Skip to main content

Using SSH

The %Net.SSH package provides support for SSH (Secure ShellOpens in a new tab) communications. This topic briefly introduces the classes in this package.


OpenSSL 3.0 introduces a new concept of providers, which packages groups of algorithm implementations. One provider is the Legacy provider. Neither OpenSSL not InterSystems loads the Legacy provider by default.

InterSystems recommends that you do not use the Legacy provider’s algorithms; a complete list of these algorithms can be found in the OpenSSL documentationOpens in a new tab. InterSystems cannot guarantee that any legacy algorithm is compatible with InterSystems IRIS.

Creating an SSH Session

%Net.SSH.SessionOpens in a new tab represents an SSH session. To use this class:

  1. Create an instance of the class.

  2. Use the Connect() instance method to connect to a server.

  3. Use either AuthenticateWithKeyPair(), AuthenticateWithUsername(), or AuthenticateWithKeyboardInteractive() to authenticate yourself to the server. For details, see the class reference for %Net.SSH.SessionOpens in a new tab.

  4. Use additional methods of %Net.SSH.SessionOpens in a new tab to perform SCP (Secure Copy) operations of single files to and from the remote system, execute remote commands, tunnel TCP traffic, or perform SFTP operations. See the class reference for %Net.SSH.SessionOpens in a new tab.

    For example, use OpenSFTP to use the session for SFTP operations. This method returns, by reference, an instance of %Net.SSH.SFTPOpens in a new tab that you can use for SFTP operations. See the example in the next section.

  • For information on the supported platforms where you can use these classes, see the class reference for %Net.SSH.SessionOpens in a new tab and %Net.SSH.SFTPOpens in a new tab.

  • SSH connections that use OpenSSL 3.0 do not support Blowfish or CAST as the cipher algorithm. If you attempt to establish such a connection, the attempt will fail.

Example: Listing Files via SFTP

The following method shows how you can write a list of the files on a server, via SFTP:

Method SFTPDir(ftpserver, username, password) As %Status
    set ssh = ##class(%Net.SSH.Session).%New()
    set status = ssh.Connect(ftpserver)
    set status = ssh.AuthenticateWithUsername(username,password)
    //open an SFTP session and get that returned by reference
    set status = ssh.OpenSFTP(.sftp)
    //get a list of files
    set status = sftp.Dir(".",.files)
    set i=$ORDER(files(""))
    while i'="" {
        write $listget(files(i),1),!
        set i=$ORDER(files(i))
    quit $$$OK

Example: Authenticate with Keyboard Interactive

The following Terminal session demonstrates how to use AuthenticateWithKeyboardInteractive():

%SYS>set host=""
%SYS>set lambda="(u,i,p,f,c)  quit $listbuild(c(""password""))"
%SYS>set context("password")="fountain"
%SYS>set sess=##class(%Net.SSH.Session).%New()
%SYS>s status=sess.Connect(host)
%SYS>set status=sess.AuthenticateWithKeyboardInteractive("root",lambda,.context)

Additional Examples

For additional SSH examples, open %Net.SSH.SessionOpens in a new tab in your choice of IDE and see the TestExecute() and TestForwardPort() methods of this class.

FeedbackOpens in a new tab