|
SmartFTP FTP Library
|
import "sfFTPLib.idl";
Public Member Functions | |
| HRESULT | Close () |
| Closes the connection. | |
| HRESULT | Abort () |
| Cancels the currently executing blocking operation. | |
| HRESULT | Connect () |
| Establishes a secure connection to the remote SSH server. | |
| HRESULT | Disconnect () |
| Gracefully terminates the SSH session and closes the connection. | |
| HRESULT | CreateSFTPConnection ([out, retval] ISFTPConnection **retval) |
| Initializes the SFTP subsystem over the current SSH session. | |
| HRESULT | SendPacket ([in, size_is(length)] byte *data, [in] long length) |
| HRESULT | SetFileLogger ([out, retval] IFileLogger **fileLogger) |
| Creates a file logger sfFTPLib::FileLogger and attaches it to the Logger property. | |
Properties | |
| VARIANT_BOOL | Busy [get] |
| Indicates whether the connection is currently executing an operation. | |
| ISSHConnectionInfo | ConnectionInfo [get] |
| Retrieves the cryptographic parameters negotiated for the current session. | |
| ConnectionStatus | ConnectionStatus [get] |
| Retrieves the current state of the SSH connection. | |
| VARIANT_BOOL | UseMessageLoop [get, set] |
| Controls whether the component processes Windows messages during blocking operations. | |
| BSTR | Host [get, set] |
| Specifies the destination server address. | |
| long | Port [get, set] |
| Specifies the TCP port number to connect to. | |
| ProtocolFamily | ProtocolFamily [get] |
| Retrieves the network protocol family (IPv4 or IPv6) used for the active connection. | |
| ProtocolFamily | ProtocolFamilyPreference [get, set] |
| Controls the preference for IPv4 or IPv6 during hostname resolution. | |
| BSTR | Username [get, set] |
| Specifies the user account name for authentication. | |
| BSTR | Password [get, set] |
| Specifies the password used for authentication. | |
| BSTR | ClientId [get, set] |
| Customizes the client identifier string sent during the SSH handshake. | |
| long | Timeout [get, set] |
| Sets the maximum time (in seconds) to wait for a network operation to complete. | |
| long | CompressionLevel [get, set] |
| Controls the aggressiveness of the zlib compression algorithm. | |
| IKey | PrivateKey [get, set] |
| Specifies the private key for public-key authentication. | |
| VARIANT | AgentKeyBlob [get, set] |
| Specifies the specific public key from the SSH Agent to use for authentication. | |
| VARIANT | Authentications [get, set] |
| Specifies the ordered list of authentication methods to attempt. | |
| VARIANT | Encryptions [get, set] |
| Specifies the ordered list of symmetric encryption algorithms to propose to the server. | |
| VARIANT | MACs [get, set] |
| Specifies the ordered list of Message Authentication Code (MAC) algorithms to propose. | |
| VARIANT | Compressions [get, set] |
| Specifies the ordered list of compression algorithms to propose during the handshake. | |
| VARIANT | KeyExchanges [get, set] |
| Specifies the ordered list of Key Exchange (KEX) algorithms to propose. | |
| IKey | ClientHostKey [get, set] |
| Specifies the private host key used for Host-Based authentication. | |
| BSTR | ClientHostname [get, set] |
| Specifies the client machine name sent during Host-Based authentication. | |
| IKey | ServerHostKey [get] |
| Retrieves the public host key presented by the remote server. | |
| long | KeepAliveInterval [get, set] |
| Sets the interval (in seconds) between automatic keep-alive packets. | |
| IProxySettings | Proxy [get] |
| Accesses the proxy configuration settings for the connection. | |
| ILogger | Logger [set] |
| Attaches a logging mechanism to the SSH session for debugging and auditing. | |
| VARIANT | Languages [get, set] |
| Specifies the ordered list of preferred languages for server messages. | |
| VARIANT | ServerHostKeyAlgorithms [get, set] |
| Controls the prioritized list of Public Key algorithms accepted during the Server Host Key verification phase. | |
| GSSAPIMethod | GSSAPIMethod [get, set] |
| Selects the specific GSSAPI provider library used for Kerberos authentication. | |
| VARIANT_BOOL | UsePasswordForKeyboardInteractive [get, set] |
| Controls whether the Password property is automatically used to answer Keyboard-Interactive prompts. | |
| ISSHServerState | ServerState [get] |
| Accesses the identification and environmental metadata of the connected SSH server. | |
| ISocketSettings | SocketSettings [get] |
| Accesses the low-level TCP socket configuration. | |
| ISpeedLimitSettings | SpeedLimitSettings [get] |
| Accesses the bandwidth throttling configuration for this specific connection. | |
| HRESULT ISSHConnection::Abort | ( | ) |
Cancels the currently executing blocking operation.
| HRESULT ISSHConnection::Close | ( | ) |
Closes the connection.
To ungracefully close the connection use the Disconnect method.
| HRESULT ISSHConnection::Connect | ( | ) |
Establishes a secure connection to the remote SSH server.
This method initiates the full SSH-2 protocol handshake. It is a synchronous call that transitions the object from a disconnected state to an authenticated, ready-to-use session.
Prerequisites: Before calling this method, ensure the following properties are set:
| HRESULT ISSHConnection::CreateSFTPConnection | ( | [out, retval] ISFTPConnection ** | retval | ) |
Initializes the SFTP subsystem over the current SSH session.
This method acts as a factory, creating a dedicated interface for file transfer operations (ISFTPConnection).
Prerequisites:
| [out] | retval | Receives the pointer to the new ISFTPConnection interface. |
| HRESULT ISSHConnection::Disconnect | ( | ) |
Gracefully terminates the SSH session and closes the connection.
This method initiates a clean shutdown sequence. It informs the server that the client is finished, allows pending data transfers to complete (if applicable), and waits for the server to acknowledge the closure.
The Disconnect Sequence:
| HRESULT ISSHConnection::SendPacket | ( | [in, size_is(length)] byte * | data, |
| [in] long | length ) |
| HRESULT ISSHConnection::SetFileLogger | ( | [out, retval] IFileLogger ** | fileLogger | ) |
Creates a file logger sfFTPLib::FileLogger and attaches it to the Logger property.
Warning: * Calling this method a second time will detach and destroy the previous logger, replacing it with a new, unconfigured instance.
Typical Usage Workflow:
| [out] | fileLogger | Receives the pointer to the newly created and attached IFileLogger interface. |
|
getsetproperty |
Specifies the specific public key from the SSH Agent to use for authentication.
This property allows you to filter which key the client requests from the running SSH Agent (e.g., Pageant, OpenSSH Agent).
The Problem (MaxAuthTries): SSH servers limit the number of authentication attempts (usually to 3 or 6). If your SSH Agent holds 10 keys, and the standard client offers them sequentially, the server may disconnect you with a "Too many authentication failures" error before the client reaches the correct key.
The Solution: By setting this property to the specific Public Key Blob of the intended key, you force the client to ignore all other keys in the agent and attempt authentication only with this specific identity.
Data Type: The VARIANT must contain a SafeArray of bytes (VT_UI1 | VT_ARRAY) representing the raw public key data in standard SSH format (RFC 4253).
| [in] | newValue | A VARIANT containing the byte array of the specific public key. |
| [out] | retval | Receives the current key blob setting. |
|
getsetproperty |
Specifies the ordered list of authentication methods to attempt.
This property defines the strategy the client uses to authenticate with the SSH server. The client iterates through the provided list in order:
Default Strategy: The default list is ordered as follows:
Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer corresponds to a value from the sfFTPLib::SSHAuthentication enumeration.
| [in] | newValue | A VARIANT containing the ordered array of authentication methods. |
| [out] | retval | Receives the current list of configured methods. |
|
getproperty |
Indicates whether the connection is currently executing an operation.
|
getsetproperty |
Specifies the private host key used for Host-Based authentication.
This property is required only if you include sfFTPLib::ftpSSHAuthenticationHostBased in the Authentications priority list.
What is Host-Based Authentication? Unlike standard Public Key authentication (where the user proves their identity), Host-Based authentication allows the client machine to prove its identity to the server. If the server trusts the client machine (e.g., via /etc/ssh/shosts.equiv), it allows the user to log in.
Difference from User Keys:
Requirement: The IKey object passed here must contain a Private Key (usually RSA, DSA, or ECDSA) corresponding to a public key that the server already trusts.
| [in] | newValue | The IKey interface containing the client's private host key. |
| [out] | retval | Receives the current host key interface. |
|
getsetproperty |
Specifies the client machine name sent during Host-Based authentication.
This property is used only when sfFTPLib::ftpSSHAuthenticationHostBased is active.
How it works: In Host-Based authentication, the client sends a signature stating: "I am user 'jsmith' from machine 'workstation.example.com'."
This property allows you to explicitly set the machine name ('workstation.example.com'). If left empty, the component typically defaults to the local computer's NetBIOS name.
| [in] | newValue | The hostname string (e.g., "client.local" or "192.168.1.50"). |
| [out] | retval | Receives the current client hostname setting. |
|
getsetproperty |
Customizes the client identifier string sent during the SSH handshake.
This property allows you to append a custom identifier to the standard client signature. This string is sent immediately after the TCP connection is established, during the Protocol Version Exchange (RFC 4253).
Format: The final string sent to the server follows the pattern: SSH-2.0-SmartFTP <ClientValue>
| [in] | newValue | The custom string to append to the client ID. Do not include "SSH-2.0-"; it is added automatically. |
| [out] | retval | Receives the current client identifier suffix. |
|
getsetproperty |
Controls the aggressiveness of the zlib compression algorithm.
This property tunes the balance between data size reduction and CPU usage.
Range: * - 1 (Fastest): Minimal compression, lowest CPU overhead. Ideal for fast networks.
| [in] | newValue | An integer between 1 and 9. |
| [out] | retval | Receives the current compression level. |
|
getsetproperty |
Specifies the ordered list of compression algorithms to propose during the handshake.
This property defines the client's preference for data compression. During the initial SSH handshake (Key Exchange), the client sends this list to the server. The server then selects the first algorithm from this list that it also supports.
Negotiation Logic:
Default Strategy: The default list is: {@ref ftpSSHCompressionzlibopenssh, @ref ftpSSHCompressionNone}. This effectively means: "Try to use zlib compression first; if the server doesn't support it, fall back to no compression."
How to Disable Compression: To ensure maximum performance on high-speed LANs, set this property to contain only * @ref ftpSSHCompressionNone.
| [in] | newValue | A VARIANT containing a SafeArray of integers (VT_I4), where each integer corresponds to a value from the SSHCompression enumeration. |
| [out] | retval | Receives the current list of configured compression methods. |
|
getproperty |
Retrieves the cryptographic parameters negotiated for the current session.
This property returns the ISSHConnectionInfo interface, which details exactly which algorithms (Key Exchange, Encryption, MAC, Compression) were selected during the handshake.
| [out] | retval | Receives the ISSHConnectionInfo interface pointer. |
|
getproperty |
Retrieves the current state of the SSH connection.
This property allows you to check if the client is currently connected, connecting, or disconnected.
| [out] | retval | Receives the ConnectionStatus enumeration value. |
|
getsetproperty |
Specifies the ordered list of symmetric encryption algorithms to propose to the server.
This property allows you to control the preference order for the cipher used to encrypt the data stream (commands, file content, etc.).
Negotiation Process:
Default Strategy (Order of Preference): The default list prioritizes Authenticated Encryption (GCM) for performance and security, followed by Counter mode (CTR). Legacy modes (CBC, 3DES) are included as a fallback for compatibility but are deprioritized.
Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer corresponds to a value from the Encryption enumeration.
| [in] | newValue | A VARIANT containing the ordered array of encryption algorithms. |
| [out] | retval | Receives the current list of configured algorithms. |
|
getsetproperty |
Selects the specific GSSAPI provider library used for Kerberos authentication.
The Context: GSSAPI (Generic Security Service Application Program Interface) allows the SSH connection to authenticate using an existing Kerberos Ticket-Granting Ticket (TGT). This enables Single Sign-On (SSO) scenarios where the user does not need to re-enter a password.
Prerequisites: Setting this property alone is not enough; the SSH server must offer gssapi-with-mic authentication, and the client machine must have a valid Kerberos ticket (either in the Windows LSA or MIT cache).
| [in] | newValue | The GSSAPIMethod enum value specifying the desired provider. |
| [out] | retval | Receives the current provider setting. |
|
getsetproperty |
Specifies the destination server address.
| [in] | newValue | The hostname or IP address string. |
| [out] | retval | Receives the current host setting. |
|
getsetproperty |
Sets the interval (in seconds) between automatic keep-alive packets.
This property helps maintain the connection during periods of inactivity by sending dummy data to the server.
The Problem (NAT/Firewall Timeouts): Most network routers, firewalls, and NAT devices track active connections in a state table. If no data flows through a connection for a certain period (typically 5 to 10 minutes), the device silently deletes the entry. When the application tries to send data later, the packet is dropped, resulting in a "Connection Reset" or a hang.
The Solution: Setting this property (e.g., to 60 seconds) forces the component to send a small, ignored packet to the server periodically. This resets the idle timer on all intermediate network devices, keeping the path open.
Settings:
Side Benefit: It also helps detect dead connections faster. If a keep-alive packet fails to send, the component knows the network is down immediately, rather than waiting for the user to try a file transfer.
| [in] | newValue | The interval in seconds. |
| [out] | retval | Receives the current interval setting. |
|
getsetproperty |
Specifies the ordered list of Key Exchange (KEX) algorithms to propose.
This property defines the cryptographic algorithms the client is willing to use to establish the session keys.
Negotiation Process:
Default Strategy (Order of Preference): The default list is carefully ordered to balance speed, security, and compatibility:
Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer corresponds to a value from the KeyExchange enumeration.
| [in] | newValue | A VARIANT containing the ordered array of KEX algorithms. |
| [out] | retval | Receives the current list of configured algorithms. |
|
getsetproperty |
Specifies the ordered list of preferred languages for server messages.
This property allows the client to negotiate the language used for human-readable messages sent by the server (e.g., error messages, authentication prompts, or welcome banners).
Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer represents a Windows LANGID.
Reference:
| [in] | newValue | A VARIANT containing the ordered array of LANGIDs. |
| [out] | retval | Receives the current list of preferred languages. |
|
setproperty |
Attaches a logging mechanism to the SSH session for debugging and auditing.
This property allows you to capture the internal activity of the component. By assigning an object that implements the ILogger interface, you can redirect log messages to a file, the console, or a custom monitoring system.
| [in] | logger | A pointer to an ILogger implementation. Set to NULL to disable logging. |
|
getsetproperty |
Specifies the ordered list of Message Authentication Code (MAC) algorithms to propose.
This property controls the integrity layer of the SSH connection. MACs ensure that the data packets have not been modified or tampered with by a "man-in-the-middle" during transit.
Negotiation Process: The server selects the first algorithm from this list that it also supports.
Note: If an AEAD cipher (like AES-GCM) is negotiated via the Encryptions property, the MAC list is ignored. This is because AEAD (Authenticated Encryption with Associated Data) provides built-in integrity checking, rendering a separate HMAC redundant.
Default Strategy (Order of Preference): The default list prioritizes the "Encrypt-then-MAC" (EtM) construction for superior security:
Why use EtM (Encrypt-then-MAC)? Traditional SSH MACs verify the plaintext. An attacker can send malicious ciphertext that the client must decrypt before it can check the MAC. EtM verifies the ciphertext first. If the MAC doesn't match, the packet is dropped immediately without decryption, preventing "Padding Oracle" attacks.
Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer corresponds to a value from the HMAC enumeration.
| [in] | newValue | A VARIANT containing the ordered array of HMAC algorithms. |
| [out] | retval | Receives the current list of configured algorithms. |
|
getsetproperty |
Specifies the password used for authentication.
This property provides the secret credential required when the authentication method is set to sfFTPLib::ftpSSHAuthenticationPassword or sfFTPLib::ftpSSHAuthenticationKeyboardInteractive.
How it works:
| [in] | newValue | The password string. |
| [out] | retval | Receives the current password. |
|
getsetproperty |
Specifies the TCP port number to connect to.
This property defines the listening port on the remote server.
Defaults:
| [in] | newValue | The port number (default: 22). |
| [out] | retval | Receives the current port setting. |
|
getsetproperty |
Specifies the private key for public-key authentication.
This property assigns an IKey object that represents the user's private identity. This is required when the authentication method includes sfFTPLib::ftpSSHAuthenticationPublicKey.
|
getproperty |
Retrieves the network protocol family (IPv4 or IPv6) used for the active connection.
This property indicates whether the underlying TCP connection was established using Internet Protocol version 4 or version 6.
| [out] | retval | Receives the ProtocolFamily enumeration value. |
|
getsetproperty |
Controls the preference for IPv4 or IPv6 during hostname resolution.
This property determines which network protocol stack the client attempts to use when the Host property contains a domain name (e.g., "ssh.example.com") that resolves to multiple IP addresses.
| [in] | newValue | The ProtocolFamily value to enforce. |
| [out] | retval | Receives the current preference setting. |
|
getproperty |
Accesses the proxy configuration settings for the connection.
This property returns the IProxySettings interface, which allows you to define how the SSH connection should be routed through an intermediate server.
| [out] | retval | Receives the IProxySettings interface pointer. |
|
getproperty |
Retrieves the public host key presented by the remote server.
| [out] | retval | Receives the IKey interface containing the server's public key. |
|
getsetproperty |
Controls the prioritized list of Public Key algorithms accepted during the Server Host Key verification phase.
The Negotiation Process: During the initial SSH handshake (RFC 4253), the client sends a list of supported algorithms to the server. The connection is established using the first algorithm in this list that the server also supports.
Security Control: This property gives you full control over which Host Key algorithms are trusted. To harden your application against legacy vulnerabilities, you can exclude weak algorithms (such as ftpSSHPublicKeyAlgoDSA or ftpSSHPublicKeyAlgoRSA) from this list entirely.
Preference Ordering: The order of elements in the array dictates priority. You should place the strongest and fastest algorithms (like ftpSSHPublicKeyAlgoEd25519 or ftpSSHPublicKeyAlgoECDSA256) at the beginning of the list.
Default Configuration: By default, the component prioritizes modern Edwards-curve and Post-Quantum algorithms, followed by NIST curves, then RSA/DSA, and finally X.509 variants (due to frequent implementation issues). The default order is:
Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer corresponds to a value from the SSHPublicKeyAlgo enumeration.
| [in] | newValue | A Variant containing an array of SSHPublicKeyAlgo values defining the allowed algorithms in order of preference. |
| [out] | retval | Receives the current list of allowed algorithms. |
|
getproperty |
Accesses the identification and environmental metadata of the connected SSH server.
| [out] | retval | Receives the address of the ISSHServerState interface pointer. |
|
getproperty |
Accesses the low-level TCP socket configuration.
This property returns the ISocketSettings interface, which allows you to fine-tune the underlying network socket behavior before or during a connection.
| [out] | retval | Receives the ISocketSettings interface pointer. |
|
getproperty |
Accesses the bandwidth throttling configuration for this specific connection.
This property returns the ISpeedLimitSettings interface, which allows you to restrict the maximum upload and download rates for this SSH session.
| [out] | retval | Receives the ISpeedLimitSettings interface pointer. |
|
getsetproperty |
Sets the maximum time (in seconds) to wait for a network operation to complete.
This property defines the timeout threshold for all blocking calls, such as connecting, reading data, or waiting for a server response. If an operation exceeds this duration, it is aborted and returns an error.
Default:
| [in] | newValue | The timeout duration in seconds. |
| [out] | retval | Receives the current timeout setting. |
|
getsetproperty |
Controls whether the component processes Windows messages during blocking operations.
This property determines how the library behaves while waiting for a network response.
Settings:
When to use TRUE: Enable this if you are using the component on the Main UI Thread of a desktop application (VB6, VBA, Delphi, WinForms) and want to keep the window responsive.
When to use FALSE: Keep this disabled for Console apps, Windows Services, or background worker threads where no UI interaction exists.
| [in] | newValue | Set to VARIANT_TRUE to enable message pumping; VARIANT_FALSE to disable it. |
| [out] | retval | Receives the current setting. |
|
getsetproperty |
Controls whether the Password property is automatically used to answer Keyboard-Interactive prompts.
This property simplifies the login process for servers that use keyboard-interactive authentication merely to ask for a password (as opposed to 2FA codes or one-time passwords).
The Problem: Many SSH servers disable standard "Password" authentication (RFC 4252) in favor of "Keyboard-Interactive" (RFC 4256) because it is more flexible. However, they often just send a single prompt: "Password: ". Without this setting, your application would need to implement a complex event handler just to send the static password.
The Solution (True - Default): When this property is TRUE, the component scans the prompt text sent by the server. If it detects keywords like "password" (case-insensitive), it automatically responds with the value stored in the Password property.
When to set to False: Set this to FALSE if you are using Multi-Factor Authentication (MFA/2FA) where the "password" prompt might actually require a token code, or if you want full manual control over the responses via the sfFTPLib::_ISSHConnectionEvents::OnLoginChallenge event.
| [in] | newValue | VARIANT_TRUE to enable auto-response (Default), VARIANT_FALSE to disable. |
| [out] | retval | Receives the current setting. |
|
getsetproperty |
Specifies the user account name for authentication.
This property sets the username that will be sent to the server in the SSH_MSG_USERAUTH_REQUEST packet. It is required for all authentication methods (Password, Public Key, Host-Based, Keyboard-Interactive).
| [in] | newValue | The username string. |
| [out] | retval | Receives the current username. |