Authentication modes

Username and password 

Password-based authentication is simple:

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// log in
sftp.Login(username, password);
' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' log in
sftp.Login(username, password)

In addition to password authentication, this method supports simple forms of keyboard-interactive authentication methods as well.

Public/private key authentication 

Asymmetric cryptography makes it possible to authenticate using a private key without revealing it to the server (or anyone else) - only the corresponding public key needs to be associated with your account. Use SshPrivateKey class for this kind of authentication:

// connect to a server and verify fingerprint
var client = new Sftp();
client.Connect(hostname);

// load the private key
SshPrivateKey privateKey = new SshPrivateKey("my_key.ppk", "key_password");

// log in
client.Login(username, privateKey);
' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' load the private key
Dim privateKey = New SshPrivateKey("my_key.ppk", "key_password")

' log in
sftp.Login(username, privateKey)

How do you get the private key? Usually, you generate it yourself, either using Rebex KeyGenerator sample, our key-generator API or a third-party utility (most SSH/SFTP vendors provide one). Once generated, the corresponding public key has to be associated with your account (this is server-specific, consult your server administrator if needed).

In case you already have your private key, just load it into the SshPrivateKey object - it supports lot of private key formats.

X.509 certificate authentication (VanDyke VShell, Tectia Server) 

Some SFTP servers - such as VanDyke VShell or Tectia Server - support authentication using X.509 certificates. Simply wrap the X.509 certificate with an associated private key into an SshPrivateKey object and pass it to the Login method.

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname, port);

// load X509 certificate
Certificate x509 = Rebex.Security.Certificates.Certificate.LoadPfx(certPath, certPassword);

// wrap X509 certificate to SshPrivateKey
SshPrivateKey privateKey = new SshPrivateKey(x509);

// log in
sftp.Login(username, privateKey);
' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname, port)

' load X509 certificate
Dim x509 = Rebex.Security.Certificates.Certificate.LoadPfx(certPath, certPassword)

' wrap X509 certificate to SshPrivateKey
Dim privateKey = New SshPrivateKey(x509)

' log in
sftp.Login(username, privateKey)
You can use .NET's X509Certificate2 object as well instead of our Certificate object.

GSSAPI 

GSSAPI support makes it possible to use Kerberos or NTLM authentication mechanisms, both in single sign-on mode and username/password(/domain)-based mode.

Note: GSSAPI is only supported on Windows platforms.

Single sign-on 

With single sign-on, the current user can authenticate without having to enter his password. Single sign-on is only possible with Kerberos or NTLM authentication mechanisms on servers that support them (through GSSAPI). Additionally, both the client and server machines must be part of the same domain (or a domain trust has to be implemented).

Note: Single sign-on is only supported on Windows platforms.

Kerberos authentication 

If the server supports Kerberos authentication, it is possible to use GSSAPI Kerberos v5 authentication mechanism.

Kerberos with single sign-on

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// initialize GSSAPI for Kerberos single sign-on
var credentials = new SshGssApiCredentials();
credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5);

// log in using Kerberos single sign-on
sftp.Login(credentials);
' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' initialize GSSAPI for Kerberos single sign-on
Dim credentials = New SshGssApiCredentials()
credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5)

' log in using Kerberos single sign-on
sftp.Login(credentials)

Kerberos with username/password/domain

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// initialize GSSAPI for Kerberos authentication
var credentials = new SshGssApiCredentials(username, password, domain);
credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5);

// log in using Kerberos
sftp.Login(credentials);
' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' initialize GSSAPI for Kerberos authentication
Dim credentials = New SshGssApiCredentials(username, password, domain)
credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5)

' log in using Kerberos
sftp.Login(credentials)

Note: Kerberos is only supported on Windows platforms. However, it's possible to authenticate Windows-based clients to Unix-based servers using Kerberos.

NTLM authentication 

If the server supports NTLM authentication, it is possible to use GSSAPI NTLM authentication mechanism.

NTLM with single sign-on

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// initialize GSSAPI for NTLM single sign-on
var credentials = new SshGssApiCredentials();
credentials.SetMechanisms(SshGssApiMechanisms.Ntlm);

// log in using NTLM single sign-on
sftp.Login(credentials);
' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' initialize GSSAPI for NTLM single sign-on
Dim credentials = New SshGssApiCredentials()
credentials.SetMechanisms(SshGssApiMechanisms.Ntlm)

' log in using NTLM single sign-on
sftp.Login(credentials)

NTLM with username/password/domain

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// initialize GSSAPI for NTLM authentication
var credentials = new SshGssApiCredentials(username, password, domain);
credentials.SetMechanisms(SshGssApiMechanisms.Ntlm);

// log in using NTLM
sftp.Login(credentials);
' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' initialize GSSAPI for NTLM authentication
Dim credentials = New SshGssApiCredentials(username, password, domain)
credentials.SetMechanisms(SshGssApiMechanisms.Ntlm)

' log in using NTLM single sign-on
sftp.Login(credentials)

Note: NTLM is only supported on Windows platforms.

Advanced keyboard-interactive authentication 

In most cases, password-based authentication will take care of servers that use keyboard-interactive authentication method. To handle rare cases where the server utilizes interactive authentication to ask non-trivial questions, register an AuthenticationRequest event handler both to get notified about them and to answer them.

Note: Login method's username and password arguments are optional. If you omit them, the event handler will be called when required.

// connect to a server and verify fingerprint
var sftp = new Sftp();
sftp.Connect(hostname);

// register AuthenticationRequest event handler
sftp.AuthenticationRequest += client_AuthenticationRequest;

// log in (alternatively, omit username and password as well)
sftp.Login(username, password);
' connect to a server and verify fingerprint
Dim sftp As New Rebex.Net.Sftp()
sftp.Connect(hostname)

' register AuthenticationRequest event handler
AddHandler sftp.AuthenticationRequest, AddressOf client_AuthenticationRequest

' log in (alternatively, omit username and password as well)
sftp.Login(username, password)

The event handler implementing the actual logic:

void client_AuthenticationRequest(object sender, SshAuthenticationRequestEventArgs e)
{
    Console.WriteLine("Server: {0}", e.Name);
    Console.WriteLine("Instructions: {0}", e.Instructions);

    foreach (SshAuthenticationRequestItem item in e.Items)
    {
        // display question
        Console.Write(item.Prompt);

        // set answer
        item.Response = Console.ReadLine();
    }
}
Sub client_AuthenticationRequest(ByVal sender As Object, ByVal e As SshAuthenticationRequestEventArgs)
    Console.WriteLine("Server: {0}", e.Name)
    Console.WriteLine("Instructions: {0}", e.Instructions)

    For Each item As SshAuthenticationRequestItem In e.Items
        ' display question
        Console.Write(item.Prompt)

        ' set answer
        item.Response = Console.ReadLine()
    Next
End Sub