> From: owner-openssl-us...@openssl.org On Behalf Of David Durham > Sent: Thursday, 27 October, 2011 16:48
> I'm new to C++ and libssl, but nevertheless trying to write an SSH > server. I have gone through tutorials and believe I have a working > server that initializes and SSL context, binds and listens on a TCP > socket, and accepts a connection. Using a debugger I see that if I > try to "ssh myserver -p myport", the process hangs on the call to > SSL_accept. I figure this is because the ssh client needs to do > something before calling SSL_connect. I don't need authentication, I > just want to use ssh kind of like a secure telnet. <snip> SSH and SSL are different protocols, even though there is only one letter difference in the acronym. See RFCs 4250-6. The underlying *crypto* primitives are mostly the same, and the widely-used openssh implementation uses the libcrypto part of OpenSSL, but the protocol part of openssh is entirely different from the libssl part of OpenSSL (including SSL_accept). AFAIK SSH always formally authenticates the server, although in practice this is usually done by accepting the server's key the first time manually, which people are supposed to think about but don't, and thereafter checking it is the same. Similarly I believe it always formally authenticates the client, but that can be e.g. "anybody/dontcare". If you just want confidentiality with truly no authentication, SSL/TLS (and OpenSSL) can do that with the anonymous-DH and anonymous-ECDH suites. I assume you understand and accept the vulnerabilities you are creating by not authenticating. Also: You didn't show your Error() routine (method?). I hope it displays the OpenSSL error stack in some suitable way; that information is very often vital in debugging errors. And: > char *message = "Hello SSL"; > if (SSL_write(ssl, message, sizeof(message)) <= 0) is a very basic (but all too common) C bug. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
