SSH is pretty complicated, however you can start by reading the documentation available on https://github.com/apache/mina-sshd/ as it also contains references to various RFC(s) that specify components of the protocol. See also the various tests - especially SshServerMain, SftpServerMain, SshClientMain and ScpClientMain that demonstrate some of the capabilities and contain sample code of how to set up client/server-side code.
[https://avatars3.githubusercontent.com/u/47359?v=4&s=400]<https://github.com/apache/mina-sshd/> apache/mina-sshd<https://github.com/apache/mina-sshd/> github.com mina-sshd - Mirror of Apache MINA SSHD ________________________________ From: Emmanuel Lécharny <[email protected]> Sent: Thursday, September 21, 2017 12:28 PM To: [email protected] Subject: Re: Regarding MINA Project Le 20/09/2017 à 22:32, harmeet singh a écrit : > Hi,I was just exploring sshd project, could you provide me documentation of > this project. I would say all you can get is on the web site (http://mina.apache.org/sshd-project/index.html and http://mina.apache.org/sshd-project/documentation.html) If you want to see some samples on how to use it, check the samples : https://git-wip-us.apache.org/repos/asf?p=mina-sshd.git;a=tree;f=sshd-core/src/test/java/org/apache/sshd;h=f6e0e89724bc188797d39c53c61e61dd342a6ad1;hb=b737b07d251479dd186ce877cad5b0d13b9bb054 > I wanted to check dual authentication feature, looks like it support only > single authentication. I can't tell, but Lyor or Guillaume could answer. > Also could you please let me know if it can be used for production and is it > being patched regularly for security vulnerabilities, PCI compliance etc. We just released 1.6.0 two weeks ago. Patches are being applied regularly. Of course, this is OpenSource code, so if you find something wrong, feel free to participate. I'm pretty sure it's used in production, but again, we are just providing source code and packages (for convenience), people using it are not necesseraly coming back to us about what they use it for. FTR, Apache SSHD packages are being downloaded around 70 000 times per month, and growing (source : https://repository.apache.org/#central-stat) Regarding PCI compliance, I would say it's on you : due diligence is required on your side, as we have no idea what you are going to do with the project. Add to that it would require a huge amount of time if we were to check all teh aspects of PCI, time we don't have being volunteers. Again, I'll stress out the fact this is Open Source, we are not paid to write this code, we offer it to the community, up to the people using it to either participate or use it at will, but we aren't responsible for anything else. Hope it helps ! -- Emmanuel Lecharny Symas.com directory.apache.org
