libnetconf2  1.1.48
NETCONF library for clients and servers
 All Data Structures Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
Functions
Server SSH
Server

Server-side settings for SSH connections. More...

Functions

int nc_server_ssh_add_authkey (const char *pubkey_base64, NC_SSH_KEY_TYPE type, const char *username)
 Add an authorized client SSH public key. This public key can be used for publickey authentication (for any SSH connection, even Call Home) afterwards. More...
 
int nc_server_ssh_add_authkey_path (const char *pubkey_path, const char *username)
 Add an authorized client SSH public key. This public key can be used for publickey authentication (for any SSH connection, even Call Home) afterwards. More...
 
int nc_server_ssh_del_authkey (const char *pubkey_path, const char *pubkey_base64, NC_SSH_KEY_TYPE type, const char *username)
 Remove an authorized client SSH public key. More...
 
void nc_server_ssh_set_passwd_auth_clb (int(*passwd_auth_clb)(const struct nc_session *session, const char *password, void *user_data), void *user_data, void(*free_user_data)(void *user_data))
 Set the callback for SSH password authentication. If none is set, local system users are used. More...
 
void nc_server_ssh_set_interactive_auth_clb (int(*interactive_auth_clb)(const struct nc_session *session, const ssh_message msg, void *user_data), void *user_data, void(*free_user_data)(void *user_data))
 Set the callback for SSH interactive authentication. If none is set, local system users are used. More...
 
void nc_server_ssh_set_pubkey_auth_clb (int(*pubkey_auth_clb)(const struct nc_session *session, ssh_key key, void *user_data), void *user_data, void(*free_user_data)(void *user_data))
 Set the callback for SSH public key authentication. If none is set, local system users are used. More...
 
void nc_server_ssh_set_hostkey_clb (int(*hostkey_clb)(const char *name, void *user_data, char **privkey_path, char **privkey_data, NC_SSH_KEY_TYPE *privkey_type), void *user_data, void(*free_user_data)(void *user_data))
 Set the callback for retrieving host keys. Any RSA, DSA, and ECDSA keys can be added. However, a maximum of one key of each type will be used during SSH authentication, later keys replacing the earlier ones. More...
 
int nc_server_ssh_endpt_add_hostkey (const char *endpt_name, const char *name, int16_t idx)
 Add endpoint SSH host keys the server will identify itself with. Only the name is set, the key itself wil be retrieved using a callback. More...
 
int nc_server_ssh_endpt_del_hostkey (const char *endpt_name, const char *name, int16_t idx)
 Delete endpoint SSH host key. Their order is preserved. More...
 
int nc_server_ssh_endpt_mov_hostkey (const char *endpt_name, const char *key_mov, const char *key_after)
 Move endpoint SSH host key. More...
 
int nc_server_ssh_endpt_mod_hostkey (const char *endpt_name, const char *name, const char *new_name)
 Modify endpoint SSH host key. More...
 
int nc_server_ssh_endpt_set_auth_methods (const char *endpt_name, int auth_methods)
 Set endpoint accepted SSH authentication methods. All (publickey, password, interactive) are supported by default. More...
 
int nc_server_ssh_endpt_get_auth_methods (const char *endpt_name)
 Get endpoint accepted SSH authentication methods. More...
 
int nc_server_ssh_endpt_set_auth_attempts (const char *endpt_name, uint16_t auth_attempts)
 Set endpoint SSH authentication attempts of every client. 3 by default. More...
 
int nc_server_ssh_endpt_set_auth_timeout (const char *endpt_name, uint16_t auth_timeout)
 Set endpoint SSH authentication timeout. 30 seconds by default. More...
 

Detailed Description

Server-side settings for SSH connections.

Function Documentation

int nc_server_ssh_add_authkey ( const char *  pubkey_base64,
NC_SSH_KEY_TYPE  type,
const char *  username 
)

Add an authorized client SSH public key. This public key can be used for publickey authentication (for any SSH connection, even Call Home) afterwards.

Parameters
[in]pubkey_base64Authorized public key binary content encoded in base64.
[in]typeAuthorized public key SSH type.
[in]usernameUsername that the client with the public key must use.
Returns
0 on success, -1 on error.
int nc_server_ssh_add_authkey_path ( const char *  pubkey_path,
const char *  username 
)

Add an authorized client SSH public key. This public key can be used for publickey authentication (for any SSH connection, even Call Home) afterwards.

Parameters
[in]pubkey_pathPath to the public key.
[in]usernameUsername that the client with the public key must use.
Returns
0 on success, -1 on error.
int nc_server_ssh_del_authkey ( const char *  pubkey_path,
const char *  pubkey_base64,
NC_SSH_KEY_TYPE  type,
const char *  username 
)

Remove an authorized client SSH public key.

Parameters
[in]pubkey_pathPath to an authorized public key. NULL matches all the keys.
[in]pubkey_base64Authorized public key content. NULL matches any key.
[in]typeAuthorized public key type. 0 matches all types.
[in]usernameUsername for an authorized public key. NULL matches all the usernames.
Returns
0 on success, -1 on not finding any match.
void nc_server_ssh_set_passwd_auth_clb ( int(*)(const struct nc_session *session, const char *password, void *user_data)  passwd_auth_clb,
void *  user_data,
void(*)(void *user_data)  free_user_data 
)

Set the callback for SSH password authentication. If none is set, local system users are used.

Parameters
[in]passwd_auth_clbCallback that should authenticate the user. Username can be directly obtained from session. Zero return indicates success, non-zero an error.
[in]user_dataOptional arbitrary user data that will be passed to passwd_auth_clb.
[in]free_user_dataOptional callback that will be called during cleanup to free any user_data.
void nc_server_ssh_set_interactive_auth_clb ( int(*)(const struct nc_session *session, const ssh_message msg, void *user_data)  interactive_auth_clb,
void *  user_data,
void(*)(void *user_data)  free_user_data 
)

Set the callback for SSH interactive authentication. If none is set, local system users are used.

Parameters
[in]interactive_auth_clbCallback that should authenticate the user. Zero return indicates success, non-zero an error.
[in]user_dataOptional arbitrary user data that will be passed to passwd_auth_clb.
[in]free_user_dataOptional callback that will be called during cleanup to free any user_data.
void nc_server_ssh_set_pubkey_auth_clb ( int(*)(const struct nc_session *session, ssh_key key, void *user_data)  pubkey_auth_clb,
void *  user_data,
void(*)(void *user_data)  free_user_data 
)

Set the callback for SSH public key authentication. If none is set, local system users are used.

Parameters
[in]pubkey_auth_clbCallback that should authenticate the user. Zero return indicates success, non-zero an error.
[in]user_dataOptional arbitrary user data that will be passed to passwd_auth_clb.
[in]free_user_dataOptional callback that will be called during cleanup to free any user_data.
void nc_server_ssh_set_hostkey_clb ( int(*)(const char *name, void *user_data, char **privkey_path, char **privkey_data, NC_SSH_KEY_TYPE *privkey_type)  hostkey_clb,
void *  user_data,
void(*)(void *user_data)  free_user_data 
)

Set the callback for retrieving host keys. Any RSA, DSA, and ECDSA keys can be added. However, a maximum of one key of each type will be used during SSH authentication, later keys replacing the earlier ones.

Parameters
[in]hostkey_clbCallback that should return the key itself. Zero return indicates success, non-zero an error. On success exactly ONE of privkey_path or privkey_data is expected to be set. The one set will be freed.
  • privkey_path expects a PEM file,
  • privkey_data expects a base-64 encoded ANS.1 DER data,
  • privkey_type type of the key in privkey_data. Use NC_SSH_KEY_UNKNOWN for PKCS#8 key that includes the information about the key in its data.
[in]user_dataOptional arbitrary user data that will be passed to hostkey_clb.
[in]free_user_dataOptional callback that will be called during cleanup to free any user_data.
int nc_server_ssh_endpt_add_hostkey ( const char *  endpt_name,
const char *  name,
int16_t  idx 
)

Add endpoint SSH host keys the server will identify itself with. Only the name is set, the key itself wil be retrieved using a callback.

Parameters
[in]endpt_nameExisting endpoint name.
[in]nameArbitrary name of the host key.
[in]idxOptional index where to add the key. -1 adds at the end.
Returns
0 on success, -1 on error.
int nc_server_ssh_endpt_del_hostkey ( const char *  endpt_name,
const char *  name,
int16_t  idx 
)

Delete endpoint SSH host key. Their order is preserved.

Parameters
[in]endpt_nameExisting endpoint name.
[in]nameName of the host key. NULL matches all the keys, but if idx != -1 then this must be NULL.
[in]idxIndex of the hostkey. -1 matches all indices, but if name != NULL then this must be -1.
Returns
0 on success, -1 on error.
int nc_server_ssh_endpt_mov_hostkey ( const char *  endpt_name,
const char *  key_mov,
const char *  key_after 
)

Move endpoint SSH host key.

Parameters
[in]endpt_nameExisitng endpoint name.
[in]key_movName of the host key that will be moved.
[in]key_afterName of the key that will preceed key_mov. NULL if key_mov is to be moved at the beginning.
Returns
0 in success, -1 on error.
int nc_server_ssh_endpt_mod_hostkey ( const char *  endpt_name,
const char *  name,
const char *  new_name 
)

Modify endpoint SSH host key.

Parameters
[in]endpt_nameExisitng endpoint name.
[in]nameName of an existing host key.
[in]new_nameNew name of the host key name.
Returns
0 in success, -1 on error.
int nc_server_ssh_endpt_set_auth_methods ( const char *  endpt_name,
int  auth_methods 
)

Set endpoint accepted SSH authentication methods. All (publickey, password, interactive) are supported by default.

Parameters
[in]endpt_nameExisting endpoint name.
[in]auth_methodsAccepted authentication methods bit field of NC_SSH_AUTH_TYPE.
Returns
0 on success, -1 on error.
int nc_server_ssh_endpt_get_auth_methods ( const char *  endpt_name)

Get endpoint accepted SSH authentication methods.

Parameters
[in]endpt_nameExisting endpoint name.
Returns
Accepted authentication methods bit field of NC_SSH_AUTH_TYPE.
int nc_server_ssh_endpt_set_auth_attempts ( const char *  endpt_name,
uint16_t  auth_attempts 
)

Set endpoint SSH authentication attempts of every client. 3 by default.

Parameters
[in]endpt_nameExisting endpoint name.
[in]auth_attemptsFailed authentication attempts before a client is dropped.
Returns
0 on success, -1 on error.
int nc_server_ssh_endpt_set_auth_timeout ( const char *  endpt_name,
uint16_t  auth_timeout 
)

Set endpoint SSH authentication timeout. 30 seconds by default.

Parameters
[in]endpt_nameExisting endpoint name.
[in]auth_timeoutNumber of seconds before an unauthenticated client is dropped.
Returns
0 on success, -1 on error.