SFTPServer Class
Properties Methods Events Configuration Settings Errors
The SFTPServer class provides server-side functionality for SFTP connections.
Syntax
class secureblackbox.SFTPServer
Remarks
TElSFTPServer is an implementation for SSH File Transfer Protocol server. It works over a secure SSH channel, and should not be confused with the FTP/FTPS protocol.
Property List
The following is the full list of the properties of the class with short descriptions. Click on the links for further details.
| active | Specifies whether the SFTP server has started and ready to accept connections. |
| auth_types | Defines allowed authentication types. |
| base_dir | Specifies the server's base (root) directory. |
| client_file_entry_a_time | Contains the last access time for this file, in UTC. |
| client_file_entry_c_time | Contains this file's creation time, in UTC. |
| client_file_entry_directory | Specifies whether this entry is a directory. |
| client_file_entry_file_type | Specifies the type of this entry, one of the following: cftFile 0 cftDirectory 1 cftSymblink 2 cftSpecial 3 cftUnknown 4 cftSocket 5 cftCharDevice 6 cftBlockDevice 7 cftFIFO 8 . |
| client_file_entry_group_execute | Controls file execution permission for the group users. |
| client_file_entry_group_read | Controls file read permission for the group users. |
| client_file_entry_group_write | Controls file write permission for the group users. |
| client_file_entry_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| client_file_entry_long_name | Contains the long name of the file (human-readable, ftp-like). |
| client_file_entry_m_time | Specifies the last modification time, in UTC. |
| client_file_entry_name | Specifies the file name. |
| client_file_entry_other_execute | Controls file execution permission for other users (users that are neither owners, nor belong to the same group). |
| client_file_entry_other_read | Controls file read permission for other users (users that are neither owners, nor belong to the same group). |
| client_file_entry_other_write | Controls file write permission for other users (users that are neither owners, nor belong to the same group). |
| client_file_entry_owner | Specifies the owner of the file/directory. |
| client_file_entry_path | Contains the full path to the file. |
| client_file_entry_size | The size of the file in bytes. |
| client_file_entry_user_execute | Controls file execution permission for the file owner. |
| client_file_entry_user_read | Controls file read permission for the file owner. |
| client_file_entry_user_write | Controls file write permission for the file owner. |
| compression_level | Specifies the preferable compression level. |
| external_crypto_custom_params | Custom parameters to be passed to the signing service (uninterpreted). |
| external_crypto_data | Additional data to be included in the async state and mirrored back by the requestor. |
| external_crypto_external_hash_calculation | Specifies whether the message hash is to be calculated at the external endpoint. |
| external_crypto_hash_algorithm | Specifies the request's signature hash algorithm. |
| external_crypto_key_id | The ID of the pre-shared key used for DC request authentication. |
| external_crypto_key_secret | The pre-shared key used for DC request authentication. |
| external_crypto_method | Specifies the asynchronous signing method. |
| external_crypto_mode | Specifies the external cryptography mode. |
| external_crypto_public_key_algorithm | Provide public key algorithm here if the certificate is not available on the pre-signing stage. |
| force_compression | This property specifies whether server explicitly requires data compression. |
| host | Specifies server's host name. |
| key_fingerprint_sha1 | Contains the SHA-1 fingerprint (hash) of the key. |
| key_fingerprint_sha256 | Contains the SHA-256 fingerprint (hash) of the key. |
| key_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| max_sftp_version | Maximum SFTP version supported. |
| min_sftp_version | Minimum SFTP version supported. |
| pinned_client_address | The client's IP address. |
| pinned_client_client_key_algorithm | Specifies the client's key algorithm. |
| pinned_client_client_key_bits | Specifies the length of the client's key. |
| pinned_client_client_key_fingerprint | The fingerprint (hash value) of the client's public key. |
| pinned_client_client_software_name | Returns the name of the SSH software running on the client side. |
| pinned_client_close_reason | Contains the line sent by the client just before closing the connection. |
| pinned_client_compression_algorithm_inbound | Compression algorithm for the incoming traffic. |
| pinned_client_compression_algorithm_outbound | Compression algorithm for the outgoing traffic. |
| pinned_client_encryption_algorithm_inbound | Encryption algorithm for the incoming traffic. |
| pinned_client_encryption_algorithm_outbound | Encryption algorithm for the outgoing traffic. |
| pinned_client_id | The client connection's unique identifier. |
| pinned_client_inbound_encryption_key_bits | Specifies the length of the key used to encrypt the incoming traffic. |
| pinned_client_kex_algorithm | The key exchange algorithm used during the SSH handshake. |
| pinned_client_kex_bits | The number of bits used by the key exchange algorithm. |
| pinned_client_kex_lines | The contents of the received KexInit packet. |
| pinned_client_mac_algorithm_inbound | MAC algorithm used for the incoming connection. |
| pinned_client_mac_algorithm_outbound | MAC algorithm used for outbound connection. |
| pinned_client_outbound_encryption_key_bits | Specifies the length of the key used to encrypt the outgoing traffic. |
| pinned_client_port | The remote port of the client connection. |
| pinned_client_public_key_algorithm | Specifies the public key algorithm which was used during the SSH handshake. |
| pinned_client_server_key_bits | Specifies the number of bits in the server's key. |
| pinned_client_server_key_fingerprint | The fingerprint (hash value) of the server's public key. |
| pinned_client_total_bytes_received | Returns the total number of bytes received over this connection. |
| pinned_client_total_bytes_sent | Returns the total number of bytes sent over this connection. |
| pinned_client_version | Specifies SSH protocol version. |
| port | Specifies the listening port number. |
| read_only | Specifies whether files on the server are read-only. |
| server_key_count | The number of records in the ServerKey arrays. |
| server_key_algorithm | Specifies the key algorithm. |
| server_key_bits | The number of bits in the key: the more the better, 2048 or 4096 are typical values. |
| server_key_fingerprint_md5 | Contains the MD5 fingerprint (hash) of the key. |
| server_key_fingerprint_sha1 | Contains the SHA-1 fingerprint (hash) of the key. |
| server_key_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| socket_incoming_speed_limit | The maximum number of bytes to read from the socket, per second. |
| socket_local_address | The local network interface to bind the socket to. |
| socket_local_port | The local port number to bind the socket to. |
| socket_outgoing_speed_limit | The maximum number of bytes to write to the socket, per second. |
| socket_timeout | The maximum period of waiting, in milliseconds, after which the socket operation is considered unsuccessful. |
| socket_use_i_pv6 | Enables or disables IP protocol version 6. |
| ssh_settings_auto_adjust_ciphers | Whether the SSH client should adjust its list of supported ciphers 'on-the-fly' for greater compatibility with the server it is connecting to. |
| ssh_settings_base_configuration | Allows to choose base configuration of SSH settings, tuned up for different purposes such as high security or higher compatibility. |
| ssh_settings_compression_algorithms | A list of session compression algorithms separated with commas or semicolons. |
| ssh_settings_compression_level | Possible values for the Compression Level range from 0 (minimum compression) to 9 (maximum compression). |
| ssh_settings_default_window_size | The SSH window size specifies how many bytes the client can send to the server in the command channel without obtaining pre-authorization for the further send from the server. |
| ssh_settings_encryption_algorithms | A list of session encryption algorithms separated with commas or semicolons. |
| ssh_settings_force_compression | Whether the SSH client should explicitly request compression. |
| ssh_settings_gss_auth_types | A comma-separated list of authentication types. |
| ssh_settings_gss_delegate_creds | Switches credential delegation on or off. |
| ssh_settings_gss_hostname | The GSS host name, in form of a FQDN (e. |
| ssh_settings_gss_lib | A path to the GSS-API library (DLL or SO). |
| ssh_settings_gss_mechanisms | A comma-separated list of GSS mechanisms to use. |
| ssh_settings_gss_protocols | A comma-separated list of SSPI protocols. |
| ssh_settings_handshake_timeout | Specifies the maximal time for the SSH handshake to proceed, in seconds. |
| ssh_settings_kex_algorithms | A list of key exchange algorithms separated with commas or semicolons. |
| ssh_settings_mac_algorithms | A list of MAC (for message authentication code ) algorithms separated with commas or semicolons. |
| ssh_settings_max_ssh_packet_size | Specifies the maximum length of one SSH packet in bytes. |
| ssh_settings_min_window_size | Specifies the minimal internal window size. |
| ssh_settings_obfuscate_handshake | Enables or disables handshake obfuscation. |
| ssh_settings_obfuscation_password | Specifies the password used to encrypt the handshake when ObfuscateHandshake is set. |
| ssh_settings_public_key_algorithms | A list of public key algorithms separated with commas or semicolons. |
| ssh_settings_request_password_change | Whether to request a password change when connecting. |
| ssh_settings_software_name | The name to be used by the class to identify itself. |
| ssh_settings_trust_all_keys | Enables or disables explicit trust to all server keys. |
| ssh_settings_use_auth_agent | Enables or disables the use of external key agent, such as Putty key agent. |
| ssh_settings_versions | Specifies enabled SSH protocol versions (1 or 2). |
| user_count | The number of records in the User arrays. |
| user_associated_data | Contains the user's Associated Data when SSH AEAD (Authenticated Encryption with Associated Data) algorithm is used. |
| user_base_path | Base path for this user in the server's file system. |
| user_cert | Contains the user's certificate. |
| user_data | Contains uninterpreted user-defined data that should be associated with the user account, such as comments or custom settings. |
| user_handle | Allows to get or set a 'handle', a unique identifier of the underlying property object. |
| user_hash_algorithm | Specifies the hash algorithm used to generate TOTP (Time-based One-Time Passwords) passwords for this user. |
| user_incoming_speed_limit | Specifies the incoming speed limit for this user. |
| user_otp_algorithm | The algorithm used to generate one-time passwords (OTP) for this user, either HOTP (Hash-based OTP) or TOTP (Time-based OTP). |
| user_otp_value | The user's time interval (TOTP) or Counter (HOTP). |
| user_outgoing_speed_limit | Specifies the outgoing speed limit for this user. |
| user_password | The user's authentication password. |
| user_password_len | Specifies the length of the user's OTP password. |
| user_shared_secret | Contains the user's secret key, which is essentially a shared secret between the client and server. |
| user_ssh_key | Contains the user's SSH key. |
| user_username | The registered name (login) of the user. |
| use_utf8 | Specifies whether UTF8 conversion is to be used when parsing file names. |
Method List
The following is the full list of the methods of the class with short descriptions. Click on the links for further details.
| config | Sets or retrieves a configuration setting. |
| drop_client | Terminates a client connection. |
| get_client_buffer | Acquires a piece of operation data. |
| get_client_file_entry | Acquires file entry details from the class. |
| list_clients | Enumerates the connected clients. |
| pin_client | Takes a snapshot of the connection's properties. |
| set_client_buffer | Commits a data buffer to the server class. |
| set_client_file_entry | Commits the file entry details to the class. |
| start | Starts SFTP server operation. |
| stop | Stops SFTP server. |
Event List
The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.
| on_accept | This event is fired when new incoming connection is accepted. |
| on_after_create_directory | This event indicates completion of directory creation request. |
| on_after_remove | This event indicates completion of file removal request. |
| on_after_rename_file | This event indicates completion of a file rename operation. |
| on_after_request_attributes | This event indicates completion of file attributes request. |
| on_after_set_attributes | This event indicates completion of a set attributes request. |
| on_auth_attempt | Reports a user authentication attempt. |
| on_auth_failed | Reports user authentication failure. |
| on_auth_password | This event is fired on password authentication attempt from a client. |
| on_auth_public_key | This event is fired on public key authentication attempt from a client. |
| on_auth_succeeded | Reports a successful user authentication. |
| on_before_create_directory | This event is fired when a client requests to create a directory. |
| on_before_download_file | This event is fired when a download file request is received. |
| on_before_find | This event is fired when a client requests to find files and folders in Path. |
| on_before_remove | This event is fired when a client requests to delete a file or directory. |
| on_before_rename_file | This event is fired when a client requests to rename a file. |
| on_before_request_attributes | This event is fired when a client requests to get file attributes. |
| on_before_set_attributes | This event is fired when a client requests to set file attributes. |
| on_before_upload_file | This event is fired when an upload file request is received. |
| on_close_file | This event instructs the application to close an opened file. |
| on_connect | This event is fired when a remote connection has been established. |
| on_create_directory | This event instructs the application to create a directory. |
| on_disconnect | This event is fired when a client has disconnected. |
| on_error | Information about errors during data delivery. |
| on_external_sign | Handles remote or external signing initiated by the server protocol. |
| on_find_close | This event signifies the completion of a custom file listing operation. |
| on_find_first | This event signifies the start of the custom file listing retrieval mechanism. |
| on_find_next | This event retrieves the next entry of a custom file listing. |
| on_notification | This event notifies the application about an underlying control flow event. |
| on_open_file | This event instructs the application to handle the file open request. |
| on_read_file | This event is fired when a file read request is received. |
| on_remove | This event is fired when a client requests to delete a file or directory. |
| on_rename_file | This event is fired when a client requests to rename a file. |
| on_request_attributes | This event is fired when a get file attributes request is received. |
| on_session_closed | Reports session closure. |
| on_session_established | This event is fired when a new session is established. |
| on_set_attributes | This event is fired when an set file attributes request is received. |
| on_write_file | This event is fired when a file write request is received. |
Configuration Settings
The following is a list of configuration settings for the class with short descriptions. Click on the links for further details.
| AuthMode | Controls dual/multi-type authentication mode. |
| CustomDHGroupIndex | Sets a specific Diffie-Hellman group index to enforce. |
| DualStack | Allows the use of ip4 and ip6 simultaneously. |
| MaxDHGroupSize | Sets the maximal Diffie-Hellman group size. |
| MinDHGroupSize | Sets the minimal Diffie-Hellman group size. |
| NotifyOnFileOperations | Enables low-level file operation notifications. |
| CheckKeyIntegrityBeforeUse | Enables or disable private key integrity check before use. |
| CookieCaching | Specifies whether a cookie cache should be used for HTTP(S) transports. |
| Cookies | Gets or sets local cookies for the class (supported for HTTPClient, RESTClient and SOAPClient only). |
| DefDeriveKeyIterations | Specifies the default key derivation algorithm iteration count. |
| EnableClientSideSSLFFDHE | Enables or disables finite field DHE key exchange support in TLS clients. |
| GlobalCookies | Gets or sets global cookies for all the HTTP transports. |
| HttpUserAgent | Specifies the user agent name to be used by all HTTP clients. |
| LogDestination | Specifies the debug log destination. |
| LogDetails | Specifies the debug log details to dump. |
| LogFile | Specifies the debug log filename. |
| LogFilters | Specifies the debug log filters. |
| LogFlushMode | Specifies the log flush mode. |
| LogLevel | Specifies the debug log level. |
| LogMaxEventCount | Specifies the maximum number of events to cache before further action is taken. |
| LogRotationMode | Specifies the log rotation mode. |
| MaxASN1BufferLength | Specifies the maximal allowed length for ASN.1 primitive tag data. |
| MaxASN1TreeDepth | Specifies the maximal depth for processed ASN.1 trees. |
| OCSPHashAlgorithm | Specifies the hash algorithm to be used to identify certificates in OCSP requests. |
| UseOwnDNSResolver | Specifies whether the client classes should use own DNS resolver. |
| UseSharedSystemStorages | Specifies whether the validation engine should use a global per-process copy of the system certificate stores. |
| UseSystemOAEPAndPSS | Enforces or disables the use of system-driven RSA OAEP and PSS computations. |
| UseSystemRandom | Enables or disables the use of the OS PRNG. |