hssh: SSH protocol implementation

[ library, mit, network ] [ Propose Tags ]

Please see the README on Github at https://github.com/lpeterse/haskell-ssh#readme


[Skip to Readme]
Versions [faq] 0.1.0.0
Change log CHANGELOG.md
Dependencies async, base (>=4.7 && <5), bytestring, cereal, containers, cryptonite, data-default, hssh, memory, socket (>=0.8.2.0), stm [details]
License MIT
Copyright 2017 Lars Petersen
Author Lars Petersen
Maintainer info@lars-petersen.net
Category Network
Home page https://github.com/lpeterse/haskell-ssh#readme
Bug tracker https://github.com/lpeterse/haskell-ssh/issues
Source repo head: git clone https://github.com/lpeterse/haskell-ssh
Uploaded by LarsPetersen at Wed Oct 31 19:04:57 UTC 2018
Distributions NixOS:0.1.0.0
Executables hssh-demo
Downloads 155 total (9 in the last 30 days)
Rating (no votes yet) [estimated by rule of succession]
Your Rating
  • λ
  • λ
  • λ
Status Hackage Matrix CI
Docs available [build log]
Last success reported on 2018-11-02 [all 1 reports]

Modules

[Index] [Quick Jump]

Flags

NameDescriptionDefaultType
demo

Build server demo executable hssh-demo

DisabledManual

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

Maintainer's Corner

For package maintainers and hackage trustees


Readme for hssh-0.1.0.0

[back to package description]

hssh

Introduction

This library is a pure-Haskell implementation of the SSH2 protocol.

Features

By now, only the server part has been implemented. It can be used to embed SSH servers into Haskell applications.

Transport layer:

  • ssh-ed25519 host keys.
  • Key exchange using the curve25519-sha256@libssh.org algorithm.
  • Encryption using the chacha20-poly1305@openssh.com algorithm.
  • Rekeying fully supported and compatible with OpenSSH.

Authentication layer:

  • User authentication with ssh-ed25519 public keys.

Connection layer:

  • Connection multiplexing.
  • Serving session requests (shell and exec) with user-supplied handlers.
  • Serving direct-tcpip requests with user-supplied handlers.

Misc:

  • SSH private key file import (not encrypted yet).

Dependencies

  • async
  • base
  • bytestring
  • cereal
  • containers
  • cryptonite
  • memory
  • stm
  • data-default

Example server application

{-# LANGUAGE FlexibleContexts  #-}
{-# LANGUAGE FlexibleInstances #-}
{-# LANGUAGE OverloadedStrings #-}
module Main where

import           Control.Concurrent             ( forkFinally
                                                )
import           Control.Exception              ( bracket
                                                , bracketOnError
                                                , handle
                                                , throwIO
                                                )
import           Control.Monad                  ( forever
                                                , void
                                                )
import qualified Data.ByteArray                as BA
import qualified Data.ByteString               as BS
import           Data.Default
import           System.Exit

import qualified System.Socket                  as S
import qualified System.Socket.Family.Inet6     as S
import qualified System.Socket.Protocol.Default as S
import qualified System.Socket.Type.Stream      as S
import qualified System.Socket.Unsafe           as S

import           Network.SSH
import qualified Network.SSH.Server            as Server

main :: IO ()
main = do
    file                <- BS.readFile "./resources/id_ed25519"
    (privateKey, _) : _ <- decodePrivateKeyFile BS.empty file :: IO [(KeyPair, BA.Bytes)]
    bracket open close (accept config privateKey)
  where
    config = def
        { Server.transportConfig          = def
        , Server.userAuthConfig           = def
            { Server.onAuthRequest        = \username _ _ -> pure (Just username)
            }
        , Server.connectionConfig         = def
            { Server.onSessionRequest     = handleSessionRequest
            , Server.onDirectTcpIpRequest = handleDirectTcpIpRequest
            }
        }
    open  = S.socket :: IO (S.Socket S.Inet6 S.Stream S.Default)
    close = S.close
    accept config agent s = do
        S.setSocketOption s (S.ReuseAddress True)
        S.setSocketOption s (S.V6Only False)
        S.bind s (S.SocketAddressInet6 S.inet6Any 22 0 0)
        S.listen s 5
        forever $ bracketOnError (S.accept s) (S.close . fst) $ \(stream, peer) -> do
            putStrLn $ "Connection from " ++ show peer
            void $ forkFinally
                (Server.serve config agent stream >>= print)
                (const $ S.close stream)

handleDirectTcpIpRequest :: identity -> Server.DirectTcpIpRequest -> IO (Maybe Server.DirectTcpIpHandler)
handleDirectTcpIpRequest idnt req = pure $ Just $ Server.DirectTcpIpHandler $ \stream-> do
    bs <- receive stream 4096
    sendAll stream "HTTP/1.1 200 OK\n"
    sendAll stream "Content-Type: text/plain\n\n"
    sendAll stream $! BS.pack $ fmap (fromIntegral . fromEnum) $ show req
    sendAll stream "\n\n"
    sendAll stream bs
    print bs

handleSessionRequest :: identity -> Server.SessionRequest -> IO (Maybe Server.SessionHandler)
handleSessionRequest idnt req = pure $ Just $ Server.SessionHandler $ \_ _ _ _ stdout _ -> do
    sendAll stdout "Hello world!\n"
    pure ExitSuccess

-------------------------------------------------------------------------------
-- Instances for use with the socket library
-------------------------------------------------------------------------------

instance DuplexStream (S.Socket f S.Stream p) where

instance OutputStream  (S.Socket f S.Stream p) where
    send stream bytes =
        handle f $ S.send stream bytes S.msgNoSignal
        where
            f e
                | e == S.ePipe = pure 0
                | otherwise    = throwIO e
    sendUnsafe stream (BA.MemView ptr n) = fromIntegral <$>
        handle f (S.unsafeSend stream ptr (fromIntegral n) S.msgNoSignal)
        where
            f e
                | e == S.ePipe = pure 0
                | otherwise    = throwIO e

instance InputStream  (S.Socket f S.Stream p) where
    peek stream len = S.receive stream len (S.msgNoSignal <> S.msgPeek)
    receive stream len = S.receive stream len S.msgNoSignal
    receiveUnsafe stream (BA.MemView ptr n) = fromIntegral <$>
        S.unsafeReceive stream ptr (fromIntegral n) S.msgNoSignal