IPWorks SFTP 2020 Delphi Edition

Questions / Feedback?

SFTPServer Component

Properties   Methods   Events   Configuration Settings   Errors  

The SFTPServer component is used to create a SFTP Server.

Syntax

TipfSFTPServer

Remarks

The SFTPServer component provides a simple way to create a SFTP server. Any SFTP client will be able to connect and transfer files to and from the server.

Getting Started

To begin, first provide a valid certificate with private key in the SSHCert property.

Optionally set the RootDirectory property to a valid local path. If this property is set the component will serve files from this location and when clients connect they will see this as their initial directory. If this property is not set then the component will fire events allowing customized responses for each operation.

To start the server set Listening to true.

Client Authentication

Client authentication is handled through the SSHUserAuthRequest event. Inside this event, the Accept parameter determines whether authentication is accepted; this parameter should be set to True if a successful authentication is detected and False otherwise.

When a client connects, the AuthMethod parameter indicates the method of authentication the client wishes to use. Connecting clients will initially attempt authentication with an AuthMethod of "none". This is done with the expectation that the request will fail and the server will provide a list of support authentication methods. The client then selects an available method and re-authenticates. If AuthMethod is "none", Accept should be set to False.

For password authentication, the User parameter will hold the client's username and the AuthParam parameter will hold the password provided by the client. An external list of known usernames and passwords should be maintained to check these values against.

For publickey authentication, the User parameter will hold the client's username and the AuthParam parameter will hold the key provided by the client. This key should be compared to and external list of known keys and usernames.

For keyboard-interactive authentication, the SSHUserAuthRequest event will fire multiple times; once for each prompt and response sent by the client. The index of the response is specified as a suffix in the AuthMethod parameter (e.g. keyboard-interactive-1, keyboard-interactive-2, etc), and AuthParam will contain the client's response to the prompt. Finally, SSHUserAuthRequest will fire one last time with AuthMethod set to "keyboard-interactive" and AuthParam set to an empty string. The Accept parameter must be set to True each time the event fires in order for the authentication process to succeed.

Directory Listing

When a client requests a directory listing, the DirList event fires with the Path parameter set to the directory to enumerate. If the directory listing is allowed, the appropriate set of files should be passed to the SetFileList method. The StatusCode parameter should be set according to the status of the operation, and the valid status codes can be found in the documentation for the DirList event.

Handling Events

Event handlers are the primary method of customizing the component's functionality. When a client attempts to connect, open a file, authenticate to the server, etc, the corresponding SFTPServer event will fire to allow for custom handling of the client's request.

The following events are fired both before and after the requested operation is executed:

Each of these events has a BeforeExec event parameter that is True when the event is fired before execution of the operation, and False after execution of the operation. Handling the event before execution provides an opportunity to use custom logic to determine whether the operation should be denied, diverted, or otherwise modified. Handling the event after execution provides an opportunity to report success or any errors related to the operation to the client.

The following events are fired only after the requested operation is executed:

Any logic to deny opening a file for read or write should be done in the FileOpen event handler.

Note: Server components are designed to process events as they occur. To ensure events are processed in a timely manner DoEvents should be called in a loop after the server is started.

Property List


The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

ConnectionBacklogThe maximum number of pending connections maintained by the TCP/IP subsystem.
ConnectionsA collection of currently connected SFTP clients.
DefaultAuthMethodsSpecifies the supported authentication methods.
DefaultTimeoutAn initial timeout value to be used by incoming connections.
KeyboardInteractiveMessageThe instructions to send to the client during keyboard-interactive authentication.
KeyboardInteractivePromptsA collection of prompts to present to the user for keyboard-interactive authentication.
ListeningIf True, the component accepts incoming connections on LocalPort.
LocalHostThe name of the local host or user-assigned IP interface through which connections are initiated or accepted.
LocalPortThe TCP port in the local host where the component listens.
RootDirectoryThe root directory for the entire SFTP server.
SSHCertEncodedThe certificate (PEM/base64 encoded).
SSHCertStoreThe name of the certificate store for the client certificate.
SSHCertStorePasswordIf the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
SSHCertStoreTypeThe type of certificate store for this certificate.
SSHCertSubjectThe subject of the certificate used for client authentication.
SSHCompressionAlgorithmsA comma-separated list containing all allowable compression algorithms.
SSHEncryptionAlgorithmsA comma-separated list containing all allowable encryption algorithms.

Method List


The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

ConfigSets or retrieves a configuration setting.
DisconnectDisconnect the specified client.
DoEventsProcesses events from the internal message queue.
ExchangeKeysCauses the component to exchange a new set of session keys on the specified connection.
ResetReset the component.
SetFileListSets the file list for a connection during a directory listing request.
ShutdownShuts down the server.

Event List


The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

ConnectedFired immediately after a connection completes (or fails).
ConnectionRequestFired when a request for connection comes from a remote host.
DirCreateFires when a client wants to create a new directory.
DirListFires when a client attempts to open a directory for listing.
DirRemoveFires when a client wants to delete a directory.
DisconnectedFired when a connection is closed.
ErrorInformation about errors during data delivery.
FileCloseFires when a client attempts to close an open file or directory handle.
FileOpenFires when a client wants to open or create a file.
FileReadFires when a client wants to read from an open file.
FileRemoveFires when a client wants to delete a file.
FileRenameFires when a client wants to rename a file.
FileWriteFires when a client wants to write to an open file.
GetAttributesFires when a client needs to get file information.
LogFires once for each log message.
ResolvePathFires when a client attempts to canonicalize a path.
SetAttributesFires when a client attempts to set file or directory attributes.
SSHStatusShows the progress of the secure connection.
SSHUserAuthRequestFires when a client attempts to authenticate a connection.

Configuration Settings


The following is a list of configuration settings for the component with short descriptions. Click on the links for further details.

DirListBufferSize[ConnectionId]The number of entries to be returned in one response to a request for a directory listing.
MaskSensitiveMasks passwords in logs.
ProtocolVersionThe highest allowable SFTP version to use.
RestrictUserToHomeDir[ConnectionId]Whether to restrict the user to their home directory.
ServerEOLSpecifies the line endings used in files on the server.
SFTPErrorMessage[ConnectionId]Specifies the error message to be returned to the client.
UserRootDirectory[ConnectionId]The path of the server root directory for a particular user.
AltSSHCertCountThe number of records in the AltSSHCert configuration settings.
AltSSHCertStore[i]The name of the certificate store.
AltSSHCertStorePassword[i]The password used to open the certificate store.
AltSSHCertStoreType[i]The type of certificate store.
AltSSHCertSubject[i]The alternative certificate subject.
DefaultIdleTimeoutSpecifies the default idle timeout for inactive clients.
KeyboardInteractivePrompts[ConnectionId]Specifies custom keyboard-interactive prompts for particular connections.
KeyRenegotiationThresholdSets the threshold for the SSH Key Renegotiation.
LogLevelSpecifies the level of detail that is logged.
MaxAuthAttemptsThe maximum authentication attempts allowed before forcing a disconnect.
ServerSSHVersionStringThe SSH version string sent to connecting clients.
SSHKeepAliveCountMaxThe maximum number of keep alive packets to send without a response.
SSHKeepAliveIntervalThe interval between keep alive packets.
SSHKeyExchangeAlgorithmsSpecifies the supported key exchange algorithms.
SSHMacAlgorithmsSpecifies the supported Mac algorithms.
SSHPubKeyAuthSigAlgorithmsSpecifies the allowed signature algorithms used by a client performing public key authentication.
SSHPublicKeyAlgorithmsSpecifies the supported public key algorithms.
SSHVersionPatternThe pattern used to match the remote host's version string.
UserAuthBanner[ConnectionId]A custom user authentication banner.
AllowedClientsA comma-separated list of host names or IP addresses that can access the component.
BindExclusivelyWhether or not the component considers a local port reserved for exclusive use.
CloseStreamAfterTransferIf true, the component will close the upload or download stream after the transfer.
DefaultConnectionTimeoutThe inactivity timeout applied to the SSL handshake.
InBufferSizeThe size in bytes of the incoming queue of the socket.
KeepAliveIntervalThe retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received.
KeepAliveTimeThe inactivity time in milliseconds before a TCP keep-alive packet is sent.
MaxConnectionsThe maximum number of connections available.
OutBufferSizeThe size in bytes of the outgoing queue of the socket.
TcpNoDelayWhether or not to delay when sending packets.
UseIPv6Whether to use IPv6.
BuildInfoInformation about the product's build.
CodePageThe system code page used for Unicode to Multibyte translations.
LicenseInfoInformation about the current license.
UseInternalSecurityAPITells the component whether or not to use the system security libraries or an internal implementation.

Copyright (c) 2022 /n software inc. - All rights reserved.
IPWorks SFTP 2020 Delphi Edition - Version 20.0 [Build 8263]