Skip to main content

NanoSSH

DigiCert® TrustCore SDK NanoSSH is an SSH client/server solution with support for X.-509v3 certificate-based authentication and comes with a RADIUS client, specifically designed to speed product development while providing device security services for resource-constrained environments. NanoSSH is open-standards-based, extensible, extremely small footprint, and platform-agnostic.

It supports NSA Suite B crypto algorithms to provide a holistic approach for securing networked devices and services, ideally suited for high-traffic enterprise and federal environments where performance is critical. Suite B cryptography is a set of cryptographic algorithms and protocols specified by NIST that are approved by the NSA for protecting classified and unclassified National Security Systems (NSS). The TrustCore SDK Security Platform API functions that are related to NSA Suite B cryptography are available only if NanoCrypto Advanced has been purchased. By default, only NanoCrypto Basic is included.

The NanoSSH server enables a secure connection to remote clients, which can be running the NanoSSH client or any other SSH client, while typical uses for the NanoSSH client are:

  • SSH client shell: Provides a secured communication channel between two networked devices; typically used to log into a remote machine and execute commands.

  • SSH client port forwarding: Encrypts and decrypts TCP/IP traffic; often used so that proprietary applications operating on distributed machines can securely communicate.

Key features

NanoSSH provides the following features:

  • Small memory footprint

  • Speeds integration and testing of complex cryptographic functions for your product

  • SSHv2 compliant

  • TCP/IP-neutral

  • Certificate support, per IETF draft 3, http://tools.ietf.org/html/draft-ietf-secsh-x509-03

  • Re-keying at will, based on a specified number of packets or a certain amount of time

  • OS- and platform-agnostic for easy portability

  • Threadless architecture, synchronous and asynchronous

  • Guaranteed GPL-free code that protects your intellectual property

System requirements

Memory requirements

NanoSSH has a minimum memory footprint of 171KB.

Typical memory usage is with a full set of ciphers and may vary (decrease or increase) based on 32/64-bit, x86/ARM/MIPS, reduced set of ciphers, static/shared library, and compile flags.

Note: Estimate is based on Intel x86 builds.

Supported operating systems

NanoSSH is currently supported on the following operating systems:

  • Linux (Ubuntu, Debian, Raspbian, CentOS)

  • Solaris

  • Microsoft® Windows

  • CygWin

  • FreeBSD

If required, porting to another operating system or RTOS can be done.

Supported operating platforms

NanoSSH is currently supported on the following operating platforms:

  • Intel® x86

  • ARM A/M Series

  • Hardware Acceleration: Intel AES-NI, Vendor Extensions via NanoCrypto Callbacks

  • Secure Element: TPM 1.2

Supported standards

NanoSSH supports the following RFC standards:

  • SSH File Transfer Protocol, v2, v3 and v4

  • RFC 4250: The Secure Shell (SSH) Protocol Assigned Numbers

  • RFC 4251: The Secure Shell (SSH) Protocol Architecture

  • RFC 4252: The Secure Shell (SSH) Authentication Protocol

  • RFC 4253: The Secure Shell (SSH) Transport Layer Protocol

  • RFC 4254: The Secure Shell (SSH) Connection Protocol (partially supported)

  • RFC 4344: The Secure Shell (SSH) Transport Layer Encryption Modes

  • RFC 4335: The Secure Shell (SSH) Session Channel Break Extension

  • RFC 4419: Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol

  • RFC 4432: RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol. For detailed information refer to section 7 of the RFC draft-ietf-secsh-filexfer-03.txt, SSH File Transfer Protocol (http://tools.ietf.org/html/draft-ietf-secsh-filexfer-03).

  • RFC 6187: X.509v3 Certificates for Secure Shell Authentication

  • RFC 6239: Suite B cryptographic suites for SSH

  • Draft-green-secsh-ecc-07: Elliptic-Curve Algorithm Integration in the Secure Shell Transport Layer

  • Draft-igoe-secsh-aes-gcm-02: AES Galois Counter Mode for the Secure Shell Transport Layer Protocol

  • Draft-josefsson-ssh-chacha20-poly1305-openssh-00 - ChaCha20 Poly1305 for the Secure Shell Transport Layer Protocol

  • Draft-ietf-curdle-ssh-ed25519-02 - Ed25519 for Secure Shell Transport Layer Protocol

Network architecture diagram

The figure below shows how NanoSSH is implemented to protect target systems and their connected devices.

Figure 1.
nanossh-network-diagram.png

NanoSSH Network Diagram