Encrypted daemon socket communication
Damien Miller
djm at mindrot.org
Fri Nov 11 12:17:13 EST 2005
On Thu, 10 Nov 2005, Jaco Breitenbach wrote:
> Hi
>
> I have a daemon application that binds and listens on a TCP socket. To add
> security, I'd like to embed ssh/sshd in my application to handle the
> encryption and authentication for me. How do you suggest I go about it?
OpenSSH doesn't have a library API that allows you to directly link in to
an application.
On the other hand, it is easy to fork and exec ssh over a set of pipes (or
a socketpair) and use it to perform communication on your behalf. Have a
look at how the sftp and scp programs in the source distribution do it.
If you just want to wrap up an existing TCP-based protocol in a SSH
transport, then you might not need to even do this - port forwarding alone
may be sufficient. Have a look at the LocalForward, RemoteForward and
DynamicForward options in ssh_config(5) (a.k.a -L, -R, -D in ssh(1)).
-d
More information about the openssh-unix-dev
mailing list