public API

Salvador Fandiño sfandino at gmail.com
Fri Dec 4 20:31:49 AEDT 2015 

On 12/03/2015 10:39 PM, Damien Miller wrote:
> On Thu, 3 Dec 2015, Marcos Dione wrote:
>
>>
>>      Hi everybody. First of all, I'm not subscribed to the list, so please
>> CC me in answers.
>>
>>      Second, please don't kill me :)
>>
>>      I'm suffering the fact that if I, as a developer, want to connect to
>> another machine via SSH, I must use a third party library[1]. Because
>> this is a reimplemetation of the protocol, it's always lagging behind,
>> which only makes sense. Personally, it also looks like a waste of
>> resources.
>>
>>      This reimplementation comes, I think, from the fact that openssh does
>> not provide a library with a public API as an interface for developers.
>> So my question is: do you think it would make sense to provide such a
>> thing directly from the openssh project?
>
> We're slowly moving towards making parts of OpenSSH available as a library,
> but progress has been slow and we've mostly been focusing on cleanups and
> improving testability.
>
> In the meantime, I suggest you check out https://www.libssh.org/

Marcos,

You can also use OpenSSH client as a slave process. I have been able to 
come quite far doing that on my Perl module Net::OpenSSH 
(https://metacpan.org/pod/Net::OpenSSH) (ab)using the connection 
multiplexing feature.

There are some rough edges when doing that, especially on the hand-shake 
stages of SSH, as "ssh" is completely opaque then and for instance it is 
impossible to retrieve the specific error when some connection fails. 
But on the other hand, presenting the SSH channels as regular file 
descriptors in the API, instead of some custom abstraction, has allowed 
me to integrate external tools such as rsync or sshfs and other Perl 
modules as Expect or Net::Telnet quite easily.

I am also currently the de-facto maintainer for Net::SSH2, the Perl 
wrapper for libssh2. I have tried to replicate the high level API of 
Net::OpenSSH on top of Net::SSH2 (in Net::SSH::Any) and it has been 
quite challenging. There are even several things that I have just not 
been able to do in a reasonable simple and reliable way (i.e. running an 
external command over a channel).

More information about the openssh-unix-dev mailing list