HCC’s Secure SHell (SSH) server is a portable, low footprint server that runs as an application on HCC’s IPv4 and IPv6 stacks. It creates a secure socket connection that can be used for executing menu commands or for tunneling data between the clients and servers of other applications.

SSH establishes a secure tunnel through which other applications can safely run without the need for security-related modification. The module includes the SSH Authentication, Transport Layer, and Connection Layer protocols. The protocol layers co-exist, with each layer supporting multiple simultaneous sessions.

The SSH module is part of HCC’s MISRA-compliant TCP/IP stack, as shown in the Networking Overview diagram, and is designed specifically for use with it.

Features
  • Conforms to the HCC Advanced Embedded Framework.
  • Complies with the HCC MISRA-compliant TCP/IP stack.
  • Designed for integration with both RTOS and non-RTOS based systems.
  • Tunneling and both forwarded and direct TCP/IP.

Supports Secure Shell version 2.0 and complies with the following RFCs:

  • RFC 4250 – The Secure Shell (SSH) Protocol Assigned Numbers.
  • RFC 4251 – The Secure Shell (SSH) Protocol Architecture.
  • RFC 4252 – The Secure Shell (SSH) Authentication Protocol.
  • RFC 4253 – The Secure Shell (SSH) Transport Layer Protocol.
  • RFC 4254 – The Secure Shell (SSH) Connection Protocol.
Architecture

SSH has a client/server architecture. HCC’s SSH implements the server side of the protocol suite, allowing data transmission between two network devices across a secure connection, with each connection capable of supporting multiple channels. The various encryption methods used in SSH protocol implementation provide confidentiality and data integrity over an insecure network.

The SSH server accepts or rejects incoming connections to its host computer. Users run SSH client programs, typically on other computers, that make requests to the SSH server, such as “Log me in,” “Send me a file,” or “Execute this command.” All communications between clients and servers are securely encrypted and protected from modification.

SSH is largely transparent to the applications that use it. It normally listens for connections on port 22, which has been assigned for its use by the IANA. Most protocols and network application programs can run over SSH without modification, though the port numbers and IP addresses used in the command may differ from those normally used. Programs that change port numbers during their operation cannot run over SSH without modification.

This module supports tunneling and also both forwarded and direct TCP/IP. The SSH server and client negotiate the security protocols that they will run, selecting from lists of protocols that the SSH protocol specifications consider to be required, recommended, or optional. Security policies are set up by administrators using either compile time or dynamic parameters.