1*0Sstevel@tonic-gateThis document is intended for those who wish to read the ssh source 2*0Sstevel@tonic-gatecode. This tries to give an overview of the structure of the code. 3*0Sstevel@tonic-gate 4*0Sstevel@tonic-gateCopyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi> 5*0Sstevel@tonic-gateUpdated 17 Nov 1995. 6*0Sstevel@tonic-gateUpdated 19 Oct 1999 for OpenSSH-1.2 7*0Sstevel@tonic-gate 8*0Sstevel@tonic-gateThe software consists of ssh (client), sshd (server), scp, sdist, and 9*0Sstevel@tonic-gatethe auxiliary programs ssh-keygen, ssh-agent, ssh-add, and 10*0Sstevel@tonic-gatemake-ssh-known-hosts. The main program for each of these is in a .c 11*0Sstevel@tonic-gatefile with the same name. 12*0Sstevel@tonic-gate 13*0Sstevel@tonic-gateThere are some subsystems/abstractions that are used by a number of 14*0Sstevel@tonic-gatethese programs. 15*0Sstevel@tonic-gate 16*0Sstevel@tonic-gate Buffer manipulation routines 17*0Sstevel@tonic-gate 18*0Sstevel@tonic-gate - These provide an arbitrary size buffer, where data can be appended. 19*0Sstevel@tonic-gate Data can be consumed from either end. The code is used heavily 20*0Sstevel@tonic-gate throughout ssh. The basic buffer manipulation functions are in 21*0Sstevel@tonic-gate buffer.c (header buffer.h), and additional code to manipulate specific 22*0Sstevel@tonic-gate data types is in bufaux.c. 23*0Sstevel@tonic-gate 24*0Sstevel@tonic-gate Compression Library 25*0Sstevel@tonic-gate 26*0Sstevel@tonic-gate - Ssh uses the GNU GZIP compression library (ZLIB). 27*0Sstevel@tonic-gate 28*0Sstevel@tonic-gate Encryption/Decryption 29*0Sstevel@tonic-gate 30*0Sstevel@tonic-gate - Ssh contains several encryption algorithms. These are all 31*0Sstevel@tonic-gate accessed through the cipher.h interface. The interface code is 32*0Sstevel@tonic-gate in cipher.c, and the implementations are in libc. 33*0Sstevel@tonic-gate 34*0Sstevel@tonic-gate Multiple Precision Integer Library 35*0Sstevel@tonic-gate 36*0Sstevel@tonic-gate - Uses the SSLeay BIGNUM sublibrary. 37*0Sstevel@tonic-gate - Some auxiliary functions for mp-int manipulation are in mpaux.c. 38*0Sstevel@tonic-gate 39*0Sstevel@tonic-gate Random Numbers 40*0Sstevel@tonic-gate 41*0Sstevel@tonic-gate - Uses arc4random() and such. 42*0Sstevel@tonic-gate 43*0Sstevel@tonic-gate RSA key generation, encryption, decryption 44*0Sstevel@tonic-gate 45*0Sstevel@tonic-gate - Ssh uses the RSA routines in libssl. 46*0Sstevel@tonic-gate 47*0Sstevel@tonic-gate RSA key files 48*0Sstevel@tonic-gate 49*0Sstevel@tonic-gate - RSA keys are stored in files with a special format. The code to 50*0Sstevel@tonic-gate read/write these files is in authfile.c. The files are normally 51*0Sstevel@tonic-gate encrypted with a passphrase. The functions to read passphrases 52*0Sstevel@tonic-gate are in readpass.c (the same code is used to read passwords). 53*0Sstevel@tonic-gate 54*0Sstevel@tonic-gate Binary packet protocol 55*0Sstevel@tonic-gate 56*0Sstevel@tonic-gate - The ssh binary packet protocol is implemented in packet.c. The 57*0Sstevel@tonic-gate code in packet.c does not concern itself with packet types or their 58*0Sstevel@tonic-gate execution; it contains code to build packets, to receive them and 59*0Sstevel@tonic-gate extract data from them, and the code to compress and/or encrypt 60*0Sstevel@tonic-gate packets. CRC code comes from crc32.c. 61*0Sstevel@tonic-gate 62*0Sstevel@tonic-gate - The code in packet.c calls the buffer manipulation routines 63*0Sstevel@tonic-gate (buffer.c, bufaux.c), compression routines (compress.c, zlib), 64*0Sstevel@tonic-gate and the encryption routines. 65*0Sstevel@tonic-gate 66*0Sstevel@tonic-gate X11, TCP/IP, and Agent forwarding 67*0Sstevel@tonic-gate 68*0Sstevel@tonic-gate - Code for various types of channel forwarding is in channels.c. 69*0Sstevel@tonic-gate The file defines a generic framework for arbitrary communication 70*0Sstevel@tonic-gate channels inside the secure channel, and uses this framework to 71*0Sstevel@tonic-gate implement X11 forwarding, TCP/IP forwarding, and authentication 72*0Sstevel@tonic-gate agent forwarding. 73*0Sstevel@tonic-gate The new, Protocol 1.5, channel close implementation is in nchan.c 74*0Sstevel@tonic-gate 75*0Sstevel@tonic-gate Authentication agent 76*0Sstevel@tonic-gate 77*0Sstevel@tonic-gate - Code to communicate with the authentication agent is in authfd.c. 78*0Sstevel@tonic-gate 79*0Sstevel@tonic-gate Authentication methods 80*0Sstevel@tonic-gate 81*0Sstevel@tonic-gate - Code for various authentication methods resides in auth-*.c 82*0Sstevel@tonic-gate (auth-passwd.c, auth-rh-rsa.c, auth-rhosts.c, auth-rsa.c). This 83*0Sstevel@tonic-gate code is linked into the server. The routines also manipulate 84*0Sstevel@tonic-gate known hosts files using code in hostfile.c. Code in canohost.c 85*0Sstevel@tonic-gate is used to retrieve the canonical host name of the remote host. 86*0Sstevel@tonic-gate Code in match.c is used to match host names. 87*0Sstevel@tonic-gate 88*0Sstevel@tonic-gate - In the client end, authentication code is in sshconnect.c. It 89*0Sstevel@tonic-gate reads Passwords/passphrases using code in readpass.c. It reads 90*0Sstevel@tonic-gate RSA key files with authfile.c. It communicates the 91*0Sstevel@tonic-gate authentication agent using authfd.c. 92*0Sstevel@tonic-gate 93*0Sstevel@tonic-gate The ssh client 94*0Sstevel@tonic-gate 95*0Sstevel@tonic-gate - The client main program is in ssh.c. It first parses arguments 96*0Sstevel@tonic-gate and reads configuration (readconf.c), then calls ssh_connect (in 97*0Sstevel@tonic-gate sshconnect.c) to open a connection to the server (possibly via a 98*0Sstevel@tonic-gate proxy), and performs authentication (ssh_login in sshconnect.c). 99*0Sstevel@tonic-gate It then makes any pty, forwarding, etc. requests. It may call 100*0Sstevel@tonic-gate code in ttymodes.c to encode current tty modes. Finally it 101*0Sstevel@tonic-gate calls client_loop in clientloop.c. This does the real work for 102*0Sstevel@tonic-gate the session. 103*0Sstevel@tonic-gate 104*0Sstevel@tonic-gate - The client is suid root. It tries to temporarily give up this 105*0Sstevel@tonic-gate rights while reading the configuration data. The root 106*0Sstevel@tonic-gate privileges are only used to make the connection (from a 107*0Sstevel@tonic-gate privileged socket). Any extra privileges are dropped before 108*0Sstevel@tonic-gate calling ssh_login. 109*0Sstevel@tonic-gate 110*0Sstevel@tonic-gate Pseudo-tty manipulation and tty modes 111*0Sstevel@tonic-gate 112*0Sstevel@tonic-gate - Code to allocate and use a pseudo tty is in pty.c. Code to 113*0Sstevel@tonic-gate encode and set terminal modes is in ttymodes.c. 114*0Sstevel@tonic-gate 115*0Sstevel@tonic-gate Logging in (updating utmp, lastlog, etc.) 116*0Sstevel@tonic-gate 117*0Sstevel@tonic-gate - The code to do things that are done when a user logs in are in 118*0Sstevel@tonic-gate login.c. This includes things such as updating the utmp, wtmp, 119*0Sstevel@tonic-gate and lastlog files. Some of the code is in sshd.c. 120*0Sstevel@tonic-gate 121*0Sstevel@tonic-gate Writing to the system log and terminal 122*0Sstevel@tonic-gate 123*0Sstevel@tonic-gate - The programs use the functions fatal(), log(), debug(), error() 124*0Sstevel@tonic-gate in many places to write messages to system log or user's 125*0Sstevel@tonic-gate terminal. The implementation that logs to system log is in 126*0Sstevel@tonic-gate log-server.c; it is used in the server program. The other 127*0Sstevel@tonic-gate programs use an implementation that sends output to stderr; it 128*0Sstevel@tonic-gate is in log-client.c. The definitions are in ssh.h. 129*0Sstevel@tonic-gate 130*0Sstevel@tonic-gate The sshd server (daemon) 131*0Sstevel@tonic-gate 132*0Sstevel@tonic-gate - The sshd daemon starts by processing arguments and reading the 133*0Sstevel@tonic-gate configuration file (servconf.c). It then reads the host key, 134*0Sstevel@tonic-gate starts listening for connections, and generates the server key. 135*0Sstevel@tonic-gate The server key will be regenerated every hour by an alarm. 136*0Sstevel@tonic-gate 137*0Sstevel@tonic-gate - When the server receives a connection, it forks, disables the 138*0Sstevel@tonic-gate regeneration alarm, and starts communicating with the client. 139*0Sstevel@tonic-gate They first perform identification string exchange, then 140*0Sstevel@tonic-gate negotiate encryption, then perform authentication, preparatory 141*0Sstevel@tonic-gate operations, and finally the server enters the normal session 142*0Sstevel@tonic-gate mode by calling server_loop in serverloop.c. This does the real 143*0Sstevel@tonic-gate work, calling functions in other modules. 144*0Sstevel@tonic-gate 145*0Sstevel@tonic-gate - The code for the server is in sshd.c. It contains a lot of 146*0Sstevel@tonic-gate stuff, including: 147*0Sstevel@tonic-gate - server main program 148*0Sstevel@tonic-gate - waiting for connections 149*0Sstevel@tonic-gate - processing new connection 150*0Sstevel@tonic-gate - authentication 151*0Sstevel@tonic-gate - preparatory operations 152*0Sstevel@tonic-gate - building up the execution environment for the user program 153*0Sstevel@tonic-gate - starting the user program. 154*0Sstevel@tonic-gate 155*0Sstevel@tonic-gate Auxiliary files 156*0Sstevel@tonic-gate 157*0Sstevel@tonic-gate - There are several other files in the distribution that contain 158*0Sstevel@tonic-gate various auxiliary routines: 159*0Sstevel@tonic-gate ssh.h the main header file for ssh (various definitions) 160*0Sstevel@tonic-gate getput.h byte-order independent storage of integers 161*0Sstevel@tonic-gate includes.h includes most system headers. Lots of #ifdefs. 162*0Sstevel@tonic-gate tildexpand.c expand tilde in file names 163*0Sstevel@tonic-gate uidswap.c uid-swapping 164*0Sstevel@tonic-gate xmalloc.c "safe" malloc routines 165