SFTP Configuration

The component accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

SFTP Configuration Settings


	AllowBackslashInName: Whether backslashes are allowed in folder and file names. By default the backslash character is treated as a path separator and is not allowed in file and folder names. When this configuration setting is set to True, backslashes "\" are allowed in file and folder names, and are not supported as path separators. The default value is False.
	DisableRealPath: Controls whether or not the SSH_FXP_REALPATH request is sent. This configuration setting can be used to skip sending the SSH_FXP_REALPATH request, which asks the server to canonicalize the value in RemotePath to an absolute path. The default value is false, which will cause the component to send the request normally. If set to true, component will not send the SSH_FXP_REALPATH packet and will use the value in RemotePath directly.
	FiletimeFormat: Specifies the format to use when returning filetime strings. If specified, the component will use this value to format the filetime string returned through the DirList event. If no format is specified, the component will format the date dependent on the year. If the filetime is in the same year, it will be formatted as "MMM dd HH:mm", otherwise it will be formatted as "MMM dd yyyy".
	FileMaskDelimiter: Specifies a delimiter to use for setting multiple file masks in the RemoteFile property. If specified, the RemoteFile property will be split into separate masks based on the chosen delimiter. The default is "", which will cause the RemoteFile property to be treated as a single value. When using multiple masks, any files that match one or more of the masks will be downloaded. For example, setting FileMaskDelimiter to "," and setting RemoteFile to ".txt, .csv" will download all files ending in .txt or .csv.
	IgnoreFileMaskCasing: Controls whether or not the file mask is case sensitive. This applies to the file mask value specified by the RemoteFile property. The default value is true. If set to false, the file mask will be case sensitive.
	LocalEOL: When TransferMode is set, this specifies the line ending for the local system. This setting is only applicable when TransferMode is set to 1 (ASCII). The default value is a CrLf character sequence. When uploading or downloading this value will be compared to ServerEOL. If ServerEOL and LocalEOL are different, the line endings in the file being transferred will be converted to the line endings used by the destination. Line endings will be converted to the value in LocalEOL when downloading. Line endings will be converted to the value in ServerEOL when uploading. If ServerEOL and LocalEOL are the same, no conversion takes place. The value supplied to this setting must be quoted. For instance: component.Config("LocalEOL=\"" + myEOLSequence + "\""); Where myEOLSequence is a Cr, Lf, or CrLf character sequence. Conversion will only happen when TransferMode is set to 1 (ASCII) and ServerEOL and LocalEOL are different.
	ServerEOL: When TransferMode is set, this specifies the line ending for the remote system. This setting is only applicable when TransferMode is set to 1 (ASCII). The default value is a CrLf character sequence. When uploading or downloading this value will be compared to LocalEOL. If ServerEOL and LocalEOL are different, the line endings in the file being transferred will be converted to the line endings used by the destination. Line endings will be converted to the value in LocalEOL when downloading. Line endings will be converted to the value in ServerEOL when uploading. If ServerEOL and LocalEOL are the same, no conversion takes place. The value supplied to this setting must be quoted. For instance: component.Config("ServerEOL=\"" + myEOLSequence + "\""); Where myEOLSequence is a Cr, Lf, or CrLf character sequence. Conversion will only happen when TransferMode is set to 1 (ASCII) and ServerEOL and LocalEOL are different.
	MaskSensitive: Masks passwords in logs. The default value is false. When set to true the component will mask passwords that would otherwise appear in its logs.
	MaxFileData: Specifies the maximum payload size of an SFTP packet. While the SSH specification requires servers and clients to support SSH packets of at least 32000 bytes, some server implementations limit packet size to smaller values. MaxFileData provides a means by which the user can specify the maximum amount of data that can be put into an SFTP packet so that the component can communicate effectively with these servers. If you are having difficulty when uploading to a server, try setting MaxFileData size to a value smaller than 32000. Most servers that use smaller values will use a maximum SSH packet size of 16KB (16384). In order to most efficiently communicate with such servers, MaxFileData size should be set to 14745. The default value is 32768.
	ProtocolVersion: The highest allowable SFTP version to use. This governs the highest allowable SFTP version to use when negotiating the version with the server. The default value is 3 as this is the most common version. The component supports values from 3 to 6. It is recommended to use the default value of 3 unless there is a specific reason a higher version is needed.
	PreserveFileTime: Preserves the file's timestamps during transfer. If set to True, the component will preserve the file's timestamps during transfer. This is applicable to both uploads and downloads. The default value is False.
	TransferMode: The transfer mode (ASCII or Binary). The value 0 represents Binary and the value 1 represents ASCII. If the value is 0 (default), the initial server mode will be used. When this value is set to 1 (ASCII) the component will use the values specified in LocalEOL and ServerEOL to convert line endings as appropriate. Note: When this value is set to 1 (ASCII) and ProtocolVersion is set to 4 or higher the component will automatically determine the value for ServerEOL if the server supports the "newline" protocol extension.
	UseServerFileTime: Controls if the file time returned from the server is converted to local time or not. If set to false the component will return the filetime as the system's local time, otherwise it will return with the time as it is reported by the server.
	ReadLink: This settings returns the target of a specified symbolic link. This setting returns the target of the specified symbolic link. To use the setting, pass the remote path and file name of the symbolic link.
	RealTimeUpload: Enables real time uploading. When this value is set to "True" the component will upload the data in the file specified by LocalFile and continue monitoring LocalFile for additional data to upload until no new data is found for RealTimeUploadAgeLimit seconds. This allows you to start uploading a file immediately after the file is created and continue uploading as data is written to the file. The default value is "False".
	RealTimeUploadAgeLimit: The age limit in seconds when using RealTimeUpload. This value is only applicable when RealTimeUpload is set to "True". This specifies the number of seconds for which the component will monitor LocalFile for new data to upload. If this limit is reached and no new data is found in LocalFile the upload will complete. The default value is "1".
	SimultaneousTransferLimit: The maximum number of simultaneous file transfers. This setting specifies the maximum number of simultaneous file transfers. This is used when processing files added to the transfer queue by QueueFile. The default value is "5".
	TransferredDataLimit: Specifies the maximum number of bytes to download from the remote file. This setting specifies the maximum number of bytes which should be downloaded from the current RemoteFile when Download is called. The component will stop downloading data if it reaches the specified limit, or if there is no more data to download. This setting can be used in conjunction with the StartByte property in order to download a specific range of data from the current RemoteFile.

SSHClient Configuration Settings

ClientSSHVersionString: The SSH version string used by the component.

This configuration setting specifies the SSH version string used by the component. The default value is "SSH-2.0-IP*Works! SSH Client 2016".

SSHVersionPattern: The pattern used to match the remote host's version string.

This configuration setting specifies the pattern used to accept or deny the remote host's SSH version string. It takes a comma-delimited list of patterns to match. The default value is "*SSH-1.99-*,*SSH-2.0-*" and will accept connections from SSH 1.99 and 2.0 hosts. As an example, the below value would accept connections for SSH 1.99, 2.0, and 2.99 hosts.

*SSH-1.99-*,*SSH-2.0-*,*SSH-2.99-*

SSHFingerprintHashAlgorithm: The algorithm used to calculate the fingerprint.

This configuration setting controls which hash algorithm is used to calculate the certificate's fingerprint. Valid values are:

MD5 (default)
SHA1
SHA256

SignedSSHCert: The CA signed client public key used when authenticating.

When authenticating via public key authentication this setting may be set to the CA signed client's public key. This is useful when the server has been configured to trust client keys signed by a particular CA. For instance:

component.Config("SignedSSHCert=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB...");

SSHAcceptServerCAKey: The CA public key that signed the server's host key.

If the server's host key was signed by a CA, this setting may be used to specify the CA's public key. If specified the component will trust any server's host key that was signed by the CA. For instance:

component.Config("SSHAcceptServerCAKey=ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB...");

SSHAcceptAnyServerHostKey: If set the component will accept any key presented by the server.

The default value is "false". Set this to "true" to accept any key presented by the server.

SSHAcceptServerHostKeyFingerPrint: The fingerprint of the server key to accept.

This may be set to a comma-delimited collection of 16-byte MD5 fingerprints that should be accepted as the host's key. You may supply it by HEX encoding the values in the form "0a:1b:2c:3d". Example:

SSHClient.Config("SSHAcceptServerHostKeyFingerprint=0a:1b:2c:3d");

If the server's fingerprint matches one of the values supplied, the component will accept the host key.

SSHKeyExchangeAlgorithms: Specifies the supported key exchange algorithms.

This may be used to specify the list of supported Key Exchange algorithms used during SSH negotiation. The value should contain a comma separated list of algorithms. Supported algorithms are:

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group14-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group-exchange-sha256
diffie-hellman-group-exchange-sha1

The default value is: "diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512".

SSHMacAlgorithms: Specifies the supported Mac algorithms.

This may be used to specify an alternate list of supported Mac algorithms used during SSH negotiation. This also specifies the order in which the Mac algorithms are preferred. The value should contain a comma separated list of algorithms. Supported algorithms are:

hmac-sha1
hmac-md5
hmac-sha1-96
hmac-md5-96
hmac-sha2-256
hmac-sha2-256-96
hmac-sha2-512
hmac-sha2-512-96
hmac-ripemd160
hmac-ripemd160-96

The default value is "hmac-sha1,hmac-md5,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-sha1-96,hmac-md5-96,hmac-sha2-256-96,hmac-sha2-512-96,hmac-ripemd160-96".

SSHPublicKeyAlgorithms: Specifies the supported public key algorithms.

This setting specifies the allowed public key algorithms. This list controls only the public key algorithm used when authenticating to the server. This list has no bearing on the public key algorithms that can be used to authenticate the client. The default value is "ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521".

Note that ECDSA algorithms are only supported in Windows.

SSHKeepAliveInterval: The interval between keep alive packets.

This setting specifies the number of seconds between keep alive packets. If set to a positive value the component will send a SSH keep alive packet after KeepAliveInterval seconds of inactivity. This setting only takes effect when there is no activity, if any data is sent or received over the connection it will reset the timer.

The default value is 0 meaning no keep alives will be sent.

Note: The SSHREVERSETUNNEL component uses a default value of 30.

SSHKeepAliveCountMax: The maximum number of keep alive packets to send without a response.

This setting specifies the maximum number of keep alive packets to send when no response is received. Normally a response to a keep alive packet is received right away. If no response is received the component will continue to send keep alive packets until SSHKeepAliveCountMax is reached. If this is reached the component will assume the connection is broken and disconnect. The default value is 5.

SSHKeyRenegotiate: Causes the component to renegotiate the SSH keys.

Once this setting is set the component will renegotiate the SSH keys with the remote host.

Example:

SSHClient.Config("SSHKeyRenegotiate")

KeyRenegotiationThreshold: Sets the threshold for the SSH Key Renegotiation.

This property allows you to specify the threshold, in the number of bytes, for the SSH Key Renegotiation. The default value for this property is set to 1 GB.

Example (for setting the threshold to 500 MB):

SSHComponent.Config("KeyRenegotiationThreshold=524288000")

SSHPubKeyAuthSigAlgorithms: Specifies the signature algorithm when attempting public key authentication.

This setting specifies a list of signature algorithms that may be used when authenticating to the server using public key authentication. This applies only when public key authentication is performed by the client.

The setting should be a comma separated list of algorithms ordered by preference. At runtime the component will evaluate each algorithm in the order specified here. If the algorithm is applicable to the certificate specified in SSHCert it will be used. If the algorithm is not applicable the component will evaluate the next algorithm. Possible values are:

ssh-rsa (default)
ssh-dss (default)
ecdsa-sha2-nistp256 (default - windows only)
ecdsa-sha2-nistp384 (default - windows only)
ecdsa-sha2-nistp521 (default - windows only)
x509v3-sign-rsa
x509v3-sign-dss

The default value in Windows is "ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521".

The default value in Unix/macOS/Java is "ssh-rsa,ssh-dss".

Note that ECDSA algorithms are only supported in Windows.

KerberosRealm: The fully qualified domain name of the Kerberos Realm to use for GSSAPI authentication.

This property may be set to the fully qualified (DNS) name of the kerberos realm (or Windows Active Directory domain name) to use during GSSAPI authentication. This can be used to force authentication with a given realm if the client and server machines are not part of the same domain.

KerberosDelegation: If true, asks for credentials with delegation enabled during authentication.

The default value is "true". If set to "false", the client will not ask for credentials delegation support during authentication. Note that even if the client asks for delegation, the server/KDC might not grant it and authentication will still succeed.

KerberosSPN: The Kerberos Service Principal Name of the SSH host.

This property can be set to specify the Service Principal Name (SPN) associated with the SSH service on the remote host. This will usually be in the form "host/fqdn.of.sshhost[@REALM]". If not specified, the component will assume the SPN is based on the value of the SSHHost property and the kerberos realm used for authentication.

LogSSHPackets: If true, detailed SSH packet logging is performed.

This setting can be enabled to assist in debugging. When set to True the component will fire the SSHStatus event with detailed information about the SSH level packets. The default value is False.

MaxPacketSize: The maximum packet size of the channel, in bytes.

This setting specifies the maximum size of an individual data packet, in bytes, that can be sent to the sender.

MaxWindowSize: The maximum window size allowed for the channel, in bytes.

This setting specifies how many bytes of channel data can be sent to the sender of this message without adjusting the window. Note that this value may be changed during the connection, but the window size can only be increased, not decreased.

PasswordPrompt: The text of the password prompt used in keyboard-interactive authentication.

This setting optionally specifies a pattern to be matched to the prompt received from the server during keyboard-interactive authentication. If a matching prompt is detected the component automatically responds to the prompt with the password specified by SSHPassword.

This provides an easy way to automatically reply to prompts with the password if one is presented by the server. The password will be auto-filled in the Response parameter of the SSHKeyboardInteractive event in the case of a match.

The following special characters are supported for pattern matching:


?	Any single character.
*	Any characters or no characters. I.E., C*t matches Cat, Cot, Coast, Ct, etc)
[,-]	A range of characters. E.g.: [a-z], [a], [0-9], [0-9,a-d,f,r-z], etc.
\	The slash is ignored and exact matching is performed on the next character.

If the above characters need to be used as a literal in a pattern then they must be escaped by surrounding them with a []. (Note, "]" and "-" do not need to be escaped) See below for the escape sequences:


Character	Escape Sequence
?	[?]
*	[*]
[	[[]
\	[\]

For example, to match the value [Something].txt specify the pattern [[]Something].txt

PreferredDHGroupBits: The size (in bits) of the preferred modulus (p) to request from the server.

This may be when using the diffie-hellman-group-exchange-sha1 or diffie-hellman-group-exchange-sha256 key exchange algorithms to control the preferred size, in bits, of the modulus (p) prime number to request from the server. Acceptable values are between 1024 and 8192.

RecordLength: The length of received data records.

If set to a positive value, this setting defines the length of data records to be received. The component will accumulate data until RecordLength is reached and only then fire the DataIn event with data of length RecordLength. This allows data to be received as records of known length. This value can be changed at any time, including within the DataIn event.

The default value is 0, meaning this setting is not used.

Base Configuration Settings

CodePage: The system code page used for Unicode to Multibyte translations.

The default code page is the Active Code Page (0).

The following is a list of valid code page identifiers:


Identifier	Name
037	IBM EBCDIC - U.S./Canada
437	OEM - United States
500	IBM EBCDIC - International
708	Arabic - ASMO 708
709	Arabic - ASMO 449+, BCON V4
710	Arabic - Transparent Arabic
720	Arabic - Transparent ASMO
737	OEM - Greek (formerly 437G)
775	OEM - Baltic
850	OEM - Multilingual Latin I
852	OEM - Latin II
855	OEM - Cyrillic (primarily Russian)
857	OEM - Turkish
858	OEM - Multlingual Latin I + Euro symbol
860	OEM - Portuguese
861	OEM - Icelandic
862	OEM - Hebrew
863	OEM - Canadian-French
864	OEM - Arabic
865	OEM - Nordic
866	OEM - Russian
869	OEM - Modern Greek
870	IBM EBCDIC - Multilingual/ROECE (Latin-2)
874	ANSI/OEM - Thai (same as 28605, ISO 8859-15)
875	IBM EBCDIC - Modern Greek
932	ANSI/OEM - Japanese, Shift-JIS
936	ANSI/OEM - Simplified Chinese (PRC, Singapore)
949	ANSI/OEM - Korean (Unified Hangeul Code)
950	ANSI/OEM - Traditional Chinese (Taiwan; Hong Kong SAR, PRC)
1026	IBM EBCDIC - Turkish (Latin-5)
1047	IBM EBCDIC - Latin 1/Open System
1140	IBM EBCDIC - U.S./Canada (037 + Euro symbol)
1141	IBM EBCDIC - Germany (20273 + Euro symbol)
1142	IBM EBCDIC - Denmark/Norway (20277 + Euro symbol)
1143	IBM EBCDIC - Finland/Sweden (20278 + Euro symbol)
1144	IBM EBCDIC - Italy (20280 + Euro symbol)
1145	IBM EBCDIC - Latin America/Spain (20284 + Euro symbol)
1146	IBM EBCDIC - United Kingdom (20285 + Euro symbol)
1147	IBM EBCDIC - France (20297 + Euro symbol)
1148	IBM EBCDIC - International (500 + Euro symbol)
1149	IBM EBCDIC - Icelandic (20871 + Euro symbol)
1200	Unicode UCS-2 Little-Endian (BMP of ISO 10646)
1201	Unicode UCS-2 Big-Endian
1250	ANSI - Central European
1251	ANSI - Cyrillic
1252	ANSI - Latin I
1253	ANSI - Greek
1254	ANSI - Turkish
1255	ANSI - Hebrew
1256	ANSI - Arabic
1257	ANSI - Baltic
1258	ANSI/OEM - Vietnamese
1361	Korean (Johab)
10000	MAC - Roman
10001	MAC - Japanese
10002	MAC - Traditional Chinese (Big5)
10003	MAC - Korean
10004	MAC - Arabic
10005	MAC - Hebrew
10006	MAC - Greek I
10007	MAC - Cyrillic
10008	MAC - Simplified Chinese (GB 2312)
10010	MAC - Romania
10017	MAC - Ukraine
10021	MAC - Thai
10029	MAC - Latin II
10079	MAC - Icelandic
10081	MAC - Turkish
10082	MAC - Croatia
12000	Unicode UCS-4 Little-Endian
12001	Unicode UCS-4 Big-Endian
20000	CNS - Taiwan
20001	TCA - Taiwan
20002	Eten - Taiwan
20003	IBM5550 - Taiwan
20004	TeleText - Taiwan
20005	Wang - Taiwan
20105	IA5 IRV International Alphabet No. 5 (7-bit)
20106	IA5 German (7-bit)
20107	IA5 Swedish (7-bit)
20108	IA5 Norwegian (7-bit)
20127	US-ASCII (7-bit)
20261	T.61
20269	ISO 6937 Non-Spacing Accent
20273	IBM EBCDIC - Germany
20277	IBM EBCDIC - Denmark/Norway
20278	IBM EBCDIC - Finland/Sweden
20280	IBM EBCDIC - Italy
20284	IBM EBCDIC - Latin America/Spain
20285	IBM EBCDIC - United Kingdom
20290	IBM EBCDIC - Japanese Katakana Extended
20297	IBM EBCDIC - France
20420	IBM EBCDIC - Arabic
20423	IBM EBCDIC - Greek
20424	IBM EBCDIC - Hebrew
20833	IBM EBCDIC - Korean Extended
20838	IBM EBCDIC - Thai
20866	Russian - KOI8-R
20871	IBM EBCDIC - Icelandic
20880	IBM EBCDIC - Cyrillic (Russian)
20905	IBM EBCDIC - Turkish
20924	IBM EBCDIC - Latin-1/Open System (1047 + Euro symbol)
20932	JIS X 0208-1990 & 0121-1990
20936	Simplified Chinese (GB2312)
21025	IBM EBCDIC - Cyrillic (Serbian, Bulgarian)
21027	Extended Alpha Lowercase
21866	Ukrainian (KOI8-U)
28591	ISO 8859-1 Latin I
28592	ISO 8859-2 Central Europe
28593	ISO 8859-3 Latin 3
28594	ISO 8859-4 Baltic
28595	ISO 8859-5 Cyrillic
28596	ISO 8859-6 Arabic
28597	ISO 8859-7 Greek
28598	ISO 8859-8 Hebrew
28599	ISO 8859-9 Latin 5
28605	ISO 8859-15 Latin 9
29001	Europa 3
38598	ISO 8859-8 Hebrew
50220	ISO 2022 Japanese with no halfwidth Katakana
50221	ISO 2022 Japanese with halfwidth Katakana
50222	ISO 2022 Japanese JIS X 0201-1989
50225	ISO 2022 Korean
50227	ISO 2022 Simplified Chinese
50229	ISO 2022 Traditional Chinese
50930	Japanese (Katakana) Extended
50931	US/Canada and Japanese
50933	Korean Extended and Korean
50935	Simplified Chinese Extended and Simplified Chinese
50936	Simplified Chinese
50937	US/Canada and Traditional Chinese
50939	Japanese (Latin) Extended and Japanese
51932	EUC - Japanese
51936	EUC - Simplified Chinese
51949	EUC - Korean
51950	EUC - Traditional Chinese
52936	HZ-GB2312 Simplified Chinese
54936	Windows XP: GB18030 Simplified Chinese (4 Byte)
57002	ISCII Devanagari
57003	ISCII Bengali
57004	ISCII Tamil
57005	ISCII Telugu
57006	ISCII Assamese
57007	ISCII Oriya
57008	ISCII Kannada
57009	ISCII Malayalam
57010	ISCII Gujarati
57011	ISCII Punjabi
65000	Unicode UTF-7
65001	Unicode UTF-8

The following is a list of valid code page identifiers for Mac OS only:


Identifier	Name
1	ASCII
2	NEXTSTEP
3	JapaneseEUC
4	UTF8
5	ISOLatin1
6	Symbol
7	NonLossyASCII
8	ShiftJIS
9	ISOLatin2
10	Unicode
11	WindowsCP1251
12	WindowsCP1252
13	WindowsCP1253
14	WindowsCP1254
15	WindowsCP1250
21	ISO2022JP
30	MacOSRoman
10	UTF16String
0x90000100	UTF16BigEndian
0x94000100	UTF16LittleEndian
0x8c000100	UTF32String
0x98000100	UTF32BigEndian
0x9c000100	UTF32LittleEndian
65536	Proprietary

UseInternalSecurityAPI: Tells the component whether or not to use the system security libraries or an internal implementation.

By default the component will use the system security libraries to perform cryptographic functions. Setting this to True tells the component to use the internal implementation instead of using the system's security API.