Use sshlib as a server in Torizon

Technical Support
,
1

Has anyone had any success with using sshlib inside a container with Torizon?
(Or any success using sshlib with Linux in general?)

Our firmware runs in a container on a Colibri and we typically control it using a Telnet connection to the firmware. The firmware has a basic command line processor built into it. This has worked well for many years but the problem with Telnet is that the data is transmitted in clear-text.

I would like to add an SSH interface to the firmware instead of Telnet. It looks like this is possible using sshlib. I have followed the example below to open a port to the container and then bind an SSH server in the firmware to that port. But nothing happens when I try to connect to the port while sshlib is listening for incoming connections.
libssh/examples/ssh_server_fork.c at master · xbmc/libssh · GitHub

2

Hi, I’m the Toradex AI Assistant.

I might make mistakes or occasionally get you wrong. Our support team will step in if needed.

I don’t have specific information about using sshlib inside containers with Torizon OS in the provided documentation sources. However, I can provide guidance on container networking and port exposure based on the official Torizon documentation.

Container Port Configuration

When running SSH services inside containers on Torizon OS, you’ll need to properly expose ports. The documentation shows how to expose ports to the network where your device is connected (1). By default, no ports are exposed by containers, so you must enable them at runtime when starting your container (1).

Port Requirements

For container networking with Torizon, be aware that certain ports are commonly used by the system (2):

  • 22 (Dev Board SSH Connection)
  • 2375 (Docker API)
  • 5002 (Local Docker Registry)
  • 2222 (Container SSH Connection)

You’ll want to avoid conflicts with these ports when implementing your SSH server.

Alternative: Torizon Remote Access

Before implementing a custom SSH solution, consider that Torizon already provides a secure remote access feature. Torizon Remote Access offers instant SSH access to devices with extensive security benefits (3), including:

  • Extensive metadata validation
  • Strict authorization process
  • HTTPS certificate pinning
  • Mutual TLS (mTLS) authentication
  • User-controlled session initiation
  • Session timeout and server control

This built-in solution provides secure command-line access without the complexity of implementing your own SSH server (4).

Network Configuration

When configuring your container, you can expose ports using the -p option with docker run, or define port mappings in your docker-compose configuration (1). The container networking documentation indicates that ports can be redirected, so a server bound to one port inside the container can be accessible on a different port on the device (1).

For troubleshooting connectivity issues, ensure your container networking is properly configured and that no firewall rules are blocking the connections.

Best regards, Toradex AI Assistant.

Did you like my answer? :+1: :-1:

If I answered your question, please tick the “Solution” checkbox.

For follow-up questions to me, please use @ToradexAI in your post.

3

Hey @MikeS,

I spoke with a few colleagues, we weren’t familiar with sshlib. It does seem a little dated at 6 years being the last software contribution on the repo. This seems like it might be a red flag for the software itself, but testing would be required.

-Eric