My Google Summer of Code (GSoC) Experience with libssh
(Enable support for OpenSSH connection multiplexing in libssh)
GSoC 2023
Google Summer of Code (GSoC) is an incredible opportunity for students to work on open-source projects under the mentorship of experienced developers. This year, I had the privilege of participating in GSoC with libssh, a powerful C library for implementing the SSH protocol. The entire experience has been both rewarding and enlightening, allowing me to contribute to a widely used project and gain invaluable skills along the way.
libssh
Before diving into the details of my experience, it’s important to understand what libssh is all about. Libssh is an open-source library that enables developers to incorporate SSH functionalities into their applications. SSH (Secure Shell) is a widely used cryptographic network protocol for secure remote login, remote command execution, and other secure network services. With libssh, developers can easily establish secure communication channels and perform secure file transfers using the SSH protocol.
My project
(Enable support for OpenSSH connection multiplexing in libssh)
SSH multiplexing is the ability to carry multiple SSH sessions over a single TCP connection. Re-using an existing outgoing TCP connection for multiple concurrent SSH sessions to a remote SSH server, avoids the overhead of creating a new TCP connection and reauthenticating each time. The goal of this project was to integrate OpenSSH’s connection multiplexing feature into the libssh library, thereby providing users with the ability to efficiently manage multiple SSH sessions using a single connection.
The project’s scope included handling the ssh configuration options to enable the connection multiplexing, creating a mux (multiplexing) client to connect to an existing mux server and also setting up a mux server from within libssh to support other mux clients.
To grasp the concept of SSH multiplexing, it’s essential to understand the roles of a mux client and a mux server:
mux client: A mux client is an SSH client that supports connection multiplexing. It’s responsible for connecting to an existing mux server using the mux protocol and sending commands to the mux server like opening a session.
mux server: A mux server is a component that enables the establishment of multiple SSH sessions over a single TCP connection. It acts as a central hub, receiving incoming requests for new SSH sessions and intelligently routing them to the appropriate destinations. This eliminates the need for redundant connection setups and authentication processes, leading to improved performance and reduced latency.
My approach
To begin with, I had to introduce the support for the multiplexing options like ControlMaster and ControlPath which are used to establish the multiplexing setup. These options are essential for setting up the multiplexing infrastructure. The ControlMaster option specifies whether to enable connection multiplexing, and the ControlPath option defines the path to the control socket on which the mux server is supposed to be listening for mux clients.
Here’s the link to the first Merge Request for the options and config setup: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/376 [merged]
After that I started working on the client side to utilize an existing OpenSSH mux server and connect to the server through that. If you’re connecting to a mux server you don’t have to go through the whole connection procedure of managing the encryption algorithms or the authentication to the server as it is handled by the master connection. So that whole connection procedure is just bypassed if we encounter an existing mux server instead we connect to it. After that all the requests of the client are handled by the mux server like opening a session.
The client side implementation was drafted in the Merge Request https://gitlab.com/libssh/libssh-mirror/-/merge_requests/396 [not up-to-date | draft]
It included checking for an existing mux server and if found, connect to it. Then following the mux protocol of hello exchange and checking if the server is alive and opening a session.
The server implementation along with the client side implementation was pushed in the final Merge Request https://gitlab.com/libssh/libssh-mirror/-/merge_requests/401 [final submission]
It includes a local implementation of the mux server within libssh. It sets up a socket if the user wants to which listens to other clients trying to connect following the mux protocol defined by OpenSSH. For now the procedure is handled by the user who calls the setup function from within a libssh client program to make it a mux server after connecting and authenticating to a remote ssh server.
Challenges
Over the course of my project I faced many challenges. The beginning of the project got quite slow due to the completely different nature of implementations between OpenSSH and libssh which required me to adapt different techniques to overcome these obstacles.
libssh provides users granular control over the SSH protocol steps like opening a channel, requesting a shell, etc. But the OpenSSH implementation is quite abstract and combines many steps into one. So to port a feature like multiplexing to libssh required me to break down those steps and implement it in such a way that the existing API could work flawlessly without many changes.
Conclusion
Participating in GSoC with libssh has been an enriching experience that has provided me with a deeper understanding of SSH protocols, secure network communication, and open-source development practices. The project challenged me to step out of my comfort zone, learn new technologies, and collaborate effectively within a team. It also allowed me to contribute to a project that has a real-world impact and a vibrant community.
I would like to express my sincere gratitude to my mentors and the libssh community for their unwavering support and guidance throughout this journey. GSoC has not only been a learning experience but also a stepping stone toward becoming a better developer. I look forward to continuing my involvement with open-source projects and exploring new opportunities to contribute to the software development community.