IPWorks SFTP 2020 ActiveX Edition

Questions / Feedback?

SFTPServer Control

Properties   Methods   Events   Configuration Settings   Errors  

The SFTPServer control is used to create a SFTP Server.

Syntax

SFTPServer

Remarks

The SFTPServer control provides a simple way to create a SFTP server. Any SFTP client will be able to connect and transfer files to and from the server.

Getting Started

To begin, first provide a valid certificate with private key in the SSHCert property.

Optionally set the RootDirectory property to a valid local path. If this property is set the control will serve files from this location and when clients connect they will see this as their initial directory. If this property is not set then the control will fire events allowing customized responses for each operation.

To start the server set Listening to true.

Client Authentication

Client authentication is handled through the SSHUserAuthRequest event. Inside this event, the Accept parameter determines whether authentication is accepted; this parameter should be set to True if a successful authentication is detected and False otherwise.

When a client connects, the AuthMethod parameter indicates the method of authentication the client wishes to use. Connecting clients will initially attempt authentication with an AuthMethod of "none". This is done with the expectation that the request will fail and the server will provide a list of support authentication methods. The client then selects an available method and re-authenticates. If AuthMethod is "none", Accept should be set to False.

For password authentication, the User parameter will hold the client's username and the AuthParam parameter will hold the password provided by the client. An external list of known usernames and passwords should be maintained to check these values against.

For publickey authentication, the User parameter will hold the client's username and the AuthParam parameter will hold the key provided by the client. This key should be compared to and external list of known keys and usernames.

For keyboard-interactive authentication, the SSHUserAuthRequest event will fire multiple times; once for each prompt and response sent by the client. The index of the response is specified as a suffix in the AuthMethod parameter (e.g. keyboard-interactive-1, keyboard-interactive-2, etc), and AuthParam will contain the client's response to the prompt. Finally, SSHUserAuthRequest will fire one last time with AuthMethod set to "keyboard-interactive" and AuthParam set to an empty string. The Accept parameter must be set to True each time the event fires in order for the authentication process to succeed.

Directory Listing

When a client requests a directory listing, the DirList event fires with the Path parameter set to the directory to enumerate. If the directory listing is allowed, the appropriate set of files should be passed to the SetFileList method. The StatusCode parameter should be set according to the status of the operation, and the valid status codes can be found in the documentation for the DirList event.

Handling Events

Event handlers are the primary method of customizing the control's functionality. When a client attempts to connect, open a file, authenticate to the server, etc, the corresponding SFTPServer event will fire to allow for custom handling of the client's request.

The following events are fired both before and after the requested operation is executed:

Each of these events has a BeforeExec event parameter that is True when the event is fired before execution of the operation, and False after execution of the operation. Handling the event before execution provides an opportunity to use custom logic to determine whether the operation should be denied, diverted, or otherwise modified. Handling the event after execution provides an opportunity to report success or any errors related to the operation to the client.

The following events are fired only after the requested operation is executed:

Any logic to deny opening a file for read or write should be done in the FileOpen event handler.

Note: Server components are designed to process events as they occur. To ensure events are processed in a timely manner DoEvents should be called in a loop after the server is started.

Property List


The following is the full list of the properties of the control with short descriptions. Click on the links for further details.

ConnectionBacklogThe maximum number of pending connections maintained by the TCP/IP subsystem.
SFTPConnectionCountThe number of records in the SFTPConnection arrays.
SFTPConnectionConnectedUsed to disconnect individual connections and/or show their status.
SFTPConnectionErrorMessageErrorMessage is used together with status codes returned from events to send informative errors back to the SFTP client through the SSH_FXP_STATUS message.
SFTPConnectionFileDataThe FileData should be set or read when processing read/write file events.
SFTPConnectionLocalAddressThis property shows the IP address of the interface through which the connection is passing.
SFTPConnectionProtocolVersionThe ProtocolVersion shows the SFTP protocol version negotiated with the client when the SFTP connection was established.
SFTPConnectionRemoteHostThe RemoteHost shows the IP address of the remote host through which the connection is coming.
SFTPConnectionRemotePortThe RemotePort shows the TCP port on the remote host through which the connection is coming.
SFTPConnectionTimeoutA timeout for the control.
DefaultAuthMethodsSpecifies the supported authentication methods.
DefaultTimeoutAn initial timeout value to be used by incoming connections.
KeyboardInteractiveMessageThe instructions to send to the client during keyboard-interactive authentication.
KeyboardInteractivePromptCountThe number of records in the KeyboardInteractivePrompt arrays.
KeyboardInteractivePromptEchoSpecifies if the client should echo the value entered by the user or not.
KeyboardInteractivePromptPromptThe prompt label/text the client should present to the user.
ListeningIf True, the control accepts incoming connections on LocalPort.
LocalHostThe name of the local host or user-assigned IP interface through which connections are initiated or accepted.
LocalPortThe TCP port in the local host where the control listens.
RootDirectoryThe root directory for the entire SFTP server.
SSHCertEncodedThe certificate (PEM/base64 encoded).
SSHCertStoreThe name of the certificate store for the client certificate.
SSHCertStorePasswordIf the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
SSHCertStoreTypeThe type of certificate store for this certificate.
SSHCertSubjectThe subject of the certificate used for client authentication.
SSHCompressionAlgorithmsA comma-separated list containing all allowable compression algorithms.
SSHEncryptionAlgorithmsA comma-separated list containing all allowable encryption algorithms.

Method List


The following is the full list of the methods of the control with short descriptions. Click on the links for further details.

ConfigSets or retrieves a configuration setting.
DisconnectDisconnect the specified client.
DoEventsProcesses events from the internal message queue.
ExchangeKeysCauses the control to exchange a new set of session keys on the specified connection.
ResetReset the control.
SetFileListSets the file list for a connection during a directory listing request.
ShutdownShuts down the server.

Event List


The following is the full list of the events fired by the control with short descriptions. Click on the links for further details.

ConnectedFired immediately after a connection completes (or fails).
ConnectionRequestFired when a request for connection comes from a remote host.
DirCreateFires when a client wants to create a new directory.
DirListFires when a client attempts to open a directory for listing.
DirRemoveFires when a client wants to delete a directory.
DisconnectedFired when a connection is closed.
ErrorInformation about errors during data delivery.
FileCloseFires when a client attempts to close an open file or directory handle.
FileOpenFires when a client wants to open or create a file.
FileReadFires when a client wants to read from an open file.
FileRemoveFires when a client wants to delete a file.
FileRenameFires when a client wants to rename a file.
FileWriteFires when a client wants to write to an open file.
GetAttributesFires when a client needs to get file information.
LogFires once for each log message.
ResolvePathFires when a client attempts to canonicalize a path.
SetAttributesFires when a client attempts to set file or directory attributes.
SSHStatusShows the progress of the secure connection.
SSHUserAuthRequestFires when a client attempts to authenticate a connection.

Configuration Settings


The following is a list of configuration settings for the control with short descriptions. Click on the links for further details.

DirListBufferSize[ConnectionId]The number of entries to be returned in one response to a request for a directory listing.
MaskSensitiveMasks passwords in logs.
ProtocolVersionThe highest allowable SFTP version to use.
RestrictUserToHomeDir[ConnectionId]Whether to restrict the user to their home directory.
ServerEOLSpecifies the line endings used in files on the server.
SFTPErrorMessage[ConnectionId]Specifies the error message to be returned to the client.
UserRootDirectory[ConnectionId]The path of the server root directory for a particular user.
AltSSHCertCountThe number of records in the AltSSHCert configuration settings.
AltSSHCertStore[i]The name of the certificate store.
AltSSHCertStorePassword[i]The password used to open the certificate store.
AltSSHCertStoreType[i]The type of certificate store.
AltSSHCertSubject[i]The alternative certificate subject.
DefaultIdleTimeoutSpecifies the default idle timeout for inactive clients.
KeyboardInteractivePrompts[ConnectionId]Specifies custom keyboard-interactive prompts for particular connections.
KeyRenegotiationThresholdSets the threshold for the SSH Key Renegotiation.
LogLevelSpecifies the level of detail that is logged.
MaxAuthAttemptsThe maximum authentication attempts allowed before forcing a disconnect.
ServerSSHVersionStringThe SSH version string sent to connecting clients.
SSHKeepAliveCountMaxThe maximum number of keep alive packets to send without a response.
SSHKeepAliveIntervalThe interval between keep alive packets.
SSHKeyExchangeAlgorithmsSpecifies the supported key exchange algorithms.
SSHMacAlgorithmsSpecifies the supported Mac algorithms.
SSHPubKeyAuthSigAlgorithmsSpecifies the allowed signature algorithms used by a client performing public key authentication.
SSHPublicKeyAlgorithmsSpecifies the supported public key algorithms.
SSHVersionPatternThe pattern used to match the remote host's version string.
UserAuthBanner[ConnectionId]A custom user authentication banner.
AllowedClientsA comma-separated list of host names or IP addresses that can access the control.
BindExclusivelyWhether or not the control considers a local port reserved for exclusive use.
DefaultConnectionTimeoutThe inactivity timeout applied to the SSL handshake.
InBufferSizeThe size in bytes of the incoming queue of the socket.
KeepAliveIntervalThe retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
KeepAliveTimeThe inactivity time in milliseconds before a TCP keep-alive packet is sent.
MaxConnectionsThe maximum number of connections available.
OutBufferSizeThe size in bytes of the outgoing queue of the socket.
TcpNoDelayWhether or not to delay when sending packets.
UseIPv6Whether to use IPv6.
CodePageThe system code page used for Unicode to Multibyte translations.
UseInternalSecurityAPITells the control whether or not to use the system security libraries or an internal implementation.

Copyright (c) 2022 /n software inc. - All rights reserved.
IPWorks SFTP 2020 ActiveX Edition - Version 20.0 [Build 8263]