ne7ssh:NetSieben SSH 库 (ne7ssh)

## UPDATE: 2/26/2015 - After spending quite some time with this library, I decided to use it as a rapid prototype for cppssh. All development has moved to that project. # https://github.com/cdesjardins/cppssh <br><br><br><br><br><br><br><br> An open letter to: Andrew Useckas <andrew@netsieben.com rel='nofollow' onclick='return false;'> Keef Aragon <keef@netsieben.com> It seems that ne7ssh has been abandoned. I have attempted to contact you both, but I have as of yet not recieved any response. If you decide to resurrect ne7ssh, then please contact me so that we can merge and converge. Thanks - Chris D. NetSieben SSH Library (ne7ssh) v1.3.x README LEGALESE NetSieben Technologies Pty Limited http://www.netsieben.com Copyright (C) 2005-2009 NetSieben Technologies INC ALL RIGHTS RESERVED This program may be distributed under the terms of the Q Public License as defined by Trolltech AS of Norway and appearing in the file LICENSE.QPL included in the packaging of this file. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. ---------------------------------------- Table of Contents 1. Overview 1.1 Features 1.2 Dependencies 1.3 Installation 2. Usage 2.1 Initializing the class 2.2 Setting the options 2.3 Connecting to a remote server 2.3.1 Key based authentication 2.3.1.1 Generating a key pair 2.3.2 Password based authentication 2.4 Communications 2.4.1 Interactive mode 2.4.2 Single command 2.5 Closing the connection 2.6 Error handling 2.6.1 Core context 2.6.2 Channel context 2.7 Secure FTP support 2.7.1 Initializing the subsystem 2.7.2 Setting a timeout for SFTP communications 2.7.3 Downloading a file 2.7.4 Uploading a file 2.7.5 Removing a file 2.7.6 Renaming or moving a file 2.7.7 Changing the current context 2.7.8 Creating a new directory 2.7.9 Removing a directory 2.7.10 Getting a directory listing 2.7.11 Changing permissions 2.7.12 Changing ownership 3. Commercial License ---------------------------------------- 1. Overview The Secure Shell (SSH) protocol is used by many, as a secure way of managing servers, firewalls and other network appliances. Nowadays many custom built applications require Secure Shell client functionality. Instead of spending countless hours building SSH functionality into an application one can now use NetSieben Technologies Inc. (NetSieben) SSH library to securely communicate with a variety of SSH server implementations. The library was developed by NetSieben after researching the limited number of options available. A lot of available solutions were either wrappers to openssh application or libraries with very limited functionality, and at best, still in alpha or beta stages of development. At this time version 1 of the SSH protocol is outdated with well known security flaws inherently in its design. Therefore NetSieben SSH library supports only with version 2 of the SSH protocol. Currently NetSieben's library supports only the SSH client. 1.1 Features Feature Supported Algorithms Key exchange Diffie Hellman Group 1, SHA1 Signatures ssh-dss (1024) User authentication public key, password Authentication keys DSA (512bit to 1024bit), RSA Encryption aes256-cbc, twofish-cbc, twofish256-cbc, blowfish-cbc, 3des-cbc, aes128-cbc, cast128-cbc HMAC hmac-md5, hmac-sha1, none Compression not supported Interoperability SSH Library should work with most SSH2 server implementations. Tested with openssh on Linux. Solaris, FreeBSD and NetBSD. Also tested with Juniper Netscreen ssh server implementation. Portability: The NetSieben SSH Library is based on the Botan crypto library, making it highly portable. It has been tested on Linux x86, Linux x86_64Linux PPC, Linux SPARC, Solaris, Windows 2000 and XP. 1.2 Dependencies A C++11 compatible compiler is required to build NetSiben SSH Library. NetSiben SSH Library requires Botan crypto library 1.10. The Botan library can be found here: http://botan.randombit.net NetSieben SSH Library requires Cmake version 3.1 or higher. Cmake software can be found here: http://www.cmake.org 1.3 Installation Public version of NetSieben SSH library is distributed in source code form. For more information please refer to INSTALL file included in the software package. 2. Usage 2.1 Initializing the class Before using library's functionality it needs to be initialized. The initialization process will allocate the required memory resources and prepare cryptographic methods for usage. It is recommended to do this first, when starting the application. Only one instance of ne7ssh class can be used at a time. Single instance of ne7ssh class is able to handle multiple connections to multiple servers. It is recommended to initialize the class when starting, use the same class for all of your SSH connections, and destroy it on the exit. The class should be initialized with the following command: ne7ssh *ssh = new ne7ssh (); The constructor of the class requires no arguments. The applications will exit when trying to initialize the class more than once within the same application. 2.2 Setting the options Before opening Secure connections, custom options can be configured for the use in all future connections. Currently only desired cipher and integrity checking algorithms can be configured. The following method can be used to configure the options: setOptions (const char *prefCipher, const char *prefHmac) prefCipher your preferred cipher algorithm string representation. Supported options are: aes256-cbc, twofish-cbc, twofish256-cbc, blowfish-cbc, 3des-cbc, aes128-cbc, cast128-cbc. prefHmac the preferred integrity checking algorithm string. Supported optionss are: hmac-md5, hmac-sha1 and none. This step is optional and if skipped the SSH library will use the default settings. If desired algorithms are not supported by the server, the next one from the list of supported algorithms will be used. 2.3 Connecting to a remote server After the options are set, connections to remote servers can be initiated. NetSieben library supports Password and Public Key authentication methods. 2.3.1 Key based authentication NetSieben SSH library supports key based authentication. For this to work one needs to generate a key pair either by using generateKeyPair method from ne7ssh class or by using ssh-keygen program included in openssh distributions. Server has to support key based authentication and newly generated public key needs to be added to servers authorized keys. The process may differ depending on SSH server vendor. Currently RSA and DSA keys are supported. The NetSieben library keys are compatible with unencrypted OpenSSH keys. No password should be specified when creating a key pair with ssh-keygen. To establish connection to a remote server using a private key use the following method: int ssh->connectWithKey (const char* host, uint32 port, const char* username, const char* privKeyFile); host Hostname or IP of the server. port Port the SSH server binds to. usually be 22 (standard SSH port). username Username to be used in authentication. PrivKeyFile Full path to a PEM encoded private key file. If the connection succeeds, the method will return the newly created channel ID. This ID should be used in all further communications via newly created connection. If the connection failed for any reason, "-1" will be returned by the method. Generating a key pair NetSieben SSH library can be used to generate key pairs. Currently RSA and DSA key algorithms are supported. DSA keys can only be between 512bits and 1024bits (restriction inherited from Botan library). The newly generate keys are OpenSSH compatible and public keys can be pasted straight into authorized_keys file. The following method generates a key pair: bool generateKeyPair (const char* type, const char* fqdn, const char* privKeyFileName, const char* pubKeyFileName, uint16 keySize); type String spec