lbbs/src/test_ssh_server.c

/* SPDX-License-Identifier: GPL-3.0-or-later */
/*
 * test_ssh_server
 *   - tester for network server with SSH support
 *
 * Copyright (C) 2004-2026  Leaflet <leaflet@leafok.com>
 */

// This test was written based on libssh example/proxy.c

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include "log.h"
#include <stdio.h>
#include <libssh/callbacks.h>
#include <libssh/libssh.h>
#include <libssh/server.h>

enum test_ssh_server_constant_t
{
        BUF_SIZE = 2048,
};

static const char SSH_HOST_RSA_KEY_FILE[] = "../conf/ssh_host_rsa_key";
static const char SSH_HOST_ED25519_KEY_FILE[] = "../conf/ssh_host_ed25519_key";
static const char SSH_HOST_ECDSA_KEY_FILE[] = "../conf/ssh_host_ecdsa_key";

static const char USER[] = "test";
static const char PASSWORD[] = "123456";

static ssh_channel SSH_channel;
static int authenticated = 0;
static int tries = 0;
static int error = 0;

static int auth_password(ssh_session session, const char *user,
                                                 const char *password, void *userdata)
{
        (void)userdata;

        log_common("Authenticating user %s pwd %s", user, password);
        if (strcmp(user, USER) == 0 && strcmp(password, PASSWORD) == 0)
        {
                authenticated = 1;
                log_common("Authenticated");
                return SSH_AUTH_SUCCESS;
        }
        if (tries >= 3)
        {
                log_error("Too many authentication tries");
                ssh_disconnect(session);
                error = 1;
                return SSH_AUTH_DENIED;
        }
        tries++;
        return SSH_AUTH_DENIED;
}

static int pty_request(ssh_session session, ssh_channel channel, const char *term,
                                           int x, int y, int px, int py, void *userdata)
{
        (void)session;
        (void)channel;
        (void)term;
        (void)x;
        (void)y;
        (void)px;
        (void)py;
        (void)userdata;
        log_common("Allocated terminal");
        return 0;
}

static int shell_request(ssh_session session, ssh_channel channel, void *userdata)
{
        (void)session;
        (void)channel;
        (void)userdata;
        log_common("Allocated shell");
        return 0;
}

struct ssh_channel_callbacks_struct channel_cb = {
        .channel_pty_request_function = pty_request,
        .channel_shell_request_function = shell_request};

static ssh_channel channel_open(ssh_session session, void *userdata)
{
        (void)session;
        (void)userdata;

        if (SSH_channel != NULL)
                return NULL;

        log_common("Allocated session channel");
        SSH_channel = ssh_channel_new(session);
        ssh_callbacks_init(&channel_cb);
        ssh_set_channel_callbacks(SSH_channel, &channel_cb);

        return SSH_channel;
}

int ssh_server(const char *hostaddr, unsigned int port)
{
        ssh_bind sshbind;
        ssh_session session;
        ssh_event event;

        struct ssh_server_callbacks_struct cb = {
                .userdata = NULL,
                .auth_password_function = auth_password,
                .channel_open_request_session_function = channel_open};

        long int ssh_timeout = 0;

        char buf[BUF_SIZE];
        char host[128] = "";
        int i, r;

        int ssh_key_valid = 0;
        int ssh_log_level = SSH_LOG_PROTOCOL;

        ssh_init();

        sshbind = ssh_bind_new();

        if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_RSA_KEY_FILE) < 0)
        {
                log_error("Error loading SSH RSA key: %s", SSH_HOST_RSA_KEY_FILE);
        }
        else
        {
                ssh_key_valid = 1;
        }
        if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_ED25519_KEY_FILE) < 0)
        {
                log_error("Error loading SSH ED25519 key: %s", SSH_HOST_ED25519_KEY_FILE);
        }
        else
        {
                ssh_key_valid = 1;
        }
        if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_ECDSA_KEY_FILE) < 0)
        {
                log_error("Error loading SSH ECDSA key: %s", SSH_HOST_ECDSA_KEY_FILE);
        }
        else
        {
                ssh_key_valid = 1;
        }

        if (!ssh_key_valid)
        {
                log_error("Error: no valid SSH host key");
                ssh_bind_free(sshbind);
                return -1;
        }

        if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, hostaddr) < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT, &port) < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, "+ssh-ed25519,ecdsa-sha2-nistp256,ssh-rsa") < 0 ||
                ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY, &ssh_log_level) < 0)
        {
                log_error("Error setting SSH bind options: %s", ssh_get_error(sshbind));
                ssh_bind_free(sshbind);
                return -1;
        }

        if (ssh_bind_listen(sshbind) < 0)
        {
                log_error("Error listening at SSH server port: %s", ssh_get_error(sshbind));
                ssh_bind_free(sshbind);
                return -1;
        }

        while (1)
        {
                session = ssh_new();

                if (ssh_bind_accept(sshbind, session) == SSH_OK)
                {
                        pid_t pid = fork();
                        switch (pid)
                        {
                        case 0:
                                ssh_bind_free(sshbind);

                                ssh_callbacks_init(&cb);
                                ssh_set_server_callbacks(session, &cb);

                                ssh_timeout = 60; // second
                                if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
                                {
                                        log_error("Error setting SSH options: %s", ssh_get_error(session));
                                        ssh_disconnect(session);
                                        _exit(1);
                                }

                                if (ssh_handle_key_exchange(session))
                                {
                                        log_error("ssh_handle_key_exchange: %s", ssh_get_error(session));
                                        ssh_disconnect(session);
                                        _exit(1);
                                }
                                ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD | SSH_AUTH_METHOD_GSSAPI_MIC);

                                event = ssh_event_new();
                                ssh_event_add_session(event, session);

                                while (!(authenticated && SSH_channel != NULL))
                                {
                                        if (error)
                                                break;
                                        r = ssh_event_dopoll(event, -1);
                                        if (r == SSH_ERROR)
                                        {
                                                log_error("Error : %s", ssh_get_error(session));
                                                ssh_disconnect(session);
                                                _exit(1);
                                        }
                                }

                                if (error)
                                {
                                        log_error("Error, exiting loop");
                                        _exit(1);
                                }
                                else
                                {
                                        log_common("Authenticated and got a channel");
                                }

                                ssh_timeout = 0;
                                if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
                                {
                                        log_error("Error setting SSH options: %s", ssh_get_error(session));
                                        ssh_disconnect(session);
                                        _exit(1);
                                }

                                snprintf(buf, sizeof(buf), "Hello, welcome to the Sample SSH proxy.\nPlease select your destination: ");
                                ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
                                do
                                {
                                        i = ssh_channel_read(SSH_channel, buf, sizeof(buf), 0);
                                        if (i > 0)
                                        {
                                                ssh_channel_write(SSH_channel, buf, (uint32_t)i);
                                                if (strlen(host) + (size_t)i < sizeof(host))
                                                {
                                                        strncat(host, buf, (size_t)i);
                                                }
                                                if (strchr(host, '\x0d'))
                                                {
                                                        *strchr(host, '\x0d') = '\0';
                                                        ssh_channel_write(SSH_channel, "\n", 1);
                                                        break;
                                                }
                                        }
                                        else
                                        {
                                                log_error("Error: %s", ssh_get_error(session));
                                                _exit(1);
                                        }
                                } while (i > 0);
                                snprintf(buf, sizeof(buf), "Trying to connect to \"%s\"\n", host);
                                ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
                                log_common("%s", buf);

                                ssh_disconnect(session);
                                ssh_free(session);

                                _exit(0);
                        case -1:
                                log_error("Failed to fork");
                                break;
                        }
                }
                else
                {
                        log_error("%s", ssh_get_error(sshbind));
                }

                /* Since the session has been passed to a child fork, do some cleaning
                 * up at the parent process. */
                ssh_disconnect(session);
                ssh_free(session);
        }

        ssh_bind_free(sshbind);
        ssh_finalize();

        return 0;
}

int main(int argc, char *argv[])
{
        if (log_begin("../log/bbsd.log", "../log/error.log") < 0)
        {
                printf("Open log error\n");
                return -1;
        }

        log_common_redir(STDOUT_FILENO);
        log_error_redir(STDERR_FILENO);

        ssh_server("0.0.0.0", 2322);

        log_end();

        return 0;
}
1	sysadm	1.12	/* SPDX-License-Identifier: GPL-3.0-or-later */
2			/*
3			* test_ssh_server
4			* - tester for network server with SSH support
5			*
6	sysadm	1.21	* Copyright (C) 2004-2026 Leaflet <leaflet@leafok.com>
7	sysadm	1.12	*/
8	sysadm	1.8
9			// This test was written based on libssh example/proxy.c
10	sysadm	1.7
11	sysadm	1.15	#ifdef HAVE_CONFIG_H
12			#include "config.h"
13			#endif
14
15	sysadm	1.1	#include "log.h"
16			#include <stdio.h>
17	sysadm	1.9	#include <libssh/callbacks.h>
18	sysadm	1.1	#include <libssh/libssh.h>
19			#include <libssh/server.h>
20
21	sysadm	1.14	enum test_ssh_server_constant_t
22			{
23			BUF_SIZE = 2048,
24			};
25	sysadm	1.2
26	sysadm	1.16	static const char SSH_HOST_RSA_KEY_FILE[] = "../conf/ssh_host_rsa_key";
27			static const char SSH_HOST_ED25519_KEY_FILE[] = "../conf/ssh_host_ed25519_key";
28	sysadm	1.17	static const char SSH_HOST_ECDSA_KEY_FILE[] = "../conf/ssh_host_ecdsa_key";
29	sysadm	1.2
30	sysadm	1.14	static const char USER[] = "test";
31			static const char PASSWORD[] = "123456";
32	sysadm	1.2
33	sysadm	1.4	static ssh_channel SSH_channel;
34	sysadm	1.2	static int authenticated = 0;
35			static int tries = 0;
36			static int error = 0;
37
38			static int auth_password(ssh_session session, const char *user,
39			const char password, void userdata)
40	sysadm	1.1	{
41	sysadm	1.2	(void)userdata;
42
43	sysadm	1.19	log_common("Authenticating user %s pwd %s", user, password);
44	sysadm	1.2	if (strcmp(user, USER) == 0 && strcmp(password, PASSWORD) == 0)
45	sysadm	1.1	{
46	sysadm	1.2	authenticated = 1;
47	sysadm	1.19	log_common("Authenticated");
48	sysadm	1.1	return SSH_AUTH_SUCCESS;
49			}
50	sysadm	1.2	if (tries >= 3)
51			{
52	sysadm	1.19	log_error("Too many authentication tries");
53	sysadm	1.2	ssh_disconnect(session);
54			error = 1;
55			return SSH_AUTH_DENIED;
56			}
57			tries++;
58			return SSH_AUTH_DENIED;
59			}
60
61			static int pty_request(ssh_session session, ssh_channel channel, const char *term,
62			int x, int y, int px, int py, void *userdata)
63			{
64			(void)session;
65			(void)channel;
66			(void)term;
67			(void)x;
68			(void)y;
69			(void)px;
70			(void)py;
71			(void)userdata;
72	sysadm	1.19	log_common("Allocated terminal");
73	sysadm	1.2	return 0;
74			}
75
76			static int shell_request(ssh_session session, ssh_channel channel, void *userdata)
77			{
78			(void)session;
79			(void)channel;
80			(void)userdata;
81	sysadm	1.19	log_common("Allocated shell");
82	sysadm	1.2	return 0;
83			}
84	sysadm	1.4
85	sysadm	1.2	struct ssh_channel_callbacks_struct channel_cb = {
86			.channel_pty_request_function = pty_request,
87			.channel_shell_request_function = shell_request};
88
89	sysadm	1.11	static ssh_channel channel_open(ssh_session session, void *userdata)
90	sysadm	1.2	{
91			(void)session;
92			(void)userdata;
93	sysadm	1.1
94	sysadm	1.4	if (SSH_channel != NULL)
95	sysadm	1.2	return NULL;
96
97	sysadm	1.19	log_common("Allocated session channel");
98	sysadm	1.4	SSH_channel = ssh_channel_new(session);
99	sysadm	1.2	ssh_callbacks_init(&channel_cb);
100	sysadm	1.4	ssh_set_channel_callbacks(SSH_channel, &channel_cb);
101	sysadm	1.2
102	sysadm	1.4	return SSH_channel;
103	sysadm	1.1	}
104
105			int ssh_server(const char *hostaddr, unsigned int port)
106			{
107	sysadm	1.4	ssh_bind sshbind;
108	sysadm	1.2	ssh_session session;
109			ssh_event event;
110
111	sysadm	1.1	struct ssh_server_callbacks_struct cb = {
112			.userdata = NULL,
113	sysadm	1.2	.auth_password_function = auth_password,
114	sysadm	1.11	.channel_open_request_session_function = channel_open};
115	sysadm	1.2
116	sysadm	1.10	long int ssh_timeout = 0;
117
118	sysadm	1.2	char buf[BUF_SIZE];
119			char host[128] = "";
120			int i, r;
121
122	sysadm	1.16	int ssh_key_valid = 0;
123	sysadm	1.6	int ssh_log_level = SSH_LOG_PROTOCOL;
124	sysadm	1.1
125			ssh_init();
126
127			sshbind = ssh_bind_new();
128
129	sysadm	1.16	if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_RSA_KEY_FILE) < 0)
130			{
131	sysadm	1.19	log_error("Error loading SSH RSA key: %s", SSH_HOST_RSA_KEY_FILE);
132	sysadm	1.16	}
133			else
134			{
135			ssh_key_valid = 1;
136			}
137			if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_ED25519_KEY_FILE) < 0)
138			{
139	sysadm	1.19	log_error("Error loading SSH ED25519 key: %s", SSH_HOST_ED25519_KEY_FILE);
140	sysadm	1.17	}
141			else
142			{
143			ssh_key_valid = 1;
144			}
145			if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_ECDSA_KEY_FILE) < 0)
146			{
147	sysadm	1.19	log_error("Error loading SSH ECDSA key: %s", SSH_HOST_ECDSA_KEY_FILE);
148	sysadm	1.16	}
149			else
150			{
151			ssh_key_valid = 1;
152			}
153
154			if (!ssh_key_valid)
155			{
156	sysadm	1.19	log_error("Error: no valid SSH host key");
157	sysadm	1.16	ssh_bind_free(sshbind);
158			return -1;
159			}
160
161	sysadm	1.1	if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, hostaddr) < 0 \|\|
162			ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT, &port) < 0 \|\|
163	sysadm	1.18	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, "+ssh-ed25519,ecdsa-sha2-nistp256,ssh-rsa") < 0 \|\|
164	sysadm	1.1	ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY, &ssh_log_level) < 0)
165			{
166	sysadm	1.19	log_error("Error setting SSH bind options: %s", ssh_get_error(sshbind));
167	sysadm	1.2	ssh_bind_free(sshbind);
168	sysadm	1.1	return -1;
169			}
170
171			if (ssh_bind_listen(sshbind) < 0)
172			{
173	sysadm	1.19	log_error("Error listening at SSH server port: %s", ssh_get_error(sshbind));
174	sysadm	1.2	ssh_bind_free(sshbind);
175	sysadm	1.1	return -1;
176			}
177
178			while (1)
179			{
180			session = ssh_new();
181
182	sysadm	1.2	if (ssh_bind_accept(sshbind, session) == SSH_OK)
183	sysadm	1.1	{
184	sysadm	1.2	pid_t pid = fork();
185			switch (pid)
186			{
187			case 0:
188			ssh_bind_free(sshbind);
189
190			ssh_callbacks_init(&cb);
191			ssh_set_server_callbacks(session, &cb);
192
193	sysadm	1.10	ssh_timeout = 60; // second
194			if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
195			{
196	sysadm	1.19	log_error("Error setting SSH options: %s", ssh_get_error(session));
197	sysadm	1.10	ssh_disconnect(session);
198			_exit(1);
199			}
200
201	sysadm	1.2	if (ssh_handle_key_exchange(session))
202			{
203	sysadm	1.19	log_error("ssh_handle_key_exchange: %s", ssh_get_error(session));
204	sysadm	1.10	ssh_disconnect(session);
205			_exit(1);
206	sysadm	1.2	}
207			ssh_set_auth_methods(session, SSH_AUTH_METHOD_PASSWORD \| SSH_AUTH_METHOD_GSSAPI_MIC);
208
209			event = ssh_event_new();
210			ssh_event_add_session(event, session);
211
212	sysadm	1.4	while (!(authenticated && SSH_channel != NULL))
213	sysadm	1.2	{
214			if (error)
215			break;
216			r = ssh_event_dopoll(event, -1);
217			if (r == SSH_ERROR)
218			{
219	sysadm	1.19	log_error("Error : %s", ssh_get_error(session));
220	sysadm	1.2	ssh_disconnect(session);
221			_exit(1);
222			}
223			}
224
225			if (error)
226			{
227	sysadm	1.19	log_error("Error, exiting loop");
228	sysadm	1.2	_exit(1);
229			}
230			else
231			{
232	sysadm	1.19	log_common("Authenticated and got a channel");
233	sysadm	1.2	}
234
235	sysadm	1.10	ssh_timeout = 0;
236			if (ssh_options_set(session, SSH_OPTIONS_TIMEOUT, &ssh_timeout) < 0)
237			{
238	sysadm	1.19	log_error("Error setting SSH options: %s", ssh_get_error(session));
239	sysadm	1.10	ssh_disconnect(session);
240			_exit(1);
241			}
242
243	sysadm	1.20	snprintf(buf, sizeof(buf), "Hello, welcome to the Sample SSH proxy.\nPlease select your destination: ");
244	sysadm	1.4	ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
245	sysadm	1.2	do
246			{
247	sysadm	1.4	i = ssh_channel_read(SSH_channel, buf, sizeof(buf), 0);
248	sysadm	1.2	if (i > 0)
249			{
250	sysadm	1.4	ssh_channel_write(SSH_channel, buf, (uint32_t)i);
251	sysadm	1.2	if (strlen(host) + (size_t)i < sizeof(host))
252			{
253			strncat(host, buf, (size_t)i);
254			}
255			if (strchr(host, '\x0d'))
256			{
257			*strchr(host, '\x0d') = '\0';
258	sysadm	1.4	ssh_channel_write(SSH_channel, "\n", 1);
259	sysadm	1.2	break;
260			}
261			}
262			else
263			{
264	sysadm	1.19	log_error("Error: %s", ssh_get_error(session));
265	sysadm	1.2	_exit(1);
266			}
267			} while (i > 0);
268	sysadm	1.20	snprintf(buf, sizeof(buf), "Trying to connect to \"%s\"\n", host);
269	sysadm	1.4	ssh_channel_write(SSH_channel, buf, (uint32_t)strlen(buf));
270	sysadm	1.3	log_common("%s", buf);
271	sysadm	1.2
272			ssh_disconnect(session);
273			ssh_free(session);
274
275			_exit(0);
276			case -1:
277	sysadm	1.19	log_error("Failed to fork");
278	sysadm	1.2	break;
279			}
280	sysadm	1.1	}
281	sysadm	1.2	else
282	sysadm	1.1	{
283	sysadm	1.19	log_error("%s", ssh_get_error(sshbind));
284	sysadm	1.1	}
285
286	sysadm	1.2	/* Since the session has been passed to a child fork, do some cleaning
287			* up at the parent process. */
288	sysadm	1.1	ssh_disconnect(session);
289			ssh_free(session);
290			}
291
292			ssh_bind_free(sshbind);
293			ssh_finalize();
294
295			return 0;
296			}
297
298			int main(int argc, char *argv[])
299			{
300			if (log_begin("../log/bbsd.log", "../log/error.log") < 0)
301			{
302			printf("Open log error\n");
303			return -1;
304			}
305
306	sysadm	1.3	log_common_redir(STDOUT_FILENO);
307			log_error_redir(STDERR_FILENO);
308	sysadm	1.1
309			ssh_server("0.0.0.0", 2322);
310
311			log_end();
312
313			return 0;
314			}
webmaster@leafok.com	ViewVC Help
Powered by ViewVC 1.3.0-beta1