ssh in small devices

[Damien Miller]

On Sat, 20 Sep 2008, Goran Hasse wrote:

> Dear Sirs,
>
> This must have been asked before but I don't find and FAQ around
> dealing with the issue.
>
> We are building small devices that connects to Internet (www.ipio.nu).
> The next generation of this we want to base on AVR32 and run a small
> slimmed version of Linux. We have som program on this device that we
> want to connect to servers out on Internet. SSL seems to be "quite
> heavy" for this simple task. We just want a fairly good sequre channel
> and we are investigating if SSH could do the job. BUT wat we would
> realy like is to embedd the SSH protocol *into* our applications. The
> devices could and should not be managed in any way! So we must prepack
> as mutch as possible.

OpenSSH doesn't have any direct programatic interface. If you need a
SSH client with a programmatic interface, some options are libssh2 (C)
jSSH (Java) and Twisted Conch (Python). I'm not aware of any SSH server
libraries, but it is quite easy to interface arbirary code to a SSH
server as a shell or subsystem.

OpenSSH has never been optimised to run on small devices. It wouldn't be
too hard to chop out bits that are non-relevant (SSH1, X11 forwarding,
compression, etc.) but nobody has done the work. Also, we still depend
on OpenSSL's libcrypto, which is fairly heavyweight. This would be
much tricker to disentanle, though I note that the Heimdal Kerberos
implemention now has a "hcrypto" library that implements a subset of
libcrypto - perhaps it is enough for OpenSSH.

There is another SSH server implementation that is focused on code size:
dropbear. I've ever used it, but it quite popular on small devices.

-d