SSHServer Component

Properties   Methods   Events   Config Settings   Errors  

The SSHServer component is used to create Secure Shell (SSH) servers. The component handles multiple simultaneous connections on the same TCP/IP port (service port). It is designed to balance the load between connections for a fast, powerful server.

Syntax

TiphSSHServer

Remarks

The SSHServer component is the SSH-enabled equivalent of the IPWorks TCPServer component, extended by a set of new properties and events that deal with SSH security. The SSHCompressionAlgorithms and SSHEncryptionAlgorithms properties determine which protocols are enabled for the SSH handshake. The SSHCert* properties are used to select a certificate for the server (please note that a valid certificate MUST be selected before the server can function). The SSHUserAuthRequest event will allow you to use authenticate clients using digital certificates or passwords. Finally, the SSHStatus event provides information about the SSH handshake and underlying protocol notifications.

By default, each instance of SSHServer can handle up to 1000 simultaneous incoming connections (this number may be increased up to 100,000, or decreased to a lower value by using the MaxConnections configuration setting).

SSH connections are identified by a ConnectionId. Events relating to these connections as a whole will use the ConnectionId to identify the specific connection. Connections may also contained one or more multiplexed channels, which are identified by a ChannelId. Channel-level events will specify the ChannelId to which they relate.

SSHServer can start to listen on a port by setting the Listening property to True. When a remote host asks for a connection, the ConnectionRequest event is fired. At that point, the connection can either be accepted or rejected. If the connection is accepted, a ConnectionId is assigned, and communication can start. From this point on, the operation is very similar to SSHClient. Data can be sent to an individual SSHChannel using SendChannelData. The address and port of the incoming connection can be found by querying the RemoteHost and RemotePort properties.

Note: Server components are designed to process events as they occur. To ensure that events are processed in a timely manner, DoEvents should be called in a loop after the server is started.

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

Channels Property (SSHServer Component)

A collection of currently open channels.

Syntax

property Channels: TiphSSHChannelList read get_Channels;

Remarks

The SSH 2.0 specification allows for multiple channels to be opened over a single TCP/IP connection. The Channels property represents the channels that are currently open. A new SSHChannel can be opened with OpenChannel.

This collection is a hashtable where the channel's Id string is used as the key to the desired SSH channel object.

Example (Sending Data to a Channel)

This property is read-only.

ConnectionBacklog Property (SSHServer Component)

This property includes the maximum number of pending connections maintained by the Transmission Control Protocol (TCP)/IP subsystem.

Syntax

property ConnectionBacklog: Integer read get_ConnectionBacklog write set_ConnectionBacklog;

Default Value

5

Remarks

This property contains the maximum number of pending connections maintained by the TCP/IP subsystem. This value reflects the SOMAXCONN option for the main listening socket. The default value for most systems is 5. You may set this property to a larger value if the server is expected to receive a large number of connections, and queuing them is desirable.

This property is not available at design time.

Connections Property (SSHServer Component)

A collection of currently connected SSH clients.

Syntax

property Connections: TiphSSHConnectionList read get_Connections;

Remarks

This property is a collection of currently connected clients. All of the connections may be managed using this property. Each connection is described by the different fields of the SSHConnection type.

This collection is a hashtable type of collection, in which the connection Id string is used as the key to the desired connection. You may acquire the key for a given connection through the Connected event.

This property is read-only.

DefaultAuthMethods Property (SSHServer Component)

Specifies the supported authentication methods.

Syntax

property DefaultAuthMethods: String read get_DefaultAuthMethods write set_DefaultAuthMethods;

Default Value

'password,publickey'

Remarks

This property specifies the supported authentication methods. The client will choose one of the supported mechanisms when authenticating to the component.

This must be a comma separated list of values. For more information on authenticating clients see the SSHUserAuthRequest event.

The following is a list of methods implemented by the component:

DefaultIdleTimeout Property (SSHServer Component)

This property includes the default idle timeout for inactive clients.

Syntax

property DefaultIdleTimeout: Integer read get_DefaultIdleTimeout write set_DefaultIdleTimeout;

Default Value

0

Remarks

This property specifies the idle timeout (in seconds) for clients. When set to a positive value, the component will disconnect idle clients after the specified timeout.

This applies only to clients that have not sent or received data within DefaultIdleTimeout seconds.

If set to 0 (default), no idle timeout is applied.

Note: DoEvents must be called for the component to check existing connections.

DefaultTimeout Property (SSHServer Component)

An initial timeout value to be used by incoming connections.

Syntax

property DefaultTimeout: Integer read get_DefaultTimeout write set_DefaultTimeout;

Default Value

60

Remarks

This property is used by the component to set the operational timeout value of all inbound connections once they are established. If the timeout is set to 0, all inbound connections will behave asynchronously. The default value is 60, meaning the component will behave synchronously.

KeyboardInteractiveMessage Property (SSHServer Component)

The instructions to send to the client during keyboard-interactive authentication.

Syntax

property KeyboardInteractiveMessage: String read get_KeyboardInteractiveMessage write set_KeyboardInteractiveMessage;

Default Value

''

Remarks

This property should be set to the main instructions to send to the client during keyboard-interactive authentication.

KeyboardInteractivePrompts Property (SSHServer Component)

A collection of prompts to present to the user for keyboard-interactive authentication.

Syntax

property KeyboardInteractivePrompts: TiphSSHPromptList read get_KeyboardInteractivePrompts write set_KeyboardInteractivePrompts;

Remarks

This property is a collection of prompts to present to the user during keyboard-authentication. It is used together with the KeyboardInteractiveMessage property.

Listening Property (SSHServer Component)

If set to True, the component accepts incoming connections on LocalPort.

Syntax

property Listening: Boolean read get_Listening write set_Listening;

Default Value

false

Remarks

This property indicates whether the component is listening for connections on the port specified by the LocalPort property.

Note: Use the StartListening and StopListening methods to control whether the component is listening.

This property is not available at design time.

LocalHost Property (SSHServer Component)

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

property LocalHost: String read get_LocalHost write set_LocalHost;

Default Value

''

Remarks

The LocalHost property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multi-homed hosts (machines with more than one IP interface) setting LocalHost to the value of an interface will make the component initiate connections (or accept in the case of server components) only through that interface.

If the component is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multi-homed hosts (machines with more than one IP interface).

NOTE: LocalHost is not persistent. You must always set it in code, and never in the property window.

LocalPort Property (SSHServer Component)

The TCP port in the local host where the component listens.

Syntax

property LocalPort: Integer read get_LocalPort write set_LocalPort;

Default Value

22

Remarks

The LocalPort property must be set before TCPServer starts listening. If its value is 0, then the TCP/IP subsystem picks a port number at random. The port number can be found by checking the value of the LocalPort property after TCPServer is in listening mode (after successfully assigning True to the Listening property).

The service port is not shared among servers (i.e. there can be only one TCPServer 'listening' on a particular port at one time).

SSHCertEncoded Property (SSHServer Component)

This is the certificate (PEM/base64 encoded).

Syntax

property SSHCertEncoded: String read get_SSHCertEncoded write set_SSHCertEncoded;
property SSHCertEncodedB: TBytes read get_SSHCertEncodedB write set_SSHCertEncodedB;

Default Value

''

Remarks

This is the certificate (PEM/base64 encoded). This property is used to assign a specific certificate. The Store and Subject properties also may be used to specify a certificate.

When Encoded is set, a search is initiated in the current Store for the private key of the certificate. If the key is found, Subject is updated to reflect the full subject of the selected certificate; otherwise, Subject is set to an empty string.

This property is not available at design time.

SSHCertStore Property (SSHServer Component)

This is the name of the certificate store for the client certificate.

Syntax

property SSHCertStore: String read get_SSHCertStore write set_SSHCertStore;
property SSHCertStoreB: TBytes read get_SSHCertStoreB write set_SSHCertStoreB;

Default Value

'MY'

Remarks

This is the name of the certificate store for the client certificate.

The StoreType property denotes the type of the certificate store specified by Store. If the store is password protected, specify the password in StorePassword.

Store is used in conjunction with the Subject property to specify client certificates. If Store has a value, and Subject or Encoded is set, a search for a certificate is initiated. Please see the Subject property for details.

Designations of certificate stores are platform-dependent.

The following are designations of the most common User and Machine certificate stores in Windows:

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).

SSHCertStorePassword Property (SSHServer Component)

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

property SSHCertStorePassword: String read get_SSHCertStorePassword write set_SSHCertStorePassword;

Default Value

''

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

SSHCertStoreType Property (SSHServer Component)

This is the type of certificate store for this certificate.

Syntax

property SSHCertStoreType: TiphCertStoreTypes read get_SSHCertStoreType write set_SSHCertStoreType;

TiphCertStoreTypes = (
  cstUser,
  cstMachine,
  cstPFXFile,
  cstPFXBlob,
  cstJKSFile,
  cstJKSBlob,
  cstPEMKeyFile,
  cstPEMKeyBlob,
  cstPublicKeyFile,
  cstPublicKeyBlob,
  cstSSHPublicKeyBlob,
  cstP7BFile,
  cstP7BBlob,
  cstSSHPublicKeyFile,
  cstPPKFile,
  cstPPKBlob,
  cstXMLFile,
  cstXMLBlob,
  cstJWKFile,
  cstJWKBlob,
  cstSecurityKey,
  cstBCFKSFile,
  cstBCFKSBlob,
  cstPKCS11,
  cstAuto
);

Default Value

cstUser

Remarks

This is the type of certificate store for this certificate.

The component supports both public and private keys in a variety of formats. When the cstAuto value is used the component will automatically determine the type. This property can take one of the following values:

SSHCertSubject Property (SSHServer Component)

This is the subject of the certificate used for client authentication.

Syntax

property SSHCertSubject: String read get_SSHCertSubject write set_SSHCertSubject;

Default Value

''

Remarks

This is the subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are displayed below.

If a field value contains a comma it must be quoted.

SSHCompressionAlgorithms Property (SSHServer Component)

A comma-separated list containing all allowable compression algorithms.

Syntax

property SSHCompressionAlgorithms: String read get_SSHCompressionAlgorithms write set_SSHCompressionAlgorithms;

Default Value

'none,zlib'

Remarks

During the SSH handshake, this list will be used to negotiate the compression algorithm to be used between the client and server. This list is used for both directions: client to server and server to client. When negotiating algorithms, each side sends a list of all algorithms it supports or allows. The algorithm chosen for each direction is the first algorithm to appear in the sender's list that the receiver supports, so it is important to list multiple algorithms in preferential order. If no algorithm can be agreed upon, the component will raise an error and the connection will be aborted.

At least one supported algorithm must appear in this list. The following compression algorithms are supported by the component:

• zlib
• zlib@openssh.com
• none

SSHEncryptionAlgorithms Property (SSHServer Component)

A comma-separated list containing all allowable encryption algorithms.

Syntax

property SSHEncryptionAlgorithms: String read get_SSHEncryptionAlgorithms write set_SSHEncryptionAlgorithms;

Default Value

'aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-ctr,3des-cbc,blowfish-cbc,arcfour256,arcfour128,arcfour,cast128-cbc,aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com'

Remarks

During the SSH handshake, this list will be used to negotiate the encryption algorithm to be used between the client and server. This list is used for both directions: client to server and server to client. When negotiating algorithms, each side sends a list of all algorithms it supports or allows. The algorithm chosen for each direction is the first algorithm to appear in the sender's list that the receiver supports, so it is important to list multiple algorithms in preferential order. If no algorithm can be agreed upon, the component will raise an error and the connection will be aborted.

At least one supported algorithm must appear in this list. The following encryption algorithms are supported by the component:

ChangeRecordLength Method (SSHServer Component)

Changes the length of received data records.

Syntax

procedure ChangeRecordLength(ChannelId: Integer; RecordLength: Integer);

Remarks

This method defines the length of data records to be received (in bytes) for the specified ChannelId.

If RecordLength is set to a positive value, the component will accumulate data until RecordLength bytes of data is received and only then fire the SSHChannelDataIn event with data of length RecordLength. This allows data to be received as records of known length. This method can be called at any time to change the record length, including within the DataIn event.

A value of 0 (default) means this functionality is not used.

CloseChannel Method (SSHServer Component)

Closes a existing SSHChannel .

Syntax

procedure CloseChannel(ChannelId: Integer);

Remarks

ChannelId is the identifier for the SSH channel to be closed.

Config Method (SSHServer Component)

Sets or retrieves a configuration setting.

Syntax

function Config(ConfigurationString: String): String;

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Disconnect Method (SSHServer Component)

This method disconnects the specified client.

Syntax

procedure Disconnect(ConnectionId: Integer);

Remarks

Calling this method will disconnect the client specified by the ConnectionId parameter.

DoEvents Method (SSHServer Component)

Processes events from the internal message queue.

Syntax

procedure DoEvents();

Remarks

When DoEvents is called, the component processes any available events. If no events are available, it waits for a preset period of time, and then returns.

ExchangeKeys Method (SSHServer Component)

Causes the component to exchange a new set of session keys on the specified connection.

Syntax

procedure ExchangeKeys(ConnectionId: Integer);

Remarks

SSH key renegotiation can be initiated by either end of an established SSH connection. ExchangeKeys allows the server to start such a renegotiation with the client. During this process, SSHStatus events will fire containing updates regarding the key negotiation process.

The SSH 2.0 specification recommends that key renegotiation be done once for 2 gigabytes (GB) of data processed by the connection, or once every day. This makes it more difficult to break the security of data-intensive or long-lived connections.

GetSSHParam Method (SSHServer Component)

Used to read a field from an SSH packet's payload.

Syntax

function GetSSHParam(Payload: TBytes; Field: String): String;

Remarks

This method is used to read the value of a particular field from an SSH packet's payload. Payload should contain the full payload of a packet received by an event such as SSHChannelRequest. Field is the name of a field to be read out of the packet.

The following is a list of the names of well-known channel request field names and their encodings:

The remaining fields that are available in the payload are dependent upon the value of RequestType.

pty-req

Pty-req is a request to open a pseudo terminal on the specified channel. The following fields are available:

x11-req

X11-req is a request to forward x11 sessions over a channel. The following fields are available:

env

Env is a request to set an environment variable to be passed into a shell that may be started later. The following fields are available:

exec

Exec is a request to execute a command on the channel using the authenticated user's shell. The following field is available:

subsystem

Subsystem is a request to start a subsystem on the specified channel. The following field is available:

xon-xoff

Instructs the server to allow or disallow control-S/control-Q style flow control. The following field is available:

signal

Sends a signal to the remote process/service. The following field is available:

If the packet type is not well known, Field should start with the special character "%" and contain a comma-separated list of field types as defined in SetSSHParam. For example, reading out the X11AuthProtocol of an x11-req payload, you can use "%s,f".

Note: the return value is a string encoded the same way as the FieldValue param in SetSSHParam.

GetSSHParamBytes Method (SSHServer Component)

Used to read a field from an SSH packet's payload.

Syntax

function GetSSHParamBytes(Payload: TBytes; Field: String): TBytes;

Remarks

This method is the same as calling GetSSHParam, but returns raw bytes instead of strings.

OpenChannel Method (SSHServer Component)

Opens a new SSHChannel .

Syntax

function OpenChannel(ConnectionId: Integer; ChannelType: String): String;

Remarks

The SSH 2.0 specification allows for multiple channels to be opened over a single TCP/IP connection. The Channels property represents the channels that are currently open. A new SSHChannel can be opened with OpenChannel.

ChannelType represents the type of SSH channel to be opened. The most common type of channel is "session".

If the call to OpenChannel succeeds, an SSHChannel will be created and added to the Channels collection.

Reset Method (SSHServer Component)

Reset the component.

Syntax

procedure Reset();

Remarks

This method will reset the component's properties to their default values.

SendBytes Method (SSHServer Component)

Sends binary data to the specified channel.

Syntax

procedure SendBytes(ChannelId: Integer; Data: TBytes);

Remarks

This method sends binary data to the channel identified by ChannelId. To send text use the SendText method instead.

SendChannelData Method (SSHServer Component)

Used to send data over an SSH channel.

Syntax

procedure SendChannelData(ChannelId: Integer; Data: TBytes);

Remarks

This method can be used to send arbitrary data to the channel with the specified ChannelId.

SendSSHPacket Method (SSHServer Component)

Used to send an encoded SSH packet to the server.

Syntax

procedure SendSSHPacket(ChannelId: Integer; PacketType: Integer; Payload: TBytes);

Remarks

This method can be used to send a previously built SSH payload to the server. ChannelId identifies the channel that will receive the packet.

PacketType identifies what kind of packet is to be sent. Payload should contain the payload of the packet, which can be built by successive calls to SetSSHParam.

When SendSSHPacket is called, the component will finish building the packet, encrypt it for transport, and send it to the server.

SendText Method (SSHServer Component)

Sends text to the specified channel.

Syntax

procedure SendText(ChannelId: Integer; Text: String);

Remarks

This method sends text to the client identified by ChannelId. To send binary data use the SendBytes method instead.

SetSSHParam Method (SSHServer Component)

Used to write a field to the end of a payload.

Syntax

function SetSSHParam(Payload: TBytes; FieldType: String; FieldValue: String): TBytes;

Remarks

This method is used to build the payload portion of an SSH packet to be sent later by a call to SendSSHPacket. Payload should contain the result of a previous call to SetSSHParam. FieldType is a string defining the type of field to be written to the packet. FieldValue should be the string representation of the field to be written.

The following is a list of supported field types and a description of how FieldValue should be encoded:

Note: integer values may be encoded in hexadecimal by prefixing "0x" to the beginning of the string, otherwise the value is assumed to be base-10.

Shutdown Method (SSHServer Component)

This method shuts down the server.

Syntax

procedure Shutdown();

Remarks

This method shuts down the server. Calling this method is equivalent to calling StopListening and then breaking every client connection by calling Disconnect.

StartListening Method (SSHServer Component)

This method starts listening for incoming connections.

Syntax

procedure StartListening();

Remarks

This method begins listening for incoming connections on the port specified by LocalPort. Once listening, events will fire as new clients connect and data are transferred.

To stop listening for new connections, call StopListening. To stop listening for new connections and to disconnect all existing clients, call Shutdown.

StopListening Method (SSHServer Component)

This method stops listening for new connections.

Syntax

procedure StopListening();

Remarks

This method stops listening for new connections. After being called, any new connection attempts will be rejected. Calling this method does not disconnect existing connections.

To stop listening and to disconnect all existing clients, call Shutdown instead.

Connected Event (SSHServer Component)

This event is fired immediately after a connection completes (or fails).

Syntax

type TConnectedEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  StatusCode: Integer;
  const Description: String;
  var CertStoreType: Integer;
  var CertStore: String;
  var CertPassword: String;
  var CertSubject: String
) of Object;

property OnConnected: TConnectedEvent read FOnConnected write FOnConnected;

Remarks

If the connection is made normally, StatusCode is 0, and Description is 'OK'.

If the connection fails, StatusCode has the error code returned by the system. Description contains a description of this code. The value of StatusCode is equal to the value of the system error.

Please refer to the Error Codes section for more information.

ConnectionId is the connection Id of the client requesting the connection.

CertStoreType is the store type of the alternate certificate to use for this connection. The component supports both public and private keys in a variety of formats. When the cstAuto value is used the component will automatically determine the type. This property can take one of the following values:

CertStore is the store name or location of the alternate certificate to use for this connection.

Designations of certificate stores are platform-dependent.

The following are designations of the most common User and Machine certificate stores in Windows:

When the certificate store type is PFXFile, this property must be set to the name of the file. When the type is PFXBlob, the property must be set to the binary contents of a PFX file (i.e. PKCS12 certificate store).

CertPassword is the password of the certificate store containing the alternate certificate to use for this connection.

CertSubject is the subject of the alternate certificate to use for this connection.

The special value * matches any subject and will select the first certificate in the store. The certificate subject is a comma separated list of distinguished name fields and values. For instance "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are displayed below.

If a field value contains a comma it must be quoted.

ConnectionRequest Event (SSHServer Component)

This event is fired when a request for connection comes from a remote host.

Syntax

type TConnectionRequestEvent = procedure (
  Sender: TObject;
  const Address: String;
  Port: Integer;
  var Accept: Boolean
) of Object;

property OnConnectionRequest: TConnectionRequestEvent read FOnConnectionRequest write FOnConnectionRequest;

Remarks

This event indicates an incoming connection. The connection is accepted by default. Address and Port will contain information about the remote host requesting the inbound connection. If you want to refuse it, you can set the Accept parameter to False.

Disconnected Event (SSHServer Component)

This event is fired when a connection is closed.

Syntax

type TDisconnectedEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  StatusCode: Integer;
  const Description: String
) of Object;

property OnDisconnected: TDisconnectedEvent read FOnDisconnected write FOnDisconnected;

Remarks

If the connection is broken normally, StatusCode is 0, and Description is 'OK'.

If the connection is broken for any other reason, StatusCode has the error code returned by the system. Description contains a description of this code. The value of StatusCode is equal to the value of the system error.

Please refer to the Error Codes section for more information.

Error Event (SSHServer Component)

Information about errors during data delivery.

Syntax

type TErrorEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  ErrorCode: Integer;
  const Description: String
) of Object;

property OnError: TErrorEvent read FOnError write FOnError;

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component raises an exception.

ConnectionId contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Log Event (SSHServer Component)

Fires once for each log message.

Syntax

type TLogEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  LogLevel: Integer;
  const Message: String;
  const LogType: String
) of Object;

property OnLog: TLogEvent read FOnLog write FOnLog;

Remarks

This event fires once for each log messages generated by the component. The verbosity is controlled by the LogLevel setting.

LogLevel indicates the detail level of the message. Possible values are:

Message is the log message.

LogType is reserved for future use.

ConnectionId specifies the connection to which the log message is applicable.

SSHChannelClosed Event (SSHServer Component)

Fired when a channel is closed.

Syntax

type TSSHChannelClosedEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  ChannelId: Integer
) of Object;

property OnSSHChannelClosed: TSSHChannelClosedEvent read FOnSSHChannelClosed write FOnSSHChannelClosed;

Remarks

The SSHChannelClosed event is fired when a channel is closed on an SSH connection.

ConnectionId identifies the connection. ChannelId identifies the channel.

Note: Processing long-running requests, including sending channel data, inside this event may cause the underlying transport to stop processing SSH data until the event returns. In order to prevent this from happening, all requests should be processed asynchronously in a separate thread outside of this event.

SSHChannelDataIn Event (SSHServer Component)

Fired when data is received on an SSH channel.

Syntax

type TSSHChannelDataInEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  ChannelId: Integer;
  Data: String;
  DataB: TBytes
) of Object;

property OnSSHChannelDataIn: TSSHChannelDataInEvent read FOnSSHChannelDataIn write FOnSSHChannelDataIn;

Remarks

Whenever a client sends data to an SSH channel, the SSHChannelDataIn event will fire. ChannelId will identify the channel receiving data. Data will contain the raw data being received.

ConnectionId identifies the connection. ChannelId identifies the channel.

Note: Processing long-running requests, including sending channel data, inside this event may cause the underlying transport to stop processing SSH data until the event returns. In order to prevent this from happening, all requests should be processed asynchronously in a separate thread outside of this event.

SSHChannelEOF Event (SSHServer Component)

Fired when the remote peer signals the end of the data stream for the channel.

Syntax

type TSSHChannelEOFEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  ChannelId: Integer
) of Object;

property OnSSHChannelEOF: TSSHChannelEOFEvent read FOnSSHChannelEOF write FOnSSHChannelEOF;

Remarks

The SSHChannelEOF event is fired when the end of the data stream for a channel on an SSH connection is reached.

ConnectionId identifies the connection. ChannelId identifies the channel.

Note: Processing long-running requests, including sending channel data, inside this event may cause the underlying transport to stop processing SSH data until the event returns. In order to prevent this from happening, all requests should be processed asynchronously in a separate thread outside of this event.

SSHChannelOpened Event (SSHServer Component)

Fired when a channel is successfully opened.

Syntax

type TSSHChannelOpenedEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  ChannelId: Integer
) of Object;

property OnSSHChannelOpened: TSSHChannelOpenedEvent read FOnSSHChannelOpened write FOnSSHChannelOpened;

Remarks

The SSHChannelOpened event is fired when a channel is successfully opened on an SSH connection.

ConnectionId identifies the connection. ChannelId identifies the channel.

Note: Processing long-running requests, including sending channel data, inside this event may cause the underlying transport to stop processing SSH data until the event returns. In order to prevent this from happening, all requests should be processed asynchronously in a separate thread outside of this event.

SSHChannelOpenRequest Event (SSHServer Component)

Fired when a client attempts to open a new channel.

Syntax

type TSSHChannelOpenRequestEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  ChannelId: Integer;
  const Service: String;
  Parameters: String;
  ParametersB: TBytes;
  var Accept: Boolean
) of Object;

property OnSSHChannelOpenRequest: TSSHChannelOpenRequestEvent read FOnSSHChannelOpenRequest write FOnSSHChannelOpenRequest;

Remarks

This event is fired whenever a client attempts to open a new channel for a given connection. ChannelId will contain the id of the channel to be created. Service will identify the type of channel that is being requested (e.g.: "session"). Set Accept to true to accept the channel open request.

ConnectionId identifies the connection. ChannelId identifies the channel.

If the channel open request contains extra information, it will be contained in Parameters; you can extract data from it using GetSSHParam and GetSSHParamBytes. The most common example of a request with parameters would be a request with Service set to "direct-tcpip" (for SSH tunneling); in that case Parameters will contain the host to connect (string), the port to connect (int), the originator IP address (string) and the originator TCP port (int).

Note: Processing long-running requests, including sending channel data, inside this event may cause the underlying transport to stop processing SSH data until the event returns. In order to prevent this from happening, all requests should be processed asynchronously in a separate thread outside of this event.

SSHChannelReadyToSend Event (SSHServer Component)

Fired when the component is ready to send data.

Syntax

type TSSHChannelReadyToSendEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  ChannelId: Integer
) of Object;

property OnSSHChannelReadyToSend: TSSHChannelReadyToSendEvent read FOnSSHChannelReadyToSend write FOnSSHChannelReadyToSend;

Remarks

This event fires when data can be sent over the SSH Channel specified by ChannelId for the connection specified by ConnectionId.

When a channel is opened this event will fire once the channel is ready and data can be sent.

When Timeout is set to 0 (asynchronous) sending data may result in an error if the channel or underlying socket cannot accept more data to send. Monitor SSHChannelReadyToSend or ReadyToSend to determine when data can be sent again.

When Timeout is set to a positive value the component will block when sending data until the data can be successfully sent and SSHChannelReadyToSend and ReadyToSend do not need to be monitored.

SSHChannelRequest Event (SSHServer Component)

Fired when the SSHHost sends a channel request to the client.

Syntax

type TSSHChannelRequestEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  ChannelId: Integer;
  const RequestType: String;
  Packet: String;
  PacketB: TBytes;
  var Success: Boolean
) of Object;

property OnSSHChannelRequest: TSSHChannelRequestEvent read FOnSSHChannelRequest write FOnSSHChannelRequest;

Remarks

The SSHHost may send requests that affect the status of a particular SSHChannel. Some requests will be automatically handled by the component. However, others may need the attention of the user to be dealt with properly within the scope of the application.

ConnectionId identifies the connection.

ChannelId identifies the channel receiving the request.

Type will contain the type of the request. These types are dependent upon the type of the channel. For example, a "session" channel executing a command on the remote shell may receive an "exit-status" request containing the return code of that command.

RequestData contains the remainder of the original SSH packet. If the request type has specific parameters, they can be parsed out of this data.

Success should be used to instruct the component to respond to the request with either a success or failure notification. If the request is successful, SSHChannelRequested will fire with the same information in case the request requires further processing.

Note: Processing long-running requests, including sending channel data, inside this event may cause the underlying transport to stop processing SSH data until the event returns. In order to prevent this from happening, all requests should be processed asynchronously in a separate thread outside of this event.

SSHChannelRequested Event (SSHServer Component)

Fired if the SSHChannelRequest was successful, any further processing for the channel request should be done here.

Syntax

type TSSHChannelRequestedEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  ChannelId: Integer;
  const RequestType: String;
  Packet: String;
  PacketB: TBytes
) of Object;

property OnSSHChannelRequested: TSSHChannelRequestedEvent read FOnSSHChannelRequested write FOnSSHChannelRequested;

Remarks

The SSHHost may send requests that affect the status of a particular SSHChannel. Some requests will be automatically handled by the component. However, others may need the attention of the user to be dealt with properly within the scope of the application.

ConnectionId identifies the connection.

ChannelId identifies the channel receiving the request.

Type will contain the type of the request. These types are dependent upon the type of the channel. For example, a "session" channel executing a command on the remote shell may receive an "exit-status" request containing the return code of that command.

RequestData contains the remainder of the original SSH packet. If the request type has specific parameters, they can be parsed out of this data.

Note: Processing long-running requests, including sending channel data, inside this event may cause the underlying transport to stop processing SSH data until the event returns. In order to prevent this from happening, all requests should be processed asynchronously in a separate thread outside of this event.

SSHServiceRequest Event (SSHServer Component)

Fired when a client requests a service to be started.

Syntax

type TSSHServiceRequestEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  const Service: String;
  var Accept: Boolean
) of Object;

property OnSSHServiceRequest: TSSHServiceRequestEvent read FOnSSHServiceRequest write FOnSSHServiceRequest;

Remarks

The SSHServiceRequest event is fired when a client requests that a service be started for a particular connection, identified by ConnectionId. Service will be the name of the service the client wishes to start. If the connection is authenticated and the user has access to the service, set Accept to true to allow the SSHServer to accept the request.

Note: Processing long-running requests, including sending channel data, inside this event may cause the underlying transport to stop processing SSH data until the event returns. In order to prevent this from happening, all requests should be processed asynchronously in a separate thread outside of this event.

SSHStatus Event (SSHServer Component)

Shows the progress of the secure connection.

Syntax

type TSSHStatusEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  const Message: String
) of Object;

property OnSSHStatus: TSSHStatusEvent read FOnSSHStatus write FOnSSHStatus;

Remarks

The event is fired for informational and logging purposes only. Used to track the progress of the connection.

SSHTunnelClosed Event (SSHServer Component)

This event will fire when a connected client attempts to close a tunnel.

Syntax

type TSSHTunnelClosedEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  const Address: String;
  Port: Integer
) of Object;

property OnSSHTunnelClosed: TSSHTunnelClosedEvent read FOnSSHTunnelClosed write FOnSSHTunnelClosed;

Remarks

SSHTunnelRequested Event (SSHServer Component)

This event fires when a connected client attempts to establish a forward or reverse tunnel.

Syntax

type TSSHTunnelRequestedEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  Direction: Integer;
  const Address: String;
  var Port: Integer;
  var Accept: Boolean
) of Object;

property OnSSHTunnelRequested: TSSHTunnelRequestedEvent read FOnSSHTunnelRequested write FOnSSHTunnelRequested;

Remarks

SSHUserAuthRequest Event (SSHServer Component)

Fires when a client attempts to authenticate a connection.

Syntax

type TSSHUserAuthRequestEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  const User: String;
  const Service: String;
  const AuthMethod: String;
  const AuthParam: String;
  var Accept: Boolean;
  var PartialSuccess: Boolean;
  var AvailableMethods: String;
  const KeyAlgorithm: String
) of Object;

property OnSSHUserAuthRequest: TSSHUserAuthRequestEvent read FOnSSHUserAuthRequest write FOnSSHUserAuthRequest;

Remarks

The SSHUserAuthRequest event fires when an SSH client attempts to authenticate itself on a particular connection. ConnectionId will identify the connection being authenticated. User will be the name of the account requesting authentication, and Service will contain the name of the service the client is wishing to access.

AuthMethod will denote which method the client is attempting to use to authenticate itself. AuthParam will contain the value of the authentication token used by the client. If the token is acceptable, you may set Accept to true to allow the component to authenticate the client. If it is not, set Accept to false.

Connecting clients will initially attempt authentication with an AuthMethod of "none". This is done with the expectation that the request will fail and the server will send a list of supported methods back to the client. In your implementation check the AuthMethod parameter, if it is "none" you should set AvailableMethods and reject the request. The client will select one of the available methods and re-authenticate.

You may set AvailableMethods to a comma-delimited string of authentication methods that are available for the user. This list will be sent back to the client so that it may perform further authentication attempts.

The following is a list of methods implemented by the component:

The PartialSuccess parameter is only used when multi-factor authentication is needed. To implement multi-factor authentication when this event fires first verify the AuthParam for the given AuthMethod. If accepted, set PartialSuccess to true and Accept to false. The client should then send the authentication request for a different form of authentication specified in AvailableMethods. You may continue to set PartialSuccess to true until all authentication requirements are satisfied. Once all requirements are satisfied set Accept to true.

KeyAlgorithm hold the signing algorithm used when the client attempts public key authentication. Possible values are:

• ssh-rsa
• rsa-sha2-256
• rsa-sha2-512
• ssh-dss
• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521
• x509v3-sign-rsa
• x509v3-sign-dss

Note: Processing long-running requests, including sending channel data, inside this event may cause the underlying transport to stop processing SSH data until the event returns. In order to prevent this from happening, all requests should be processed asynchronously in a separate thread outside of this event.

SSHChannel Type

A currently open SSH channel.

Remarks

This type describes the SSH client's currently open channels. You may use the different fields of this type to manage the channel.

Fields

SSHConnection Type

A currently connected client.

Remarks

This type describes the connection of a client which is currently connected to the component. You may use the different fields of this type to manage the connection.

Fields

Constructors

constructor Create();

SSHPrompt Type

A prompt to provide to the client during keyboard-interactive authentication.

Remarks

This type describes a prompt the SSH daemon will send to the client when requesting keyboard-interactive authentication.

Fields

Constructors

constructor Create();

constructor Create(valPrompt: String; valEcho: Boolean);

Config Settings (SSHServer Component)

SSHServer Config Settings

*SSH-1.99-*,*SSH-2.0-*,*SSH-2.99-*

TCPServer Config Settings

Base Config Settings

Trappable Errors (SSHServer Component)

SSHServer Errors

TCPServer Errors

TCP/IP Errors