SSH or other secure connection on RTEMS

Fernando RUIZ CASAS correo at fernando-ruiz.com
Mon Sep 10 20:14:39 UTC 2001 


> -----Mensaje original-----
> De: chris at mail.powweb.com [mailto:chris at mail.powweb.com]En nombre de
> Chris Caudle
> Enviado el: lunes, 10 de septiembre de 2001 3:46
> Para: rtems-users at oarcorp.com
> Asunto: Re: SSH or other secure connection on RTEMS
>
>
> Fernando RUIZ CASAS wrote:
> > What is the goal of this?
>
> To provide a way to change configuration settings on a network connected
> device without allowing public access to the configuration settings, and
> without sending passwords in plain text on the network.
>
> SSH was the first that came to mind, but perhaps SSL would be as
> appropriate?
>
I don't known the specifications of these protocols but I can imaginate it
like
a socket conecction but with a crypted that envolves the connection.

If the end of the channel is a pure ascii conection like a telnet terminal
no problem to add a new level beetween the socket and the shell. Easy
because
it's only necesary to add a more complex routine to write or read into the
pseudo-terminal
in the master side.


> > And after all these steps a real user environment with several
> tasks owned
> > by the user linked must be deleted once the user does the logoff.
> > Is this necessary in rtems environment?
>
> No, not at all.  I had in mind something more like what the small
> Linksys or Netgear routers allow, or the cable and DSL modems: you can
> telnet in and change the network parameters, or you can use a web
> browser to access a setup page which uses something like CGI.
> If what is being controlled has some value, or can cause physical or
> monetary damage if misused, you would want more security than telnet or
> a simple http connection.
>
> > Perhaps too many lines of code in the kernel to link the tasks,
> users and
> > process.

Maybe after to study the solution it could be optimized.

>
> For what I am describing, I don't think you need as much as all that.
> Just a task running to handle the network connection.  Possibly that
> task would have to fake a user identity, but only for the convenience of
> reusing source code from a full posix implementation.
>
> > The embedded software runs always with the minimum of resources
> hardware and
> > the size of code is an important point to bear in mind.
>

Sorry but I come from 8 Bit environment and all my embedded developements
were in too few memory CPUS.
Today I can imaginate the new PCCARD boards but ten years ago...

> That is an oversimplification.  Many embedded devices use an RTOS
> because of high performance, the ability to preempt the kernel when
> needed, or determinism in scheduling, and are not averse to throwing
> processor cycles and memory at the problem.
> The embedded devices I work with all have at least 16MB of processor
> memory, not because I need that much memory, but because I would have to
> pay more money for less memory because of the volumes of the larger
> memory chips used.
>
> -- Chris Caudle
>

Summing up I'm interested to improve this shell with your suggestion.

Are you interested in this?

Fernando RUIZ CASAS
home: correo at fernando-ruiz.com
work: fernando.ruiz at ctv.es

More information about the users mailing list