Sftp Configuration

By default the backslash character is treated as a path separator and is not allowed in file and folder names. When this configuration setting is set to True, backslashes "\" are allowed in file and folder names, and are not supported as path separators.

The default value is False.

This configuration setting can be used to skip sending the SSH_FXP_REALPATH request, which asks the server to canonicalize the value in RemotePath to an absolute path. The default value is false, which will cause the component to send the request normally. If set to true, component will not send the SSH_FXP_REALPATH packet and will use the value in RemotePath directly.

If specified, the bean will use this value to format the filetime string returned through the DirList event. If no format is specified, the bean will format the date dependent on the year. If the filetime is in the same year, it will be formatted as "MMM dd HH:mm", otherwise it will be formatted as "MMM dd yyyy".

If specified, the RemoteFile property will be split into separate masks based on the chosen delimiter. The default is "", which will cause the RemoteFile property to be treated as a single value. When using multiple masks, any files that match one or more of the masks will be downloaded. For example, setting FileMaskDelimiter to "," and setting RemoteFile to "*.txt, *.csv" will download all files ending in .txt or .csv.

This applies to the file mask value specified by the RemoteFile property. The default value is true. If set to false, the file mask will be case sensitive.

This setting is only applicable when TransferMode is set to 1 (ASCII). The default value is a CrLf character sequence.

When uploading or downloading this value will be compared to ServerEOL. If ServerEOL and LocalEOL are different, the line endings in the file being transferred will be converted to the line endings used by the destination. Line endings will be converted to the value in LocalEOL when downloading. Line endings will be converted to the value in ServerEOL when uploading. If ServerEOL and LocalEOL are the same, no conversion takes place.

The value supplied to this setting must be quoted. For instance:

component.Config("LocalEOL=\"" + myEOLSequence + "\"");

Conversion will only happen when TransferMode is set to 1 (ASCII) and ServerEOL and LocalEOL are different.

This setting is only applicable when TransferMode is set to 1 (ASCII). The default value is a CrLf character sequence.

When uploading or downloading this value will be compared to LocalEOL. If ServerEOL and LocalEOL are different, the line endings in the file being transferred will be converted to the line endings used by the destination. Line endings will be converted to the value in LocalEOL when downloading. Line endings will be converted to the value in ServerEOL when uploading. If ServerEOL and LocalEOL are the same, no conversion takes place.

The value supplied to this setting must be quoted. For instance:

component.Config("ServerEOL=\"" + myEOLSequence + "\"");

Conversion will only happen when TransferMode is set to 1 (ASCII) and ServerEOL and LocalEOL are different.

The default value is false. When set to true the bean will mask passwords that would otherwise appear in its logs.

While the SSH specification requires servers and clients to support SSH packets of at least 32000 bytes, some server implementations limit packet size to smaller values. MaxFileData provides a means by which the user can specify the maximum amount of data that can be put into an SFTP packet so that the bean can communicate effectively with these servers. If you are having difficulty when uploading to a server, try setting MaxFileData size to a value smaller than 32000.

Most servers that use smaller values will use a maximum SSH packet size of 16KB (16384). In order to most efficiently communicate with such servers, MaxFileData size should be set to 14745.

Note: Values larger than 64K (65536) may not be respected by some servers (such as OpenSSH) and will result in unexpected behavior. If specifying a value, it is recommended to set a value less than or equal to 65536.

The default value is 32768.

This governs the highest allowable SFTP version to use when negotiating the version with the server. The default value is 3 as this is the most common version. The bean supports values from 3 to 6. It is recommended to use the default value of 3 unless there is a specific reason a higher version is needed.

If set to True, the bean will preserve the file's timestamps during transfer. This is applicable to both uploads and downloads. The default value is False.

The value 0 represents Binary and the value 1 represents ASCII. If the value is 0 (default), the initial server mode will be used.

When this value is set to 1 (ASCII) the bean will use the values specified in LocalEOL and ServerEOL to convert line endings as appropriate.

Note: When this value is set to 1 (ASCII) and ProtocolVersion is set to 4 or higher the bean will automatically determine the value for ServerEOL if the server supports the "newline" protocol extension.

This setting returns the target of the specified symbolic link. To use the setting, pass the remote path and file name of the symbolic link.

The RealPathControlFlag configuration setting can be used to specify the control flags sent to the SFTP server in the SSH_FXP_REALPATH request. This can be set to one of the following values:

If this configuration setting is not set, no control flags will be specified in the request and SSH_FXP_REALPATH_NO_CHECK will be assumed.

When this value is set to "True" the bean will upload the data in the file specified by LocalFile and continue monitoring LocalFile for additional data to upload until no new data is found for RealTimeUploadAgeLimit seconds. This allows you to start uploading a file immediately after the file is created and continue uploading as data is written to the file. The default value is "False".

This value is only applicable when RealTimeUpload is set to "True". This specifies the number of seconds for which the bean will monitor LocalFile for new data to upload. If this limit is reached and no new data is found in LocalFile the upload will complete. The default value is "1".

This setting specifies the maximum number of simultaneous file transfers. This is used when processing files added to the transfer queue by QueueFile. The default value is "5".

This setting specifies the maximum number of bytes which should be downloaded from the current RemoteFile when Download is called. The bean will stop downloading data if it reaches the specified limit, or if there is no more data to download.

This setting can be used in conjunction with the StartByte property in order to download a specific range of data from the current RemoteFile.

This configuration setting specifies the SSH version string used by the bean. The default value is "SSH-2.0-IP*Works! SSH Client 2016".

This configuration setting specifies the pattern used to accept or deny the remote host's SSH version string. It takes a comma-delimited list of patterns to match. The default value is "*SSH-1.99-*,*SSH-2.0-*" and will accept connections from SSH 1.99 and 2.0 hosts. As an example, the below value would accept connections for SSH 1.99, 2.0, and 2.99 hosts.

*SSH-1.99-*,*SSH-2.0-*,*SSH-2.99-*

This configuration setting controls which hash algorithm is used to calculate the certificate's fingerprint. Valid values are:

• MD5 (default)
• SHA1
• SHA256

When authenticating via public key authentication this setting may be set to the CA signed client's public key. This is useful when the server has been configured to trust client keys signed by a particular CA. For instance:

component.Config("SignedSSHCert=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAB...");

If the server's host key was signed by a CA, this setting may be used to specify the CA's public key. If specified the bean will trust any server's host key that was signed by the CA. For instance:

component.Config("SSHAcceptServerCAKey=ssh-rsa AAAAB3NzaC1yc2EAAAADAQAB...");

The default value is "false". Set this to "true" to accept any key presented by the server.

This may be set to a comma-delimited collection of 16-byte MD5 fingerprints that should be accepted as the host's key. You may supply it by HEX encoding the values in the form "0a:1b:2c:3d". Example:

SSHClient.Config("SSHAcceptServerHostKeyFingerprint=0a:1b:2c:3d");

This may be used to specify the list of supported Key Exchange algorithms used during SSH negotiation. The value should contain a comma separated list of algorithms. Supported algorithms are:

• diffie-hellman-group1-sha1
• diffie-hellman-group14-sha1
• diffie-hellman-group14-sha256
• diffie-hellman-group16-sha512
• diffie-hellman-group18-sha512
• diffie-hellman-group-exchange-sha256
• diffie-hellman-group-exchange-sha1
• ecdh-sha2-nistp256
• ecdh-sha2-nistp384
• ecdh-sha2-nistp521

This may be used to specify an alternate list of supported Mac algorithms used during SSH negotiation. This also specifies the order in which the Mac algorithms are preferred. The value should contain a comma separated list of algorithms. Supported algorithms are:

• hmac-sha1
• hmac-md5
• hmac-sha1-96
• hmac-md5-96
• hmac-sha2-256
• hmac-sha2-256-96
• hmac-sha2-512
• hmac-sha2-512-96
• hmac-ripemd160
• hmac-ripemd160-96

This setting specifies the allowed public key algorithms. This list controls only the public key algorithm used when authenticating to the server. This list has no bearing on the public key algorithms that can be used to authenticate the client. The default value is "ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521".

Note that ECDSA algorithms are only supported in Windows.

This setting specifies the number of seconds between keep alive packets. If set to a positive value the bean will send a SSH keep alive packet after KeepAliveInterval seconds of inactivity. This setting only takes effect when there is no activity, if any data is sent or received over the connection it will reset the timer.

The default value is 0 meaning no keep alives will be sent.

Note: The SSHREVERSETUNNEL bean uses a default value of 30.

This setting specifies the maximum number of keep alive packets to send when no response is received. Normally a response to a keep alive packet is received right away. If no response is received the bean will continue to send keep alive packets until SSHKeepAliveCountMax is reached. If this is reached the bean will assume the connection is broken and disconnect. The default value is 5.

Once this setting is set the component will renegotiate the SSH keys with the remote host.

Example:

SSHClient.Config("SSHKeyRenegotiate")

This property allows you to specify the threshold, in the number of bytes, for the SSH Key Renegotiation. The default value for this property is set to 1 GB.

Example (for setting the threshold to 500 MB):

SSHComponent.Config("KeyRenegotiationThreshold=524288000")

This setting specifies a list of signature algorithms that may be used when authenticating to the server using public key authentication. This applies only when public key authentication is performed by the client.

The setting should be a comma separated list of algorithms ordered by preference. At runtime the bean will evaluate each algorithm in the order specified here. If the algorithm is applicable to the certificate specified in SSHCert it will be used. If the algorithm is not applicable the bean will evaluate the next algorithm. Possible values are:

• ssh-rsa (default)
• ssh-dss (default)
• ecdsa-sha2-nistp256 (default - windows only)
• ecdsa-sha2-nistp384 (default - windows only)
• ecdsa-sha2-nistp521 (default - windows only)
• x509v3-sign-rsa
• x509v3-sign-dss

The default value in Windows is "ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521".

The default value in Unix/macOS/Java is "ssh-rsa,ssh-dss".

Note that ECDSA algorithms are only supported in Windows.

This property may be set to the fully qualified (DNS) name of the kerberos realm (or Windows Active Directory domain name) to use during GSSAPI authentication. This can be used to force authentication with a given realm if the client and server machines are not part of the same domain.

The default value is "true". If set to "false", the client will not ask for credentials delegation support during authentication. Note that even if the client asks for delegation, the server/KDC might not grant it and authentication will still succeed.

This property can be set to specify the Service Principal Name (SPN) associated with the SSH service on the remote host. This will usually be in the form "host/fqdn.of.sshhost[@REALM]". If not specified, the bean will assume the SPN is based on the value of the SSHHost property and the kerberos realm used for authentication.

This setting can be enabled to assist in debugging. When set to True the bean will fire the SSHStatus event with detailed information about the SSH level packets. The default value is False.

This setting specifies the maximum size of an individual data packet, in bytes, that can be sent to the sender.

This setting specifies how many bytes of channel data can be sent to the sender of this message without adjusting the window. Note that this value may be changed during the connection, but the window size can only be increased, not decreased.

This setting optionally specifies a pattern to be matched to the prompt received from the server during keyboard-interactive authentication. If a matching prompt is detected the bean automatically responds to the prompt with the password specified by SSHPassword.

This provides an easy way to automatically reply to prompts with the password if one is presented by the server. The password will be auto-filled in the Response parameter of the SSHKeyboardInteractive event in the case of a match.

The following special characters are supported for pattern matching:

If the above characters need to be used as a literal in a pattern then they must be escaped by surrounding them with a []. (Note, "]" and "-" do not need to be escaped) See below for the escape sequences:

For example, to match the value [Something].txt specify the pattern [[]Something].txt

This may be when using the diffie-hellman-group-exchange-sha1 or diffie-hellman-group-exchange-sha256 key exchange algorithms to control the preferred size, in bits, of the modulus (p) prime number to request from the server. Acceptable values are between 1024 and 8192.

If set to a positive value, this setting defines the length of data records to be received. The bean will accumulate data until RecordLength is reached and only then fire the DataIn event with data of length RecordLength. This allows data to be received as records of known length. This value can be changed at any time, including within the DataIn event.

The default value is 0, meaning this setting is not used.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The bean will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GuiAvailable to false will ensure that the bean does not attempt to process external events.

If set to True (default), when the bean creates a thread the thread's Daemon property will be explicitly set to True. When set to False the bean will not set the Daemon property on the created thread. The default value is True.

By default the bean will use the system security libraries to perform cryptographic functions. Setting this to True tells the bean to use the internal implementation instead of using the system's security API.