions to get specific members from the config. - Namespace all config functions with wolfSSHD_Config* and all auth functions with wolfSSHD_Auth. - Add const to function parameters, where possible. - Remove wolfSSHD_ prefix from static functions. Just use PascalCase. These don't need namespacing since they aren't visible outside their translation unit. - Modify GetConfigInt to expect leading and trailing whitespace to have already been removed. It will have been removed in the context this function is used in configuration.c.
I wanted to be able to test ParseConfigLine directly, so I added some preprocessor logic to expose this function (i.e. make it non-static) when building test_configuration. I fixed a couple bugs discovered by this new testing.
Specifying a port set `ret` to the port number instead of `WS_SUCCESS` which meant that everything after parameter passing failed silently.
Includes single files or directories, only in POSIX for now.
When going into daemon mode on a POSIX system, use syslog
Check the prefix and postfix for a filename when a wildcard is used.
ejohnstown
requested changes
Aug 11, 2022
ejohnstown
approved these changes
Aug 16, 2022
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds the alpha version of SSHD support to wolfSSH. Enabled with --enable-sshd when compiling with autotools and off by default. The core features are implemented and some additional features are still in progress. Some testing has been completed but additional testing for a production ready version of the code is in progress, so far Linux/QNX OS's have been tested, OSX has been built but password support not yet completed.
Once built with --enable-sshd an example of running the SSHD daemon would be the following:
To see a help menu use
./apps/wolfsshd/wolfsshd -h. The program can be run in the foreground using the option '-D'.