wolfSSH

wolfSSH
wolfSSH
Developer	John Safranek
Initial release	July 20, 2016
Stable release	1.5.0 / 20 April 2026
Written in	C language
Operating system	Multi-platform
Type	Security library
License	GPL-3.0-or-later or proprietary license
Website	www.wolfssl.com/products/wolfssh/
Repository	github.com/wolfSSL/wolfssh ;

wolfSSH is a small, portable, embedded SSH library targeted for use by embedded systems developers. It is an open-source implementation of SSH written in the C language. It includes SSH client libraries and an SSH server implementation. It allows for password and public key authentication.

Platforms

wolfSSH is currently available for Win32/64, Linux, macOS, Solaris, Threadx, VxWorks, FreeBSD, NetBSD, OpenBSD, embedded Linux, WinCE, Haiku, OpenWrt, iPhone (iOS), Android, Wii and GameCube through DevKitPro support, QNX, MontaVista, TRON variants (TRON/ITRON/μITRON), NonStop OS, OpenCL, Micrium's MicroC/OS-II, FreeRTOS, SafeRTOS, Freescale MQX, Nucleus, TinyOS, TI-RTOS, HP-UX, uTasker, embOS, PIC32, PikeOS, Green Hills INTEGRITY, and Zephyr.

Protocols

The wolfSSH SSH library implements the SSHv2 protocol for both client and server. It also includes support for Secure Copy (SCP), SSH File Transfer Protocol (SFTP), remote command execution, and port forwarding. X509 certificate support RFC 6187.^[3]

Algorithms

wolfSSH uses the cryptographic services provided by wolfCrypt.^[4] wolfCrypt Provides RSA, ECC, Diffie–Hellman, AES (CBC, GCM), Random Number Generation, Large Integer support, and base 16/64 encoding/decoding, and SHA-1, SHA-2, AES (GCM, CTR, CBC), X25519 and Ed25519, X448 and Ed448.

Key exchange

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha256
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group14-sha256
curve25519-sha256

Public key

ssh-rsa
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
ssh-ed25519
x509v3-ssh-rsa
x509v3-ecdsa-sha2-nistp256
x509v3-ecdsa-sha2-nistp384
x509v3-ecdsa-sha2-nistp521

Integrity

hmac-sha1
hmac-sha1-96
hmac-sha2-256

Encryption

aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm (OpenSSH compatible)

Post-Quantum

Supports hybrid post-quantum use with ML-KEM

Licensing

wolfSSH is open source and dual licensed under both the GNU GPL-3.0-or-later^[5] and commercial licensing.

References

↑ "wolfSSH ChangeLog". 8 August 2017.
↑ "Release 1.5.0". 20 April 2026. Retrieved 22 April 2026.
↑ Igoe, Kevin; Stebila, Douglas (March 2011). "X.509v3 Certificates for Secure Shell Authentication".
↑ wolfCrypt Usage Reference
↑ "Licensing Information". 27 June 2017. Archived from the original on 2021-08-18.

External links

wolfSSH Homepage

[wolfSSH-ChangeLog-1] "wolfSSH ChangeLog". 8 August 2017.

[wikidata-4c96786e49cbbef2357081b0519f692e6aae7d61-v20-2] "Release 1.5.0". 20 April 2026. Retrieved 22 April 2026.

[X.509v3-Certificates-for-Secure-Shell-Authentication-3] Igoe, Kevin; Stebila, Douglas (March 2011). "X.509v3 Certificates for Secure Shell Authentication".

[4] wolfCrypt Usage Reference

[5] "Licensing Information". 27 June 2017. Archived from the original on 2021-08-18.

[1]