Encrypted daemon socket communication

Damien Miller djm at mindrot.org
Fri Nov 11 12:17:13 EST 2005


On Thu, 10 Nov 2005, Jaco Breitenbach wrote:

> Hi
>
> I have a daemon application that binds and listens on a TCP socket. To add
> security, I'd like to embed ssh/sshd in my application to handle the
> encryption and authentication for me. How do you suggest I go about it?

OpenSSH doesn't have a library API that allows you to directly link in to 
an application.

On the other hand, it is easy to fork and exec ssh over a set of pipes (or 
a socketpair) and use it to perform communication on your behalf. Have a 
look at how the sftp and scp programs in the source distribution do it.

If you just want to wrap up an existing TCP-based protocol in a SSH 
transport, then you might not need to even do this - port forwarding alone 
may be sufficient. Have a look at the LocalForward, RemoteForward and 
DynamicForward options in ssh_config(5) (a.k.a -L, -R, -D in ssh(1)).

-d




More information about the openssh-unix-dev mailing list