eCosPro-SecureShell is an optional middleware package for the eCosPro RTOS that provides a SSH-2 compatible Secure SHell daemon for eCos. This enables secure network access to embedded targets for configuration, control, data transfer and other purposes. The SSH protocol supports encryption to provide confidentiality and integrity of data, and uses public-key cryptography to authenticate incoming connections. Secure Shell clients are available for all mainstream host operating systems.

eCosPro-SecureShell is derived from the popular small footprint dropbear SSH server and client. It consists of the eCos port of dropbear, associated libtommath and libtomcrypt libraries, example applications, host-based utilities, and documentation.

Features

• SSH-2 protocol compatible
• Both public-key and password authentication are supported
• DSS and RSA key authentication algorithms
• 3DES encryption algorithm supported, with AES128, AES256, blowfish, twofish128 and twofish256 also available
• For additional security, incoming connections can be restricted to specific networks or individual hosts
• Windows and Linux host tools are provided for conversion and generation of keys
• Compatible with OpenSSH generated keys
• Numerous eCos configuration options are provided to manage eCosPro-SecureShell's functionality, performance, and resource usage
• Resource usage can be further controlled by the application limiting the number of concurrent connections
• Typical resource usage is around 110KB for code (architecture dependent), and a per connection overhead of around 30KB
• SSH event log messages are available to the application
• Includes extendable basic shell and hangman game examples
• Client side support includes scp
• The implementation does not support agent or X11 forwarding, compression, or sftp

Straightforward integration

Adding secure shell access to your embedded application is quite straightforward. The SSH daemon thread handles all external connections from remote SSH clients, client authentication, and data encryption. Application callbacks are used to monitor, control and provide the daemon information such as authentication key data. Once a connection with a remote peer is established, the application communicates with it via BSD sockets, or higher-level C library I/O. Channels for stdin, stdout, and optionally stderr, are available. The daemon transparently decrypts and encrypts all communications between the application and remote peer.

An extendable basic shell is provided as part of the package. This can easily be integrated into your embedded application and customized to your requirements. The shell provides some basic built-in commands, and a framework for the addition of further application specific commands. The shell, along with the hangman game, also serve as easy-to-follow examples of how to handle the various aspects of the system, including initialisation, authentication, incoming connections, and connection shutdown.

A client side API is provided for encrypting data transfers from and to the target using scp.

eCosPro-SecureShell is supplied as a standard installable and configurable eCos EPK module. Full source code and documentation are included along with engineering technical support. The license allows for an unlimited number of device types and deployed units, and is royalty free.

SSH is a registered trademark of SSH Communications Security Corporation