SSHDaemon Component
Properties Methods Events Configuration Settings Errors
The SSHDaemon component is used to create Secure Shell (SSH) servers. The component handles multiple simultaneous connections on the same TCP/IP port (service port). It is designed to balance the load between connections for a fast, powerful server.
Syntax
nsoftware.IPWorksSSH.Sshdaemon
Remarks
The SSHDaemon component is the SSH-enabled equivalent of the IP*Works! IPDaemon component, extended by a set of new properties and events that deal with SSH security. The SSHCompressionAlgorithms and SSHEncryptionAlgorithms properties determine which protocols are enabled for the SSH handshake. The SSHCert property is used to select a certificate for the server (please note that a valid certificate MUST be selected before the server can function). The SSHUserAuthRequest event will allow you to use authenticate clients using digital certificates or passwords. Finally, the SSHStatus event provides information about the SSH handshake and underlying protocol notifications.
By default, each instance of SSHDaemon can handle up to 1000 simultaneous incoming connections (this number may be increased up to 100,000, or decreased to a lower value by using the MaxConnections configuration setting).
SSH connections are identified by a ConnectionId. Events relating to these connections as a whole will use the ConnectionId to identify the specific connection. Connections may also contained one or more multiplexed channels, which are identified by a ChannelId. Channel-level events will specify the ChannelId to which they relate.
SSHDaemon can start to listen on a port by setting the Listening property to True. When a remote host asks for a connection, the ConnectionRequest event is fired. At that point, the connection can either be accepted or rejected. If the connection is accepted, a ConnectionId is assigned, and communication can start. From this point on, the operation is very similar to SSHClient. Data can be sent to an individual SSHChannel using SendChannelData. The address and port of the incoming connection can be found by querying the RemoteHost and RemotePort properties.
Threading in Server Applications
In .NET, all socket-based components perform all socket IO through asynchronous methods. Each call consumes a thread from the system's thread pool, and thus the number of concurrent calls is limited to the number of worker threads returned by System.Threading.ThreadPool.GetMaxThreads. When using several components that can each create a socket connection or a single component that can create multiple socket connections, the application may enter a state where all of the pool threads are in use for receiving. In a scenario such as this, the remote hosts may be waiting for data from the application before sending, but the application cannot send that data because all the threads are tied up waiting for inbound data. This is particularly important for server applications that use a daemon component.
For example, say a server application 'S' has a max thread pool size of three, and clients 'A' and 'B' connect to it and each client uploads a large file. After all uploads are complete, 'S' enqueues an asynchronous read request in the thread pool for each client. Since there is no work being done, the thread pool immediately consumes two threads which wait for any further data from 'A' and 'B'. While 'S' is still processing the first two files it has received, client 'C' connects and uploads a relatively small file. Similarly, once that upload has completed 'S' enqueues a third read request, and the thread pool immediately consumes the third and final thread to wait for further data from 'C'. Once 'S' completes processing any of the files it will enqueue a send request. However, since all three threads are in use and waiting for data from the clients, the send operation cannot be completed. The entire system becomes deadlocked because each of the clients is waiting for data from the server, which cannot send that data since all of its pool threads are in turn waiting for data from the clients.
To avoid a deadlock situation such as this, it is necessary to ensure that the maximum number of socket connections an application can make is always at least one less than the number of available worker threads. One method to achieve this is to call System.Threading.ThreadPool.SetMaxThreads during the application's startup to set the maximum number of threads to a value high enough to support the application for the duration of its execution. Another option is to trap an event such as ConnectionRequest and Disconnected from each component instance with logic to manage the max thread pool size according to the application's current needs.
Property List
The following is the full list of the properties of the component with short descriptions. Click on the links for further details.
| Channels | A collection of currently open channels. |
| ConnectionBacklog | The maximum number of pending connections maintained by the TCP/IP subsystem. |
| Connections | A collection of currently connected SSH clients. |
| DefaultAuthMethods | Specifies the supported authentication methods. |
| DefaultTimeout | An initial timeout value to be used by incoming connections. |
| KeyboardInteractiveMessage | The instructions to send to the client during keyboard-interactive authentication. |
| KeyboardInteractivePrompts | A collection of prompts to present to the user for keyboard-interactive authentication. |
| Listening | If True, the component accepts incoming connections on LocalPort. |
| LocalHost | The name of the local host or user-assigned IP interface through which connections are initiated or accepted. |
| LocalPort | The TCP port in the local host where the component listens. |
| SSHCert | A certificate to be used during SSH negotiation. |
| SSHCompressionAlgorithms | A comma-separated list containing all allowable compression algorithms. |
| SSHEncryptionAlgorithms | A comma-separated list containing all allowable compression algorithms. |
Method List
The following is the full list of the methods of the component with short descriptions. Click on the links for further details.
| CloseChannel | Closes a existing SSHChannel . |
| Config | Sets or retrieves a configuration setting . |
| Disconnect | Disconnect the specified client. |
| DoEvents | Processes events from the internal message queue. |
| ExchangeKeys | Causes the component to exchange a new set of session keys on the specified connection. |
| GetSSHParam | Used to read a field from an SSH packet's payload. |
| GetSSHParamBytes | Used to read a field from an SSH packet's payload. |
| OpenChannel | Opens a new SSHChannel . |
| SendChannelData | Used to send regular data over an SSH channel. |
| SendSSHPacket | Used to send an encoded SSH packet to a connected client. |
| SetSSHParam | Used to write a field to the end of a payload. |
| Shutdown | Shuts down the server. |
Event List
The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.
| Connected | Fired immediately after a connection completes (or fails). |
| ConnectionRequest | Fired when a request for connection comes from a remote host. |
| Disconnected | Fired when a connection is closed. |
| Error | Information about errors during data delivery. |
| SSHChannelClosed | Fired when a channel is closed. |
| SSHChannelDataIn | Fired when data is received on an SSH channel. |
| SSHChannelEOF | Fired when the remote peer signals the end of the data stream for the channel. |
| SSHChannelOpened | Fired when a channel is successfully opened. |
| SSHChannelOpenRequest | Fired when a client attempts to open a new channel. |
| SSHChannelReadyToSend | Fired when the component is ready to send data. |
| SSHChannelRequest | Fired when the SSHHost sends a channel request to the client. |
| SSHChannelRequested | Fired if the SSHChannelRequest was successful, any further processing for the channel request should be done here. |
| SSHServiceRequest | Fired when a client requests a service to be started. |
| SSHStatus | Shows the progress of the secure connection. |
| SSHUserAuthRequest | Fires when a client attempts to authenticate a connection. |
Configuration Settings
The following is a list of configuration settings for the component with short descriptions. Click on the links for further details.
| MaxAuthAttempts | The maximum authentication attempts allowed before forcing a disconnect. |
| ServerSSHVersionString | The SSH version string sent to connecting clients. |
| UserAuthBanner[ConnectionId] | A custom user authentication banner. |
| KeyRenegotiationThreshold | Sets the threshold for the SSH Key Renegotiation. |
| SSHKeyExchangeAlgorithms | Specifies the supported key exchange algorithms. |
| SSHMacAlgorithms | Specifies the supported Mac algorithms. |
| BindExclusively | Whether or not the component considers a local port reserved for exclusive use. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| MaxConnections | The maximum number of connections available. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
| KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
| RecordLength[ConnectionId] | The length of received data records. |
| TcpNoDelay | Whether or not to delay when sending packets. |
| CodePage | The system code page used for Unicode to Multibyte translations. |