{"id":19579756,"url":"https://github.com/wolfssl/wolfssh","last_synced_at":"2026-01-06T19:12:27.750Z","repository":{"id":18073148,"uuid":"21134745","full_name":"wolfSSL/wolfssh","owner":"wolfSSL","description":"wolfSSH is a small, fast, portable SSH implementation, including support for SCP and SFTP.","archived":false,"fork":false,"pushed_at":"2024-05-28T16:43:21.000Z","size":4325,"stargazers_count":349,"open_issues_count":9,"forks_count":86,"subscribers_count":34,"default_branch":"master","last_synced_at":"2024-05-29T07:50:01.942Z","etag":null,"topics":["c","cryptography","embedded","iot","iot-security","portable","scp","scp-example","scp-support","security","sftp","sftp-example","ssh","ssh-client","ssh-client-library","ssh-library","ssh-server","ssh-server-library","sshv2","wolfssl"],"latest_commit_sha":null,"homepage":"https://www.wolfssl.com","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wolfSSL.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2014-06-23T17:07:57.000Z","updated_at":"2024-05-30T20:27:05.818Z","dependencies_parsed_at":"2023-12-22T23:29:08.018Z","dependency_job_id":"52206900-1cf6-43a0-9b81-f983e8293655","html_url":"https://github.com/wolfSSL/wolfssh","commit_stats":null,"previous_names":[],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fwolfssh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fwolfssh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fwolfssh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wolfSSL%2Fwolfssh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wolfSSL","download_url":"https://codeload.github.com/wolfSSL/wolfssh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247399878,"owners_count":20932880,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","cryptography","embedded","iot","iot-security","portable","scp","scp-example","scp-support","security","sftp","sftp-example","ssh","ssh-client","ssh-client-library","ssh-library","ssh-server","ssh-server-library","sshv2","wolfssl"],"created_at":"2024-11-11T07:18:56.154Z","updated_at":"2026-01-06T19:12:27.744Z","avatar_url":"https://github.com/wolfSSL.png","language":"C","readme":"WOLFSSH\n=======\n\nwolfSSL's Embeddable SSH Server\n[wolfSSH Manual](https://www.wolfssl.com/docs/wolfssh-manual/)\n\ndependencies\n------------\n\n[wolfSSH](https://www.wolfssl.com/wolfssh/) is dependent on\n[wolfCrypt](https://www.wolfssl.com/download/), found as a part of\nwolfSSL. The following is the simplest configuration of wolfSSL to\nenable wolfSSH.\n\n    $ cd wolfssl\n    $ ./configure [OPTIONS] --enable-ssh\n    $ make check\n    $ sudo make install\n\nOn some systems the optional ldconfig command is needed after installing.\n\nTo use the key generation function in wolfSSH, wolfSSL will need to be\nconfigured with keygen: `--enable-keygen`.\n\nWhen using X.509 certificates for user authentication, wolfSSL must be\nbuilt with TLS enabled. wolfSSH uses wolfSSL's certificate manager system\nfor X.509, including OCSP lookups. To allow OCSP, add `--enable-ocsp` to the\nwolfSSL configure.\n\nIf the bulk of wolfSSL code isn't desired, wolfSSL can be configured with\nthe crypto only option: `--enable-cryptonly`.\n\nAdditional build options for wolfSSL are located in\n[chapter two](https://www.wolfssl.com/docs/wolfssl-manual/ch2/).\nof the wolfSSH manual.\n\n\nbuilding\n--------\n\nFrom the wolfSSH source directory run:\n\n    $ ./autogen.sh (if cloned from GitHub)\n    $ ./configure --with-wolfssl=[/usr/local]\n    $ make\n    $ make check\n\nThe `autogen.sh` script only has to be run the first time after cloning\nthe repository. If you have already run it or are using code from a\nsource archive, you should skip it.\n\nFor building under Windows with Visual Studio, see the file\n\"ide/winvs/README.md\".\n\nNOTE: On resource constrained devices the `DEFAULT_WINDOW_SZ` may need\nto be set to a lower size. It can also be increased in desktop use cases\nto help with large file transfers. By default channels are set to receive\nup to 128kB of data before sending a channel window adjust message. An\nexample of setting a window size for new channels would be as follows\n`./configure CPPFLAGS=\"-DDEFAULT_WINDOW_SZ=16384\"`\n\nFor 32bit Linux platforms you can add support for files \u003e 2GB by compiling\nwith `CFLAGS=-D_FILE_OFFSET_BITS=64`.\n\nexamples\n--------\n\nThe directory `examples` contains an echoserver that any client should\nbe able to connect to. From the terminal run:\n\n    $ ./examples/echoserver/echoserver -f\n\nThe option `-f` enables echo-only mode. From another terminal run:\n\n    $ ssh jill@localhost -p 22222\n\nWhen prompted for a password, enter \"upthehill\". The server will send a\ncanned banner to the client:\n\n    wolfSSH Example Echo Server\n\nCharacters typed into the client will be echoed to the screen by the\nserver. If the characters are echoed twice, the client has local echo\nenabled. The echoserver isn't being a proper terminal so the CR/LF\ntranslation will not work as expected.\n\nThe following control characters will trigger special actions in the\nechoserver:\n\n- CTRL-C: Terminate the connection.\n- CTRL-E: Print out some session statistics.\n- CTRL-F: Trigger a new key exchange.\n\n\ntesting notes\n-------------\n\nAfter cloning the repository, be sure to make the testing private keys\nread-only for the user, otherwise `ssh` will tell you to do it.\n\n    $ chmod 0600 ./keys/gretel-key-rsa.pem ./keys/hansel-key-rsa.pem \\\n                 ./keys/gretel-key-ecc.pem ./keys/hansel-key-ecc.pem\n\nAuthentication against the example echoserver can be done with a\npassword or public key. To use a password the command line:\n\n    $ ssh -p 22222 USER@localhost\n\nWhere the *USER* and password pairs are:\n\n    jill:upthehill\n    jack:fetchapail\n\nTo use public key authentication use the command line:\n\n    $ ssh -i ./keys/USER-key-TYPE.pem -p 22222 USER@localhost\n\nWhere the *USER* can be `gretel` or `hansel`, and *TYPE* is `rsa` or\n`ecc`.\n\nKeep in mind, the echoserver has several fake accounts in its\n`wsUserAuth()` callback function. (jack, jill, hansel, and gretel) When\nthe shell support is enabled, those fake accounts will not work. They\ndon't exist in the system's _passwd_ file. The users will authenticate,\nbut the server will err out because they don't exist in the system. You\ncan add your own username to the password or public key list in the\nechoserver. That account will be logged into a shell started by the\nechoserver with the privileges of the user running echoserver.\n\n\nEXAMPLE TOOLS\n=============\n\nwolfSSH comes packaged with a few example tools for testing purposes\nand to demonstrate interoperability with other SSH implementations.\n\n\nechoserver\n----------\n\nThe echoserver is the workhorse of wolfSSH. It originally only allowed one\nto authenticate one of the canned account and would repeat the characters\ntyped into it. When enabling [shell support](#shell-support), it can\nspawn a user shell. It will need an actual user name on the machine and an\nupdated user authentication callback function to validate the credentials.\nThe echoserver can also handle SCP and SFTP connections.\n\nThe echoserver tool accepts the following command line options:\n\n    -1             exit after a single (one) connection\n    -e             expect ECC public key from client\n    -E             use ECC private key\n    -f             echo input\n    -p \u003cnum\u003e       port to accept on, default 22222\n    -N             use non-blocking sockets\n    -d \u003cstring\u003e    set the home directory for SFTP connections\n    -j \u003cfile\u003e      load in a public key to accept from peer\n\n\nclient\n------\n\nThe client establishes a connection to an SSH server. In its simplest mode,\nit sends the string \"Hello, wolfSSH!\" to the server, prints the response,\nand then exits. With the pseudo terminal option, the client will be a real\nclient.\n\nThe client tool accepts the following command line options:\n\n    -h \u003chost\u003e      host to connect to, default 127.0.0.1\n    -p \u003cnum\u003e       port to connect on, default 22222\n    -u \u003cusername\u003e  username to authenticate as (REQUIRED)\n    -P \u003cpassword\u003e  password for username, prompted if omitted\n    -e             use sample ecc key for user\n    -i \u003cfilename\u003e  filename for the user's private key\n    -j \u003cfilename\u003e  filename for the user's public key\n    -x             exit after successful connection without doing\n                   read/write\n    -N             use non-blocking sockets\n    -t             use pseudo terminal\n    -c \u003ccommand\u003e   executes remote command and pipe stdin/stdout\n    -a             Attempt to use SSH-AGENT\n\n\nportfwd\n-------\n\nThe portfwd tool establishes a connection to an SSH server and sets up a\nlistener for local port forwarding or requests a listener for remote port\nforwarding. After a connection, the tool terminates.\n\nThe portfwd tool accepts the following command line options:\n\n    -h \u003chost\u003e      host to connect to, default 127.0.0.1\n    -p \u003cnum\u003e       port to connect on, default 22222\n    -u \u003cusername\u003e  username to authenticate as (REQUIRED)\n    -P \u003cpassword\u003e  password for username, prompted if omitted\n    -F \u003chost\u003e      host to forward from, default 0.0.0.0\n    -f \u003cnum\u003e       host port to forward from (REQUIRED)\n    -T \u003chost\u003e      host to forward to, default to host\n    -t \u003cnum\u003e       port to forward to (REQUIRED)\n\n\nscpclient\n---------\n\nThe scpclient, wolfscp, establishes a connection to an SSH server and copies\nthe specified files from or to the local machine.\n\nThe scpclient tool accepts the following command line options:\n\n    -H \u003chost\u003e      host to connect to, default 127.0.0.1\n    -p \u003cnum\u003e       port to connect on, default 22222\n    -u \u003cusername\u003e  username to authenticate as (REQUIRED)\n    -P \u003cpassword\u003e  password for username, prompted if omitted\n    -L \u003cfrom\u003e:\u003cto\u003e copy from local to server\n    -S \u003cfrom\u003e:\u003cto\u003e copy from server to local\n\n\nsftpclient\n----------\n\nThe sftpclient, wolfsftp, establishes a connection to an SSH server and\nallows directory navigation, getting and putting files, making and removing\ndirectories, etc.\n\nThe sftpclient tool accepts the following command line options:\n\n    -h \u003chost\u003e      host to connect to, default 127.0.0.1\n    -p \u003cnum\u003e       port to connect on, default 22222\n    -u \u003cusername\u003e  username to authenticate as (REQUIRED)\n    -P \u003cpassword\u003e  password for username, prompted if omitted\n    -d \u003cpath\u003e      set the default local path\n    -N             use non blocking sockets\n    -e             use ECC user authentication\n    -l \u003cfilename\u003e  local filename\n    -r \u003cfilename\u003e  remote filename\n    -g             put local filename as remote filename\n    -G             get remote filename as local filename\n\n\nSCP\n===\n\nwolfSSH includes server-side support for scp, which includes support for both\ncopying files 'to' the server, and copying files 'from' the server. Both\nsingle file and recursive directory copy are supported with the default\nsend and receive callbacks.\n\nTo compile wolfSSH with scp support, use the `--enable-scp` build option\nor define `WOLFSSH_SCP`:\n\n    $ ./configure --enable-scp\n    $ make\n\nFor full API usage and implementation details, please see the wolfSSH User\nManual.\n\nThe wolfSSH example server has been set up to accept a single scp request,\nand is compiled by default when compiling the wolfSSH library. To start the\nexample server, run:\n\n    $ ./examples/server/server\n\nStandard scp commands can be used on the client side. The following are a\nfew examples, where `scp` represents the ssh client you are using.\n\nTo copy a single file TO the server, using the default example user \"jill\":\n\n    $ scp -P 22222 \u003clocal_file\u003e jill@127.0.0.1:\u003cremote_path\u003e\n\nTo copy the same single file TO the server, but with timestamp and in\nverbose mode:\n\n    $ scp -v -p -P 22222 \u003clocal_file\u003e jill@127.0.0.1:\u003cremote_path\u003e\n\nTo recursively copy a directory TO the server:\n\n    $ scp -P 22222 -r \u003clocal_dir\u003e jill@127.0.0.1:\u003cremote_dir\u003e\n\nTo copy a single file FROM the server to the local client:\n\n    $ scp -P 22222 jill@127.0.0.1:\u003cremote_file\u003e \u003clocal_path\u003e\n\nTo recursively copy a directory FROM the server to the local client:\n\n    $ scp -P 22222 -r jill@127.0.0.1:\u003cremote_dir\u003e \u003clocal_path\u003e\n\n\nPORT FORWARDING\n===============\n\nwolfSSH provides support for port forwarding. This allows the user\nto set up an encrypted tunnel to another server, where the SSH client listens\non a socket and forwards connections on that socket to another socket on\nthe server.\n\nTo compile wolfSSH with port forwarding support, use the `--enable-fwd` build\noption or define `WOLFSSH_FWD`:\n\n    $ ./configure --enable-fwd\n    $ make\n\nFor full API usage and implementation details, please see the wolfSSH User\nManual.\n\nThe portfwd example tool will create a \"direct-tcpip\" style channel. These\ndirections assume you have OpenSSH's server running in the background with\nport forwarding enabled. This example forwards the port for the wolfSSL\nclient to the server as the application. It assumes that all programs are run\non the same machine in different terminals.\n\n    src/wolfssl$ ./examples/server/server\n    src/wolfssh$ ./examples/portfwd/portfwd -p 22 -u \u003cusername\u003e \\\n                 -f 12345 -t 11111\n    src/wolfssl$ ./examples/client/client -p 12345\n\nBy default, the wolfSSL server listens on port 11111. The client is set to\ntry to connect to port 12345. The portfwd logs in as user \"username\", opens\na listener on port 12345 and connects to the server on port 11111. Packets\nare routed back and forth between the client and server. \"Hello, wolfSSL!\"\n\nThe source for portfwd provides an example on how to set up and use the\nport forwarding support in wolfSSH.\n\nThe echoserver will handle local and remote port forwarding. To connect with\nthe ssh tool, using one of the following command lines. You can run either of\nthe ssh command lines from anywhere:\n\n    src/wolfssl$ ./examples/server/server\n    src/wolfssh$ ./examples/echoserver/echoserver\n    anywhere 1$ ssh -p 22222 -L 12345:localhost:11111 jill@localhost\n    anywhere 2$ ssh -p 22222 -R 12345:localhost:11111 jill@localhost\n    src/wolfssl$ ./examples/client/client -p 12345\n\nThis will allow port forwarding between the wolfSSL client and server like in\nthe previous example.\n\n\nSFTP\n====\n\nwolfSSH provides server and client side support for SFTP version 3. This\nallows the user to set up an encrypted connection for managing file systems.\n\nTo compile wolfSSH with SFTP support, use the `--enable-sftp` build option or\ndefine `WOLFSSH_SFTP`:\n\n    $ ./configure --enable-sftp\n    $ make\n\nFor full API usage and implementation details, please see the wolfSSH User\nManual.\n\nThe SFTP client created is located in the directory examples/sftpclient/ and\nthe example echoserver acts as a SFTP server.\n\n    src/wolfssh$ ./examples/sftpclient/wolfsftp\n\nA full list of supported commands can be seen with typing \"help\" after a\nconnection.\n\n\n    wolfSSH sftp\u003e help\n\n    Commands :\n        cd  \u003cstring\u003e                      change directory\n        chmod \u003cmode\u003e \u003cpath\u003e               change mode\n        get \u003cremote file\u003e \u003clocal file\u003e    pulls file(s) from server\n        ls                                list current directory\n        mkdir \u003cdir name\u003e                  creates new directory on server\n        put \u003clocal file\u003e \u003cremote file\u003e    push file(s) to server\n        pwd                               list current path\n        quit                              exit\n        rename \u003cold\u003e \u003cnew\u003e                renames remote file\n        reget \u003cremote file\u003e \u003clocal file\u003e  resume pulling file\n        reput \u003cremote file\u003e \u003clocal file\u003e  resume pushing file\n        \u003ccrtl + c\u003e                        interrupt get/put cmd\n\nAn example of connecting to another system would be\n\n    src/wolfssh$ ./examples/sftpclient/wolfsftp -p 22 -u user -h 192.168.1.111\n\n\nSHELL SUPPORT\n=============\n\nwolfSSH's example echoserver can now fork a shell for the user trying to log\nin. This currently has only been tested on Linux and macOS. The file\nechoserver.c must be modified to have the user's credentials in the user\nauthentication callback, or the user authentication callback needs to be\nchanged to verify the provided password.\n\nTo compile wolfSSH with shell support, use the `--enable-shell` build option\nor define `WOLFSSH_SHELL`:\n\n    $ ./configure --enable-shell\n    $ make\n\nTo try out this functionality, you can use the example echoserver and client.\nIn a terminal do the following to launch the server:\n\n    $ ./examples/echoserver/echoserver -P \u003cuser\u003e:junk\n\nAnd in another terminal do the following to launch the example client:\n\n    $ ./examples/client/client -t -u \u003cuser\u003e -P junk\n\nNote that `\u003cuser\u003e` must be the user name of the current user that is logged in.\n\nBy default, the echoserver will try to start a shell. To use the echo testing\nbehavior, give the echoserver the command line option `-f`.\n\n    $ ./examples/echoserver/echoserver -f\n\nTo use the shell feature with wolfsshd add `--enable-sshd` to your configure\ncommand and use the following command:\n\n    $ sudo ./apps/wolfsshd/wolfsshd -D -h keys/gretel-key-ecc.pem -p 11111\n\nIf it complains about a bad `sshd_config` file, simply copy it to another file\nand remove the offending line that it complains about and use the `-f` command\nline parameter to point to the new file.\n\nYou can then connect to the `wolfsshd` server with ssh:\n\n    $ ssh \u003cuser\u003e@localhost -p 11111\n\nNote that `\u003cuser\u003e` must be the user name of the current user that is logged in.\n\nCURVE25519\n==========\n\nwolfSSH now supports Curve25519 for key exchange. To enable this support simply\ncompile wolfSSL with support for wolfssh and Curve25519.\n\n    $ cd wolfssl\n    $ ./configure --enable-wolfssh --enable-curve25519\n\nAfter building and installing wolfSSL, you can simply configure with no options.\n\n    $ cd wolfssh\n    $ ./configure\n\nThe wolfSSH client and server will automatically negotiate using Curve25519.\n\n    $ ./examples/echoserver/echoserver -f\n\n    $ ./examples/client/client -u jill -P upthehill\n\nPOST-QUANTUM\n============\n\nwolfSSH now supports the post-quantum algorithm ML-KEM (formerly known as\nKyber). It uses the ML-KEM-768 parameter set and is hybridized with ECDHE over\nthe P-256 ECC curve.\n\nIn order to use this key exchange you must build and install wolfSSL on your\nsystem. Here is an example of an effective configuration:\n\n    $ ./configure --enable-wolfssh --enable-mlkem\n\nAfter that, simply configure and build wolfssh as usual:\n\n    $ ./configure\n    $ make all\n\nThe wolfSSH client and server will automatically negotiate using ML-KEM-768\nhybridized with ECDHE over the P-256 ECC curve.\n\n    $ ./examples/echoserver/echoserver -f\n\n    $ ./examples/client/client -u jill -P upthehill\n\nOn the client side, you will see the following output:\n\nServer said: Hello, wolfSSH!\n\nIf you want to see interoperability with OpenQauntumSafe's fork of OpenSSH, you\ncan build and execute the fork while the echoserver is running. Download the\nrelease from here:\n\n    https://github.com/open-quantum-safe/openssh/archive/refs/tags/OQS-OpenSSH-snapshot-2021-08.tar.gz\n\nThe following is sufficient for build and execution:\n\n    $ tar xmvf openssh-OQS-OpenSSH-snapshot-2021-08.tar.gz\n    $ cd openssh-OQS-OpenSSH-snapshot-2021-08/\n    $ ./configure --with-liboqs-dir=/usr/local\n    $ make all\n    $ ./ssh -o\"KexAlgorithms=mlkem768nistp256-sha256\" \\\n      -o\"PubkeyAcceptedAlgorithms +ssh-rsa\" \\\n      -o\"HostkeyAlgorithms +ssh-rsa\" \\\n      jill@localhost -p 22222\n\nNOTE: when prompted, enter the password which is \"upthehill\".\n\nYou can type a line of text and when you press enter, the line will be echoed\nback. Use CTRL-C to terminate the connection.\n\nCERTIFICATE SUPPORT\n===================\n\nwolfSSH can accept X.509 certificates in place of just public keys when\nauthenticating a user.\n\nTo compile wolfSSH with X.509 support, use the `--enable-certs` build option\nor define `WOLFSSH_CERTS`:\n\n    $ ./configure --enable-certs CPPFLAGS=-DWOLFSSH_NO_FPKI\n    $ make\n\nFor this example, we are disabling the FPKI checking as the included\ncertificate for \"fred\" does not have the required FPKI extensions. If the\nflag WOLFSSH_NO_FPKI is removed, you can see the certificate get rejected.\n\nTo provide a CA root certificate to validate a user's certificate, give the\nechoserver the command line option `-a`.\n\n    $ ./examples/echoserver/echoserver -a ./keys/ca-cert-ecc.pem\n\nThe echoserver and client have a fake user named \"fred\" whose certificate\nwill be used for authentication.\n\nAn example echoserver / client connection using the example certificate\nfred-cert.der would be:\n\n    $ ./examples/echoserver/echoserver -a ./keys/ca-cert-ecc.pem -K fred:./keys/fred-cert.der\n\n    $ ./examples/client/client -u fred -J ./keys/fred-cert.der -i ./keys/fred-key.der\n\nTPM PUBLIC KEY AUTHENTICATION\n=============================\n\nWhen using TPM for client side public key authentication wolfSSH has dependencies\non wolfCrypt and wolfTPM. Youll also need to have a tpm simulator\n[wolfTPM](https://www.wolfssl.com/products/wolftpm/)\n[wolfSSL](https://www.wolfssl.com/products/wolfssl/)\nYou'll need to build and configure wolfTPM, wolfSSL, and wolfSSH like so:\n\n    $ cd \u003cwolfSSL, wolfTPM, wolfSSH\u003e\n    $ ./autogen.sh (if cloned from GitHub)\n    $ \u003cConfiguration\u003e\n    $ make\n    $ make check\n\n    \u003cConfiguration\u003e\n    wolfSSL\n        $ ./configure --enable-wolftpm --enable-wolfssh\n    wolfTPM\n        $ ./configure --enable-swtpm\n    wolfSSH\n        $ ./configure --enable-tpm\n\nFor testing TPM with private rsa key you'll need to run the server from a TPM\nsimulator like `ibmswtpm2`. This can be done as followed:\n\n    $ cd src\n    $ ./tpm_server\n\nBefore starting the echoserver you need to run the keygen for keyblob\nusing the endorsment key in wolfTPM with the following commands:\nDefault password to `ThisIsMyKeyAuth`:\n\n    $ ./examples/keygen/keygen keyblob.bin -rsa -t -pem -eh\n\nCustom password:\n\n    $ ./examples/keygen/keygen keyblob.bin -rsa -t -pem -eh -auth=\u003ccustompassword\u003e\n\nThis will produce a key.pem TPM public key which needs to be converted the to\nthe ssh-rsa BASE64 username format using this command:\n\n    $ ssh-keygen -f key.pem -i -m PKCS8 \u003e ../wolfssh/key.ssh\n\nThe directory `examples` contains an echoserver that any client should\nbe able to connect to. From wolfSSH open two terminal instances and run the\nserver with the key.ssh file you created in the previous step:\n\n    $ ./examples/echoserver/echoserver -s key.ssh\n\nFrom another terminal run the client with the keyblob. Using primary endorsement key\nIf you used the default password for keygen you must specify the password:\n\n    $ ./examples/client/client -i ../wolfTPM/keyblob.bin -u hansel -K ThisIsMyKeyAuth\n\nIf you used a custom password for keygen you must specify the password you used:\n\n    $ ./examples/client/client -i ../wolfTPM/keyblob.bin -u hansel -K \u003ccustompassword\u003e\n\nWOLFSSH APPLICATIONS\n====================\n\nwolfSSH comes with a server daemon and a command line shell tool. Check out\nthe apps directory for more information.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fwolfssh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwolfssl%2Fwolfssh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwolfssl%2Fwolfssh/lists"}