SFTPServer Class
Properties Methods Events Configuration Settings Errors
The SFTPServer class is used to create a SFTP Server.
Syntax
class ipworksssh.SFTPServer
Remarks
The SFTPServer class provides a simple way to create a SFTP server. Any SFTP client will be able to connect and transfer files to and from the server.
Getting Started
To begin, first provide a valid certificate with private key in the ssh_cert property.
Optionally set the root_directory property to a valid local path. If this property is set the class will serve files from this location and when clients connect they will see this as their initial directory. If this property is not set then the class will fire events allowing customized responses for each operation.
To start the server set listening to true.
Client Authentication
Client authentication is handled through the on_ssh_user_auth_request event. Inside this event, the Accept parameter determines whether authentication is accepted; this parameter should be set to True if a successful authentication is detected and False otherwise.
When a client connects, the AuthMethod parameter indicates the method of authentication the client wishes to use. Connecting clients will initially attempt authentication with an AuthMethod of "none". This is done with the expectation that the request will fail and the server will provide a list of support authentication methods. The client then selects an available method and re-authenticates. If AuthMethod is "none", Accept should be set to False.
For password authentication, the User parameter will hold the client's username and the AuthParam parameter will hold the password provided by the client. An external list of known usernames and passwords should be maintained to check these values against.
For publickey authentication, the User parameter will hold the client's username and the AuthParam parameter will hold the key provided by the client. This key should be compared to and external list of known keys and usernames.
For keyboard-interactive authentication, the on_ssh_user_auth_request event will fire multiple times; once for each prompt and response sent by the client. The index of the response is specified as a suffix in the AuthMethod parameter (e.g. keyboard-interactive-1, keyboard-interactive-2, etc), and AuthParam will contain the client's response to the prompt. Finally, on_ssh_user_auth_request will fire one last time with AuthMethod set to "keyboard-interactive" and AuthParam set to an empty string. The Accept parameter must be set to True each time the event fires in order for the authentication process to succeed.
Directory Listing
When a client requests a directory listing, the on_dir_list event fires with the Path parameter set to the directory to enumerate. If the directory listing is allowed, the appropriate set of files should be passed to the set_file_list method. The StatusCode parameter should be set according to the status of the operation, and the valid status codes can be found in the documentation for the on_dir_list event.
Handling Events
Event handlers are the primary method of customizing the class's functionality. When a client attempts to connect, open a file, authenticate to the server, etc, the corresponding SFTPServer event will fire to allow for custom handling of the client's request.
The following events are fired both before and after the requested operation is executed:
- on_dir_create
- on_dir_list
- on_dir_remove
- on_file_open
- on_file_remove
- on_file_rename
- on_file_write
- on_set_attributes
Each of these events has a BeforeExec event parameter that is True when the event is fired before execution of the operation, and False after execution of the operation. Handling the event before execution provides an opportunity to use custom logic to determine whether the operation should be denied, diverted, or otherwise modified. Handling the event after execution provides an opportunity to report success or any errors related to the operation to the client.
The following events are fired only after the requested operation is executed:
Any logic to deny opening a file for read or write should be done in the on_file_open event handler.
Note: Server components are designed to process events as they occur. To ensure events are processed in a timely manner do_events should be called in a loop after the server is started.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| connection_backlog | The maximum number of pending connections maintained by the TCP/IP subsystem. |
| sftp_connection_count | The number of records in the SFTPConnection arrays. |
| sftp_connection_connected | Used to disconnect individual connections and/or show their status. |
| sftp_connection_error_message | ErrorMessage is used together with status codes returned from events to send informative errors back to the SFTP client through the SSH_FXP_STATUS message. |
| sftp_connection_file_data | The FileData should be set or read when processing read/write file events. |
| sftp_connection_local_address | This property shows the IP address of the interface through which the connection is passing. |
| sftp_connection_protocol_version | The ProtocolVersion shows the SFTP protocol version negotiated with the client when the SFTP connection was established. |
| sftp_connection_remote_host | The RemoteHost shows the IP address of the remote host through which the connection is coming. |
| sftp_connection_remote_port | The RemotePort shows the TCP port on the remote host through which the connection is coming. |
| sftp_connection_timeout | A timeout for the class. |
| default_auth_methods | Specifies the supported authentication methods. |
| default_timeout | An initial timeout value to be used by incoming connections. |
| keyboard_interactive_message | The instructions to send to the client during keyboard-interactive authentication. |
| keyboard_interactive_prompt_count | The number of records in the KeyboardInteractivePrompt arrays. |
| keyboard_interactive_prompt_echo | Specifies if the client should echo the value entered by the user or not. |
| keyboard_interactive_prompt_prompt | The prompt label/text the client should present to the user. |
| listening | If True, the class accepts incoming connections on LocalPort. |
| local_host | The name of the local host or user-assigned IP interface through which connections are initiated or accepted. |
| local_port | The TCP port in the local host where the class listens. |
| root_directory | The root directory for the entire SFTP server. |
| ssh_cert_encoded | The certificate (PEM/base64 encoded). |
| ssh_cert_store | The name of the certificate store for the client certificate. |
| ssh_cert_store_password | If the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store. |
| ssh_cert_store_type | The type of certificate store for this certificate. |
| ssh_cert_subject | The subject of the certificate used for client authentication. |
| ssh_compression_algorithms | A comma-separated list containing all allowable compression algorithms. |
| ssh_encryption_algorithms | A comma-separated list containing all allowable encryption algorithms. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| config | Sets or retrieves a configuration setting. |
| disconnect | Disconnect the specified client. |
| do_events | Processes events from the internal message queue. |
| exchange_keys | Causes the class to exchange a new set of session keys on the specified connection. |
| reset | Reset the class. |
| set_file_list | Sets the file list for a connection during a directory listing request. |
| shutdown | Shuts down the server. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_connected | Fired immediately after a connection completes (or fails). |
| on_connection_request | Fired when a request for connection comes from a remote host. |
| on_dir_create | Fires when a client wants to create a new directory. |
| on_dir_list | Fires when a client attempts to open a directory for listing. |
| on_dir_remove | Fires when a client wants to delete a directory. |
| on_disconnected | Fired when a connection is closed. |
| on_error | Information about errors during data delivery. |
| on_file_close | Fires when a client attempts to close an open file or directory handle. |
| on_file_open | Fires when a client wants to open or create a file. |
| on_file_read | Fires when a client wants to read from an open file. |
| on_file_remove | Fires when a client wants to delete a file. |
| on_file_rename | Fires when a client wants to rename a file. |
| on_file_write | Fires when a client wants to write to an open file. |
| on_get_attributes | Fires when a client needs to get file information. |
| on_log | Fires once for each log message. |
| on_resolve_path | Fires when a client attempts to canonicalize a path. |
| on_set_attributes | Fires when a client attempts to set file or directory attributes. |
| on_ssh_status | Shows the progress of the secure connection. |
| on_ssh_user_auth_request | Fires when a client attempts to authenticate a connection. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| DirListBufferSize[ConnectionId] | The number of entries to be returned in one response to a request for a directory listing. |
| MaskSensitive | Masks passwords in logs. |
| ProtocolVersion | The highest allowable SFTP version to use. |
| RestrictUserToHomeDir[ConnectionId] | Whether to restrict the user to their home directory. |
| ServerEOL | Specifies the line endings used in files on the server. |
| SFTPErrorMessage[ConnectionId] | Specifies the error message to be returned to the client. |
| UserRootDirectory[ConnectionId] | The path of the server root directory for a particular user. |
| AltSSHCertCount | The number of records in the AltSSHCert configuration settings. |
| AltSSHCertStore[i] | The name of the certificate store. |
| AltSSHCertStorePassword[i] | The password used to open the certificate store. |
| AltSSHCertStoreType[i] | The type of certificate store. |
| AltSSHCertSubject[i] | The alternative certificate subject. |
| ClientSSHVersionString[ConnectionId] | The client's version string. |
| DefaultIdleTimeout | Specifies the default idle timeout for inactive clients. |
| KeyboardInteractivePrompts[ConnectionId] | Specifies custom keyboard-interactive prompts for particular connections. |
| KeyRenegotiationThreshold | Sets the threshold for the SSH Key Renegotiation. |
| LogLevel | Specifies the level of detail that is logged. |
| MaxAuthAttempts | The maximum authentication attempts allowed before forcing a disconnect. |
| ServerSSHVersionString | The SSH version string sent to connecting clients. |
| SSHKeepAliveCountMax | The maximum number of keep alive packets to send without a response. |
| SSHKeepAliveInterval | The interval between keep alive packets. |
| SSHKeyExchangeAlgorithms | Specifies the supported key exchange algorithms. |
| SSHMacAlgorithms | Specifies the supported Mac algorithms. |
| SSHPubKeyAuthSigAlgorithms | Specifies the allowed signature algorithms used by a client performing public key authentication. |
| SSHPublicKeyAlgorithms | Specifies the supported public key algorithms. |
| SSHVersionPattern | The pattern used to match the remote host's version string. |
| UserAuthBanner[ConnectionId] | A custom user authentication banner. |
| AllowedClients | A comma-separated list of host names or IP addresses that can access the class. |
| BindExclusively | Whether or not the class considers a local port reserved for exclusive use. |
| ConnectionUID | The unique connectionId for a connection. |
| DefaultConnectionTimeout | The inactivity timeout applied to the SSL handshake. |
| InBufferSize | The size in bytes of the incoming queue of the socket. |
| KeepAliveInterval | The retry interval, in milliseconds, to be used when a TCP keep-alive packet is sent and no response is received. |
| KeepAliveRetryCount | The number of keep-alive packets to be sent before the remotehost is considered disconnected. |
| KeepAliveTime | The inactivity time in milliseconds before a TCP keep-alive packet is sent. |
| MaxConnections | The maximum number of connections available. |
| OutBufferSize | The size in bytes of the outgoing queue of the socket. |
| TcpNoDelay | Whether or not to delay when sending packets. |
| UseIOCP | Whether to use the completion port I/O model. |
| UseIPv6 | Whether to use IPv6. |
| UseWindowsMessages | Whether to use the WSAAsyncSelect I/O model. |
| BuildInfo | Information about the product's build. |
| CodePage | The system code page used for Unicode to Multibyte translations. |
| LicenseInfo | Information about the current license. |
| ProcessIdleEvents | Whether the class uses its internal event loop to process events when the main thread is idle. |
| SelectWaitMillis | The length of time in milliseconds the class will wait when DoEvents is called if there are no events to process. |
| UseInternalSecurityAPI | Tells the class whether or not to use the system security libraries or an internal implementation. |