NanoSSH
DigiCert® TrustCore SDK NanoSSH is an SSH client/server solution with support for X.-509v3 certificate-based authentication and comes with a RADIUS client, specifically designed to speed product development while providing device security services for resource-constrained environments. NanoSSH is open-standards-based, extensible, extremely small footprint, and platform-agnostic.
It supports NSA Suite B crypto algorithms to provide a holistic approach for securing networked devices and services, ideally suited for high-traffic enterprise and federal environments where performance is critical. Suite B cryptography is a set of cryptographic algorithms and protocols specified by NIST that are approved by the NSA for protecting classified and unclassified National Security Systems (NSS). The TrustCore SDK Security Platform API functions that are related to NSA Suite B cryptography are available only if NanoCrypto Advanced has been purchased. By default, only NanoCrypto Basic is included.
The NanoSSH server enables a secure connection to remote clients, which can be running the NanoSSH client or any other SSH client, while typical uses for the NanoSSH client are:
SSH client shell: Provides a secured communication channel between two networked devices; typically used to log into a remote machine and execute commands.
SSH client port forwarding: Encrypts and decrypts TCP/IP traffic; often used so that proprietary applications operating on distributed machines can securely communicate.
Key features
NanoSSH provides the following features:
Small memory footprint
Speeds integration and testing of complex cryptographic functions for your product
SSHv2 compliant
TCP/IP-neutral
Certificate support, per IETF draft 3, http://tools.ietf.org/html/draft-ietf-secsh-x509-03
Re-keying at will, based on a specified number of packets or a certain amount of time
OS- and platform-agnostic for easy portability
Threadless architecture, synchronous and asynchronous
Guaranteed GPL-free code that protects your intellectual property
System requirements
Memory requirements
NanoSSH has a minimum memory footprint of 171KB.
Typical memory usage is with a full set of ciphers and may vary (decrease or increase) based on 32/64-bit, x86/ARM/MIPS, reduced set of ciphers, static/shared library, and compile flags.
Note: Estimate is based on Intel x86 builds.
Supported operating systems
NanoSSH is currently supported on the following operating systems:
Linux (Ubuntu, Debian, Raspbian, CentOS)
Solaris
Microsoft® Windows
CygWin
FreeBSD
If required, porting to another operating system or RTOS can be done.
Supported operating platforms
NanoSSH is currently supported on the following operating platforms:
Intel® x86
ARM A/M Series
Hardware Acceleration: Intel AES-NI, Vendor Extensions via NanoCrypto Callbacks
Secure Element: TPM 1.2
Supported standards
NanoSSH supports the following RFC standards:
SSH File Transfer Protocol, v2, v3 and v4
RFC 4250: The Secure Shell (SSH) Protocol Assigned Numbers
RFC 4251: The Secure Shell (SSH) Protocol Architecture
RFC 4252: The Secure Shell (SSH) Authentication Protocol
RFC 4253: The Secure Shell (SSH) Transport Layer Protocol
RFC 4254: The Secure Shell (SSH) Connection Protocol (partially supported)
RFC 4344: The Secure Shell (SSH) Transport Layer Encryption Modes
RFC 4335: The Secure Shell (SSH) Session Channel Break Extension
RFC 4419: Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
RFC 4432: RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol. For detailed information refer to section 7 of the RFC draft-ietf-secsh-filexfer-03.txt, SSH File Transfer Protocol (http://tools.ietf.org/html/draft-ietf-secsh-filexfer-03).
RFC 6187: X.509v3 Certificates for Secure Shell Authentication
RFC 6239: Suite B cryptographic suites for SSH
Draft-green-secsh-ecc-07: Elliptic-Curve Algorithm Integration in the Secure Shell Transport Layer
Draft-igoe-secsh-aes-gcm-02: AES Galois Counter Mode for the Secure Shell Transport Layer Protocol
Draft-josefsson-ssh-chacha20-poly1305-openssh-00 - ChaCha20 Poly1305 for the Secure Shell Transport Layer Protocol
Draft-ietf-curdle-ssh-ed25519-02 - Ed25519 for Secure Shell Transport Layer Protocol
Network architecture diagram
The figure below shows how NanoSSH is implemented to protect target systems and their connected devices.