More .NET libraries
-
Rebex FTP/SSL
.NET FTP client
-
Rebex SSH Shell
.NET SSH Shell
-
Rebex Total Pack
All Rebex .NET libraries together
Back to feature list...
Authentication modes
On this page:
Username and password
Password-based authentication is simple:
// connect to a server and verify fingerprint var sftp = new Sftp(); sftp.Connect(hostname); // log in sftp.Login(username, password);
' connect to a server and verify fingerprint Dim sftp As New Rebex.Net.Sftp() sftp.Connect(hostname) ' log in sftp.Login(username, password)
In addition to password
authentication, this method supports simple forms of keyboard-interactive
authentication methods as well.
Public/private key authentication
Asymmetric cryptography makes it possible to authenticate using a private key without revealing it to the server (or anyone else) - only the corresponding
public key needs to be associated with your account.
Use SshPrivateKey
class for this kind of authentication:
// connect to a server and verify fingerprint var client = new Sftp(); client.Connect(hostname); // load the private key SshPrivateKey privateKey = new SshPrivateKey("my_key.ppk", "key_password"); // log in client.Login(username, privateKey);
' connect to a server and verify fingerprint Dim sftp As New Rebex.Net.Sftp() sftp.Connect(hostname) ' load the private key Dim privateKey = New SshPrivateKey("my_key.ppk", "key_password") ' log in sftp.Login(username, privateKey)
How do you get the private key? Usually, you generate it yourself, either using Rebex KeyGenerator sample, our key-generator API or a third-party utility (most SSH/SFTP vendors provide one). Once generated, the corresponding public key has to be associated with your account (this is server-specific, consult your server administrator if needed).
In case you already have your private key, just load it into the SshPrivateKey
object - it supports lot of private key formats.
X.509 certificate authentication
Some SFTP servers - such as Rebex Buru SFTP Server,
VanDyke VShell or Tectia SSH Server - support authentication using X.509 certificates.
Simply load the certificate with an associated private key into the SshPrivateKey
object and pass it to the
Login
method.
// connect to a server and verify fingerprint var sftp = new Sftp(); sftp.Connect(hostname, port); // load X.509 certificate Certificate x509 = Rebex.Security.Certificates.Certificate.LoadPfx(certPath, certPassword); // wrap X.509 certificate to SshPrivateKey SshPrivateKey privateKey = new SshPrivateKey(x509); // log in sftp.Login(username, privateKey);
' connect to a server and verify fingerprint Dim sftp As New Rebex.Net.Sftp() sftp.Connect(hostname, port) ' load X.509 certificate Dim x509 = Rebex.Security.Certificates.Certificate.LoadPfx(certPath, certPassword) ' wrap X.509 certificate to SshPrivateKey Dim privateKey = New SshPrivateKey(x509) ' log in sftp.Login(username, privateKey)
X509Certificate2
object as well instead of our Certificate
object.
GSSAPI
GSSAPI support makes it possible to use Kerberos or NTLM authentication mechanisms, both in single sign-on mode and username/password(/domain)-based mode.
Note: GSSAPI is only supported on Windows platforms.
Single sign-on
With single sign-on, the current user can authenticate without having to enter his password. Single sign-on is only possible with Kerberos or NTLM authentication mechanisms on servers that support them (through GSSAPI). Additionally, both the client and server machines must be part of the same domain (or a domain trust has to be implemented).
Note: Single sign-on is only supported on Windows platforms.
Kerberos authentication
If the server supports Kerberos authentication, it is possible to use GSSAPI Kerberos v5 authentication mechanism.
Kerberos with single sign-on
// connect to a server and verify fingerprint var sftp = new Sftp(); sftp.Connect(hostname); // initialize GSSAPI for Kerberos single sign-on var credentials = new SshGssApiCredentials(); credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5); // log in using Kerberos single sign-on sftp.Login(credentials);
' connect to a server and verify fingerprint Dim sftp As New Rebex.Net.Sftp() sftp.Connect(hostname) ' initialize GSSAPI for Kerberos single sign-on Dim credentials = New SshGssApiCredentials() credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5) ' log in using Kerberos single sign-on sftp.Login(credentials)
Kerberos with username/password/domain
// connect to a server and verify fingerprint var sftp = new Sftp(); sftp.Connect(hostname); // initialize GSSAPI for Kerberos authentication var credentials = new SshGssApiCredentials(username, password, domain); credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5); // log in using Kerberos sftp.Login(credentials);
' connect to a server and verify fingerprint Dim sftp As New Rebex.Net.Sftp() sftp.Connect(hostname) ' initialize GSSAPI for Kerberos authentication Dim credentials = New SshGssApiCredentials(username, password, domain) credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5) ' log in using Kerberos sftp.Login(credentials)
Note: Kerberos is only supported on Windows platforms. However, it's possible to authenticate Windows-based clients to Unix-based servers using Kerberos.
NTLM authentication
If the server supports NTLM authentication, it is possible to use GSSAPI NTLM authentication mechanism.
NTLM with single sign-on
// connect to a server and verify fingerprint var sftp = new Sftp(); sftp.Connect(hostname); // initialize GSSAPI for NTLM single sign-on var credentials = new SshGssApiCredentials(); credentials.SetMechanisms(SshGssApiMechanisms.Ntlm); // log in using NTLM single sign-on sftp.Login(credentials);
' connect to a server and verify fingerprint Dim sftp As New Rebex.Net.Sftp() sftp.Connect(hostname) ' initialize GSSAPI for NTLM single sign-on Dim credentials = New SshGssApiCredentials() credentials.SetMechanisms(SshGssApiMechanisms.Ntlm) ' log in using NTLM single sign-on sftp.Login(credentials)
NTLM with username/password/domain
// connect to a server and verify fingerprint var sftp = new Sftp(); sftp.Connect(hostname); // initialize GSSAPI for NTLM authentication var credentials = new SshGssApiCredentials(username, password, domain); credentials.SetMechanisms(SshGssApiMechanisms.Ntlm); // log in using NTLM sftp.Login(credentials);
' connect to a server and verify fingerprint Dim sftp As New Rebex.Net.Sftp() sftp.Connect(hostname) ' initialize GSSAPI for NTLM authentication Dim credentials = New SshGssApiCredentials(username, password, domain) credentials.SetMechanisms(SshGssApiMechanisms.Ntlm) ' log in using NTLM single sign-on sftp.Login(credentials)
Note: On non-Windows platforms (Linux, Android, macOS, iOS), NTLM is only available with NTLM plugin.
Advanced keyboard-interactive authentication
In most cases, password-based authentication will take care
of servers that use keyboard-interactive
authentication method. To handle rare cases where the server utilizes interactive authentication to ask non-trivial questions,
register an AuthenticationRequest
event handler both to get notified about them and to answer them.
Note: Login
method's username
and password
arguments are optional. If you omit them, the event handler will be called when required.
// connect to a server and verify fingerprint var sftp = new Sftp(); sftp.Connect(hostname); // register AuthenticationRequest event handler sftp.AuthenticationRequest += client_AuthenticationRequest; // log in (alternatively, omit username and password as well) sftp.Login(username, password);
' connect to a server and verify fingerprint Dim sftp As New Rebex.Net.Sftp() sftp.Connect(hostname) ' register AuthenticationRequest event handler AddHandler sftp.AuthenticationRequest, AddressOf client_AuthenticationRequest ' log in (alternatively, omit username and password as well) sftp.Login(username, password)
The event handler implementing the actual logic:
void client_AuthenticationRequest(object sender, SshAuthenticationRequestEventArgs e) { Console.WriteLine("Server: {0}", e.Name); Console.WriteLine("Instructions: {0}", e.Instructions); foreach (SshAuthenticationRequestItem item in e.Items) { // display question Console.Write(item.Prompt); // set answer item.Response = Console.ReadLine(); } }
Sub client_AuthenticationRequest(ByVal sender As Object, ByVal e As SshAuthenticationRequestEventArgs) Console.WriteLine("Server: {0}", e.Name) Console.WriteLine("Instructions: {0}", e.Instructions) For Each item As SshAuthenticationRequestItem In e.Items ' display question Console.Write(item.Prompt) ' set answer item.Response = Console.ReadLine() Next End Sub
Back to feature list...