Re: writing an SSH server

2011-10-28 Thread David Durham 
On Thu, Oct 27, 2011 at 4:55 PM, Dave Thompson dthomp...@prinpay.com wrote:
 If you just want confidentiality with truly no authentication,
 SSL/TLS (and OpenSSL) can do that with the anonymous-DH and
 anonymous-ECDH suites. I assume you understand and accept the
 vulnerabilities you are creating by not authenticating.

Thanks for this info.  I'll look into it.

 Also:

 You didn't show your Error() routine (method?). I hope it
 displays the OpenSSL error stack in some suitable way;
 that information is very often vital in debugging errors.

I'm just sending the message to cout.  If you can point me to
information on outputting the full OpenSSL error stack, I'd appreciate
it.


 And:

   char *message = Hello SSL;

changed to:

  char message[] = Hello SSL;


Thanks,
Dave
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: writing an SSH server

2011-10-28 Thread David Durham 
On Fri, Oct 28, 2011 at 12:26 PM, David Durham
david.durham...@gmail.com wrote:

 I'm just sending the message to cout.  If you can point me to
 information on outputting the full OpenSSL error stack, I'd appreciate
 it.

replied too soon, looks like this is what I want:

ERR_print_errors(sbio);

-Dave
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

writing an SSH server

2011-10-27 Thread David Durham 
Hi all,

I'm new to C++ and libssl, but nevertheless trying to write an SSH
server.  I have gone through tutorials and believe I have a working
server that initializes and SSL context, binds and listens on a TCP
socket, and accepts a connection.  Using a debugger I see that if I
try to ssh myserver -p myport, the process hangs on the call to
SSL_accept.  I figure this is because the ssh client needs to do
something before calling SSL_connect.  I don't need authentication, I
just want to use ssh kind of like a secure telnet.  Here's my code,
any advice is appreciated:


bool SecureServer::Start ()
{
  SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
  if (SSL_CTX_use_certificate_file(ctx, conf/ssl/server.crt,
SSL_FILETYPE_PEM) = 0)
  {
Error(failed to load server cert);
return false;
  }

  if (SSL_CTX_use_PrivateKey_file(ctx, conf/ssl/server.key,
SSL_FILETYPE_PEM) = 0)
  {
Error(failed to load server private key);
return false;
  }

  SSL *ssl = SSL_new(ctx);

  SocketType listen_sock = socket(AF_INET, SOCK_STREAM, 0);
  if (listen_sock = 0)
  {
Error(failed creating socket);
return false;
  }

  sockaddr_in sa_serv, sa_cli;

  sa_serv.sin_family = AF_INET;
  sa_serv.sin_addr.s_addr = INADDR_ANY;
  sa_serv.sin_port = htons(2002); /* Server Port number */
  if (bind(listen_sock, (struct sockaddr*) ((sa_serv)), sizeof(sa_serv))  0)
  {
Error(bind failed);
return false;
  }
  /* Receive a TCP connection. */
  if (listen(listen_sock, 5)  0)
  {
Error(listen failed);
return false;
  }
  socklen_t clientLen = sizeof(sa_cli);
  SocketType sock = accept(listen_sock, (struct sockaddr*)
((sa_cli)), clientLen);

  printf(Connection from %x, port %x\n, sa_cli.sin_addr.s_addr,
sa_cli.sin_port);
  SSL_set_fd(ssl, sock);

  if (SSL_accept(ssl) = 0)
  {
Error(SSL handshake failed);
return false;
  }

  char *message = Hello SSL;
  if (SSL_write(ssl, message, sizeof(message)) = 0)
  {
Error(error on ssl write);
  }

  return true;
}



Thanks,
Dave
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: writing an SSH server

2011-10-27 Thread David Durham 
On Thu, Oct 27, 2011 at 4:09 PM, Eric S. Eberhard fl...@vicsmba.com wrote:
 I believe the last function, the write, is missing a return false with the
 error message?

Doesn't matter though, it's not an issue.  Thanks.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org