SSH or other secure connection on RTEMS

Chris Caudle chris at chriscaudle.org
Mon Sep 10 01:46:13 UTC 2001


Fernando RUIZ CASAS wrote:
> What is the goal of this?

To provide a way to change configuration settings on a network connected
device without allowing public access to the configuration settings, and
without sending passwords in plain text on the network.

SSH was the first that came to mind, but perhaps SSL would be as
appropriate?

> And after all these steps a real user environment with several tasks owned
> by the user linked must be deleted once the user does the logoff.
> Is this necessary in rtems environment?

No, not at all.  I had in mind something more like what the small
Linksys or Netgear routers allow, or the cable and DSL modems: you can
telnet in and change the network parameters, or you can use a web
browser to access a setup page which uses something like CGI.
If what is being controlled has some value, or can cause physical or
monetary damage if misused, you would want more security than telnet or
a simple http connection.

> Perhaps too many lines of code in the kernel to link the tasks, users and
> process.

For what I am describing, I don't think you need as much as all that. 
Just a task running to handle the network connection.  Possibly that
task would have to fake a user identity, but only for the convenience of
reusing source code from a full posix implementation.

> The embedded software runs always with the minimum of resources hardware and
> the size of code is an important point to bear in mind.

That is an oversimplification.  Many embedded devices use an RTOS
because of high performance, the ability to preempt the kernel when
needed, or determinism in scheduling, and are not averse to throwing
processor cycles and memory at the problem.
The embedded devices I work with all have at least 16MB of processor
memory, not because I need that much memory, but because I would have to
pay more money for less memory because of the volumes of the larger
memory chips used. 

-- Chris Caudle



More information about the users mailing list