DataFlex
DataFlex
SFTP Set Allowed Algorithms
See more SFTP Examples
Demonstrates how to explicitly set the algorithms allowed in the SSH connection protocol for SFTP.Note: This example requires Chilkat v9.5.0.99 or greater.
Chilkat DataFlex Downloads
Use ChilkatAx-win32.pkg
Procedure Test
Boolean iSuccess
Handle hoSftp
Variant vJson
Handle hoJson
String sAllowed_kex
String sAllowed_hostKey
String sAllowed_cipher
String sAllowed_mac
Integer iPort
String sTemp1
Move False To iSuccess
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
Get Create (RefClass(cComChilkatSFtp)) To hoSftp
If (Not(IsComObjectCreated(hoSftp))) Begin
Send CreateComObject of hoSftp
End
Get Create (RefClass(cComChilkatJsonObject)) To hoJson
If (Not(IsComObjectCreated(hoJson))) Begin
Send CreateComObject of hoJson
End
// Here are the algorithms supported by Chilkat at the time this example was written (14-June-2024)
// ---------------------------
// SSH Key-Exchange Algorithms
// ---------------------------
// curve25519-sha256
// curve25519-sha256@libssh.org
// ecdh-sha2-nistp256
// ecdh-sha2-nistp384
// ecdh-sha2-nistp521
// diffie-hellman-group14-sha256
// diffie-hellman-group16-sha512
// diffie-hellman-group18-sha512
// diffie-hellman-group-exchange-sha256
// diffie-hellman-group1-sha1
// diffie-hellman-group14-sha1
// diffie-hellman-group-exchange-sha1
// ---------------------------
// SSH Host Key Algorithms
// ---------------------------
// ssh-ed25519
// ecdsa-sha2-nistp256
// ecdsa-sha2-nistp384
// ecdsa-sha2-nistp521
// rsa-sha2-256
// rsa-sha2-512
// ssh-rsa
// ssh-dss
// ---------------------------
// SSH Cipher Algorithms
// ---------------------------
// chacha20-poly1305@openssh.com
// aes128-ctr
// aes256-ctr
// aes192-ctr
// aes128-cbc
// aes256-cbc
// aes192-cbc
// aes128-gcm@openssh.com
// aes256-gcm@openssh.com
// twofish256-cbc
// twofish128-cbc
// blowfish-cbc
// ---------------------------
// SSH MAC Algorithms
// ---------------------------
// hmac-sha2-256
// hmac-sha2-512
// hmac-sha2-256-etm@openssh.com
// hmac-sha2-512-etm@openssh.com
// hmac-sha1-etm@openssh.com
// hmac-sha1
// hmac-ripemd160
// hmac-sha1-96
// hmac-md5
// Specify the allowed key-exchange, host-key, cipher (i.e. encryption), and mac (i.e. hash) algorithms allowed, in the order of preference.
// -------------------------------------------------------------------------------------------------------------------------------------------
// Note: You typically should NOT explicitly set allowed algorithms.
// By default, Chilkat orders algorithms according to best practices, and pays attention to vulnerabilities such as the "Terrapin Attack".
// Hard-coding algorthims can make your application brittle and prone to breaking over a long period of time,
// if a server (at some point in the future) changes its allowed algorithms, or if you connect to a different server,
// such that the client (Chilkat) and server cannot find a set of mutually agreed-upon algorithms.
// -------------------------------------------------------------------------------------------------------------------------------------------
Move "curve25519-sha256@libssh.org,ecdh-sha2-nistp256" To sAllowed_kex
Move "ssh-ed25519,ecdsa-sha2-nistp256" To sAllowed_hostKey
Move "chacha20-poly1305@openssh.com,aes256-ctr" To sAllowed_cipher
Move "hmac-sha2-256,hmac-sha2-512" To sAllowed_mac
Get ComUpdateString Of hoJson "kex" sAllowed_kex To iSuccess
Get ComUpdateString Of hoJson "hostKey" sAllowed_hostKey To iSuccess
Get ComUpdateString Of hoJson "cipher" sAllowed_cipher To iSuccess
Get ComUpdateString Of hoJson "mac" sAllowed_mac To iSuccess
Get pvComObject of hoJson to vJson
Get ComSetAllowedAlgorithms Of hoSftp vJson To iSuccess
Move 22 To iPort
Get ComConnect Of hoSftp "example.com" iPort To iSuccess
If (iSuccess <> True) Begin
Get ComLastErrorText Of hoSftp To sTemp1
Showln sTemp1
Procedure_Return
End
Showln "Connected."
// ....
// ....
End_Procedure