Skip to main content

Build NanoSSH server example code

NanoSSH Server implementation tasks

The following are the basic tasks for building any of the NanoSSH server example code implementations.

  1. Add the NanoSSH Server Software

    • Add the NanoSSH server software to the application development environment. Ensure to include the example code that most closely matches that of the intended application.

  2. Port TrustCore SDK Code

    • If there is no pre-configured TrustCore SDK port for the operating system, edit the appropriate abstraction files to port the code to the operating system.

  3. Specify Features for TrustCore SDK Executable

    • Specify which features (such as debugging and examples) to be included in the TrustCore SDK executable by setting the appropriate compilation flags. Initially, define only the minimal set of flags to limit functionality to basic communications. After confirming that a basic example application is executable (see step 5), this step may be repeated to add more features one at a time.

  4. Create Object Files and Executable

    • Create the object files and the executable.

  5. Verify the NanoSSH Server Example Code

    • Verify that the NanoSSH server example code is executable on the operating system.

  6. Iterative Feature Addition

    • Repeat steps 3 to 5 as needed to add features one at a time.

Quick build server sample code

A sample version of a NanoSSH server may be quickly built to demonstrate its features using the provided makefile.ssh.

Generating the NanoSSH Server quick build

To generate the NanoSSH server quick build, run the following command:

./scripts/nanossh/ssh_server/build_ssh_server_ncrypto.sh <flags>

Options

  • <flags>: Specifies which features to enable:

    • --debug: Enable debug logs.

    • --gdb: Enable debug symbols.

    • --suiteb: Enable NIST Suite B algorithms.

    • --cert: Enable certificate support in stack.

    • --server_cert_auth: Enable the server to use a certificate for authenticating itself. Also enable cert=true if using this flag.

    • --cert_ocsp=true: Enable OCSP stapling when server is using a certificate.

    • --ocsp_config_timeout: Enables OCSP timeout configuration.

    • --client_cert_auth: Enables the client to use a certificate to authenticate itself. Also enable cert=true if using this flag.

    • --client_auth: Enable the client to authenticate itself using the public key.

    • --oqs: Build with Open Quantum Safe library.

    • --oqs-path: Path to directory containing OQS library.

    • --hw-accel: Build with Hardware Accelerator Support

    • --no-pubkey-name: Build with support for no public key name in public key blob. This is for compatibility with older versions of TrustCore SDK’s NanoSSH implementation.

    • --port_forwarding: Build with Port Forwarding enabled.

    • --fips: Build with FIPS enabled. Requires TrustCore SDK FIPS binary.

Running the NanoSSH Server quick build

To run the NanoSSH server quick build, run the following command:

./bin/ssh_server <options>

Options

  • ?: Displays the help.

  • -port <port>: Sets the listening port.

  • -ssh_server_cert <cert>: Sets the server certificate path.

  • -ssh_server_blob <key>: Sets the server blob path.

  • -ssh_ca_cert <ca_cert>: Sets the CA certificate.

  • -ocsp_responder_url <url>: Sets the OCSP Responder URL.

  • -ocsp_timeout <timeout>: Sets the OCSP wait timeout (in milliseconds).

Example code

To help with integration of NanoSSH server into devices, a suite of example code is included in the source distribution (in the src/examples directory).

The example code should be used as-is to validate SSH client-server communication. After verifying that the TrustCore SDK code works as expected on the intended system, the example code may be customized or used as a model for other implementations:

  • Customizing an Asynchronous NanoSSH Server Implementation

  • Customizing a Synchronous NanoSSH Server Implementation

  • Customizing a NanoSSH SFTP Server Implementation

Table 2 shows which example files correspond to which NanoSSH product, as well as which flags to define to fully enable the example file’s code.

Table 2: NanoSSH Server example code

Table 1. Example Files and Configuration

File

Flags(s)

Sync Server

Asynch Server

SFTP Server

sftp_example.c

Configures NanoSSH callbacks for SSH File Transfer Protocol (FTP) communication.

x

sftp_example_filesys.c

Provides an example SFTP file system descriptor.

x

sftp_example_wince.c

SFTP server for Windows CE.

x

ssh_example.c

Simple, synchronous SSH server with shell login.

x

ssh_example_async1.c

Simple, asynchronous SSH server with shell login.

x

ssh_example_async.c

Asynchronous SSH server with optional port forwarding.

x

ssh_example_pf.c

Synchronous SSH server with port forwarding.

x

ssh_linux_pty.c

Based on ssh_pipe.c; this Linux example demonstrates one way to communicate to an upper layer CLI, where the upper layer is the Bash shell.

x

x

ssh_pipe.c

Synchronous SSH server implemented as a proxy using pipes.

x

x

ssh_sock.c

Communicate to an upper-layer CLI.

x

x


Verify Communication between the Client Shell and the NanoSSH Server

After building the NanoSSH code, verify that it is executable in the operating environment. Assuming that NanoSSH Client and NanoSSH Server (and the example code) have been enabled, the loopback interface may be used to confirm that the client and server are able to communicate within the operating environment.

To verify communication between the client shell and NanoSSH Server:

  1. If necessary, open a command shell on the NanoSSH server (e.g., Cygwin).

  2. Change to the mss directory.

  3. Start NanoSSH Server (messages are displayed as processes and methods start up and run):

    bin/sshs.exe
    
  4. Open a second shell (the client), and enter the following command to request a connection for the admin user:

    ssh admin@127.0.0.1
    
  5. When prompted for the corresponding password, enter secure.

  6. When prompted to enter a new password, type one (e.g., new).

  7. When prompted to confirm the new password, enter it again. The client echoes Password changed and Password successfully changed.

  8. In the client window, press any keys. If they are echoed to the client window (that is, if you can see what you’re typing), asynchronous client-server communication is successful.

  9. Perform a graceful shutdown by entering the following command in the client window:

    Bye!
    

The client and server session end, and both command shells are closed.