Sample code for 30+ languages & platforms
DataFlex

SFTP Set Allowed Algorithms

See more SFTP Examples

Demonstrates how to explicitly set the algorithms allowed in the SSH connection protocol for SFTP.

Note: This example requires Chilkat v9.5.0.99 or greater.

Chilkat DataFlex Downloads

DataFlex
Use ChilkatAx-win32.pkg

Procedure Test
    Boolean iSuccess
    Handle hoSftp
    Variant vJson
    Handle hoJson
    String sAllowed_kex
    String sAllowed_hostKey
    String sAllowed_cipher
    String sAllowed_mac
    Integer iPort
    String sTemp1

    Move False To iSuccess

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    Get Create (RefClass(cComChilkatSFtp)) To hoSftp
    If (Not(IsComObjectCreated(hoSftp))) Begin
        Send CreateComObject of hoSftp
    End

    Get Create (RefClass(cComChilkatJsonObject)) To hoJson
    If (Not(IsComObjectCreated(hoJson))) Begin
        Send CreateComObject of hoJson
    End

    // Here are the algorithms supported by Chilkat at the time this example was written (14-June-2024)

    // ---------------------------
    // SSH Key-Exchange Algorithms
    // ---------------------------
    // curve25519-sha256
    // curve25519-sha256@libssh.org
    // ecdh-sha2-nistp256
    // ecdh-sha2-nistp384
    // ecdh-sha2-nistp521
    // diffie-hellman-group14-sha256
    // diffie-hellman-group16-sha512
    // diffie-hellman-group18-sha512
    // diffie-hellman-group-exchange-sha256
    // diffie-hellman-group1-sha1
    // diffie-hellman-group14-sha1
    // diffie-hellman-group-exchange-sha1

    // ---------------------------
    // SSH Host Key Algorithms
    // ---------------------------
    // ssh-ed25519
    // ecdsa-sha2-nistp256
    // ecdsa-sha2-nistp384
    // ecdsa-sha2-nistp521
    // rsa-sha2-256
    // rsa-sha2-512
    // ssh-rsa
    // ssh-dss

    // ---------------------------
    // SSH Cipher Algorithms
    // ---------------------------
    // chacha20-poly1305@openssh.com
    // aes128-ctr
    // aes256-ctr
    // aes192-ctr
    // aes128-cbc
    // aes256-cbc
    // aes192-cbc
    // aes128-gcm@openssh.com
    // aes256-gcm@openssh.com
    // twofish256-cbc
    // twofish128-cbc
    // blowfish-cbc

    // ---------------------------
    // SSH MAC Algorithms
    // ---------------------------
    // hmac-sha2-256
    // hmac-sha2-512
    // hmac-sha2-256-etm@openssh.com
    // hmac-sha2-512-etm@openssh.com
    // hmac-sha1-etm@openssh.com
    // hmac-sha1
    // hmac-ripemd160
    // hmac-sha1-96
    // hmac-md5

    // Specify the allowed key-exchange, host-key, cipher (i.e. encryption), and mac (i.e. hash) algorithms allowed, in the order of preference.
    // -------------------------------------------------------------------------------------------------------------------------------------------
    // Note: You typically should NOT explicitly set allowed algorithms.
    // By default, Chilkat orders algorithms according to best practices, and pays attention to vulnerabilities such as the "Terrapin Attack".
    // Hard-coding algorthims can make your application brittle and prone to breaking over a long period of time,
    // if a server (at some point in the future) changes its allowed algorithms, or if you connect to a different server,
    // such that the client (Chilkat) and server cannot find a set of mutually agreed-upon algorithms.
    // -------------------------------------------------------------------------------------------------------------------------------------------
    Move "curve25519-sha256@libssh.org,ecdh-sha2-nistp256" To sAllowed_kex
    Move "ssh-ed25519,ecdsa-sha2-nistp256" To sAllowed_hostKey
    Move "chacha20-poly1305@openssh.com,aes256-ctr" To sAllowed_cipher
    Move "hmac-sha2-256,hmac-sha2-512" To sAllowed_mac

    Get ComUpdateString Of hoJson "kex" sAllowed_kex To iSuccess
    Get ComUpdateString Of hoJson "hostKey" sAllowed_hostKey To iSuccess
    Get ComUpdateString Of hoJson "cipher" sAllowed_cipher To iSuccess
    Get ComUpdateString Of hoJson "mac" sAllowed_mac To iSuccess
    Get pvComObject of hoJson to vJson
    Get ComSetAllowedAlgorithms Of hoSftp vJson To iSuccess

    Move 22 To iPort
    Get ComConnect Of hoSftp "example.com" iPort To iSuccess
    If (iSuccess <> True) Begin
        Get ComLastErrorText Of hoSftp To sTemp1
        Showln sTemp1
        Procedure_Return
    End

    Showln "Connected."

    // ....
    // ....


End_Procedure