Finally an embedded SSH Server and Client is available. After significant and long-standing demand, I am porting the libssh library to the ESP32 system-on-chip family as an Arduino library.
News
- November 2021, major release 2.1.0 supporting ESP32-C3.
- November 2022, major release 3.0.0 supporting ESP32-S3.
- June 2024, major [pre]release 5.0.0 supporting Arduino 3.0 and ESP32-S2.
Milestones
- Compiles without errors.
- Links without any symbols missing.
- SSH Server example functional (create server key and run ssh server).
- SSH Client example functional.
- Updated to latest stable 0.10.6 release of libssh.
Further Work
- Create a pull request for arduino-esp32 to make minor fixes and allow this library to compile (done, but needs to be re-done on the upstream esp-idf repository, no longer needed 9th November 2022).
- Make the source tree release-clean (complete).
- Push to GitHub (done, version 0.2.0 first pushed on 25th April 2020).
- Publish on the Arduino library list (complete).
Bugs to be squashed
- SSH server does not listen on IPv6 addresses, only IPv4 addresses (done, example listened on IPv4 address 0.0.0.0 by default (so supplied a parameter to permit both IPv4 and IPv6).
- Timeout when SSH client attempts connection to server over a routed TCP/IP connection (no longer an issue). I believe this is due to a more generic issue with the ESP32 TCP/IP stack since I have witnessed it with other code the first time a large network packet is returned from the ESP32 to a client that is not on the ESP32's local network (done, fixed by new Espressif release).
- If you use PuTTY as a client to the ESP32 running a server, then on the PuTTY bugs panel you may need to enable Chokes on PuTTY's SSH-2 ‘winadj’ requests. This will prevent random disconnections that may occur after a few minutes have elapsed.
The library and source code are available on GitHub in the LibSSH-ESP32 project and have moved to a stable release now.
Observations
There is a bug in ESP32 Arduino code that causes a Guru Mediation if calling SHA256 functions concurrently. If you are making/receiving multiple SSH sessions and see and error such as this:
assertion "uxSemaphoreGetCount(engine_state) == 0 && "SHA engine should be locked"" failed
then the solution is to disable the hardware-accelerated SHA256 routines. This has little impact to performance. Disable CONFIG_MBEDTLS_HARDWARE_SHA in the sdkconfig and recompile the ESP32 Arduino framework.
Classifications
Reverse SSH tunnel
Is there a way to create a reverse ssh tunnel to Linux machine using this library? Making the ESP32 WebServer available via localhost on some specified port on Linux machine? This will help me access ESP32 devices from anywhere in the world.
Is ssh_channel_listen…
In reply to Reverse SSH tunnel by Tariq (not verified)
Is ssh_channel_listen_forward() what you are looking for?
There is an example of its use. Practical alternatives are IPv6 or an apache2 proxy.