This property allows you to specify the threshold, in the number of bytes, for the SSH Key Renegotiation. The default value for this property is set to 1 GB.

Example (for setting the threshold to 500 MB):

SSHComponent.Config("KeyRenegotiationThreshold=524288000")

This configuration is only used when PersistentConnection has been set to true. Set this to true to tell the task to logoff from the persisted connection once execution completes.

The default for this configuration setting is false.

This setting can be enabled to assist in debugging. When set to True the task will include detailed information about the SSH level packets in the log. The default value is False.

This may be set to a comma-delimited collection of 16-byte MD5 fingerprints that should be accepted as the host's key. You may supply it by HEX encoding the values in the form "0a:1b:2c:3d". Example:

SSHAcceptServerHostKeyFingerprint=0a:1b:2c:3d

During the SSH handshake, this list will be used to negotiate the encryption algorithm to be used between the client and server. This list is used for both directions: client to server and server to client.

At least one supported algorithm must appear in this list. The following encryption algorithms are supported by the component:

The default value is "aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,arcfour256,arcfour128,arcfour,cast128-cbc,aes256-gcm@openssh.com,aes128-gcm@openssh.com".

This may be used to specify the list of supported Key Exchange algorithms used during SSH negotiation. The value should contain a comma separated list of algorithms. Supported algorithms are:

• curve25519-sha256
• curve25519-sha256@libssh.org
• diffie-hellman-group1-sha1
• diffie-hellman-group14-sha1
• diffie-hellman-group14-sha256
• diffie-hellman-group16-sha512
• diffie-hellman-group18-sha512
• diffie-hellman-group-exchange-sha256
• diffie-hellman-group-exchange-sha1
• ecdh-sha2-nistp256
• ecdh-sha2-nistp384
• ecdh-sha2-nistp521

This may be used to specify an alternate list of supported Mac algorithms used during SSH negotiation. This also specifies the order in which the Mac algorithms are preferred. The value should contain a comma separated list of algorithms. Supported algorithms are:

• hmac-sha1
• hmac-md5
• hmac-sha1-96
• hmac-md5-96
• hmac-sha2-256
• hmac-sha2-256-96
• hmac-sha2-512
• hmac-sha2-512-96
• hmac-ripemd160
• hmac-ripemd160-96
• hmac-sha2-256-etm@openssh.com
• hmac-sha2-512-etm@openssh.com

This setting specifies the allowed public key algorithms. This list controls only the public key algorithm used when authenticating to the server. This list has no bearing on the public key algorithms that can be used to authenticate the client. The default value is ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512,ssh-rsa,ssh-dss,x509v3-sign-rsa,x509v3-sign-dss.

This setting specifies a list of signature algorithms that may be used when authenticating to the server using public key authentication. This applies only when public key authentication is performed by the client.

The setting should be a comma separated list of algorithms. At runtime the task will evaluate the specified algorithms and if the algorithm is applicable to the certificate specified in SSHCert it will be used. If the algorithm is not applicable the task will evaluate the next algorithm. Possible values are:

• ssh-rsa
• rsa-sha2-256
• rsa-sha2-512
• ssh-dss
• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521
• ssh-ed25519
• x509v3-sign-rsa
• x509v3-sign-dss

The default value in Windows is ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519.

rsa-sha2-256 and rsa-sha2-512 notes

The task will query the server for supported algorithms when connecting. If the server indicates support for rsa-sha2-256 or rsa-sha2-512 and the algorithm is present in the list defined by this setting (as in the default value), that algorithm will be used instead of ssh-rsa even when ssh-rsa appears first in the list.

For the rsa-sha2-256 and rsa-sha2-512 algorithms to be automatically preferred the server must support the ext-info-c mechanism. In practice, older servers do not support this and in that case ssh-rsa will be used since it appears first in the list. Newer servers do support this mechanism and in that case rsa-sha2-256 or rsa-sha2-512 will be used even though it appears after ssh-rsa.

This behavior has been carefully designed to provide maximum compatibility while automatically using more secure algorithms when connecting to servers which support them.

If AbsoluteTimeout is set to True, any method which does not complete within Timeout seconds will be aborted. By default, AbsoluteTimeout is False, and the timeout is an inactivity timeout.

The LocalHost configuration contains the name of the local host as obtained by the Gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the task initiate connections (or accept in the case of server tasks) only through that interface.

If the task is connected, the LocalHost configuration shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

When true, the socket will send all data that is ready to send at once. When false, the socket will send smaller buffered packets of data at small intervals. This is known as the Nagle algorithm.

By default, this config is set to false.

By default the task will use the system security libraries to perform cryptographic functions. When set to False calls to unmanaged code will be made. In certain environments this is not desirable. To use a completely managed security implementation set this setting to True. Setting this to True tells the task to use the internal implementation instead of using the system's security API.

Note: This setting is static. The value set is applicable to all tasks used in the application.

When this value is set the product's system DLL is no longer required as a reference, as all unmanaged code is stored in that file.