SSHTunnel Component

Properties   Methods   Events   Config Settings   Errors  

The SSHTunnel component can be used to tunnel data through a Secure Shell (SSH) server to a remote location.

Syntax

TiphSSHTunnel

Remarks

The SSHTunnel component implements a daemon that accepts connections and tunnels the data from those connections over a Secure Shell (SSH) connection to a remote location.

First, set SSHHost to the server you wish to use to tunnel the data. SSHUser, SSHPassword, and the SSHCert* properties can be used to authenticate the tunneling connection.

Second, set SSHForwardHost to the hostname or IP address of the destination machine, and SSHForwardPort to the port to which you wish to send data. Finally, call StartListening. The component will listen for connections on the interface identified by LocalHost and LocalPort.

When a client attempts to connect to the component, the component will fire a ConnectionRequest event that can be used to accept or reject the connection. If the connection is accepted, the component will attempt to logon to the SSHHost and will tell the server to connect remotely to another machine. Once this process is complete, the tunnel will be established and data can be securely transmitted from end to end.

Example. Connecting Between Networks:

A client that exists in Network A wishes to connect to a resource that exists in Network B. Both networks are secured by a firewall, making it difficult to freely connect to resources within the other network. Network B, however, contains an SSH server that supports tunneling. An SSHTunnel component set up with Network A can be used to access any resource in Network B.

The SSHHost and SSHPort properties must be set to the hostname and port exposed by Network B's firewall. SSHForwardHost and SSHForwardPort are then set to the value of the resource within Network B to which the client in Network A wishes to connect. Any client in Network A can then connect to the SSHTunnel instance's LocalHost and LocalPort.

As clients within Network A connect to the SSHTunnel, the component will forward the connections, secured by SSH, through the network firewalls to the SSH server in Network B. The SSH server will then connect to the resource within Network B and forward all data received from the SSHTunnel instance to that resource. All data received from the resource will then be forwarded to the original client in Network A.

Dynamic Forwarding

Dynamic forwarding is a feature provided by SSH that leverages the SOCKS protocol. With dynamic forwarding, the SSHTunnel component acts as a SOCKS proxy, and all relevant traffic is relayed through the SSH connection to the destination defined by the client that made the request. The SSHTunnel component supports dynamic forwarding automatically when SSHForwardHost and SSHForwardPort are not specified (the forwarding host is determined dynamically).

The client making requests through SSHTunnel must be configured to use a SOCKS proxy, in which case the proxy port is the same as the LocalPort property. In IPWorks components, a SOCKS proxy can be enabled as follows:

// Enable the SOCKS proxy for IPWorks' HTTP component http.Firewall.FirewallType = nsoftware.IPWorks.FirewallTypes.fwSOCKS5; http.Firewall.Port = 1234; //The port set in the SSHTunnel LocalPort property http.Firewall.Host = "localhost"; //The hostname or IP address where SSHTunnel is listening

Note: SSHTunnel can support either dynamic forwarding (SSHForwardHost and SSHForwardPort are not set) or standard forwarding (SSHForwardHost and SSHForwardPort are set). It cannot support both modes at the same time. As a result, it is expected that clients connecting to the SSHTunnel component are configured in a way that matches the configuration of the SSHTunnel component (dynamic or standard forwarding). For example, if SSHTunnel has the SSHForwardHost and SSHForwardPort properties set, then the client must not treat SSHTunnel as a SOCKS proxy. If the SSHTunnel does not have the aforementioned properties set, then the client must treat SSHTunnel as a SOCKS proxy.

Note: Server components are designed to process events as they occur. To ensure that events are processed in a timely manner, DoEvents should be called in a loop after the server is started.

Property List

The following is the full list of the properties of the component with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the component with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the component with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the component with short descriptions. Click on the links for further details.

Connected Property (SSHTunnel Component)

Whether the component is connected.

Syntax

property Connected: Boolean read get_Connected;

Default Value

false

Remarks

This property is used to determine whether or not the component is connected to the remote host. Use the Connect and Disconnect methods to manage the connection.

This property is read-only and not available at design time.

ConnectionBacklog Property (SSHTunnel Component)

This property includes the maximum number of pending connections maintained by the Transmission Control Protocol (TCP)/IP subsystem.

Syntax

property ConnectionBacklog: Integer read get_ConnectionBacklog write set_ConnectionBacklog;

Default Value

5

Remarks

This property contains the maximum number of pending connections maintained by the TCP/IP subsystem. This value reflects the SOMAXCONN option for the main listening socket. The default value for most systems is 5. You may set this property to a larger value if the server is expected to receive a large number of connections, and queuing them is desirable.

This property is not available at design time.

Connections Property (SSHTunnel Component)

This property includes a collection of currently connected clients.

Syntax

property Connections: TiphConnectionList read get_Connections;

Remarks

This property contains a collection of currently connected clients. All of the connections may be managed using this property. Each connection is described by the different fields of the Connection type.

This collection is a hash-table type of collection, in which the Connection Id string is used as the key to the desired connection. You may acquire the key for a given connection through the Connected event.

Example (Broadcasting Data) For i = 0 to Control.ConnectionCount Control.DataToSend(Control.ConnectionId(i)) = "Broadcast Data" Next i

This property is read-only.

DefaultEOL Property (SSHTunnel Component)

This property includes a default end-of-line (EOL) value to be used by incoming connections.

Syntax

property DefaultEOL: String read get_DefaultEOL write set_DefaultEOL;
property DefaultEOLB: TBytes read get_DefaultEOLB write set_DefaultEOLB;

Default Value

''

Remarks

This property contains a default end-of-line (EOL) value to be used by incoming connections. Once the component accepts and establishes an inbound connection, it will set that connection's EOL to the value in this property. By default, this value is empty (""), meaning that data will be fired as it is received.

DefaultSingleLineMode Property (SSHTunnel Component)

This property tells the component whether or not to treat new connections as line oriented.

Syntax

property DefaultSingleLineMode: Boolean read get_DefaultSingleLineMode write set_DefaultSingleLineMode;

Default Value

false

Remarks

This property instructs the component whether or not to treat newly established connections as line-oriented protocols. If this value is True, newly accepted connections will read the incoming data stream as lines separated by a carriage return line feed (CRLF), carriage return (CR), or line feed (LF) and will ignore the end of lines (EOLs).

DefaultTimeout Property (SSHTunnel Component)

This property includes an initial timeout value to be used by incoming connections.

Syntax

property DefaultTimeout: Integer read get_DefaultTimeout write set_DefaultTimeout;

Default Value

0

Remarks

This property is used by the component to set the operational timeout value of all inbound connections once they are established.

By default, the timeout is 0, meaning that all inbound connections will behave asynchronously.

Firewall Property (SSHTunnel Component)

A set of properties related to firewall access.

Syntax

property Firewall: TiphFirewall read get_Firewall write set_Firewall;

Remarks

This is a Firewall-type property, which contains fields describing the firewall through which the component will attempt to connect.

KeepAlive Property (SSHTunnel Component)

When True, KEEPALIVE packets are enabled (for long connections).

Syntax

property KeepAlive: Boolean read get_KeepAlive write set_KeepAlive;

Default Value

false

Remarks

This property enables the SO_KEEPALIVE option on the incoming connections. This option prevents long connections from timing out in case of inactivity.

Note: System Transmission Control Protocol (TCP)/IP stack implementations are not required to support SO_KEEPALIVE.

This property is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified.

Linger Property (SSHTunnel Component)

When set to True, connections are terminated gracefully.

Syntax

property Linger: Boolean read get_Linger write set_Linger;

Default Value

true

Remarks

This property controls how a connection is closed. The default is True. In this case, the connection is closed only after all the data are sent. Setting it to False forces an abrupt (hard) disconnection. Any data that were in the sending queue may be lost.

The default behavior (which is also the default mode for stream sockets) might result in an indefinite delay in closing the connection. Although the component returns control immediately, the system might indefinitely hold system resources until all pending data are sent (even after your application closes). This means that valuable system resources might be wasted.

Setting this property to False forces an immediate disconnection. If you know that the other side has received all the data you have sent (e.g., by a client acknowledgment), then setting this property to False might be the appropriate course of action.

This property is shared among incoming connections. When the property is set, the corresponding value is set for incoming connections as they are accepted. Existing connections are not modified.

Listening Property (SSHTunnel Component)

This property indicates whether the component is listening for incoming connections on LocalPort.

Syntax

property Listening: Boolean read get_Listening;

Default Value

false

Remarks

This property indicates whether the component is listening for connections on the port specified by the LocalPort property. Use the StartListening and StopListening methods to control whether the component is listening.

This property is read-only and not available at design time.

LocalHost Property (SSHTunnel Component)

The name of the local host or user-assigned IP interface through which connections are initiated or accepted.

Syntax

property LocalHost: String read get_LocalHost write set_LocalHost;

Default Value

''

Remarks

This property contains the name of the local host as obtained by the gethostname() system call, or if the user has assigned an IP address, the value of that address.

In multihomed hosts (machines with more than one IP interface) setting LocalHost to the IP address of an interface will make the component initiate connections (or accept in the case of server components) only through that interface. It is recommended to provide an IP address rather than a hostname when setting this property to ensure the desired interface is used.

If the component is connected, the LocalHost property shows the IP address of the interface through which the connection is made in internet dotted format (aaa.bbb.ccc.ddd). In most cases, this is the address of the local host, except for multihomed hosts (machines with more than one IP interface).

Note: LocalHost is not persistent. You must always set it in code, and never in the property window.

LocalPort Property (SSHTunnel Component)

The TCP port in the local host where the component binds.

Syntax

property LocalPort: Integer read get_LocalPort write set_LocalPort;

Default Value

0

Remarks

This property must be set before the component can start listening. If its value is 0, then the TCP/IP subsystem picks a port number at random. The port number can be found by checking the value of this property after the component is listening (i.e., after successfully assigning True to the Listening property).

The service port is not shared among servers so two components cannot be listening on the same port at the same time.

This property must be set before a connection is attempted. It instructs the component to bind to a specific port (or communication endpoint) in the local machine.

Setting this property to 0 (default) enables the system to choose an open port at random. The chosen port will be returned by the LocalPort property after the connection is established.

LocalPort cannot be changed once a connection is made. Any attempt to set this property when a connection is active will generate an error.

This property is useful when trying to connect to services that require a trusted port on the client side.

SSHAcceptServerHostKey Property (SSHTunnel Component)

Instructs the component to accept the server host key that matches the supplied key.

Syntax

property SSHAcceptServerHostKey: TiphCertificate read get_SSHAcceptServerHostKey write set_SSHAcceptServerHostKey;

Remarks

If the host key that will be used by the server is known in advance, this property may be set to accept the expected key. Otherwise, the SSHServerAuthentication event should be trapped, and the key should be accepted or refused in the event.

If this property is not set and the SSHServerAuthentication event is not trapped, the server will not be authenticated and the connection will be terminated by the client.

SSHAuthMode Property (SSHTunnel Component)

The authentication method to be used with the component when calling SSHLogon .

Syntax

property SSHAuthMode: TiphTSSHAuthModes read get_SSHAuthMode write set_SSHAuthMode;

TiphTSSHAuthModes = (
  amNone,
  amMultiFactor,
  amPassword,
  amPublicKey,
  amKeyboardInteractive,
  amGSSAPIWithMic,
  amGSSAPIKeyex,
  amCustom
);

Default Value

amPassword

Remarks

The Secure Shell (SSH) Authentication specification (RFC 4252) specifies multiple methods by which a user can be authenticated by an SSH server. When a call is made to SSHLogon, the component will connect to the SSH server and establish the security layer. After the connection has been secured, the client will send an authentication request to the SSHHost containing the SSHUser. The server will respond containing a list of methods by which that user may be authenticated.

The component will attempt to authenticate the user by one of those methods based on the value of SSHAuthMode and other property values supplied by the user. Currently, the component supports the following authentication methods:

Example 1. User/Password Authentication: Control.SSHAuthMode = SftpSSHAuthModes.amPassword Control.SSHUser = "username" Control.SSHPassword = "password" Control.SSHLogon("server", 22) Example 2. Public Key Authentication: Control.SSHAuthMode = SftpSSHAuthModes.amPublicKey Control.SSHUser = "username" Control.SSHCertStoreType = SSHCertStoreTypes.cstPFXFile; Control.SSHCertStore = "cert.pfx"; Control.SSHCertStorePassword = "certpassword"; Control.SSHCertSubject = "*"; Control.SSHLogon("server", 22)

SSHCert Property (SSHTunnel Component)

A certificate to be used for authenticating the SSHUser .

Syntax

property SSHCert: TiphCertificate read get_SSHCert write set_SSHCert;

Remarks

To use public key authentication, SSHCert must contain a Certificate with a valid private key. The certificate's public key value is sent to the server along with a signature produced using the private key. The server will first check to see if the public key values match what is known for the user, and then it will attempt to use those values to verify the signature.

Example 1. User/Password Authentication: Control.SSHAuthMode = SftpSSHAuthModes.amPassword Control.SSHUser = "username" Control.SSHPassword = "password" Control.SSHLogon("server", 22) Example 2. Public Key Authentication: Control.SSHAuthMode = SftpSSHAuthModes.amPublicKey Control.SSHUser = "username" Control.SSHCertStoreType = SSHCertStoreTypes.cstPFXFile; Control.SSHCertStore = "cert.pfx"; Control.SSHCertStorePassword = "certpassword"; Control.SSHCertSubject = "*"; Control.SSHLogon("server", 22)

SSHCompressionAlgorithms Property (SSHTunnel Component)

The comma-separated list containing all allowable compression algorithms.

Syntax

property SSHCompressionAlgorithms: String read get_SSHCompressionAlgorithms write set_SSHCompressionAlgorithms;

Default Value

'none,zlib'

Remarks

During the Secure Shell (SSH) handshake, this list will be used to negotiate the compression algorithm to be used between the client and server. This list is used for both directions: client to server and server to client. When negotiating algorithms, each side sends a list of all algorithms it supports or allows. The algorithm chosen for each direction is the first algorithm to appear in the sender's list that the receiver supports. Therefore, it is important to list multiple algorithms in preferential order. If no algorithm can be agreed on, the component will raise an error and the connection will be aborted.

At least one supported algorithm must appear in this list. The following compression algorithms are supported by the component:

• zlib
• zlib@openssh.com
• none

SSHEncryptionAlgorithms Property (SSHTunnel Component)

The comma-separated list containing all allowable encryption algorithms.

Syntax

property SSHEncryptionAlgorithms: String read get_SSHEncryptionAlgorithms write set_SSHEncryptionAlgorithms;

Default Value

'aes256-ctr,aes192-ctr,aes128-ctr,3des-ctr,arcfour256,arcfour128,arcfour,aes256-gcm@openssh.com,aes128-gcm@openssh.com,chacha20-poly1305@openssh.com'

Remarks

During the Secure Shell (SSH) handshake, this list will be used to negotiate the encryption algorithm to be used between the client and server. This list is used for both directions: client to server and server to client. When negotiating algorithms, each side sends a list of all algorithms it supports or allows. The algorithm chosen for each direction is the first algorithm to appear in the sender's list that the receiver supports. Therefore, it is important to list multiple algorithms in preferential order. If no algorithm can be agreed on, the component will raise an error and the connection will be aborted.

At least one supported algorithm must appear in this list. The following encryption algorithms are supported by the component:

SSHForwardHost Property (SSHTunnel Component)

The address of the remote host. Domain names are resolved to IP addresses.

Syntax

property SSHForwardHost: String read get_SSHForwardHost write set_SSHForwardHost;

Default Value

''

Remarks

The SSHForwardHost property specifies the IP address (IP number in dotted internet format) or domain name of the remote host. It is set before a connection is attempted and cannot be changed once a connection is established.

If the SSHForwardHost property is set to a domain name, a DNS request is initiated. Upon successful termination of the request, the SSHForwardHost property is set to the corresponding address. If the search is not successful, an error is returned.

If the component is configured to use a SOCKS firewall, the value assigned to this property may be preceded with an "*". If this is the case, the host name is passed to the firewall unresolved and the firewall performs the DNS resolution.

SSHForwardPort Property (SSHTunnel Component)

The Transmission Control Protocol (TCP) port in the remote host.

Syntax

property SSHForwardPort: Integer read get_SSHForwardPort write set_SSHForwardPort;

Default Value

0

Remarks

The SSHForwardPort property specifies a service port on the remote host to connect to.

A valid port number (a value between 1 and 65535) is required for the connection to take place. The property must be set before a connection is attempted and cannot be changed once a connection is established. Any attempt to change this property while connected will fail with an error.

SSHHost Property (SSHTunnel Component)

The address of the Secure Shell (SSH) host.

Syntax

property SSHHost: String read get_SSHHost write set_SSHHost;

Default Value

''

Remarks

The SSHHost property specifies the IP address (IP number in dotted internet format) or domain name of the remote host. It is set before a connection is attempted and cannot be changed once a connection is established.

If the SSHHost property is set to a domain name, a DNS request is initiated, and upon successful termination of the request, the SSHHost property is set to the corresponding address. If the search is not successful, an error is returned.

The SSHHost must be the same host that will be assumed for SSH as for the remote service being connected to.

SSHPassword Property (SSHTunnel Component)

The password for Secure Shell (SSH) password-based authentication.

Syntax

property SSHPassword: String read get_SSHPassword write set_SSHPassword;

Default Value

''

Remarks

SSHPassword specifies the password that is used to authenticate the client to the SSH server.

SSHPort Property (SSHTunnel Component)

The port on the Secure Shell (SSH) server where the SSH service is running; by default, 22.

Syntax

property SSHPort: Integer read get_SSHPort write set_SSHPort;

Default Value

22

Remarks

The SSHPort specifies a service port on the SSH host to connect to.

A valid port number (a value between 1 and 65535) is required for the connection to take place. The property must be set before a connection is attempted and cannot be changed once a connection is established. Any attempt to change this property while connected will fail with an error.

SSHUser Property (SSHTunnel Component)

The username for Secure Shell (SSH) authentication.

Syntax

property SSHUser: String read get_SSHUser write set_SSHUser;

Default Value

''

Remarks

SSHUser specifies the username that is used to authenticate the client to the SSH server. This property is required.

Example 1. User/Password Authentication: Control.SSHAuthMode = SftpSSHAuthModes.amPassword Control.SSHUser = "username" Control.SSHPassword = "password" Control.SSHLogon("server", 22) Example 2. Public Key Authentication: Control.SSHAuthMode = SftpSSHAuthModes.amPublicKey Control.SSHUser = "username" Control.SSHCertStoreType = SSHCertStoreTypes.cstPFXFile; Control.SSHCertStore = "cert.pfx"; Control.SSHCertStorePassword = "certpassword"; Control.SSHCertSubject = "*"; Control.SSHLogon("server", 22)

Config Method (SSHTunnel Component)

Sets or retrieves a configuration setting.

Syntax

function Config(ConfigurationString: String): String;

Remarks

Config is a generic method available in every component. It is used to set and retrieve configuration settings for the component.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the component, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

Connect Method (SSHTunnel Component)

Connects to the Secure Shell (SSH) host without logging in.

Syntax

procedure Connect();

Remarks

This method establishes a connection with the SSHHost but does not log in. In most cases, it is recommended to use the StartListening method that will both establish a connection and log in to the server.

This method may be useful in cases in which it is desirable to separate the connection and logon operations, for instance, when confirming a host is available by first creating the connection.

DecodePacket Method (SSHTunnel Component)

Decodes a hex-encoded Secure Shell (SSH) packet.

Syntax

function DecodePacket(EncodedPacket: String): TBytes;

Remarks

This method is used to decode an SSH packet created by EncodePacket.

Note: This method is applicable only for reading and creating Secure Shell (SSH) packets for use within the SSHCustomAuth event.

Disconnect Method (SSHTunnel Component)

This method disconnects the specified client.

Syntax

procedure Disconnect(ConnectionId: Integer);

Remarks

This method immediately disconnects from the server without first logging off.

In most cases, the StopListening method should be used to log off and disconnect from the server. Call the Disconnect method in cases in which it is desirable to immediately disconnect without first logging off.

Calling this method will disconnect the client specified by the ConnectionId parameter.

DoEvents Method (SSHTunnel Component)

This method processes events from the internal message queue.

Syntax

procedure DoEvents();

Remarks

When DoEvents is called, the component processes any available events. If no events are available, it waits for a preset period of time, and then returns.

EncodePacket Method (SSHTunnel Component)

Hex encodes a Secure Shell (SSH) packet.

Syntax

function EncodePacket(Packet: TBytes): String;

Remarks

This method is used to encode a raw SSH packet created by SetSSHParam.

Note: This method is applicable only for reading and creating Secure Shell (SSH) packets for use within the SSHCustomAuth event.

GetSSHParam Method (SSHTunnel Component)

Reads a field from a Secure Shell (SSH) packet's payload.

Syntax

function GetSSHParam(Payload: TBytes; Field: String): String;

Remarks

This method is used to read the value of a particular field from an SSH packet's payload. Payload should contain the full payload of a packet received by an event such as SSHChannelRequest. Field is the name of a field to be read out of the packet.

The following is a list of the names of well-known channel request field names and their encodings:

The remaining fields that are available in the payload are dependent on the value of RequestType.

pty-req

Pty-req is a request to open a pseudo terminal on the specified channel. The following fields are available:

x11-req

X11-req is a request to forward x11 sessions over a channel. The following fields are available:

env

Env is a request to set an environment variable to be passed into a shell that may be started later. The following fields are available:

exec

Exec is a request to execute a command on the channel using the authenticated user's shell. The following field is available:

subsystem

Subsystem is a request to start a subsystem on the specified channel. The following field is available:

xon-xoff

Xon-xoff instructs the server to allow or disallow control-S/control-Q style flow control. The following field is available:

signal

Sends a signal to the remote process/service. The following field is available:

If the packet type is not well known, Field should start with the special character "%" and contain a comma-separated list of field types as defined in SetSSHParam. For example, reading out the X11AuthProtocol of an x11-req payload, you can use "%s,f".

Note: The return value is a string encoded the same way as the FieldValue param in SetSSHParam.

Note: This method is applicable only for reading and creating Secure Shell (SSH) packets for use within the SSHCustomAuth event.

GetSSHParamBytes Method (SSHTunnel Component)

Reads a field from a Secure Shell (SSH) packet's payload.

Syntax

function GetSSHParamBytes(Payload: TBytes; Field: String): TBytes;

Remarks

This method is the same as calling GetSSHParam, but it returns raw bytes instead of strings.

Note: This method is applicable only for reading and creating Secure Shell (SSH) packets for use within the SSHCustomAuth event.

Reset Method (SSHTunnel Component)

This method will reset the component.

Syntax

procedure Reset();

Remarks

This method will reset the component's properties to their default values.

SetSSHParam Method (SSHTunnel Component)

Writes a field to the end of a payload.

Syntax

function SetSSHParam(Payload: TBytes; FieldType: String; FieldValue: String): TBytes;

Remarks

This method is used to build the payload portion of a Secure Shell (SSH) packet to be sent later by a call to SendSSHPacket. Payload should contain the result of a previous call to SetSSHParam. FieldType is a string defining the type of field to be written to the packet. FieldValue should be the string representation of the field to be written.

The following is a list of supported field types and a description of how FieldValue should be encoded:

Note: Integer values may be hexadecimal encoded by prefixing "0x" to the beginning of the string; otherwise, the value is assumed to be Base10.

Note: This method is applicable only for reading and creating Secure Shell (SSH) packets for use within the SSHCustomAuth event.

Shutdown Method (SSHTunnel Component)

This method shuts down the server.

Syntax

procedure Shutdown();

Remarks

This method shuts down the server. Calling this method is equivalent to calling StopListening and then breaking every client connection by calling Disconnect.

StartListening Method (SSHTunnel Component)

This method starts listening for incoming connections.

Syntax

procedure StartListening();

Remarks

This method begins listening for incoming connections on the port specified by LocalPort. Once listening, events will fire as new clients connect and data are transferred.

To stop listening for new connections, call StopListening. To stop listening for new connections and to disconnect all existing clients, call Shutdown.

StopListening Method (SSHTunnel Component)

This method stops listening for new connections.

Syntax

procedure StopListening();

Remarks

This method stops listening for new connections. After being called, any new connection attempts will be rejected. Calling this method does not disconnect existing connections.

To stop listening and to disconnect all existing clients, call Shutdown instead.

Connected Event (SSHTunnel Component)

This event is fired immediately after a connection completes (or fails).

Syntax

type TConnectedEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  StatusCode: Integer;
  const Description: String
) of Object;

property OnConnected: TConnectedEvent read FOnConnected write FOnConnected;

Remarks

If the connection is made normally, StatusCode is 0, and Description is 'OK'.

If the connection fails, StatusCode has the error code returned by the system. Description contains a description of this code. The value of StatusCode is equal to the value of the system error.

Please refer to the Error Codes section for more information.

ConnectionRequest Event (SSHTunnel Component)

This event is fired when a request for connection comes from a remote host.

Syntax

type TConnectionRequestEvent = procedure (
  Sender: TObject;
  const Address: String;
  Port: Integer;
  var Accept: Boolean
) of Object;

property OnConnectionRequest: TConnectionRequestEvent read FOnConnectionRequest write FOnConnectionRequest;

Remarks

This event indicates an incoming connection. The connection is accepted by default. Address and Port will contain information about the remote host requesting the inbound connection. If you want to refuse it, you can set the Accept parameter to False.

DataIn Event (SSHTunnel Component)

This event is fired when data come in.

Syntax

type TDataInEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  const Text: String;
  const TextB: TBytes;
  EOL: Boolean
) of Object;

property OnDataIn: TDataInEvent read FOnDataIn write FOnDataIn;

Remarks

Trapping the DataIn event is your only chance to get the data coming from the other end of the connection specified by ConnectionId. The incoming data are provided through the Text parameter.

EOL indicates whether or not the EOL string was found at the end of Text. If the EOL string was found, then EOL is True.

If Text is part of the data portion of length larger than either DefaultMaxLineLength or MaxLineLength with no EOL strings in it, then EOL is False. Please note that this means that one or more DataIn events with EOL set to False can be received during a connection.

If the EOL property is '' (empty string), then EOL can be disregarded (it is always True).

Note: Events are not re-entrant. Performing time-consuming operations within this event will prevent it from firing again in a timely manner and may affect overall performance.

Disconnected Event (SSHTunnel Component)

Fired when a connection is closed.

Syntax

type TDisconnectedEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  StatusCode: Integer;
  const Description: String
) of Object;

property OnDisconnected: TDisconnectedEvent read FOnDisconnected write FOnDisconnected;

Remarks

If the connection is broken normally, StatusCode is 0, and Description is 'OK'.

If the connection is broken for any other reason, StatusCode has the error code returned by the system. Description contains a description of this code. The value of StatusCode is equal to the value of the system error.

Please refer to the Error Codes section for more information.

Note: When the component is disconnected from the Secure Shell (SSH) server for any reason the ConnectionId parameter will be -1.

Error Event (SSHTunnel Component)

Fired when errors occur during data delivery.

Syntax

type TErrorEvent = procedure (
  Sender: TObject;
  ConnectionId: Integer;
  ErrorCode: Integer;
  const Description: String
) of Object;

property OnError: TErrorEvent read FOnError write FOnError;

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the component raises an exception.

ConnectionId contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Log Event (SSHTunnel Component)

Fired once for each log message.

Syntax

type TLogEvent = procedure (
  Sender: TObject;
  LogLevel: Integer;
  const Message: String;
  const LogType: String
) of Object;

property OnLog: TLogEvent read FOnLog write FOnLog;

Remarks

Fired once for each log message generated by the component. The verbosity is controlled by the LogLevel setting.

LogLevel indicates the detail level of the message. Possible values are as follows:

Message is the log message.

LogType is reserved for future use.

ReconnectAttempt Event (SSHTunnel Component)

Fired when attempting to reconnect.

Syntax

type TReconnectAttemptEvent = procedure (
  Sender: TObject;
  const Host: String;
  Port: Integer;
  RetryCount: Integer;
  RetriesRemaining: Integer;
  MaxRetryCount: Integer;
  RetryInterval: Integer;
  RetryType: Integer;
  RemoteListeningPort: Integer;
  var Cancel: Boolean
) of Object;

property OnReconnectAttempt: TReconnectAttemptEvent read FOnReconnectAttempt write FOnReconnectAttempt;

Remarks

This event fires both when attempting to reconnect to the SSHHost and when reestablishing a Secure Shell (SSH) tunnel.

This is applicable only when AutoReconnect is enabled. To determine which type of connection is being established check the RetryType parameter.

The following table provides details about the parameters:

SSHCustomAuth Event (SSHTunnel Component)

Fired when the component is doing a custom authentication.

Syntax

type TSSHCustomAuthEvent = procedure (
  Sender: TObject;
  var Packet: String
) of Object;

property OnSSHCustomAuth: TSSHCustomAuthEvent read FOnSSHCustomAuth write FOnSSHCustomAuth;

Remarks

SSHCustomAuth is fired during the user authentication stage of the Secure Shell (SSH) logon process if SSHAuthMode is set to amCustom. Packet contains the last raw SSH packet sent by the server, in HEX-encoded format.

The client should create a new raw SSH packet to send to the server and set Packet to the HEX-encoded representation of the packet to send.

In all cases, Packet will start with the message type field.

To read the incoming packet, call DecodePacket and then use the GetSSHParam and GetSSHParamBytes methods. To create a packet, use the SetSSHParam method and then call EncodePacket to obtain a HEX-encoded value and assign this to the Packet parameter.

SSHKeyboardInteractive Event (SSHTunnel Component)

Fired when the component receives a request for user input from the server.

Syntax

type TSSHKeyboardInteractiveEvent = procedure (
  Sender: TObject;
  const Name: String;
  const Instructions: String;
  const Prompt: String;
  var Response: String;
  EchoResponse: Boolean
) of Object;

property OnSSHKeyboardInteractive: TSSHKeyboardInteractiveEvent read FOnSSHKeyboardInteractive write FOnSSHKeyboardInteractive;

Remarks

SSHKeyboardInteractive is fired during the user authentication stage of the Secure Shell (SSH) logon process. During authentication, the component will request a list of available authentication methods for the SSHUser. For example, if the SSHHost responds with "keyboard-interactive", the component will fire this event to allow the client application to set the password.

During authentication, the SSH server may respond with a request for the user's authentication information. Name is a server-provided value associated with the authentication method such as "CRYPTOCard Authentication". Instructions will contain specific instructions, also supplied by the server, for how the user should respond.

Along with these values, the server will also send at least one input Prompt to be displayed to and filled out by the user. Response should be set to the user's input, and will be sent back in the user authentication information response. EchoResponse is a server recommendation for whether or not the user's response should be echoed back during input.

Note: The server may send several prompts in a single packet. The component will fire the SSHKeyboardInteractive event once for each prompt.

SSHServerAuthentication Event (SSHTunnel Component)

Fired after the server presents its public key to the client.

Syntax

type TSSHServerAuthenticationEvent = procedure (
  Sender: TObject;
  const HostKey: String;
  const HostKeyB: TBytes;
  const Fingerprint: String;
  const KeyAlgorithm: String;
  const CertSubject: String;
  const CertIssuer: String;
  const Status: String;
  var Accept: Boolean
) of Object;

property OnSSHServerAuthentication: TSSHServerAuthenticationEvent read FOnSSHServerAuthentication write FOnSSHServerAuthentication;

Remarks

This event is fired when the client can decide whether or not to continue with the connection process. If the public key is known to be a valid key for the Secure Shell (SSH) server, Accept should be set to True within the event. Otherwise, the server will not be authenticated and the connection will be broken.

Accept will be True only if either HostKey or Fingerprint is identical to the value of SSHAcceptServerHostKey.

Accept may be set to True manually to accept the server host key.

Note: SSH's security inherently relies on client verification of the host key. Ignoring the host key and always setting Accept to True is strongly discouraged, and could cause potentially serious security vulnerabilities in your application. It is recommended that clients maintain a list of known keys for each server and check HostKey against this list each time a connection is attempted.

Host Key contains the full binary text of the key, in the same format used internally by SSH.

Fingerprint holds the SHA-256 hash of HostKey in the hex-encoded form: 0a:1b:2c:3d. To configure the hash algorithm used to calculate this value, see SSHFingerprintHashAlgorithm.

KeyAlgorithm identifies the host key algorithm. The following values are supported:

• ssh-rsa
• ssh-dss
• rsa-sha2-256
• rsa-sha2-512
• x509v3-sign-rsa
• x509v3-sign-dss
• ecdsa-sha2-nistp256
• ecdsa-sha2-nistp384
• ecdsa-sha2-nistp521

CertSubject is the subject of the certificate. This is applicable only when KeyAlgorithm is "x509v3-sign-rsa" or "x509v3-sign-dss".

CertIssuer is the issuer of the certificate. This is applicable only when KeyAlgorithm is "x509v3-sign-rsa" or "x509v3-sign-dss".

Status is reserved for future use.

SSHStatus Event (SSHTunnel Component)

Fired to track the progress of the secure connection.

Syntax

type TSSHStatusEvent = procedure (
  Sender: TObject;
  const Message: String
) of Object;

property OnSSHStatus: TSSHStatusEvent read FOnSSHStatus write FOnSSHStatus;

Remarks

The event is fired for informational and logging purposes only. Used to track the progress of the connection.

Certificate Type

This is the digital certificate being used.

Remarks

This type describes the current digital certificate. The certificate may be a public or private key. The fields are used to identify or select certificates.

Fields

Constructors

>

constructor Create();

constructor Create(valEncoded: TBytes);

constructor Create(valStoreType: TiphCertStoreTypes; valStore: String; valStorePassword: String; valSubject: String);

constructor Create(valStoreType: TiphCertStoreTypes; valStore: TBytes; valStorePassword: String; valSubject: String);

Connection Type

This is a currently connected client.

Remarks

This type describes the connection of a client that is currently connected to the component. You may use the different fields of this type to manage the connection.

Fields

Constructors

constructor Create();

Firewall Type

The firewall the component will connect through.

Remarks

When connecting through a firewall, this type is used to specify different properties of the firewall, such as the firewall Host and the FirewallType.

Fields

Constructors

constructor Create();

Config Settings (SSHTunnel Component)

SSHTunnel Config Settings

SSHClient Config Settings

*SSH-1.99-*,*SSH-2.0-*,*SSH-2.99-*

TCPClient Config Settings

Socket Config Settings

TCPServer Config Settings

Base Config Settings

Trappable Errors (SSHTunnel Component)

SSHTunnel Errors

SSHClient Errors

The component may also return one of the following error codes, which are inherited from other components.

TCPClient Errors

TCP/IP Errors