libassh reference manual

Table of contents Headers list All declarations

libassh reference manual » Algorithms and methods

1 What is libassh ?
- 1.1 Event based ssh
- 1.2 Modular ssh
- 1.3 Clean design
- 1.4 Portable ssh
- 1.5 Security
- 1.6 Performances
- 1.7 Testing
2 Quickstart
3 Design and architecture
- 3.1 Protocol architecture
  - 3.1.1 Transport layer and packets
  - 3.1.2 Key-exchange process and methods
  - 3.1.3 SSH services
  - 3.1.4 The connection protocol
  - 3.1.5 Mapping to libassh components
- 3.2 Software interfaces
  - 3.2.1 Core and modules
  - 3.2.2 Event based API
  - 3.2.3 Helper functions
  - 3.2.4 Channels and requests
  - 3.2.5 Timeout management
  - 3.2.6 Error handling
- 3.3 State machines
  - 3.3.1 Transport layer FSMs
  - 3.3.2 User auth FSMs
  - 3.3.3 Connection layer FSMs
  - 3.3.4 Key exchange FSMs
- 3.4 Source tree
- 3.5 Build configuration
4 Algorithms and methods
- 4.1 Algorithms registration
- 4.2 Key-exchange algorithms
- 4.3 Authentication algorithms
- 4.4 Cipher algorithms
- 4.5 Message authentication algorithms
- 4.6 Compression algorithms
- 4.7 User authentication methods
- 4.8 Key types and formats
5 Example applications
- 5.1 Remote command execution
- 5.2 Simple loopback server
- 5.3 Command line client
- 5.4 Forwarded command execution
- 5.5 POSIX server
- 5.6 SSH key management tool
6 Test programs
7 API documentation
- 7.1 Headers list
- 7.2 All declarations
8 SSH Lexicon
9 Copyright and license
- 9.1 Software License
- 9.2 Copyright owner
- 9.3 Derivative work
- 9.4 Copying this document
10 Bibliography
11 Appendix
12 GNU Free Documentation License

4 Algorithms and methods

The ssh2 protocol is designed for extensibility as described in the Protocol architecture section.

When the key-exchange process starts, the client and server programs agree on the ssh2 algorithms that will be used to secure the connection. There are five types of algorithms that need to be agreed upon: key-exchange algorithms, host authentication algorithms, cipher algorithms, message authentication algorithms and compression algorithms.

The library comes with modules that implement various algorithms for the ssh2 protocol. Some provided modules use builtin crypto implementation and other rely on external libraries like Libgcrypt and OpenSSL. A subset of the modules provided as part of assh allows running the ssh2 protocol without relying on any external library. Additional modules can be added in order to support alternate implementations as well as new algorithms and hardware acceleration.

There are also multiple features of the protocol that are named and negotiated independently of the key-exchange process. This is the case of services and user authentication methods, for instance.

The following subsections list supported algorithms, authentication methods and key formats.

Valid XHTML 1.0 StrictGenerated by diaxen on Sun Oct 25 23:30:45 2020 using MkDoc