Interest/Intent to port OpenSSH?

Joel Sherrill joel at rtems.org
Sun Mar 3 21:28:25 UTC 2019


On Sun, Mar 3, 2019, 3:18 PM Chris Johns <chrisj at rtems.org> wrote:

>
>
> On 2/3/19 3:37 am, Christian Mauderer wrote:
> > Am 01.03.19 um 17:01 schrieb Gedare Bloom:
> >>
> >>
> >> On Fri, Mar 1, 2019 at 10:52 AM Joel Sherrill <joel at rtems.org
> >> <mailto:joel at rtems.org>> wrote:
> >>
> >>
> >>
> >>     On Fri, Mar 1, 2019 at 2:57 AM Sebastian Huber
> >>     <sebastian.huber at embedded-brains.de
> >>     <mailto:sebastian.huber at embedded-brains.de>> wrote:
> >>
> >>         Hello Gedare,
> >>
> >>         we evaluated porting of OpenSSH some time ago. Something to
> >>         consider is
> >>         also Dropbear SSH:
> >>
> >>         https://matt.ucc.asn.au/dropbear/dropbear.html
> >>
> >>         We didn't spend much time with both programs, but it seems to be
> >>         complex. We ended up with web sockets via HTTPS.
> >>
> >>
> >>     This would be good to support via a port and the RSB.
> >>
> >>
> >> Thanks. I have some plan to add an SSH server, but I haven't yet
> >> untangled the complexity of it. Dropbear looks promising--it works under
> >> Cygwin so hopefully the newlib support is sufficient. I think this could
> >> be a GSoC Project, with some proper scoping and some "Extras" in case
> >> the porting turns out to be a bit trivial.
> >>
> >>
> >>
> >>     I thought we had a port of an SSL library but I don't see it in the
> RSB.
> >>
> >>
> >> We have OpenSSL in the libbsd. Is that what you mean?
> >>
> >
> > One possible SSL library is OpenSSL from libbsd. Most likely that's the
> > simplest choice. For some other project we have also build libressl
> > without bigger problems before OpenSSL was included in libbsd. But that
> > was without RSB.
> >
> > Another interesting SSL library would be mbed TLS. It promises to be a
> > lot smaller than OpenSSL. But I didn't try that one yet.
> >
>
> There is also https://tinyssh.org/. I had the crypto tests working and I
> was
> able to make secure connections. The missing piece was to look at the
> telnet
> code we have and to see what could be made common and shared and then to
> wire
> that to the ssh connection. The nice thing about tinyssh is it's size. it
> is
> self contained, and it works with the legacy networking and libbsd stacks.
>

Would it make sense to have a broad SSH gsoc project that ported multiple
and compared them? On code size, performance, features, etc. If you can run
libbsd, you have lots of RAM and code space. But in lighter targets, less
might be attractive.

Also related is this:

https://cloud.google.com/blog/products/iot-devices/introducing-cloud-iot-device-sdk-a-new-way-for-embedded-iot-devices-to-connect-to-google-cloud-iot-core

Which looks like a nice collection of services in a bsd licensed kit.

>
> Chris
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20190303/177a9db3/attachment-0002.html>


More information about the devel mailing list