Is there an SSH protocol support library around? What I want to do is create a user space process that can be accessed using SSH (specifically SSH, not some other thing using plain SSL or whatever, so that an unmodified SSH client can be used). I want every aspect of the session being accessed to stay entirely in non-root user space. It should be usable whether the host system has SSHD running for logins or not (as long as the listen port isn't in conflict, of course).

Please don't bother me, or waste your time, with suggestions on how to use SSL, or how to configure SSHD into launching my app, etc. I already know how to do things those ways.

1 members found this post helpful.

This looks like being only one the client side, but by name I found another which also supports the server side.

1 members found this post helpful.

Why aren't these viable solutions? What features would you expect to see in an ssh support library? And not just "act like sshd": is there a reason you can't modify sshd to to do what you want? If nothing else, maybe you can give sshd an api, take out main, and make it into a shared library.
Kevin Barry

Take for example the good old times of Mud and BBS, which traditionally ran on telnet (unencrypted); I can see you'd like to write something of the like that goes over SSH instead. Another example: a sort of shell for your application to be accessed securely. There are tons of reasons why you'd want to create an application that listens to SSH, rather than configure your ssh daemon.

I'm not sure who you're providing examples to. We all seem to agree that a secure protocol is necessary; however, OP wants "the" ssh but not to the point where it's actually the sshd executable. sshd forks every time a connection is made, so the only reasons I can think of to replace it are to have a single process service all connections, or to have direct access to the data structures used to handle the protocol.
Kevin Barry

I probably could modify sshd to do what I want. But that approach didn't need to ask on LQ. Admittedly, I should have googled better than I did on this one and not needed to ask even what I did.

Just to understand, when I have something I'm interested in doing, I look at as many possible ways as I can. When I'm not sure about how some of those way might work, but still recognize that they exist, I then ask about those ways. The problem with asking questions like this online is that some people see the other ways as the obvious or preferred solution (at least for them), and think the way I'm researching to ask the question about is all wrong. In other words, they are trying to evaluate the choices for me, rather than letting me evaluate the choice based on getting more information about the choices I know too little about.

What I'm thinking about doing is complicated, but if you think about it as a single process, it covers many of the issues. But another one is not wanting to have even the slightest bit of code in there that would possibly do anything other than my application's purpose. Sure, taking sshd source code and stripping huge amounts out could possibly solve that. And that idea is on the table. I just didn't have a question to ask about that one.

Let's just say it will involve making use of SSH's port forwarding aspects, e.g. -D and -L and -R in the client command, but without those ports being real on the server end, and instead, handled in special ways that I prefer stay in the same process.

I do recall someone actually did a MUD game a while back with an SSH listener in it. I couldn't remember it's name and that was one of the things I was looking for. I don't know how they actually did it, either. If they hacked things by passing the incoming stream over to the local unmodified sshd to run a special program that just passed the clear traffic back, that might be considered a nice hack, but isn't what I want to do (which, instead, needs to be clean, lean, and supportable).

Yeah, that sounds like nearly every thread I've started at LQ. I generally end up having to figure it out myself or repose the problem, not because the help was inadequate but because I normally ask about non-traditional things that I can't figure out even the hard way. Most of the time reposing the problem was the way to go, but that normally required massive rewrites.

As far as asking "why", etc., I was mostly trying to get the obvious out of the way so we knew in what ways the obvious was inadequate. If those things aren't clear it starts turning into trial-and-error on the part of people helping. Of course, now that I say that it makes sense the way some of my threads have gone.
Kevin Barry

I was looking through the ports tree for FreeBSD 8.2 and found libssh and libssh2. You might try to track down where they're from.
Kevin Barry

I eventually did find libssh and libssh2 from the earlier suggestions by macemoneta and Reuti. It may be a larger project than I want to tackle at this time.