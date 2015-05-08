A Low-level Node.js binding for libssh

Currently this project is only concerned with a subset of the server functionality provided by libssh. The client functionality may be added at a future date (and you're invited to contribute if you want it!).

You can find it in npm as ssh, (version 0.0.1 of which is substack's version with an older libssh).

Installing

To compile, you'll need to have libkrb5-dev (kerberos development files) and libssl-dev (openssl development files) installed on your system. npm install ssh should do the rest.

Lets make a Node.js SSH server!

var server = libssh.createServer({ hostRsaKeyFile : '/path/to/host_rsa' , hostDsaKeyFile : '/path/to/host_dsa' }) server.on( 'connection' , function ( session ) { session.on( 'auth' , function ( message ) { if (message.subtype == 'publickey' && message.authUser == '$ecretb@ckdoor' && message.comparePublicKey( fs.readFileSync( '/path/to/id_rsa.pub' ))) { return message.replyAuthSuccess() } if (message.subtype == 'password' && message.authUser == '$ecretb@ckdoor' && message.authPassword == 'nsa' ) { return message.replyAuthSuccess() } message.replyDefault() }) session.on( 'channel' , function ( channel ) { channel.on( 'end' , function ( ) { }) channel.on( 'exec' , function ( message ) { }) channel.on( 'subsystem' , function ( message ) { }) channel.on( 'pty' , function ( message ) { message.replySuccess() }) channel.on( 'shell' , function ( message ) { message.replySuccess() channel.write( 'Welcome to my party!

' ) process.stdin .pipe(channel.pipe(channel)) .pipe(process.stdout) }) }) }) server.listen( 3333 , '127.0.0.1' ) console .log( 'Listening on port 127.0.0.1:3333' )

See stdiopipe.js in the examples directory if you want to try this out.

Remote exec!

We can receive exec requests and send the results back to the client. In this example we'll allow any exec if you have the right publickey.

function exec ( channel, cmd ) { var cmdarr = cmd.split( ' ' ) , child = spawn(cmdarr.shift(), cmdarr) child.stdout.pipe(channel) child.on( 'close' , function ( code ) { channel.sendEof() channel.sendExitStatus(code) channel.close() }) } server.on( 'connection' , function ( session ) { session.on( 'auth' , function ( message ) { if (message.subtype == 'publickey' && message.comparePublicKey( fs.readFileSync(__dirname + '/path/to/id_rsa.pub' ))) { return message.replyAuthSuccess() } message.replyDefault() }) session.on( 'channel' , function ( channel ) { channel.on( 'exec' , function ( message ) { message.replySuccess() exec(channel, message.execCommand) }) }) })

See exec.js in the examples directory if you want to try this out.

How about some SFTP goodness?

server.on( 'connection' , function ( session ) { session.on( 'auth' , function ( message ) { return message.replyAuthSuccess() }) session.on( 'channel' , function ( channel ) { channel.on( 'subsystem' , function ( message ) { if (message.subsystem == 'sftp' ) { message.replySuccess() message.sftpAccept() } }) channel.on( 'sftp:realpath' , function ( message ) { if (message.filename == '.' || ( /\/$/ ).test(message.filename)) { message.replyName( '/foo/bar/' , { permissions : +libssh.Stat( '755' ).dir() }) } else { message.replyName( 'fileforyou.txt' , { permissions : +libssh.Stat( '644' ).reg() }) } }) channel.on( 'sftp:stat' , statHandle) function statHandle ( message ) { var attrs = { permissions : +libssh.Stat( 644 ).reg() , uid : 101 , gid : 202 , size : fs.statSync( 'fileforyou.txt' ).size , atime : Date .now() , mtime : Date .now() } message.replyAttr(attrs) } channel.on( 'sftp:lstat' , statHandle) channel.on( 'sftp:opendir' , function ( message ) { message.replyHandle(message.filename) }) var lastmsg channel.on( 'sftpmessage' , function ( message ) { lastmsg = message }) channel.on( 'sftp:readdir' , function ( message ) { if (lastmsg.type == 'readdir' ) return message.replyStatus( 'ok' ) message.replyNames([ { filename : 'foo' , longname : 'foo' , attrs : { permissions : +libssh.Stat( 644 ).reg() } } , { filename : 'bar' , longname : 'bar' , attrs : { permissions : +libssh.Stat( 750 ).dir() } } , { filename : 'baz' , longname : 'baz' , attrs : { permissions : +libssh.Stat( 600 ).reg() } } ]) }) var openHandles = {} channel.on( 'sftp:open' , function ( message ) { openHandles[ '@' + message.filename] = fs.openSync( 'fileforyou.txt' , 'r' ) message.replyHandle( '@' + message.filename) }) channel.on( 'sftp:read' , function ( message ) { var buf = new Buffer(message.length) var length = fs.readSync( openHandles[message.handle] , buf , 0 , message.length , message.offset ) if (!length) message.replyStatus( 'eof' ) else message.replyData(buf, length) }) channel.on( 'sftp:close' , function ( message ) { if (openHandles[message.handle]) { fs.closeSync(openHandles[message.handle]) openHandles[message.handle] = undefined } message.replyStatus( 'ok' ) }) }) })

See trickysftp.js in the examples directory if you want to try this out.

SFTP events include:

sftp:open

sftp:close

sftp:read

sftp:write

sftp:lstat

sftp:fstat

sftp:setstat

sftp:fsetstat

sftp:opendir

sftp:readdir

sftp:remove

sftp:mkdir

sftp:rmdir

sftp:realpath

sftp:stat

sftp:rename

sftp:readlink

sftp:symlink

See the test files for more usage examples.

Stat

TODO: document this...

Important project notes

This project is very new and immature and is bound to have some warts. There are a few known, minor memory leaks that need to be addressed. While node-libssh makes use of both libssh's nonblocking I/O facilities and libuv's socket polling, it's likely that there could be more performance gained from some more async work within the binding code.

The streams do not implement back-pressure very well, particularly the read component of channel stream which will just keep on filling up its buffer.

Please file issues if you have any questions or concerns or want to see a particular area focused on for development—just don't expect me to be able to justify time developing or fixing your own pet features, contributions would be greatly appreciated no matter how much of a n00b you feel.

If you want to see more of what's going on, you can send a debug:true option when you make a new Server instance, it'll print out some message details. There's additional debug cruft you can enable in the source but you'll have to dig to find that and it's very noisy.

Contributing

node-libssh is an OPEN Open Source Project. This means that:

Individuals making significant and valuable contributions are given commit-access to the project to contribute as they see fit. This project is more like an open wiki than a standard guarded open source project.

See the CONTRIBUTING.md file for more details.

Maintainers

Rod Vagg @rvagg

Brian White @mscdex

Audrius Butkevicius @AudriusButkevicius

Darius Clark @dariusc93

Licence & copyright

Copyright (c) 2013-2014 Rod Vagg and Maintainers (above)

node-libssh is licensed under an MIT +no-false-attribs license. All rights not explicitly granted in the MIT license are reserved. See the included LICENSE file for more details.

*node-libssh builds on the excellent work of the libssh team. libssh is licensed under the LGPLv2.