Uncategorized

28 posts

Wrapping up GSoC 2024

This year marked the third time our libssh organization took part in the Google Summer of Code (GSoC) program. We mentored two students, Gauravsingh Sisodia and Francesco Rollo. Both students successfully completed the program and performed exceptionally well. Below, we will provide a summary of their projects and the outcomes they achieved.

Implement GSSAPI Key Exchange and Improve Testing

This project was proposed and implemented by Gauravsingh Sisodia. As part of this project he achieved these goals:

1. Setting up Kerberos in a test environment

Automated tests were added for libssh’s “gssapi-with-mic” authentication method, which lacked prior coverage. Kerberos KDC setup was automated using cwrap wrappers, and tests were written to verify client-server interactions between libssh and OpenSSH. Additionally, memory leaks were fixed, and server callbacks were properly configured.

2. Implementing GSSAPI Key Exchange

GSSAPI Key Exchange (RFC 4462) was implemented for both the libssh client and server. Tests were conducted against OpenSSH and libssh clients, and generic GSSAPI functions were created to reduce code duplication. The “gssapi-keyex” method was added, along with support for the SSH2_MSG_KEXGSS_HOSTKEY message on the libssh server.
Testing for GSSAPI Authentication MR was already merged in the 0.11.0 release. Implementing GSSAPI Key Exchange MR is a work in progress. It will be merged once the “null” hostkey algorithm is fully implemented and documentation is further improved.
Gaurav’s work has been summarized in detail in his blog.

Support for OpenSSH certificates

This project was implemented by Francesco Rollo. The project aimed to enhance libssh’s limited pre-existing support for certificates, enabling better host and user authentication. Francesco’s work included implementing configuration options for both the client and server, parsing certificate fields, and building a robust certificate validation mechanism. These efforts improved libssh’s interoperability with OpenSSH certificates, making it more viable for organizations seeking improved SSH security.
His work for the program are implemented in the following MRs – #493, #500, #527
Future work includes finalizing the merge of the code and continuing contributions to the libssh project. Key areas of focus will be implementing Key Revocation List (KRL) control and developing a certificate generation feature. Francesco plans to stay actively involved in maintaining the libssh codebase and supporting the open-source community.
Francesco’s work has been summarized in detail in his blog.

Participation in GSoC Mentor Summit

For the first time, we also attended the GSoC Mentor Summit (October 4th to 6th in Sunnyvale). Our delegate was Jakub, who is driving the libssh participation in GSoC since the first year and overseeing the project in both Org Admin and Mentor roles. We had the opportunity to engage with fellow mentors and organization admins, exchange insights, and gain valuable perspectives on open-source mentoring as well as how the program is managed in other organizations. The summit provided a great platform for networking and learning, contributing to our ongoing efforts to enhance both mentorship within the organization and student experience.

Summary

This summer, we collaborated with two students on two exciting projects that could benefit our libssh users. Some of PRs need some minor changes and the features haven’t been released yet, we aim to finalize them soon. If you find this work interesting and have any feedback or ideas for future projects, or if you’d like to contribute down the line, please let us know.
We want to take this opportunity to thank our students for their participation, Eshan, Jakub and Sahana for their mentorship, the libssh community for their feedback and ideas, and of course, Google for organizing this program!