SSH or other secure connection on RTEMS

Sergei Organov osv at javad.ru
Tue Sep 11 05:25:12 UTC 2001


Just my 2 cents. It wold be a good idea to port OpenSSH
<http://www.openssh.org> to RTEMS, I believe. It's covered by BSD license, so
it should be allowed to use its sources in RTEMS, I think.

BR,
Sergei.

"Fernando RUIZ CASAS" <correo at fernando-ruiz.com> writes:
> > -----Mensaje original-----
> > De: chris at mail.powweb.com [mailto:chris at mail.powweb.com]En nombre de
> > Chris Caudle
> > Enviado el: lunes, 10 de septiembre de 2001 3:46
> > Para: rtems-users at oarcorp.com
> > Asunto: Re: SSH or other secure connection on RTEMS
> >
> >
> > Fernando RUIZ CASAS wrote:
> > > What is the goal of this?
> >
> > To provide a way to change configuration settings on a network connected
> > device without allowing public access to the configuration settings, and
> > without sending passwords in plain text on the network.
> >
> > SSH was the first that came to mind, but perhaps SSL would be as
> > appropriate?
> >
> I don't known the specifications of these protocols but I can imaginate it
> like
> a socket conecction but with a crypted that envolves the connection.
> 
> If the end of the channel is a pure ascii conection like a telnet terminal
> no problem to add a new level beetween the socket and the shell. Easy
> because
> it's only necesary to add a more complex routine to write or read into the
> pseudo-terminal
> in the master side.
> 
> 
> > > And after all these steps a real user environment with several
> > tasks owned
> > > by the user linked must be deleted once the user does the logoff.
> > > Is this necessary in rtems environment?
> >
> > No, not at all.  I had in mind something more like what the small
> > Linksys or Netgear routers allow, or the cable and DSL modems: you can
> > telnet in and change the network parameters, or you can use a web
> > browser to access a setup page which uses something like CGI.
> > If what is being controlled has some value, or can cause physical or
> > monetary damage if misused, you would want more security than telnet or
> > a simple http connection.
> >
> > > Perhaps too many lines of code in the kernel to link the tasks,
> > users and
> > > process.
> 
> Maybe after to study the solution it could be optimized.
> 
> >
> > For what I am describing, I don't think you need as much as all that.
> > Just a task running to handle the network connection.  Possibly that
> > task would have to fake a user identity, but only for the convenience of
> > reusing source code from a full posix implementation.
> >
> > > The embedded software runs always with the minimum of resources
> > hardware and
> > > the size of code is an important point to bear in mind.
> >
> 
> Sorry but I come from 8 Bit environment and all my embedded developements
> were in too few memory CPUS.
> Today I can imaginate the new PCCARD boards but ten years ago...
> 
> > That is an oversimplification.  Many embedded devices use an RTOS
> > because of high performance, the ability to preempt the kernel when
> > needed, or determinism in scheduling, and are not averse to throwing
> > processor cycles and memory at the problem.
> > The embedded devices I work with all have at least 16MB of processor
> > memory, not because I need that much memory, but because I would have to
> > pay more money for less memory because of the volumes of the larger
> > memory chips used.
> >
> > -- Chris Caudle
> >
> 
> Summing up I'm interested to improve this shell with your suggestion.
> 
> Are you interested in this?
> 
> Fernando RUIZ CASAS
> home: correo at fernando-ruiz.com
> work: fernando.ruiz at ctv.es




More information about the users mailing list