SSHClient Class
Properties Methods Events Configuration Settings Errors
The SSHClient class provides client-side SSH protocol functionality.
Syntax
class secureblackboxlite.SSHClient
Remarks
Use SSHClient to establish terminal-like connections to remote systems and run commands remotely. The component supports most of third-party implementations out there, and is capable of working in "shell" and "command" modes.
Start with assigning your sign-in credentials to username and password properties. Where public key authentication is to be used, assign your private authentication key to key property (remember to set username in this case too). Subscribe to events to be notified of the session progress. on_auth_failed, on_auth_succeeded, and on_connect are among those particularly useful.
Special attention should be paid to setting up the server key trust. Class only allows connections to servers whose public keys are recognized as trusted, much like any other SSH clients do. Assign a path to the file containing the list of trusted keys to trusted_keys_file property. If you don't have such file, or if you would like to make trust decisions on the fly, subscribe to on_known_key_received and on_unknown_key_received events. These are fired whenever a trusted or untrusted key is received from the server. For unknown/untrusted keys, you need to set the Action parameter in your on_unknown_key_received event handler to catAcceptOnce (1) or catAcceptPermanently (2) for the connection to proceed.
Once you are all set up, you can go ahead by calling the connect method. This launches the SSH handshake and, if everything has been set up right, establishes a connection to the server. You can now use send and receive methods to exchange information with the server. You can exchange data in synchronous or asynchronous way; see the description in async_mode topic to learn more about each mode.
When you are done with the session, call disconnect to shut the connection down.
Hint: If you are only interested in a quick-and-dirty execution of a simple, non-interactive command, SSHClient offers a handy shortcut. connect_and_exec method is a self-contained mechanism which sets up a connection, performs the data exchange internally, and returns the command output. Please keep in mind that you still need to set up the server trust settings as described above for this method to work.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| async_mode | Controls the SSH clients mode of work. |
| auth_attempts | Specifies the number of SSH password authentication attempts. |
| commands | Specifies the list of commands to execute. |
| connected | Specifies whether the client is connected to the SFTP server. |
| conn_info_client_key_algorithm | Specifies the client's key algorithm. |
| conn_info_client_key_bits | Specifies the length of the client's key. |
| conn_info_client_key_fingerprint | The fingerprint (hash value) of the client's public key. |
| conn_info_close_reason | Contains the line sent by the server just before closing the connection. |
| conn_info_compression_algorithm_inbound | Compression algorithm for the incoming traffic. |
| conn_info_compression_algorithm_outbound | Compression algorithm for the outgoing traffic. |
| conn_info_encryption_algorithm_inbound | Encryption algorithm for the incoming traffic. |
| conn_info_encryption_algorithm_outbound | Encryption algorithm for the outgoing traffic. |
| conn_info_inbound_encryption_key_bits | Specifies the length of the key used to encrypt the incoming traffic. |
| conn_info_kex_algorithm | The key exchange algorithm used during the SSH handshake. |
| conn_info_kex_bits | The number of bits used by the key exchange algorithm. |
| conn_info_kex_lines | The contents of the received KexInit packet. |
| conn_info_mac_algorithm_inbound | MAC algorithm used for the incoming connection. |
| conn_info_mac_algorithm_outbound | MAC algorithm used for outbound connection. |
| conn_info_outbound_encryption_key_bits | Specifies the length of the key used to encrypt the outgoing traffic. |
| conn_info_public_key_algorithm | Specifies the public key algorithm which was used during the SSH handshake. |
| conn_info_server_key_bits | Specifies the number of bits in the server's key. |
| conn_info_server_key_fingerprint | The fingerprint (hash value) of the server's public key. |
| conn_info_server_software_name | Returns the name of the SSH software running on the server side. |
| conn_info_total_bytes_received | Returns the total number of bytes received over this connection. |
| conn_info_total_bytes_sent | Returns the total number of bytes sent over this connection. |
| conn_info_version | Specifies SSH protocol version. |
| exit_message | Contains the last commands exit message. |
| exit_signal | Contains the last commands exit signal. |
| exit_status | Contains the last commands exit status. |
| external_crypto_custom_params | Custom parameters to be passed to the signing service (uninterpreted). |
| external_crypto_data | Additional data to be included in the async state and mirrored back by the requestor. |
| external_crypto_external_hash_calculation | Specifies whether the message hash is to be calculated at the external endpoint. |
| external_crypto_hash_algorithm | Specifies the request's signature hash algorithm. |
| external_crypto_key_id | The ID of the pre-shared key used for DC request authentication. |
| external_crypto_key_secret | The pre-shared key used for DC request authentication. |
| external_crypto_method | Specifies the asynchronous signing method. |
| external_crypto_mode | Specifies the external cryptography mode. |
| external_crypto_public_key_algorithm | Provide public key algorithm here if the certificate is not available on the pre-signing stage. |
| key_fingerprint_sha1 | Contains the SHA-1 fingerprint (hash) of the key. |
| key_fingerprint_sha256 | Contains the SHA-256 fingerprint (hash) of the key. |
| key_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| password | Specifies user's password on the server. |
| proxy_settings_address | The IP address of the proxy server. |
| proxy_settings_authentication | The authentication type used by the proxy server. |
| proxy_settings_password | The password to authenticate to the proxy server. |
| proxy_settings_port | The port on the proxy server to connect to. |
| proxy_settings_proxy_type | The type of the proxy server. |
| proxy_settings_request_headers | Contains HTTP request headers for WebTunnel and HTTP proxy. |
| proxy_settings_response_body | Contains the HTTP or HTTPS (WebTunnel) proxy response body. |
| proxy_settings_response_headers | Contains response headers received from an HTTP or HTTPS (WebTunnel) proxy server. |
| proxy_settings_use_i_pv6 | Specifies whether IPv6 should be used when connecting through the proxy. |
| proxy_settings_use_proxy | Enables or disables proxy-driven connection. |
| proxy_settings_username | Specifies the username credential for proxy authentication. |
| server_key_algorithm | Specifies the key algorithm. |
| server_key_bits | The number of bits in the key: the more the better, 2048 or 4096 are typical values. |
| server_key_comment | The comment for the public key. |
| server_key_curve | Specifies the elliptical curve when EC cryptography is used. |
| server_key_dssg | The G (Generator) parameter of the DSS signature key. |
| server_key_dssp | The P (Prime) parameter of the DSS signature key. |
| server_key_dssq | The Q (Prime Factor) parameter of the DSS signature key. |
| server_key_dssx | The X (Private key) parameter of the DSS signature key. |
| server_key_dssy | The Y (Public key) parameter of the DSS signature key. |
| server_key_eccd | The value of the secret key (the order of the public key, D) if elliptic curve (EC) cryptography is used. |
| server_key_eccqx | The value of the X coordinate of the public key if elliptic curve (EC) cryptography is used. |
| server_key_eccqy | The value of the Y coordinate of the public key if elliptic curve (EC) cryptography is used. |
| server_key_ed_private | The value of the private key if EdDSA (Edwards-curve Digital Signature Algorithm) algorithm is used. |
| server_key_ed_public | The value of the public key if EdDSA (Edwards-curve Digital Signature Algorithm) algorithm is used. |
| server_key_fingerprint_md5 | Contains the MD5 fingerprint (hash) of the key. |
| server_key_fingerprint_sha1 | Contains the SHA-1 fingerprint (hash) of the key. |
| server_key_fingerprint_sha256 | Contains the SHA-256 fingerprint (hash) of the key. |
| server_key_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| server_key_is_extractable | Whether the key is extractable (e. |
| server_key_is_private | Whether this key is a private key or not. |
| server_key_is_public | Whether this key is a public key or not. |
| server_key_kdf_rounds | Returns the number of iterations of the Key Derivation Function (KDF) used to generate this key. |
| server_key_kdf_salt | The salt value used by the Key Derivation Function (KDF) to generate this key. |
| server_key_key_format | Specifies the format in which the key is stored. |
| server_key_key_protection_algorithm | Specifies the key protection algorithm. |
| server_key_rsa_exponent | Returns the e parameter (public exponent) of the RSA key. |
| server_key_rsaiqmp | Returns the iqmp parameter of the RSA key. |
| server_key_rsa_modulus | Returns the m parameter (public modulus) of the RSA key. |
| server_key_rsap | Returns the p parameter (first factor of the common modulus n) of the RSA key. |
| server_key_rsa_private_exponent | Returns the d parameter (private exponent) of the RSA key. |
| server_key_rsaq | Returns the q parameter (second factor of the common modulus n) of the RSA key. |
| server_key_subject | Specifies the public key owner (subject). |
| socket_dns_mode | Selects the DNS resolver to use: the class's (secure) built-in one, or the one provided by the system. |
| socket_dns_port | Specifies the port number to be used for sending queries to the DNS server. |
| socket_dns_query_timeout | The timeout (in milliseconds) for each DNS query. |
| socket_dns_servers | The addresses of DNS servers to use for address resolution, separated by commas or semicolons. |
| socket_dns_total_timeout | The timeout (in milliseconds) for the whole resolution process. |
| socket_incoming_speed_limit | The maximum number of bytes to read from the socket, per second. |
| socket_local_address | The local network interface to bind the socket to. |
| socket_local_port | The local port number to bind the socket to. |
| socket_outgoing_speed_limit | The maximum number of bytes to write to the socket, per second. |
| socket_timeout | The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful. |
| socket_use_i_pv6 | Enables or disables IP protocol version 6. |
| ssh_settings_auto_adjust_ciphers | Whether the SSH client should adjust its list of supported ciphers 'on-the-fly' for greater compatibility with the server it is connecting to. |
| ssh_settings_base_configuration | Allows to choose base configuration of SSH settings, tuned up for different purposes such as high security or higher compatibility. |
| ssh_settings_compression_algorithms | A list of session compression algorithms separated with commas or semicolons. |
| ssh_settings_compression_level | Possible values for the Compression Level range from 0 (minimum compression) to 9 (maximum compression). |
| ssh_settings_default_window_size | The SSH window size specifies how many bytes the client can send to the server in the command channel without obtaining pre-authorization for the further send from the server. |
| ssh_settings_encryption_algorithms | A list of session encryption algorithms separated with commas or semicolons. |
| ssh_settings_force_compression | Whether the SSH client should explicitly request compression. |
| ssh_settings_gss_auth_types | A comma-separated list of authentication types. |
| ssh_settings_gss_delegate_creds | Switches credential delegation on or off. |
| ssh_settings_gss_hostname | The GSS host name, in form of a FQDN (e. |
| ssh_settings_gss_lib | A path to the GSS-API library (DLL or SO). |
| ssh_settings_gss_mechanisms | A comma-separated list of GSS mechanisms to use. |
| ssh_settings_gss_protocols | A comma-separated list of SSPI protocols. |
| ssh_settings_handshake_timeout | Specifies the maximal time for the SSH handshake to proceed, in seconds. |
| ssh_settings_kex_algorithms | A list of key exchange algorithms separated with commas or semicolons. |
| ssh_settings_mac_algorithms | A list of MAC (for message authentication code ) algorithms separated with commas or semicolons. |
| ssh_settings_max_ssh_packet_size | Specifies the maximum length of one SSH packet in bytes. |
| ssh_settings_min_window_size | Specifies the minimal internal window size. |
| ssh_settings_obfuscate_handshake | Enables or disables handshake obfuscation. |
| ssh_settings_obfuscation_password | Specifies the password used to encrypt the handshake when ObfuscateHandshake is set. |
| ssh_settings_public_key_algorithms | A list of public key algorithms separated with commas or semicolons. |
| ssh_settings_request_password_change | Whether to request a password change when connecting. |
| ssh_settings_software_name | The name to be used by the class to identify itself. |
| ssh_settings_trust_all_keys | Enables or disables explicit trust to all server keys. |
| ssh_settings_use_auth_agent | Enables or disables the use of external key agent, such as Putty key agent. |
| ssh_settings_versions | Specifies enabled SSH protocol versions (1 or 2). |
| subsystem | Specifies the subsystem to request from the server. |
| terminal_cols | Specifies the width of the pseudoterminal, in characters. |
| terminal_environment | Specifies the list of environment variables. |
| terminal_eol_char | Specifies the End-of-Line character or sequence. |
| terminal_height | Specifies the height of the pseudoterminal, in pixels. |
| terminal_opcodes | Specifies the operation codes specific for the terminal. |
| terminal_protocol | The terminal protocol name. |
| terminal_request_pty | Specifies whether to request a pseudoterminal for the session. |
| terminal_rows | Specifies the height of the pseudoterminal, in lines. |
| terminal_width | Specifies the width of the pseudoterminal, in pixels. |
| trusted_keys_file | Path to the file containing public keys of authorized servers. |
| username | Specifies client's username on the server. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| config | Sets or retrieves a configuration setting. |
| connect | Establishes connection to an SSH server. |
| connect_and_exec | Connects to an SSH server and executes a command in one go. |
| disconnect | Closes connection to the SSH server. |
| ping | Sends a keep-alive request to the SSH server. |
| poll | Checks whether there is any inbound data readily available. |
| receive | Reads a portion of received data into a string. |
| receive_bytes | Reads a portion of received data into a byte array. |
| receive_bytes_from | Reads a portion of data received via a specific channel into a byte array. |
| receive_from | Reads a portion of data received via a specific channel into a string. |
| send | Sends a string to the server. |
| send_bytes | Sends an array of bytes to the server. |
| send_special | Sends a special character to the server or remote command. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_auth_attempt | Fires when a single authentication attempt is performed. |
| on_auth_failed | Fires when a single authentication attempt is failed. |
| on_auth_succeeded | Reports a successful authentication. |
| on_banner | Reports the receipt of the Hello message from the server. |
| on_command_completed | Signifies completion of the command execution. |
| on_command_start | Marks the commencement of a command execution. |
| on_connect | This event is fired when an SSH session has been established. |
| on_data_received | Reports receipt of another chunk of data from the server. |
| on_data_sent | Notifies the application that a piece of data has been sent to the server. |
| on_disconnect | This event is fired when the SFTP subsystem connection is closed. |
| on_error | Information about errors during SFTP connection. |
| on_external_sign | Handles remote or external signing initiated by the SignExternal method or other source. |
| on_known_key_received | This event is fired when a known SSH key is received from the server. |
| on_notification | This event notifies the application about an underlying control flow event. |
| on_password_change_request | This event is fired when a password change is requested. |
| on_private_key_needed | This event is fired when client's public key was accepted by the server, but the corresponding secret key is not available. |
| on_unknown_key_received | This event is fired when an unknown SSH key is received from the server. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| BlockSize | The data block size. |
| ErrorOrigin | Specifies whether the error is local or remote. |
| ErrorSeverity | Specifies whether the error is fatal. |
| LocalCharset | Charset used on the client machine. |
| RemoteCharset | Charset used on the server. |
| SendCommandEOF | Defines whether EOF control character should be sent after the command data. |
| ThrottleControl | Enables or disables throttle control for the connection. |