第第頁(yè)利用OpenSSH建立自己的安全通道cc2.96

3.2用ssh命令建立SSH通道

[jack@mypcsshtest]$ssh-L4001:localhost:4017jack@

Lastlogin:TueAug719:05:10from

3.3本地程序清單（sshcall.c）

#include

#include

#include

#include

#include

intmain(intargc,char*argv[])

{

intfd;

structsockaddr_inaddress;

intaddress_len;

intrtval;

charserver_ip[20]="";

shortintport=4001;

charsendbuf[100];

charrecvbuf[100];

intlen;

/*創(chuàng)建套接字句柄*/

fd=socket(PF_INET,SOCK_STREAM,0);

/*配置將要連接的socket到本地端口4001*/

address.sin_family=PF_INET;

address.sin_addr.s_addr=inet_addr(server_ip);

address.sin_port=htons(port);

address_len=sizeof(address);

/*嘗試連接到遠(yuǎn)程端口，實(shí)際上通過(guò)了SSH的轉(zhuǎn)發(fā)*/

rtval=connect(fd,(structsockaddr*)address,address_len);

if(rtval==-1)exit(1);

/*發(fā)送一個(gè)字符串*/

strcpy(sendbuf,"Hello!Server.");

send(fd,sendbuf,strlen(sendbuf),0);

printf("\nDatasendout!");

/*等待服務(wù)器應(yīng)答*/

len=recv(fd,recvbuf,100,0);

printf("\nDatafromserver:%s",recvbuf);

/*再等待服務(wù)器的另一個(gè)字符串*/

len=recv(fd,recvbuf,100,0);

printf("\nDatafromserver:%s",recvbuf);

/*關(guān)閉socket*/

close(fd);

return0;

}

3.4遠(yuǎn)程服務(wù)程序清單（sshlisten.c）

#include

#include

#include

#include

intmain(intargc,char*argv[])

{

intfd;

intaddress_len;

structsockaddr_inaddress;

/*創(chuàng)建套接字句柄*/

fd=socket(PF_INET,SOCK_STREAM,0);

/*配置socket到本地4011端口*/

address.sin_family=PF_INET;

address.sin_addr.s_addr=htonl(INADDR_LOOPBACK);

address.sin_port=htons(4011);

address_len=sizeof(address);

bind(fd,(structsockaddr*)address,address_len);

/*監(jiān)聽(tīng)端口并只允許一個(gè)連接在監(jiān)聽(tīng)隊(duì)列中*/

listen(fd,5);

while(1)

{

structsockaddr_inclient_address;

intlen,datalen;

intclient_sockfd;

char*answer="OK";

char*answer_quit="QUIT";

char*client_end="END";

chardata[100];

char*client_ip;

printf("waiting...");

fflush(stdout);

/*等待客戶(hù)機(jī)的連接*/

len=sizeof(client_address);

client_sockfd=accept(fd,(structsockaddr*)client_address,

(int*)len);

/*打印出實(shí)際連接在服務(wù)器上所看到的網(wǎng)絡(luò)地址及端口*/

client_ip=inet_ntoa(client_address.sin_addr);

printf("\nClientIPaddressis%s,onport%d.",client_ip,

(int)client_address.sin_port);

/*從客戶(hù)機(jī)讀取數(shù)據(jù)*/

datalen=recv(client_sockfd,data,100,0);

if(datalen0)data[datalen]='\0';

printf("\nClientdatais:%s",data);

/*連續(xù)發(fā)送兩個(gè)字符串*/

send(client_sockfd,answer,strlen(answer),0);

send(client_sockfd,answer_quit,strlen(answer_quit),0);

/*關(guān)閉socket，結(jié)束這個(gè)連接*/

close(client_sockfd);

printf("\n");

}

return0;

}

3.5應(yīng)用示例說(shuō)明

將上述兩個(gè)程序例子分別在客戶(hù)機(jī)和服務(wù)器上運(yùn)行，sshlisten在遠(yuǎn)程服務(wù)器端運(yùn)行，sshcall在客戶(hù)端運(yùn)行，讀者可以自行驗(yàn)證結(jié)果。注意觀察在服務(wù)器上sshlisten輸出的連接信息，以加深對(duì)端口轉(zhuǎn)發(fā)的理解。

4、OpenSSH資源

OpenSSH的rpm下載：

/pub/OpenBSD/OpenSSH/portable/rpm/RH71/

openssh-2.9p2-1.i386.rpm

openssh-askpass-2.9p2-1.i386.rpm

openssh-askpass-gnome-2.9p2-1.i386.rpm

openssh-clients-2.9p2-1.i386.rpm

openssh-server-2.9p2-1.i386.rpm

OpenSSH的源程序下載：

/pub/OpenBSD/OpenSSH/portable/

openssh-2.9p2.tar.gz

README

INSTALL

TODO

UPGRADING

OpenSSH的使用手冊(cè)查閱：/manual.html

SSH基本協(xié)議的資源（可以在網(wǎng)站查詢(xún)""關(guān)鍵字得到更多）：

1.SSHProtocolArchitecture

/internet-drafts/draft-ietf-secsh-architecture-09.txt

2.SSHAuthenticationProtocol

/internet-drafts/draft-ietf-secsh-userauth-11.txt

3.SSHConnectionProtocol

/internet-drafts/draft-ietf-secsh