FAQs
Does NanoSSH Server support some or all the acceptable cryptographic and message integrity methods?
Yes. The list of supported RFCs and interoperability with SSL clients (e.g. OpenSSH) are described in the User’s Guide.
Does it support the ThreadX RTOS?
Based on the version of ThreadX RTOS, the users may need to update the OS abstraction layer. A porting guide is provided to assist with the port to any OS.
Does it support an ARM7/9 processor?
Yes. The code is processor agnostic.
Is it delivered with all source code?
Yes.
Are dual-IPv4/v6 stacks supported?
Yes.
Are all the crypto functions included in source, with no reliance upon separate crypto libraries?
Yes. All required cryptographic operations are provided through the Mocana NanoCrypto module.
Are the password and keyboard-interactive authentication methods supported?
Yes, via application registered callbacks.
Are login banners supported?
Yes, via application registered callbacks.
Is SFTP supported?
Yes.
Is Secure Channel Break Extension supported?
Yes (RFC 4335).
What is the memory footprint?
The memory footprint depends on the selected set of cipher algorithms. The range is typically between 200KB (optimized cipher suite) – 500KB (full cipher suite).
Are non-interactive SSH sessions (SSH-EXEC) supported?
Yes.
How often are updates provided? Is there a roadmap for upcoming feature additions?
Patches are provided based on issues reported by internal QA regression/continuous integration activities and end users through the ZenDesk ticketing system. New features based are included on the roadmap based on customer specific use case.
How do I register our CLI task with the SSH daemon (Mocana SSH Server)? Are there any subroutines available?
There are several ways to make communication calls from the CLI application code using NanoSSH server:
Call only Mocana SSH API functions
Create and manage sockets
Create and manage pipes
The most efficient solution would be to use the NanoSSH API functions. Depending on the operating system, the NanoSSH functions may use only half as many threads as a pipe or socket solution. However, in the case that the CLI application is legacy code that uses numerous send and receive calls or is generally difficult to modify, NanoSSH integration can be done in the following ways:
Replace existing CLI communication calls with Mocana macros that wrap the NanoSSH API functions
Implement the NanoSSH server as a proxy using pipes to communicate with the CLI application
For the first option, you can replace the legacy code’s function calls with Mocana macros:
accept() → ACCEPT()
send() → SEND()
recv() → RECV()
close() → CLOSE()
If you choose to use the second option, you can refer to example code in examples/ssh_pipe.c to see how pipes are created and managed. To integrate the Mocana pipe code, you’ll be required to modify the NanoSSH server code to disable authentication and to listen only on the loopback interface (127.0.0.1).
Any equivalent Read/Write functions currently available to use?
There are existing API’s to read/write from and to a file via MOCANA_readFile() and MOCANA_writeFile(), which are used to access the host key files. In terms of our SFTP example code, we have API’s that invoke calls to SSH_sftpReadBuffer() and SSH_sftpWriteBuffer in order to read and write from and to a specified buffer.
What is the difference between synchronous and asynchronous SSH Server and which is suitable for us?
The synchronous and asynchronous modes perform message handling differently. In synchronous mode, the initial negotiation locks the thread until negotiation is complete. In asynchronous mode, the user is free to carry out other actions on the thread while negotiation is still processing. If any of the following conditions apply, asynchronous mode must be used instead:
The existing system is event-driven or callback-based
The existing TCP/IP stack is TCB-based
Multiple user sessions per thread are required
Thread shortage is expected
Threadless operation is required
Generally, asynchronous mode is more efficient than synchronous mode. Synchronous mode is recommended if a system is socket-based (using TCP/IP) and is also easier to integrate than asynchronous mode. However, asynchronous mode should be used for any other scenario (e.g. TCB, event-driven, callback-based, asynchronous stacks).
We are generating RSA and DSA keys and adding them to the store. Do we also need to generate ECC keys and add it to the store?
Using RSA and DSA keys are sufficient for a basic SSH connection, but if you are constrained with memory or time, ECC keys are generally smaller and faster. If you are not planning to use ECC in authentication, encryption, or signing, it is unnecessary to generate ECC keys. However, if you are planning to use ECC, you will need to enable the __ENABLE_MOCANA_ECC__
compilation flag.
We have our own CLI, which ssh example file do we use?
The SSH (and SFTP) server example by default uses the ssh_example.c file. If you want to enable port forwarding support, then you will need to use ssh_example_pf.c. SSH synchronous mode also uses ssh_example.c as it is the default mode, however, if you would like to use asynchronous mode you should use the ssh_example_async.c file.