The wolfSSH library is a lightweight SSHv2 client and server library written in ANSI C and targeted for embedded, RTOS, resource-constrained, and IoT environments – primarily because of its small size, speed, and feature set. It is commonly used in standard operating environments as well because of its royalty-free pricing and excellent cross platform support. wolfSSL supports the industry standard SSH v2.

wolfSSH is powered by the wolfCrypt library. wolfCrypt is FIPS 140-2 and Level 1 validated, with certificate #3389 & will be the first FIPS 140-3 certified.

wolfSSH is built for maximum portability, and is generally very easy to compile on new platforms. If your desired platform is not listed under the supported operating environments, please contact wolfSSL Inc.

wolfSCP and wolfSFTP can be a complement to wolfBoot for software updates. A file system is not needed. With callbacks, firmware may be written to flash directly.


  • SSH v2.0 (client and server)
  • SCP and SFTP support
  • Port forwarding support
  • Minimum size of 33kb
  • Runtime memory usage between 1.4 and 2kb, not including the configurable receive buffer

Multiple Hashing Functions:

  • SHA-1, SHA-2 (SHA-256, SHA-384, SHA-512), SHA-3 (SHA3-256, SHA3-384, SHA3-512), BLAKE2b

Block and AEAD Ciphers:

  • AES (CBC, CTR, GCM, CCM), Camellia

Public Key Options:

  • ECC Support (NIST curves P-256, P-384, P-521,) ECDH, ECDSA, ECDHE
  • Curve25519 and Ed25519
  • Custom or new EC curves
  • Client authentication support (RSA or ECC key, password)
  • SCP and SFTP support
  • Simple API
  • PEM and DER certificate support
  • Includes a MS Visual Studio solution to simplify SSH usage on Windows
  • Hardware crypto support

AES-NI, Cavium, STM32, Kinetis, PIC32, Intel AVX1/2, RDRAND, RDSEED, Cavium NITROX support, STM32F2/F4 hardware crypto support, Freescale CAU / mmCAU / SEC, Microchip PIC32MZ, support for MPLAB Harmony on PIC32

  • FIPS 140-2 & FIPS 140-3 validated cryptography library with wolfCrypt.