SmartFTP FTP Library
ISSHConnection Interface Reference

import "sfFTPLib.idl";

Public Member Functions

HRESULT Close ()
 Closes the connection.
HRESULT Abort ()
 Cancels the currently executing blocking operation.
HRESULT Connect ()
 Establishes a secure connection to the remote SSH server.
HRESULT Disconnect ()
 Gracefully terminates the SSH session and closes the connection.
HRESULT CreateSFTPConnection ([out, retval] ISFTPConnection **retval)
 Initializes the SFTP subsystem over the current SSH session.
HRESULT SendPacket ([in, size_is(length)] byte *data, [in] long length)
HRESULT SetFileLogger ([out, retval] IFileLogger **fileLogger)
 Creates a file logger sfFTPLib::FileLogger and attaches it to the Logger property.

Properties

VARIANT_BOOL Busy [get]
 Indicates whether the connection is currently executing an operation.
ISSHConnectionInfo ConnectionInfo [get]
 Retrieves the cryptographic parameters negotiated for the current session.
ConnectionStatus ConnectionStatus [get]
 Retrieves the current state of the SSH connection.
VARIANT_BOOL UseMessageLoop [get, set]
 Controls whether the component processes Windows messages during blocking operations.
BSTR Host [get, set]
 Specifies the destination server address.
long Port [get, set]
 Specifies the TCP port number to connect to.
ProtocolFamily ProtocolFamily [get]
 Retrieves the network protocol family (IPv4 or IPv6) used for the active connection.
ProtocolFamily ProtocolFamilyPreference [get, set]
 Controls the preference for IPv4 or IPv6 during hostname resolution.
BSTR Username [get, set]
 Specifies the user account name for authentication.
BSTR Password [get, set]
 Specifies the password used for authentication.
BSTR ClientId [get, set]
 Customizes the client identifier string sent during the SSH handshake.
long Timeout [get, set]
 Sets the maximum time (in seconds) to wait for a network operation to complete.
long CompressionLevel [get, set]
 Controls the aggressiveness of the zlib compression algorithm.
IKey PrivateKey [get, set]
 Specifies the private key for public-key authentication.
VARIANT AgentKeyBlob [get, set]
 Specifies the specific public key from the SSH Agent to use for authentication.
VARIANT Authentications [get, set]
 Specifies the ordered list of authentication methods to attempt.
VARIANT Encryptions [get, set]
 Specifies the ordered list of symmetric encryption algorithms to propose to the server.
VARIANT MACs [get, set]
 Specifies the ordered list of Message Authentication Code (MAC) algorithms to propose.
VARIANT Compressions [get, set]
 Specifies the ordered list of compression algorithms to propose during the handshake.
VARIANT KeyExchanges [get, set]
 Specifies the ordered list of Key Exchange (KEX) algorithms to propose.
IKey ClientHostKey [get, set]
 Specifies the private host key used for Host-Based authentication.
BSTR ClientHostname [get, set]
 Specifies the client machine name sent during Host-Based authentication.
IKey ServerHostKey [get]
 Retrieves the public host key presented by the remote server.
long KeepAliveInterval [get, set]
 Sets the interval (in seconds) between automatic keep-alive packets.
IProxySettings Proxy [get]
 Accesses the proxy configuration settings for the connection.
ILogger Logger [set]
 Attaches a logging mechanism to the SSH session for debugging and auditing.
VARIANT Languages [get, set]
 Specifies the ordered list of preferred languages for server messages.
VARIANT ServerHostKeyAlgorithms [get, set]
 Controls the prioritized list of Public Key algorithms accepted during the Server Host Key verification phase.
GSSAPIMethod GSSAPIMethod [get, set]
 Selects the specific GSSAPI provider library used for Kerberos authentication.
VARIANT_BOOL UsePasswordForKeyboardInteractive [get, set]
 Controls whether the Password property is automatically used to answer Keyboard-Interactive prompts.
ISSHServerState ServerState [get]
 Accesses the identification and environmental metadata of the connected SSH server.
ISocketSettings SocketSettings [get]
 Accesses the low-level TCP socket configuration.
ISpeedLimitSettings SpeedLimitSettings [get]
 Accesses the bandwidth throttling configuration for this specific connection.

Member Function Documentation

◆ Abort()

HRESULT ISSHConnection::Abort ( )

Cancels the currently executing blocking operation.

◆ Close()

HRESULT ISSHConnection::Close ( )

Closes the connection.

To ungracefully close the connection use the Disconnect method.

Remarks
Close is automatically called in the destructor of the object.

◆ Connect()

HRESULT ISSHConnection::Connect ( )

Establishes a secure connection to the remote SSH server.

This method initiates the full SSH-2 protocol handshake. It is a synchronous call that transitions the object from a disconnected state to an authenticated, ready-to-use session.

Prerequisites: Before calling this method, ensure the following properties are set:

  • HostName: The IP address or domain of the server.
  • Port: Usually 22.
  • Authentication: Valid IKey or password credentials.

◆ CreateSFTPConnection()

HRESULT ISSHConnection::CreateSFTPConnection ( [out, retval] ISFTPConnection ** retval)

Initializes the SFTP subsystem over the current SSH session.

This method acts as a factory, creating a dedicated interface for file transfer operations (ISFTPConnection).

Prerequisites:

  1. You must call Connect first.
  2. The server must support the SFTP subsystem (usually enabled by default in OpenSSH).
Parameters
[out]retvalReceives the pointer to the new ISFTPConnection interface.

◆ Disconnect()

HRESULT ISSHConnection::Disconnect ( )

Gracefully terminates the SSH session and closes the connection.

This method initiates a clean shutdown sequence. It informs the server that the client is finished, allows pending data transfers to complete (if applicable), and waits for the server to acknowledge the closure.

The Disconnect Sequence:

  1. The client sends an SSH_MSG_DISCONNECT packet to the server.
  2. The library waits for the server to acknowledge or close its side of the TCP socket.
  3. Once the server responds or the internal timeout is reached, the local socket is destroyed.
  • Remarks
  • Fallback: If the server is unresponsive or fails to close the connection within the defined timeout period, the library will perform an ungraceful close to prevent the application from hanging.
  • Abortion: If the application needs to quit immediately during a pending disconnect, calling Abort will force an immediate socket teardown.
  • Immediate Close: To skip the "polite" handshake and drop the connection instantly, use Close.

◆ SendPacket()

HRESULT ISSHConnection::SendPacket ( [in, size_is(length)] byte * data,
[in] long length )

◆ SetFileLogger()

HRESULT ISSHConnection::SetFileLogger ( [out, retval] IFileLogger ** fileLogger)

Creates a file logger sfFTPLib::FileLogger and attaches it to the Logger property.

Warning: * Calling this method a second time will detach and destroy the previous logger, replacing it with a new, unconfigured instance.

Typical Usage Workflow:

  1. Call SetFileLogger to get the interface.
  2. Set the log file path (e.g., File = c:\logs\ssh.log) on the returned object.
  3. Call Connect.
Parameters
[out]fileLoggerReceives the pointer to the newly created and attached IFileLogger interface.

Property Documentation

◆ AgentKeyBlob

VARIANT ISSHConnection::AgentKeyBlob
getsetproperty

Specifies the specific public key from the SSH Agent to use for authentication.

This property allows you to filter which key the client requests from the running SSH Agent (e.g., Pageant, OpenSSH Agent).

The Problem (MaxAuthTries): SSH servers limit the number of authentication attempts (usually to 3 or 6). If your SSH Agent holds 10 keys, and the standard client offers them sequentially, the server may disconnect you with a "Too many authentication failures" error before the client reaches the correct key.

The Solution: By setting this property to the specific Public Key Blob of the intended key, you force the client to ignore all other keys in the agent and attempt authentication only with this specific identity.

Data Type: The VARIANT must contain a SafeArray of bytes (VT_UI1 | VT_ARRAY) representing the raw public key data in standard SSH format (RFC 4253).

Parameters
[in]newValueA VARIANT containing the byte array of the specific public key.
[out]retvalReceives the current key blob setting.

◆ Authentications

VARIANT ISSHConnection::Authentications
getsetproperty

Specifies the ordered list of authentication methods to attempt.

This property defines the strategy the client uses to authenticate with the SSH server. The client iterates through the provided list in order:

  1. It checks if the server supports the specific method.
  2. If supported, it attempts to authenticate using that method.
  3. If authentication fails or the method is unsupported, it proceeds to the next method in the list.

Default Strategy: The default list is ordered as follows:

  1. sfFTPLib::ftpSSHAuthenticationNone (Checks if the server allows access without credentials).
  2. sfFTPLib::ftpSSHAuthenticationPublicKey (Attempts to use keys loaded in the IKeyManager).
  3. sfFTPLib::ftpSSHAuthenticationPassword (Falls back to the standard password).

Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer corresponds to a value from the sfFTPLib::SSHAuthentication enumeration.

Parameters
[in]newValueA VARIANT containing the ordered array of authentication methods.
[out]retvalReceives the current list of configured methods.

◆ Busy

VARIANT_BOOL ISSHConnection::Busy
getproperty

Indicates whether the connection is currently executing an operation.

◆ ClientHostKey

IKey ISSHConnection::ClientHostKey
getsetproperty

Specifies the private host key used for Host-Based authentication.

This property is required only if you include sfFTPLib::ftpSSHAuthenticationHostBased in the Authentications priority list.

What is Host-Based Authentication? Unlike standard Public Key authentication (where the user proves their identity), Host-Based authentication allows the client machine to prove its identity to the server. If the server trusts the client machine (e.g., via /etc/ssh/shosts.equiv), it allows the user to log in.

Difference from User Keys:

Requirement: The IKey object passed here must contain a Private Key (usually RSA, DSA, or ECDSA) corresponding to a public key that the server already trusts.

Parameters
[in]newValueThe IKey interface containing the client's private host key.
[out]retvalReceives the current host key interface.

◆ ClientHostname

BSTR ISSHConnection::ClientHostname
getsetproperty

Specifies the client machine name sent during Host-Based authentication.

This property is used only when sfFTPLib::ftpSSHAuthenticationHostBased is active.

How it works: In Host-Based authentication, the client sends a signature stating: "I am user 'jsmith' from machine 'workstation.example.com'."

This property allows you to explicitly set the machine name ('workstation.example.com'). If left empty, the component typically defaults to the local computer's NetBIOS name.

Parameters
[in]newValueThe hostname string (e.g., "client.local" or "192.168.1.50").
[out]retvalReceives the current client hostname setting.

◆ ClientId

BSTR ISSHConnection::ClientId
getsetproperty

Customizes the client identifier string sent during the SSH handshake.

This property allows you to append a custom identifier to the standard client signature. This string is sent immediately after the TCP connection is established, during the Protocol Version Exchange (RFC 4253).

Format: The final string sent to the server follows the pattern: SSH-2.0-SmartFTP <ClientValue>

Parameters
[in]newValueThe custom string to append to the client ID. Do not include "SSH-2.0-"; it is added automatically.
[out]retvalReceives the current client identifier suffix.

◆ CompressionLevel

long ISSHConnection::CompressionLevel
getsetproperty

Controls the aggressiveness of the zlib compression algorithm.

This property tunes the balance between data size reduction and CPU usage.

Range: * - 1 (Fastest): Minimal compression, lowest CPU overhead. Ideal for fast networks.

  • 5 (Default): A balanced setting suitable for most internet connections.
  • 9 (Best): Maximum compression, highest CPU overhead. Ideal for very slow connections (e.g., Satellite, EDGE).
Parameters
[in]newValueAn integer between 1 and 9.
[out]retvalReceives the current compression level.

◆ Compressions

VARIANT ISSHConnection::Compressions
getsetproperty

Specifies the ordered list of compression algorithms to propose during the handshake.

This property defines the client's preference for data compression. During the initial SSH handshake (Key Exchange), the client sends this list to the server. The server then selects the first algorithm from this list that it also supports.

Negotiation Logic:

  1. Client: Sends "zlib@openssh.com,none".
  2. Server: Checks its own list.
  • If it supports "zlib@openssh.com", that is chosen.
  • If not, it checks "none".
  1. Result: The connection proceeds using the agreed method.

Default Strategy: The default list is: {@ref ftpSSHCompressionzlibopenssh, @ref ftpSSHCompressionNone}. This effectively means: "Try to use zlib compression first; if the server doesn't support it, fall back to no compression."

How to Disable Compression: To ensure maximum performance on high-speed LANs, set this property to contain only * @ref ftpSSHCompressionNone.

Parameters
[in]newValueA VARIANT containing a SafeArray of integers (VT_I4), where each integer corresponds to a value from the SSHCompression enumeration.
[out]retvalReceives the current list of configured compression methods.

◆ ConnectionInfo

ISSHConnectionInfo ISSHConnection::ConnectionInfo
getproperty

Retrieves the cryptographic parameters negotiated for the current session.

This property returns the ISSHConnectionInfo interface, which details exactly which algorithms (Key Exchange, Encryption, MAC, Compression) were selected during the handshake.

Parameters
[out]retvalReceives the ISSHConnectionInfo interface pointer.

◆ ConnectionStatus

ConnectionStatus ISSHConnection::ConnectionStatus
getproperty

Retrieves the current state of the SSH connection.

This property allows you to check if the client is currently connected, connecting, or disconnected.

Parameters
[out]retvalReceives the ConnectionStatus enumeration value.

◆ Encryptions

VARIANT ISSHConnection::Encryptions
getsetproperty

Specifies the ordered list of symmetric encryption algorithms to propose to the server.

This property allows you to control the preference order for the cipher used to encrypt the data stream (commands, file content, etc.).

Negotiation Process:

  1. Client Proposal: The client sends this list to the server in the SSH_MSG_KEXINIT packet.
  2. Server Selection: The server scans the client's list from top to bottom and selects the first algorithm that it also supports.

Default Strategy (Order of Preference): The default list prioritizes Authenticated Encryption (GCM) for performance and security, followed by Counter mode (CTR). Legacy modes (CBC, 3DES) are included as a fallback for compatibility but are deprioritized.

  1. ftpEncryptionAES128GCM (Top Priority: Fastest AEAD; high throughput).
  2. ftpEncryptionAES256GCM (Stronger AEAD).
  3. ftpEncryptionAES128CTR (Standard safe mode).
  4. ftpEncryptionAES192CTR
  5. ftpEncryptionAES256CTR
  6. ftpEncryptionAES128CBC (Legacy: Vulnerable to CERT KB 958563, but required by many older servers).
  7. ftpEncryptionAES192CBC
  8. ftpEncryptionAES256CBC
  9. ftpEncryption3DES (Lowest Priority: Very slow, but required for FIPS 140-2 compliance and legacy JSCAPE servers).

Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer corresponds to a value from the Encryption enumeration.

Parameters
[in]newValueA VARIANT containing the ordered array of encryption algorithms.
[out]retvalReceives the current list of configured algorithms.

◆ GSSAPIMethod

GSSAPIMethod ISSHConnection::GSSAPIMethod
getsetproperty

Selects the specific GSSAPI provider library used for Kerberos authentication.

The Context: GSSAPI (Generic Security Service Application Program Interface) allows the SSH connection to authenticate using an existing Kerberos Ticket-Granting Ticket (TGT). This enables Single Sign-On (SSO) scenarios where the user does not need to re-enter a password.

Prerequisites: Setting this property alone is not enough; the SSH server must offer gssapi-with-mic authentication, and the client machine must have a valid Kerberos ticket (either in the Windows LSA or MIT cache).

Parameters
[in]newValueThe GSSAPIMethod enum value specifying the desired provider.
[out]retvalReceives the current provider setting.

◆ Host

BSTR ISSHConnection::Host
getsetproperty

Specifies the destination server address.

Parameters
[in]newValueThe hostname or IP address string.
[out]retvalReceives the current host setting.

◆ KeepAliveInterval

long ISSHConnection::KeepAliveInterval
getsetproperty

Sets the interval (in seconds) between automatic keep-alive packets.

This property helps maintain the connection during periods of inactivity by sending dummy data to the server.

The Problem (NAT/Firewall Timeouts): Most network routers, firewalls, and NAT devices track active connections in a state table. If no data flows through a connection for a certain period (typically 5 to 10 minutes), the device silently deletes the entry. When the application tries to send data later, the packet is dropped, resulting in a "Connection Reset" or a hang.

The Solution: Setting this property (e.g., to 60 seconds) forces the component to send a small, ignored packet to the server periodically. This resets the idle timer on all intermediate network devices, keeping the path open.

Settings:

  • 0 (Default): Disabled. No keep-alive packets are sent.
  • > 0: The interval in seconds. Recommended value: 60.

Side Benefit: It also helps detect dead connections faster. If a keep-alive packet fails to send, the component knows the network is down immediately, rather than waiting for the user to try a file transfer.

Parameters
[in]newValueThe interval in seconds.
[out]retvalReceives the current interval setting.

◆ KeyExchanges

VARIANT ISSHConnection::KeyExchanges
getsetproperty

Specifies the ordered list of Key Exchange (KEX) algorithms to propose.

This property defines the cryptographic algorithms the client is willing to use to establish the session keys.

Negotiation Process:

  1. Client Proposal: The client sends this list to the server in the SSH_MSG_KEXINIT packet.
  2. Server Selection: The server scans the client's list from top to bottom and selects the first algorithm that it also supports.
  3. Agreement: If a match is found, the handshake proceeds. If no common algorithm exists, the connection is severed.

Default Strategy (Order of Preference): The default list is carefully ordered to balance speed, security, and compatibility:

  1. ftpKeyExchangeCurve25519 (Fastest, most secure).
  2. ftpKeyExchangeCurve25519libssh (Legacy alias for compatibility).
  3. ftpKeyExchangeMlKem768x25519 (Post-quantum; prioritized lower than pure Curve25519 due to larger packet size and CPU cost).
  4. ftpKeyExchangeECDH256 (NIST P-256).
  5. ftpKeyExchangeECDH384 (NIST P-384).
  6. ftpKeyExchangeECDH521 (NIST P-521).
  7. ftpKeyExchangeDiffieHellmanGroup14SHA256 (Standard 2048-bit fixed group).
  8. ftpKeyExchangeDiffieHellmanGroup16SHA512 (High security 4096-bit fixed group).
  9. ftpKeyExchangeDiffieHellmanGroupExchangeSHA256 (Dynamic group; lower priority because the library rejects groups < 2048 bits).
  10. ftpKeyExchangeDiffieHellmanGroup14SHA1 (Legacy 2048-bit with SHA-1).
  11. ftpKeyExchangeDiffieHellmanGroupExchangeSHA1 (Legacy dynamic group; lowest priority as server group size support is unknown).

Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer corresponds to a value from the KeyExchange enumeration.

Parameters
[in]newValueA VARIANT containing the ordered array of KEX algorithms.
[out]retvalReceives the current list of configured algorithms.

◆ Languages

VARIANT ISSHConnection::Languages
getsetproperty

Specifies the ordered list of preferred languages for server messages.

This property allows the client to negotiate the language used for human-readable messages sent by the server (e.g., error messages, authentication prompts, or welcome banners).

Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer represents a Windows LANGID.

Reference:

Parameters
[in]newValueA VARIANT containing the ordered array of LANGIDs.
[out]retvalReceives the current list of preferred languages.

◆ Logger

ILogger ISSHConnection::Logger
setproperty

Attaches a logging mechanism to the SSH session for debugging and auditing.

This property allows you to capture the internal activity of the component. By assigning an object that implements the ILogger interface, you can redirect log messages to a file, the console, or a custom monitoring system.

See also
FileLogger
Parameters
[in]loggerA pointer to an ILogger implementation. Set to NULL to disable logging.

◆ MACs

VARIANT ISSHConnection::MACs
getsetproperty

Specifies the ordered list of Message Authentication Code (MAC) algorithms to propose.

This property controls the integrity layer of the SSH connection. MACs ensure that the data packets have not been modified or tampered with by a "man-in-the-middle" during transit.

Negotiation Process: The server selects the first algorithm from this list that it also supports.

Note: If an AEAD cipher (like AES-GCM) is negotiated via the Encryptions property, the MAC list is ignored. This is because AEAD (Authenticated Encryption with Associated Data) provides built-in integrity checking, rendering a separate HMAC redundant.

Default Strategy (Order of Preference): The default list prioritizes the "Encrypt-then-MAC" (EtM) construction for superior security:

  1. ftpHMACSHA2256Etm (High security; industry standard).
  2. ftpHMACSHA2512Etm (Strongest).
  3. ftpHMACSHA2256 (Standard Encrypt-and-MAC).
  4. ftpHMACSHA2512 (Standard Encrypt-and-MAC).
  5. ftpHMACSHA1 (Legacy: Included for compatibility with older hardware/routers).

Why use EtM (Encrypt-then-MAC)? Traditional SSH MACs verify the plaintext. An attacker can send malicious ciphertext that the client must decrypt before it can check the MAC. EtM verifies the ciphertext first. If the MAC doesn't match, the packet is dropped immediately without decryption, preventing "Padding Oracle" attacks.

Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer corresponds to a value from the HMAC enumeration.

Parameters
[in]newValueA VARIANT containing the ordered array of HMAC algorithms.
[out]retvalReceives the current list of configured algorithms.

◆ Password

BSTR ISSHConnection::Password
getsetproperty

Specifies the password used for authentication.

This property provides the secret credential required when the authentication method is set to sfFTPLib::ftpSSHAuthenticationPassword or sfFTPLib::ftpSSHAuthenticationKeyboardInteractive.

How it works:

  • Password Auth: The string is sent directly in the SSH_MSG_USERAUTH_REQUEST packet.
  • Keyboard-Interactive Auth (RFC 4256): If the server prompts for a password (and UsePasswordForKeyboardInteractive is true), this value is automatically used as the response.
Parameters
[in]newValueThe password string.
[out]retvalReceives the current password.

◆ Port

long ISSHConnection::Port
getsetproperty

Specifies the TCP port number to connect to.

This property defines the listening port on the remote server.

Defaults:

  • Standard SSH: 22
Parameters
[in]newValueThe port number (default: 22).
[out]retvalReceives the current port setting.

◆ PrivateKey

IKey ISSHConnection::PrivateKey
getsetproperty

Specifies the private key for public-key authentication.

This property assigns an IKey object that represents the user's private identity. This is required when the authentication method includes sfFTPLib::ftpSSHAuthenticationPublicKey.

Parameters
[in]newValueThe IKey object containing the loaded private key.
[out]retvalReceives the current IKey object.

◆ ProtocolFamily

ProtocolFamily ISSHConnection::ProtocolFamily
getproperty

Retrieves the network protocol family (IPv4 or IPv6) used for the active connection.

This property indicates whether the underlying TCP connection was established using Internet Protocol version 4 or version 6.

Parameters
[out]retvalReceives the ProtocolFamily enumeration value.

◆ ProtocolFamilyPreference

ProtocolFamily ISSHConnection::ProtocolFamilyPreference
getsetproperty

Controls the preference for IPv4 or IPv6 during hostname resolution.

This property determines which network protocol stack the client attempts to use when the Host property contains a domain name (e.g., "ssh.example.com") that resolves to multiple IP addresses.

Parameters
[in]newValueThe ProtocolFamily value to enforce.
[out]retvalReceives the current preference setting.

◆ Proxy

IProxySettings ISSHConnection::Proxy
getproperty

Accesses the proxy configuration settings for the connection.

This property returns the IProxySettings interface, which allows you to define how the SSH connection should be routed through an intermediate server.

Parameters
[out]retvalReceives the IProxySettings interface pointer.

◆ ServerHostKey

IKey ISSHConnection::ServerHostKey
getproperty

Retrieves the public host key presented by the remote server.

Parameters
[out]retvalReceives the IKey interface containing the server's public key.

◆ ServerHostKeyAlgorithms

VARIANT ISSHConnection::ServerHostKeyAlgorithms
getsetproperty

Controls the prioritized list of Public Key algorithms accepted during the Server Host Key verification phase.

The Negotiation Process: During the initial SSH handshake (RFC 4253), the client sends a list of supported algorithms to the server. The connection is established using the first algorithm in this list that the server also supports.

Security Control: This property gives you full control over which Host Key algorithms are trusted. To harden your application against legacy vulnerabilities, you can exclude weak algorithms (such as ftpSSHPublicKeyAlgoDSA or ftpSSHPublicKeyAlgoRSA) from this list entirely.

Preference Ordering: The order of elements in the array dictates priority. You should place the strongest and fastest algorithms (like ftpSSHPublicKeyAlgoEd25519 or ftpSSHPublicKeyAlgoECDSA256) at the beginning of the list.

Default Configuration: By default, the component prioritizes modern Edwards-curve and Post-Quantum algorithms, followed by NIST curves, then RSA/DSA, and finally X.509 variants (due to frequent implementation issues). The default order is:

  1. ftpSSHPublicKeyAlgoEd25519 (Highest priority)
  2. ftpSSHPublicKeyAlgoEd448 (Supported by ProFTPD/Cerberus; not OpenSSH)
  3. ftpSSHPublicKeyAlgoMlDsa44 (Post-Quantum; experimental)
  4. ftpSSHPublicKeyAlgoMlDsa65 (Post-Quantum; experimental)
  5. ftpSSHPublicKeyAlgoMlDsa87 (Post-Quantum; experimental)
  6. ftpSSHPublicKeyAlgoECDSA256
  7. ftpSSHPublicKeyAlgoECDSA384
  8. ftpSSHPublicKeyAlgoECDSA521
  9. ftpSSHPublicKeyAlgoRSASHA2256
  10. ftpSSHPublicKeyAlgoRSASHA2512
  11. ftpSSHPublicKeyAlgoRSA
  12. ftpSSHPublicKeyAlgoDSA
  13. ftpSSHPublicKeyAlgox509v3ECDSA256 (Deprioritized)
  14. ftpSSHPublicKeyAlgox509v3ECDSA384 (Deprioritized)
  15. ftpSSHPublicKeyAlgox509v3ECDSA521 (Deprioritized)
  16. ftpSSHPublicKeyAlgox509v3RSA2048SHA256 (Deprioritized)
  17. ftpSSHPublicKeyAlgox509v3RSA (Deprioritized)

Data Type: The VARIANT must contain a SafeArray of integers (VT_I4), where each integer corresponds to a value from the SSHPublicKeyAlgo enumeration.

Parameters
[in]newValueA Variant containing an array of SSHPublicKeyAlgo values defining the allowed algorithms in order of preference.
[out]retvalReceives the current list of allowed algorithms.

◆ ServerState

ISSHServerState ISSHConnection::ServerState
getproperty

Accesses the identification and environmental metadata of the connected SSH server.

Parameters
[out]retvalReceives the address of the ISSHServerState interface pointer.

◆ SocketSettings

ISocketSettings ISSHConnection::SocketSettings
getproperty

Accesses the low-level TCP socket configuration.

This property returns the ISocketSettings interface, which allows you to fine-tune the underlying network socket behavior before or during a connection.

Parameters
[out]retvalReceives the ISocketSettings interface pointer.

◆ SpeedLimitSettings

ISpeedLimitSettings ISSHConnection::SpeedLimitSettings
getproperty

Accesses the bandwidth throttling configuration for this specific connection.

This property returns the ISpeedLimitSettings interface, which allows you to restrict the maximum upload and download rates for this SSH session.

Parameters
[out]retvalReceives the ISpeedLimitSettings interface pointer.

◆ Timeout

long ISSHConnection::Timeout
getsetproperty

Sets the maximum time (in seconds) to wait for a network operation to complete.

This property defines the timeout threshold for all blocking calls, such as connecting, reading data, or waiting for a server response. If an operation exceeds this duration, it is aborted and returns an error.

Default:

  • The default value is 30 (30 seconds).
Parameters
[in]newValueThe timeout duration in seconds.
[out]retvalReceives the current timeout setting.

◆ UseMessageLoop

VARIANT_BOOL ISSHConnection::UseMessageLoop
getsetproperty

Controls whether the component processes Windows messages during blocking operations.

This property determines how the library behaves while waiting for a network response.

Settings:

  • VARIANT_FALSE (Default): The calling thread is put to sleep until the operation completes.
  • Pros: Higher performance, no re-entrancy risks.
  • Cons: The application UI will freeze and be marked as "Not Responding" by Windows during long transfers.
  • VARIANT_TRUE: The library pumps the Windows Message Queue while waiting.
  • Pros: The UI remains responsive (repaints, moves, minimizes).
  • Cons: Slower performance. Risk of Re-entrancy: Users might click a "Connect" button again while the first connection is still in progress.

When to use TRUE: Enable this if you are using the component on the Main UI Thread of a desktop application (VB6, VBA, Delphi, WinForms) and want to keep the window responsive.

When to use FALSE: Keep this disabled for Console apps, Windows Services, or background worker threads where no UI interaction exists.

Parameters
[in]newValueSet to VARIANT_TRUE to enable message pumping; VARIANT_FALSE to disable it.
[out]retvalReceives the current setting.

◆ UsePasswordForKeyboardInteractive

VARIANT_BOOL ISSHConnection::UsePasswordForKeyboardInteractive
getsetproperty

Controls whether the Password property is automatically used to answer Keyboard-Interactive prompts.

This property simplifies the login process for servers that use keyboard-interactive authentication merely to ask for a password (as opposed to 2FA codes or one-time passwords).

The Problem: Many SSH servers disable standard "Password" authentication (RFC 4252) in favor of "Keyboard-Interactive" (RFC 4256) because it is more flexible. However, they often just send a single prompt: "Password: ". Without this setting, your application would need to implement a complex event handler just to send the static password.

The Solution (True - Default): When this property is TRUE, the component scans the prompt text sent by the server. If it detects keywords like "password" (case-insensitive), it automatically responds with the value stored in the Password property.

When to set to False: Set this to FALSE if you are using Multi-Factor Authentication (MFA/2FA) where the "password" prompt might actually require a token code, or if you want full manual control over the responses via the sfFTPLib::_ISSHConnectionEvents::OnLoginChallenge event.

Parameters
[in]newValueVARIANT_TRUE to enable auto-response (Default), VARIANT_FALSE to disable.
[out]retvalReceives the current setting.

◆ Username

BSTR ISSHConnection::Username
getsetproperty

Specifies the user account name for authentication.

This property sets the username that will be sent to the server in the SSH_MSG_USERAUTH_REQUEST packet. It is required for all authentication methods (Password, Public Key, Host-Based, Keyboard-Interactive).

Parameters
[in]newValueThe username string.
[out]retvalReceives the current username.

The documentation for this interface was generated from the following file: