David Calavera | 2 Sep 01:06 2014
Picon

Allow authentication to be passed in memory - blast from the past

Hi,

I was doing some digging to see how I could pass auth keys by memory when I discovered this old thread from 2012 with a patch:

I'm really interested in seeing this incorporated to libssh2, so I decided to try to address the problems raised in the next message in that thread:

I created a new patch that addressed part those points. You can see it at:


I replaced the use of `memcpy_s` to use `memcpy`. I also formatted the code to use less that 80 columns.

I ran `./configure --enable-debug` to try to address the warnings in the code, but unfortunately I didn't get any. I'm not sure if I'm doing anything wrong, I posted the output here:


I'd really appreciate if anybody could point me to those warnings if there is anything I'm missing.

As I said, I'm really interested in seeing this merged into libssh2. Please, let me know if there is anything else I can help with to make that possible.

Cheers,
David

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Joern Heissler | 29 Aug 10:45 2014

Download text file via SFTP

Hi,

I'm trying to download a large text file using the sftp protocol.

The remote server runs on "Maverick SSHD". I'm using libssh2-1.4.3 (debian unstable).

I enabled compression and negotiated zlib because it's a text file.

Next, I compared the speed to what OpenSSH's `sftp' utility achieves, and
libssh2 was just terribly slow.

Then I increased buffer size for libssh2_sftp_read to a big value. It
helps a little, but the chunks returned by libssh2_sftp_read are exactly 2000
bytes, regardless of my setting.

tcpdump shows that the packets sent by the server are mostly around
200-300 bytes which obviously is too small.

I found that when I change MAX_SFTP_READ_SIZE from 2000 to a larger
value, the packet size increases, as does the download speed.

To me it looks like the server has strange TCP_NODELAY / TCP_CORK
settings. For each request of 2000 bytes, the data is gzipped and gets sent in
one tcp packet (or multiple if too large).
I found that a chunk size of 13500 bytes gives me a good ratio of uncompressed_bytes / tcp_packets.

The optimal value for MAX_SFTP_READ_SIZE heavily depends on the specific
use case, so I ask that it's made a configurable option, please :)

Thanks,
Joern
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
이효신 | 25 Aug 02:03 2014

About "Channel open fail"..help pls

hello. i am lee from korea.

for ask ur help, write this mail. ^^

 

when i had made ssh module with libssh2, encounter Two error. and i cant solve this for 2 weeks.

 

first one, by sample code,  libssh2_channel_open_session() did work  just one time. i can open first channel .

after open and excute command line, read and close channel. and when retry open other channel, i can see this error message in debug panel " Unable  to send  channel-open request".

any information by FAQ useless for me..

 

and i try other way with libssh2_channel_direct_tcpip().

 

second problem, by sample code by FAQ info, i get some test code.

thsi one.

but just change err message. i cant open first channel. with message "Channel open failure"

 

os : window7

tool: microsoft visual studio 2010

 

any information, any advice! pls help

 

char request[]="GET /\n";
 char buffer[BUFSIZE];
 LIBSSH2_CHANNEL *channel;
 char *error;
 int rv;
 channel=libssh2_channel_direct_tcpip(session, "localhost", 3017);
 if(!channel) {
  libssh2_session_last_error(session, &error, NULL, 0);
  fprintf(stderr, "libssh2_channel_direct_tcpip: %s\n", error);
  return 1;
 }
 if(libssh2_channel_write(channel, request, strlen(request)) <= 0) {
  libssh2_session_last_error(session, &error, NULL, 0);
  fprintf(stderr, "libssh2_channel_write: %s\n", error);
  return 1;
 }
 
 rv=libssh2_channel_read(channel, buffer, BUFSIZE-1);
 if(rv <= 0) {
  libssh2_session_last_error(session, &error, NULL, 0);
  fprintf(stderr, "libssh2_channel_read: %s\n", error);
  return 1;
 }
 buffer[rv]='\0';

 printf("%s\n", buffer);

 libssh2_channel_free(channel);
 return 0;

}

 

int test7() {
 struct hostent *hen;
 struct sockaddr_in sin;
 int ssh_socket;
 char *error;
 LIBSSH2_SESSION *ssh_session;

  ssh_socket = socket(AF_INET, SOCK_STREAM, 0);

 if(ssh_socket < 0) {
  perror("socket");
  return 1;
 }

 sin.sin_family = AF_INET;
 sin.sin_port = htons(22);
 hen=gethostbyname("xxx.xxx.xxx.xxx");
 if(!hen) {
//  fprintf(stderr, "gethostbyname: %s", hstrerror(h_errno));
  return 1;
 }
 memcpy(&(sin.sin_addr.s_addr), hen->h_addr_list[0], hen->h_length);
 
 if ( connect(ssh_socket, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in)) ) {
  perror("connect");
  //return 1;
 }
 
 ssh_session = libssh2_session_init();
 
 if (libssh2_session_startup(ssh_session, ssh_socket)) {
  libssh2_session_last_error(ssh_session, &error, NULL, 0);
  fprintf(stderr, "libssh2_session_startup: %s\n", error);
  return 1;
 }
 
 if(libssh2_userauth_password(ssh_session, "id", "pw")) {
  libssh2_session_last_error(ssh_session, &error, NULL, 0);
  fprintf(stderr, "libssh2_userauth_password: %s\n", error);
  return 1;
 }
 if(do_channel(ssh_session)) return 1;
 if(do_channel(ssh_session)) return 1;
 return 0;

 

 

 

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Lubos Uhliarik | 13 Aug 15:10 2014
Picon

[PATCH] - datacount

Hello Daniel, 

my colleague wrote you an email before about 9 months. Company in which 
I'm working would like to cooperate with you on libssh2 development,
because we are using this lib in several projects. 

We made a few patches, but we would like to move those patches to the
upstream version. In this email, I will try introduce you first patch,
which we would like to apply on the upstream version. 

This first patch should count total amount of transferred data during
the connection to a server. For this purpose, two functions were
created:

libssh2_session_recv_data(LIBSSH2_SESSION *session) and 
libssh2_session_recv_data(LIBSSH2_SESSION *session). 

Better explanation of this PATCH sent my colleague Jiri. You can read
his email here:

http://www.libssh2.org/mail/libssh2-devel-archive-2013-11/0027.shtml

If there is any problem with applying this patch, please let me know and
I will try to fix those problems.

Regards,
Lubos

Signed-off-by: Lubos Uhliarik <uhliarik <at> seznam.cz>
---
diff -Naur libssh2-1.4.3_keepalive/include/libssh2.h
libssh2-1.4.3_datacount/include/libssh2.h
--- libssh2-1.4.3_keepalive/include/libssh2.h	2013-11-20
10:04:02.985780814 +0100
+++ libssh2-1.4.3_datacount/include/libssh2.h	2013-11-22
13:15:10.870131905 +0100
 <at>  <at>  -241,10 +241,10  <at>  <at> 
 /* I/O callbacks */
 #define LIBSSH2_RECV_FUNC(name)  ssize_t name(libssh2_socket_t socket,
\
                                               void *buffer, size_t
length, \
-                                              int flags, void
**abstract)
+                                              int flags, void
**abstract, LIBSSH2_SESSION *session)
 #define LIBSSH2_SEND_FUNC(name)  ssize_t name(libssh2_socket_t socket,
\
                                               const void *buffer,
size_t length,\
-                                              int flags, void
**abstract)
+                                              int flags, void
**abstract, LIBSSH2_SESSION *session)

 /* libssh2_session_callback_set() constants */
 #define LIBSSH2_CALLBACK_IGNORE             0
 <at>  <at>  -329,9 +329,9  <at>  <at> 
 #define LIBSSH2_HOSTKEY_HASH_SHA1                           2

 /* Hostkey Types */
-#define LIBSSH2_HOSTKEY_TYPE_UNKNOWN          0
-#define LIBSSH2_HOSTKEY_TYPE_RSA          1
-#define LIBSSH2_HOSTKEY_TYPE_DSS          2
+#define LIBSSH2_HOSTKEY_TYPE_UNKNOWN			    0
+#define LIBSSH2_HOSTKEY_TYPE_RSA			    1
+#define LIBSSH2_HOSTKEY_TYPE_DSS			    2

 /* Disconnect Codes (defined by SSH protocol) */
 #define SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT          1
 <at>  <at>  -1159,6 +1159,12  <at>  <at> 
 LIBSSH2_API int libssh2_keepalive_send (LIBSSH2_SESSION *session,
                                         int *seconds_to_next);

+LIBSSH2_API long long 
+libssh2_session_recv_data(LIBSSH2_SESSION *session);
+
+LIBSSH2_API long long
+libssh2_session_send_data(LIBSSH2_SESSION *session);
+
 /* NOTE NOTE NOTE
    libssh2_trace() has no function in builds that aren't built with
debug
    enabled
diff -Naur libssh2-1.4.3_keepalive/src/libssh2_priv.h
libssh2-1.4.3_datacount/src/libssh2_priv.h
--- libssh2-1.4.3_keepalive/src/libssh2_priv.h	2013-11-14
10:15:24.000000000 +0100
+++ libssh2-1.4.3_datacount/src/libssh2_priv.h	2013-11-22
13:37:21.543860697 +0100
 <at>  <at>  -184,9 +184,9  <at>  <at> 
                       (channel), &(channel)->abstract)

 #define LIBSSH2_SEND_FD(session, fd, buffer, length, flags) \
-    session->send(fd, buffer, length, flags, &session->abstract)
+    session->send(fd, buffer, length, flags, &session->abstract,
session)
 #define LIBSSH2_RECV_FD(session, fd, buffer, length, flags) \
-    session->recv(fd, buffer, length, flags, &session->abstract)
+    session->recv(fd, buffer, length, flags, &session->abstract,
session)

 #define LIBSSH2_SEND(session, buffer, length, flags)  \
     LIBSSH2_SEND_FD(session, session->socket_fd, buffer, length, flags)
 <at>  <at>  -810,6 +810,8  <at>  <at> 
     int keepalive_want_reply;
     time_t keepalive_last_sent;
     unsigned int keepalive_count;
+    long long recv_data;
+    long long send_data;
 };

 /* session.state bits */
 <at>  <at>  -1001,9 +1003,9  <at>  <at> 
 #define SSH_OPEN_RESOURCE_SHORTAGE           4

 ssize_t _libssh2_recv(libssh2_socket_t socket, void *buffer,
-                      size_t length, int flags, void **abstract);
+                      size_t length, int flags, void **abstract,
LIBSSH2_SESSION *session);
 ssize_t _libssh2_send(libssh2_socket_t socket, const void *buffer,
-                      size_t length, int flags, void **abstract);
+                      size_t length, int flags, void **abstract,
LIBSSH2_SESSION *session);

 #define LIBSSH2_READ_TIMEOUT 60 /* generic timeout in seconds used when
                                    waiting for more data to arrive */
diff -Naur libssh2-1.4.3_keepalive/src/misc.c
libssh2-1.4.3_datacount/src/misc.c
--- libssh2-1.4.3_keepalive/src/misc.c	2011-08-25 19:59:47.000000000
+0200
+++ libssh2-1.4.3_datacount/src/misc.c	2013-11-22 11:25:39.000000000
+0100
 <at>  <at>  -94,7 +94,7  <at>  <at> 
  * Replacement for the standard recv, return -errno on failure.
  */
 ssize_t
-_libssh2_recv(libssh2_socket_t sock, void *buffer, size_t length, int
flags, void **abstract)
+_libssh2_recv(libssh2_socket_t sock, void *buffer, size_t length, int
flags, void **abstract, LIBSSH2_SESSION *session)
 {
     ssize_t rc = recv(sock, buffer, length, flags);
 #ifdef WIN32
 <at>  <at>  -117,6 +117,7  <at>  <at> 
             return -errno;
     }
 #endif
+    session->recv_data += rc;
     return rc;
 }

 <at>  <at>  -126,7 +127,7  <at>  <at> 
  */
 ssize_t
 _libssh2_send(libssh2_socket_t sock, const void *buffer, size_t length,
-              int flags, void **abstract)
+              int flags, void **abstract, LIBSSH2_SESSION *session)
 {
     ssize_t rc = send(sock, buffer, length, flags);
 #ifdef WIN32
 <at>  <at>  -143,6 +144,7  <at>  <at> 
     if (rc < 0 )
         return -errno;
 #endif
+    session->send_data += rc;
     return rc;
 }

diff -Naur libssh2-1.4.3_keepalive/src/session.c
libssh2-1.4.3_datacount/src/session.c
--- libssh2-1.4.3_keepalive/src/session.c	2012-07-25 01:03:27.000000000
+0200
+++ libssh2-1.4.3_datacount/src/session.c	2013-11-22 11:28:00.000000000
+0100
 <at>  <at>  -1749,3 +1749,20  <at>  <at> 

     return (const char *) session->remote.banner;
 }
+
+LIBSSH2_API long long 
+libssh2_session_recv_data(LIBSSH2_SESSION *session)
+{
+    long long recv;
+    recv = session->recv_data;
+    session->recv_data = 0;
+    return recv;
+}
+
+LIBSSH2_API long long
+libssh2_session_send_data(LIBSSH2_SESSION *session){
+    long long send;
+    send = session->send_data;
+    session->send_data = 0;
+    return send;
+}
\ No newline at end of file

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Kamil Dudka | 30 Jul 12:46 2014
Picon

Re: FIPS Compliance.

On Tuesday, July 29, 2014 02:48:58 john gloster wrote:
> Hi,
> 
> From http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=9f6fd5a
> 
> Did you mean that the following are not FIPS compliant?
> 
> ·         EVP_aes_256_cbc
> 
> ·         EVP_aes_192_cbc
> 
> ·         EVP_aes_128_cbc

I think the problem was that OpenSSL did not like that libssh2 implemented
the CTR cipher mode on its own when FIPS mode was enabled.  When I switched 
libssh2 back to use the OpenSSL-provided implementation of those ciphers, it 
started to work (after fixing the surrounding code to use correct block sizes 
via commit 5d567fa).

Kamil

> On Fri, Jul 25, 2014 at 1:59 PM, Kamil Dudka <kdudka <at> redhat.com> wrote:
> > On Friday, July 25, 2014 10:08:02 Bert Huijben wrote:
> > > If I remember correctly there is a compile time flag for libssh2 to
> > 
> > enable a
> > 
> > > strict fips mode.
> > 
> > I do not think so.  Did not you mean a compile time flag for OpenSSL?
> > 
> > > I would guess this might break compatibility with some (probably older)
> > 
> > ssh
> > 
> > > implementations that don't implement newer (optional) cyphers.
> > > 
> > > Bert
> > > 
> > > -----Original Message-----
> > > From: "john gloster" <glosterj9 <at> gmail.com>
> > > Sent: ‎25-‎7-‎2014 09:33
> > > To: "libssh2-devel <at> cool.haxx.se" <libssh2-devel <at> cool.haxx.se>
> > > Subject: FIPS Compliance.
> > > 
> > > Hi,
> > > 
> > > 
> > > I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS
> > > compliant OpenSSL version openssl-1.0.0-20 ?
> > 
> > I pushed a few FIPS-related patches between 1.4.2 and 1.4.3:
> > 
> > http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=43b730c
> > http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=bfbb5a4
> > http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=5d567fa
> > http://git.libssh2.org/?p=libssh2.git;a=commitdiff;h=9f6fd5a
> > 
> > > I compiled libssh2 1.4.3 with this particular version of openssl and i
> > 
> > could
> > 
> > > see that my application linking to this libssh crashes.
> > > 
> > > 
> > > In other cases, my application runs successfully if i compile libssh2
> > 
> > 1.4.3
> > 
> > > with openssl-1.0.1e-16.
> > > 
> > > 
> > > Could some one please shed light on this one?
> > 
> > The basic idea behind those patches is to return a failure if a non-FIPS
> > algorithm (such as MD5) is requested by the application.  So libssh2
> > should
> > no longer crash on its own.  Still you need to handle these failures in
> > your
> > application in order not to crash anyway.
> > 
> > Kamil
> > 
> > > Alternately please let me know whether i can configure libssh2 to use a
> > > particular set crypto algorithms supported by the openssl.
> > > 
> > > 
> > > Thanking you on advance.

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
john gloster | 25 Jul 09:30 2014
Picon

FIPS Compliance.

Hi,

I wanted to know whether libssh2 1.4.2/1.4.3 are compatible with FIPS compliant OpenSSL version openssl-1.0.0-20 ?

I compiled libssh2 1.4.3 with this particular version of openssl and i could see that my application linking to this libssh crashes.

In other cases, my application runs successfully if i compile libssh2 1.4.3 with openssl-1.0.1e-16.

Could some one please shed light on this one?

Alternately please let me know whether i can configure libssh2 to use a particular set crypto algorithms supported by the openssl.

Thanking you on advance. 

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Eduardo Silva | 23 Jun 22:32 2014
Picon

Multiple channels and epoll(7)

Hi,

i was searching around for a mechanism to listen in a local socket for
libssh2 session events through epoll and handle properly multiple
channels, i ended up on this thread:

      https://www.mail-archive.com/libssh2-devel <at> cool.haxx.se/msg03737.html

as of today, is there a mechanism to perform specific operations on
specific events ?, i am mostly interested into know when to accept a
channel request and when to read for channels waiting for data.

thanks for your help,

--

-- 
Eduardo Silva
http://edsiper.linuxchile.cl
http://monkey-project.com
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
Nitin Deokate | 14 Jun 02:51 2014

Questions about libssh2_sftp_read()

Hi Guys,

I have couple questions to the libssh2 developers:

1.       I have an application, where I use libssh2_sftp_read(), and I pass larger buffer(say 8K to 16MB) to same function,

What I expect is, data of same bytes, but all I get is 2000Bytes.

What could help me to get as equal to the buffer size I passed and not 2000 bytes?

 

2.       Is it any significant reason for selecting value for

#define MAX_SFTP_READ_SIZE 2000

Why it can’t have more bytes than that?

 

Has anybody faced this scenario before, please revert as early as possible.

Thanks,

Nitin

_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
sudheer kumar | 7 Jun 23:16 2014

libssh2 and select on multiple channels

Hi, 
I'm trying to write a event driven programming (written in perl through Net::SSH2 and EV) where if some data is available on socket I go over all the channels in non-blocking way to see if there is some data that can be read. 

I'm seeing issues with above approach in some cases where socket is not shown as readable with select but when tried to read channel, it is available (I expected select to return before i did read on channel). 

While browsing archives I found below one discussed back in 2010 with related topic: 
http://www.libssh2.org/mail/libssh2-devel-archive-2010-06/0040.shtml 

Did anyone try other approach that works where select always says when something can be read from channel? 
 
Does above approach work at all, as we have only one socket and multiple channels of it. And each read from channel should read from socket, and that is affecting select because if we have 'n' channels in a session, trying read on nth channel could have read data from socket which belongs to 1st channel and is stored in buffer and that affecting select to say socket is readable later?

Any leads on this topic if at all discussed before is greatly appreciated. 

Thanks,
Sudheer 
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
B Harder | 29 May 18:20 2014
Picon

bad username/password auth to Mac OS X/FreeBSD hosts.

I've got code that will connect to NetBSD, Solaris, Linux hosts and
authenticate and Do What I Want. However, attempting to connect to a
FreeBSD (10 release) or Mac OS X host yields authentication error. I'm
sure the username/password is correct. If I use key-based
authentication to these problem hosts though, everything works fine.

Is there a known issue w/ OS X/FreeBSD ? Is there some
boilerplate/reference code available for username/password
authentication to use as basis for example to demonstrate?

Kind regards,

-bch
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel

Robert Zuber | 19 May 20:10 2014
Picon

public git server problem?

Hi,

I'm trying to work on a project that has a git submodule dependency on libssh2, but since yesterday I've been
getting the following:

$ git clone git://git.libssh2.org/libssh2.git
Cloning into 'libssh2'...
fatal: read error: Connection reset by peer

Pretty sure it worked Saturday evening (US west coast time).

I've tried a few different machines in different locations on my side, but don't have any real git protocol
debugging skills beyond that.

Can anyone confirm if there is a server issue (or let me know if I should keep debugging on my side)?

Thanks!
Rob.
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel


Gmane