%Net.SSH.Session
class %Net.SSH.Session extends %Library.RegisteredObject
Represents an SSH session object. Each SSH session object must first be connected, then authenticated with the remote system. Note that there are multiple methods of authentication, this class supports password and publickey. Once connected and authenticated, the SSH object can be used to perform SCP (Secure Copy) operations of single files to and from the remote system, it can also be used to execute remote commands, tunnel TCP traffic and forms the base connection for SFTP operations (see %Net.SSH.SFTP).The Test() method of this class illustrates some basic usage scenarios for this class.
NOTE: %Net.SSH is currently not supported on OpenVMS platforms.
Property Inventory
Method Inventory
- %OnClose()
- AuthenticateWithKeyPair()
- AuthenticateWithKeyboardInteractive()
- AuthenticateWithUsername()
- Connect()
- Disconnect()
- Execute()
- ForwardPort()
- GetAlgorithms()
- GetSupportedAlgorithms()
- GetTimeout()
- OpenSFTP()
- SetPreferredAlgorithms()
- SetTimeout()
- TestExecute()
- TestForwardPort()
- VersionInfo()
Parameters
final parameter SSHHOSTKEYMD5 = MD5;
Host Key Type: MD5
final parameter SSHHOSTKEYSHA1 = SHA1;
Host Key Type: SHA1
final parameter SSHHOSTKEYSHA256 = SHA256;
Host Key Type: SHA256
final parameter SSHPORT = 22;
Default SSH port
final parameter SSHTRACEAUTH = 8;
Enables tracing of SSH authentication
final parameter SSHTRACECONN = 16;
Enables tracing of SSH connections
final parameter SSHTRACEERROR = 128;
Enables tracing of SSH error operations
final parameter SSHTRACEKEX = 4;
Enables tracing of SSH key exchange
final parameter SSHTRACEPUBLICKEY = 256;
Enables tracing of SSH public key operations
final parameter SSHTRACESCP = 32;
Enables tracing of SSH/SCP operations
final parameter SSHTRACESFTP = 64;
Enables tracing of SSH/SFTP operations
final parameter SSHTRACESOCKET = 512;
Enables tracing of low level socket operations
final parameter SSHTRACETRANS = 2;
Enables tracing of SSH transactions
Properties
property HostKey as %String;
Remote host key. The hash type is determined from the
number of bits (from the number of hex chars) in the hash:
MD5: 128 bits / 32 hex chars
SHA1: 160 bits / 40 hex chars
SHA256: 256 bits / 64 hex chars
Property methods: HostKeyDisplayToLogical(), HostKeyGet(), HostKeyIsValid(), HostKeyLogicalToDisplay(), HostKeyLogicalToOdbc(), HostKeyNormalize(), HostKeySet()
property LocalCharset as %String [ InitialExpression = $$GetPDefIO^%SYS.NLS(8) ];
Character set used by the local system. Defaults to the system call
translation table (which is likely UTF8 on UNIX).
Property methods: LocalCharsetDisplayToLogical(), LocalCharsetGet(), LocalCharsetIsValid(), LocalCharsetLogicalToDisplay(), LocalCharsetLogicalToOdbc(), LocalCharsetNormalize(), LocalCharsetSet()
property RemoteCharset as %String [ InitialExpression = "UTF8" ];
Character set used by the remote server. Will almost certainly be
UTF-8 for any SSH server.
Property methods: RemoteCharsetDisplayToLogical(), RemoteCharsetGet(), RemoteCharsetIsValid(), RemoteCharsetLogicalToDisplay(), RemoteCharsetLogicalToOdbc(), RemoteCharsetNormalize(), RemoteCharsetSet()
Methods
method %OnClose() as %Status
Clean up any resources
method AuthenticateWithKeyPair(username As %String, publickeyfile As %String, privatekeyfile As %String, passphrase As %String) as %Status
Authenticate with the remote server using a public/private key pair and passphrase (for the private key).
The private keys are PEM encoded and the public keys are in OpenSSH format.
If multiple forms of authentication are required by the server, for example /etc/ssh/sshd_config contains:
Calling AuthenticateWithKeyPair fails with LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED which is a bit misleading ... it's really "authenticated with partial success" so we can then try then authenticating with a password which should then succeed (or keyboard-interactive).
If multiple forms of authentication are required by the server, for example /etc/ssh/sshd_config contains:
AuthenticationMethods publickey,passwordThen in this case read the "," (comma) as AND; the server will require both forms of authentication.
Calling AuthenticateWithKeyPair fails with LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED which is a bit misleading ... it's really "authenticated with partial success" so we can then try then authenticating with a password which should then succeed (or keyboard-interactive).
method AuthenticateWithKeyboardInteractive(username As %String, lambda As %String, ByRef context) as %Status
Authenticate with the remote server using the "keyboard-interactive" authentication scheme. This requires
a callback lambda/function that will be called with a list of one or challenges to which the lambda will return
the responses to the challenge(s). The lambda is invoked with the following arguments:
username As %String Username being authenticated
instructions As %String Instructions from the server (optional)
prompts As %List A $LIST of challenge prompt(s)
promptflags As %List A $LIST of flags for each of the challenge prompt(s)
ByRef context A pass-by-ref context value
The lambda must return a $LIST of responses, with each Nth element in the $LIST corresponding to the Nth
challenge prompt. If there is no response for a prompt, then that Nth $LIST element should be empty.
The allowed values for promptflags are as follows:
E Echo on. If E is missing DO NOT ECHO! (e.g. password entry)
NOTE: The context can be anything of your choosing (an array, object or whatever) and it is passed
by reference.
See notes in AuthenticateWithKeyPair() when using multiple forms of authentication.
See notes in AuthenticateWithKeyPair() when using multiple forms of authentication.
Authenticate with the remote server using a username/password via the "password" authentication
scheme. Note that this is NOT the same as keyboard-interactive which is typically what login
sessions use.
See notes in AuthenticateWithKeyPair() when using multiple forms of authentication.
See notes in AuthenticateWithKeyPair() when using multiple forms of authentication.
method Connect(hostname As %String, port As %Integer = ..#SSHPORT, hostkey As %String = "", hostkeytype As %String = "") as %Status
Connect to a remote host, specifying the hostname, and optionally the port and remote hostkey to match.
The hostkey helps prevent impersonation attacks, it is a hash of the remote hosts' public key as a
string of ASCII hex digits representing the bytes of the hash. The type of hash is determined from the
number of bits (from the number of hex chars) in the hash:
MD5: 128 bits / 32 hex chars
SHA1: 160 bits / 40 hex chars
SHA256: 256 bits / 64 hex chars
The returned host key can be specified by passing one of "MD5", "SHA1" or "SHA256" (see ..#SSHHOSTKEYxyz values),
the default is "MD5". If the host key isn't available, it will be "" (e.g. MD5 in FIPS mode).
method Disconnect() as %Status
Disconnect from the remote host
Execute a remote command on the remote system. In order to do I/O with the remote
command, an XDEV device instance is passed back via the pDevice parameter. This is
a normal device and can be used with the USE/READ/WRITE/CLOSE commands.
Note that environment variables for the remote command can be passed as an array
of name/value pairs.
method ForwardPort(pRemoteHost As %String, pRemotePort As %Integer, ByRef pDevice As %String) as %Status
Forwards traffic via the SSH connection to a remote host/port. The traffic is sent via an XDEV device
that is opened by ForwardPort() and passed back by reference via the pDevice parameter.
Called to retrieve the current set of negotiated algorithms/methods for various categories.
Format of the result string is as follows:
KEX Key Exchange Methods
HOSTKEY Hostkey public key algorithms
CRYPT Encryption algorithms
MAC MAC algorithms
COMPCompression Algorithms
NOTE: The allowed values can be found here:
http://libssh2.sourceforge.net/doc/#libssh2sessionmethodpref And <option> is a comma delimited list of one or more values.
<category>=<option>[:<category1>=<option1>[:...]]Where <category> is one of:
http://libssh2.sourceforge.net/doc/#libssh2sessionmethodpref And <option> is a comma delimited list of one or more values.
Called to retrieve the set of supported algorithms for various categories.
Format of the string is as follows:
KEX Key Exchange Methods
HOSTKEY Hostkey public key algorithms
CRYPT Encryption algorithms
MAC MAC algorithms
COMP Compression Algorithms
NOTE: The allowed values can be found here:
http://libssh2.sourceforge.net/doc/#libssh2sessionmethodpref
<category>=<option>[:<category1>=<option1>[:...]]Where <category> is one of:
http://libssh2.sourceforge.net/doc/#libssh2sessionmethodpref
Gets the timeout for SSH operations in milliseconds. An infinite timeout is represented by the value of -1;
the default timeout is set to 30 seconds.
method OpenSFTP(ByRef sftp As %Net.SSH.SFTP) as %Status
Open up an SFTP session for SFTP activity.
Called before connecting to a remote host to specify various preferred algorithms and methods that
should be used. Format of the preferences string is as follows:
KEX Key Exchange Methods
HOSTKEY Hostkey public key algorithms
CRYPT Encryption algorithms
MAC MAC algorithms
COMPCompression Algorithms
NOTE: The allowed values can be found here:
http://libssh2.sourceforge.net/doc/#libssh2sessionmethodpref And <option> is a comma delimited list of one or more values.
<category>=<option>[:<category1>=<option1>[:...]]Where <category> is one of:
http://libssh2.sourceforge.net/doc/#libssh2sessionmethodpref And <option> is a comma delimited list of one or more values.
Sets the timeout for SSH operations in milliseconds. An infinite timeout can be set by passing -1 to this
methods; the default timeout is set to 30 seconds.
classmethod TestExecute(host As %String, username As %String, password As %String, command As %String = "uname -a", pTimeout As %Integer = -1) as %Status
Demonstrates the execution of a remote command (by default, uname -a).
classmethod TestForwardPort(host As %String, username As %String, password As %String, remotehost As %String = "whatismyipaddress.com", remoteport As %Integer = 80) as %Status
Demonstrates the use of port forwarding to whatismyipaddress.com via the remote SSH server.
Retrieves the client and server SSH versions. If the server version is not available,
or if the session is not connected, then pServerVersion will be undefined. Note that the
client version refers to the release of libssh2 being used.
Inherited Members
Inherited Methods
- %AddToSaveSet()
- %ClassIsLatestVersion()
- %ClassName()
- %ConstructClone()
- %DispatchClassMethod()
- %DispatchGetModified()
- %DispatchGetProperty()
- %DispatchMethod()
- %DispatchSetModified()
- %DispatchSetMultidimProperty()
- %DispatchSetProperty()
- %Extends()
- %GetParameter()
- %IsA()
- %IsModified()
- %New()
- %NormalizeObject()
- %ObjectModified()
- %OriginalNamespace()
- %PackageName()
- %RemoveFromSaveSet()
- %SerializeObject()
- %SetModified()
- %ValidateObject()