(index ("ssh-keygen" 0) ("ssh-connect" 650) ("userauth-publickey" 1172) ("userauth-password" 1517) ("ssh-server" 1905) ("userauth-accept" 2498) ("channel-accept" 3966) ("channel-exec" 4202) ("channel-command" 4505) ("channel-read" 4807) ("channel-write" 5250) ("channel-eof" 5631) ("channel-close" 5881) ("channel-input-port" 6141) ("channel-output-port" 6141) ("channel-error-port" 6141) ("with-channel-ports" 6141) ("with-channel-ports*" 6141) ("kexinit-start" 7215) ("ssh-log?" 7493) ("ssh-log-payload?" 7493))
(def (sig (procedure " (ssh-keygen type)" (id ssh-keygen))) (p "Mimics OpenSSH's " (tt "ssh-keygen -t ed25519") ". " (tt "type") " must be " (tt "'ed25519") ". Returns two values: public key as a base64 encoded string and a secret key as a blob. Users of this egg is responsible for handling the secret key with the right amount of precaution.") (p "The public key is encoded the same way as " (link "https://www.openssh.com/" "OpenSSH") "'s public keys. This should make it simple to move things around between " (tt "minissh") ", " (tt "~/.ssh/known_hosts") " and " (tt "~/.ssh/authorized_keys") ". See " (tt "examples/client-publickey.scm") "."))
(def (sig (procedure " (ssh-connect host port verifier)" (id ssh-connect))) (p "Connects to a SSH server on " (tt "host:port") ". " (tt "verifier") " is called with the the server's public key and must return " (tt "#f") " if the host is not recognized.") (p (tt "ssh-connect") " returns an " (tt "ssh") " client session which provides an encrypted, packet-based transport layer to an authenticated server.") (p "Following SSH-2 procedures, the client must initiate user authentication next using the procedures below."))
(def (sig (procedure " (userauth-publickey ssh user pk sk)" (id userauth-publickey))) (p "Tries to log in to " (tt "ssh") " using the public key (base64 string) and secret key (blob) provided. Returns " (tt "#t") " on successful login, " (tt "#f") " otherwise.") (p "It is an error to call this when " (tt "(ssh-user ssh)") " is already set."))
(def (sig (procedure " (userauth-password ssh user password)" (id userauth-password))) (p "Tries to log in to " (tt "ssh") " using the username and password provided. The password is not sent in cleartext. It is the user's responsibility to treat " (tt "password") " with the right amount of precaution.") (p "It is an error to call this when " (tt "(ssh-user ssh)") " is already set."))
(def (sig (procedure " (ssh-server public-key secret-key handler #!key (port 22022))" (id ssh-server))) (p "Listens on tcp port " (tt "port") " and, for each incoming connection, establishes an SSH session by authenticating itself using " (tt "public-key") " (blob) and " (tt "secret-key") " (blob) then calls " (tt "(handler ssh)") " in a new srfi-18 thread, where " (tt "ssh") " is an encrypted SSH server session.") (p "Following SSH-2 procedures, the server awaits user authentication. Therefore, the first thing " (tt "handler") " does is typically to call " (tt "userauth-accept") "."))
(def (sig (procedure " (userauth-accept ssh #!key publickey password banner)" (id userauth-accept))) (p "Authenticate the user incoming authentication request. The callbacks are as follows.") (ul (li (tt "publickey: (lambda (user type pk signed?) ...)") " Allow public key logins and deny access to users where this procedure returns " (tt "#f") ". Grant access otherwise. To save CPU power, servers may ask if " (tt "pk") " would be allowed before generating the actual signature. So this procedure may be called where " (tt "signed?") " is " (tt "#f") " before being called again where " (tt "signed?") " is " (tt "#t") ".") (li (tt "password: (lambda (user password) ...)") " Allow password login and deny access to users where this procedure returns " (tt "#f") ". Grant access otherwise. " (tt "users") " is string. " (tt "password") " is the plaintext password string.") (li (tt "banner: (lambda (user granted? pk) ...)") " Called when granting or denying " (tt "user") " access as " (tt "granted?") " indicates with " (tt "#t") " or " (tt "#f") ". Must returns a string or " (tt "#f") " for no banner. Note that clients may not display banners in the terminal. " (tt "pk") " is the public key of the user for publickey login attempts or " (tt "#f") " for password login attempts. The banner string should return a trailing newline.")) (p "Each callback may be called multiple times. Either " (tt "publickey") ", " (tt "password") " or both must be supplied."))
(def (sig (procedure " (channel-accept ssh)" (id channel-accept))) (p "Typically run by SSH servers. Blocks until the remote side requests to open a session channel to run a command. Returns a ssh channel object for the new channel."))
(def (sig (procedure " (channel-exec ssh cmd)" (id channel-exec))) (p "Typically run by SSH clients. Requests to open a session channel and run command " (tt "cmd") ". If remote side replies with success, returns a ssh " (tt "channel") " object. If remote side replies with failure, throws an error."))
(def (sig (procedure " (channel-command channel)" (id channel-command))) (p "Return the command string for " (tt "channel") ". As in " (tt "ssh -p 22022 localhost \"command string\"") " or " (tt "(channel-exec ssh \"command string\")") ". For interactive shell sessions, this returns " (tt "#f") "."))
(def (sig (procedure " (channel-read channel)" (id channel-read))) (p "Read the next data packet from " (tt "channel") ". Returns two values:") (ul (li "the data as a string") (li "the " (link "https://tools.ietf.org/html/rfc4254#section-5.2" "data type code") " which is " (tt "#f") " for normal data and a fixnum for extended data packets where 1 represents stderr.")) (p "The remote window size size is adjusted to stay between 1-2 MiB."))
(def (sig (procedure " (channel-write channel str #!optional extended)" (id channel-write))) (p "Sends a SSH data packet with " (tt "str") " to " (tt "channel") ". This respects the SSH-2 channel window size limitations and may therefore block waiting for window size adjustments. " (tt "extended") " may be supplied as " (tt "'stderr") " or a fixnum for extended data packets."))
(def (sig (procedure " (channel-eof channel)" (id channel-eof))) (p "Sends an SSH eof packet to " (tt "channel") ". This indicates that no more data will be sent, often resulting in the remote end initiating to close. Incoming data is unaffected."))
(def (sig (procedure " (channel-close channel)" (id channel-close))) (p "Closes " (tt "channel") " and also sends an SSH close packet unless " (tt "channel") " is already closed. It is an error to call " (tt "channel-write") " on a channel which is closed."))
(def (sig (procedure " (channel-input-port channel)" (id channel-input-port)) (procedure " (channel-output-port channel)" (id channel-output-port)) (procedure " (channel-error-port channel)" (id channel-error-port)) (procedure " (with-channel-ports channel thunk)" (id with-channel-ports)) (procedure " (with-channel-ports* channel thunk)" (id with-channel-ports*))) (p "Wrap channel calls into ports. " (tt "channel-input-port") " does " (tt "(channel-read channel)") " and ignores the extended data index, so it cannot distinguish between " (tt "stdout") " and " (tt "stderr") ". " (tt "channel-output-port") " does " (tt "(channel-write channel str)") " and " (tt "channel-error-port") " does " (tt "(channel-write ch 'stderr)") ".") (p (tt "with-channel-ports") " calls " (tt "thunk") " with " (tt "current-input-port") " and " (tt "current-output-port") " bound to " (tt "channels") "'s ports. " (tt "with-channel-ports*") " also wraps " (tt "current-error-port") ". This may sometimes cause problems as runtime errors are printed onto " (tt "channels") "'s stderr."))
(def (sig (procedure " (kexinit-start ssh)" (id kexinit-start))) (p "Explicitly demand renegotiation of keys. This blocks other senders until the key exchange process is complete. " (link "https://www.openssh.com/" "OpenSSH") " clients will initiate this after 1GiB of data."))
(def (sig (parameter " (ssh-log? #t)" (id ssh-log?)) (parameter " (ssh-log-payload? #f)" (id ssh-log-payload?))) (p "Tune logging verbosity with these parameters. Default values are shown above. " (tt "(ssh-log? #f)") " shuts off logging completely. " (tt "(ssh-log-payload? #t)") " turns on logging on parsed packet content which may be useful during SSH debugging."))
