More .NET components

Authentication modes

Username and password #

Password-based authentication is simple:

CSharp

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// log in
sftp.Login(username, password);

VisualBasic

' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' log in
sftp.Login(username, password)

In addition to password authentication, this method supports simple forms of keyboard-interactive authentication methods as well.

Public/private key authentication #

Asymmetric cryptography makes it possible to authenticate using a private key without revealing it to the server (or anyone else) - only the corresponding public key needs to be associated with your account. Use SshPrivateKey class for this kind of authentication:

CSharp

// connect to a server and verify fingerprint
var client = new Sftp();
client.Connect(hostname);

// load the private key
SshPrivateKey privateKey = new SshPrivateKey("my_key.ppk", "key_password");

// log in
client.Login(username, privateKey);

VisualBasic

' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' load the private key
Dim privateKey = New SshPrivateKey("my_key.ppk", "key_password")

' log in
sftp.Login(username, privateKey)

How do you get the private key? Usually, you generate it yourself, either using Rebex KeyGenerator sample, our key-generator API or a third-party utility (most SSH/SFTP vendors provide one). Once generated, the corresponding public key has to be associated with your account (this is server-specific, consult your server administrator if needed).

In case you already have your private key, just load it into the SshPrivateKey object - it supports lot of private key formats.

X509 certificate authentication (VanDyke VShell, Tectia Server) #

Some SFTP servers - such as VanDyke VShell or Tectia Server - support authentication using X509 certificates. Simply wrap the X509 certificate with an associated private key into an SshPrivateKey object and pass it to the Login method.

CSharp

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname, port);

// load X509 certificate
Certificate x509 = Rebex.Security.Certificates.Certificate.LoadPfx(certPath, certPassword);

// wrap X509 certificate to SshPrivateKey
SshPrivateKey privateKey = new SshPrivateKey(x509);

// log in
sftp.Login(username, privateKey);

VisualBasic

' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname, port)

' load X509 certificate
Dim x509 = Rebex.Security.Certificates.Certificate.LoadPfx(certPath, certPassword)

' wrap X509 certificate to SshPrivateKey
Dim privateKey = New SshPrivateKey(x509)

' log in
sftp.Login(username, privateKey)
You can use .NET's X509Certificate2 object as well instead of our Certificate object.

GSSAPI #

GSSAPI support makes it possible to use Kerberos or NTLM authentication mechanisms, both in single sign-on mode and username/password(/domain)-based mode.

Note: GSSAPI is only supported on Windows platforms.

Single sign-on #

With single sign-on, the current user can authenticate without having to enter his password. Single sign-on is only possible with Kerberos or NTLM authentication mechanisms on servers that support them (through GSSAPI). Additionally, both the client and server machines must be part of the same domain (or a domain trust has to be implemented).

Note: Single sign-on is only supported on Windows platforms.

Kerberos authentication #

If the server supports Kerberos authentication, it is possible to use GSSAPI Kerberos v5 authentication mechanism.

Kerberos with single sign-on

CSharp

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// initialize GSSAPI for Kerberos single sign-on
var credentials = new SshGssApiCredentials();
credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5);

// log in using Kerberos single sign-on
sftp.Login(credentials);

VisualBasic

' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' initialize GSSAPI for Kerberos single sign-on
Dim credentials = New SshGssApiCredentials()
credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5)

' log in using Kerberos single sign-on
sftp.Login(credentials)

Kerberos with username/password/domain

CSharp

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// initialize GSSAPI for Kerberos authentication
var credentials = new SshGssApiCredentials(username, password, domain);
credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5);

// log in using Kerberos
sftp.Login(credentials);

VisualBasic

' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' initialize GSSAPI for Kerberos authentication
Dim credentials = New SshGssApiCredentials(username, password, domain)
credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5)

' log in using Kerberos
sftp.Login(credentials)

Note: Kerberos is only supported on Windows platforms. However, it's possible to authenticate Windows-based clients to Unix-based servers using Kerberos.

NTLM authentication #

If the server supports NTLM authentication, it is possible to use GSSAPI NTLM authentication mechanism.

NTLM with single sign-on

CSharp

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// initialize GSSAPI for NTLM single sign-on
var credentials = new SshGssApiCredentials();
credentials.SetMechanisms(SshGssApiMechanisms.Ntlm);

// log in using NTLM single sign-on
sftp.Login(credentials);

VisualBasic

' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' initialize GSSAPI for NTLM single sign-on
Dim credentials = New SshGssApiCredentials()
credentials.SetMechanisms(SshGssApiMechanisms.Ntlm)

' log in using NTLM single sign-on
sftp.Login(credentials)

NTLM with username/password/domain

CSharp

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// initialize GSSAPI for NTLM authentication
var credentials = new SshGssApiCredentials(username, password, domain);
credentials.SetMechanisms(SshGssApiMechanisms.Ntlm);

// log in using NTLM
sftp.Login(credentials);

VisualBasic

' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' initialize GSSAPI for NTLM authentication
Dim credentials = New SshGssApiCredentials(username, password, domain)
credentials.SetMechanisms(SshGssApiMechanisms.Ntlm)

' log in using NTLM single sign-on
sftp.Login(credentials)

Note: NTLM is only supported on Windows platforms.

Advanced keyboard-interactive authentication #

In most cases, password-based authentication will take care of servers that use keyboard-interactive authentication method. To handle rare cases where the server utilizes interactive authentication to ask non-trivial questions, register an AuthenticationRequest event handler both to get notified about them and to answer them.

Note: Login method's username and password arguments are optional. If you omit them, the event handler will be called when required.

CSharp

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// register AuthenticationRequest event handler
sftp.AuthenticationRequest += client_AuthenticationRequest;

// log in (alternatively, omit username and password as well)
sftp.Login(username, password);

VisualBasic

' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' register AuthenticationRequest event handler
AddHandler sftp.AuthenticationRequest, AddressOf client_AuthenticationRequest

' log in (alternatively, omit username and password as well)
sftp.Login(username, password)

The event handler implementing the actual logic:

CSharp

void client_AuthenticationRequest(object sender, SshAuthenticationRequestEventArgs e)
{
    Console.WriteLine("Server: {0}", e.Name);
    Console.WriteLine("Instructions: {0}", e.Instructions);

    foreach (SshAuthenticationRequestItem item in e.Items)
    {
        // display question
        Console.Write(item.Prompt);

        // set answer
        item.Response = Console.ReadLine();
    }
}

VisualBasic

Sub client_AuthenticationRequest(ByVal sender As Object, ByVal e As SshAuthenticationRequestEventArgs)
    Console.WriteLine("Server: {0}", e.Name)
    Console.WriteLine("Instructions: {0}", e.Instructions)

    For Each item As SshAuthenticationRequestItem In e.Items
        ' display question
        Console.Write(item.Prompt)

        ' set answer
        item.Response = Console.ReadLine()
    Next
End Sub