Delphi ActiveX
Delphi ActiveX
SSH Tunnel Set Allowed Algorithms
See more SSH Tunnel Examples
Demonstrates how to explicitly set the algorithms allowed in the SSH connection protocol for SSH tunneling.Note: This example requires Chilkat v9.5.0.99 or greater.
Chilkat Delphi ActiveX Downloads
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;
...
procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
ssh_tunnel: TChilkatSshTunnel;
json: TChilkatJsonObject;
allowed_kex: WideString;
allowed_hostKey: WideString;
allowed_cipher: WideString;
allowed_mac: WideString;
port: Integer;
begin
success := 0;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
ssh_tunnel := TChilkatSshTunnel.Create(Self);
json := TChilkatJsonObject.Create(Self);
// Here are the algorithms supported by Chilkat at the time this example was written (14-June-2024)
// ---------------------------
// SSH Key-Exchange Algorithms
// ---------------------------
// curve25519-sha256
// curve25519-sha256@libssh.org
// ecdh-sha2-nistp256
// ecdh-sha2-nistp384
// ecdh-sha2-nistp521
// diffie-hellman-group14-sha256
// diffie-hellman-group16-sha512
// diffie-hellman-group18-sha512
// diffie-hellman-group-exchange-sha256
// diffie-hellman-group1-sha1
// diffie-hellman-group14-sha1
// diffie-hellman-group-exchange-sha1
// ---------------------------
// SSH Host Key Algorithms
// ---------------------------
// ssh-ed25519
// ecdsa-sha2-nistp256
// ecdsa-sha2-nistp384
// ecdsa-sha2-nistp521
// rsa-sha2-256
// rsa-sha2-512
// ssh-rsa
// ssh-dss
// ---------------------------
// SSH Cipher Algorithms
// ---------------------------
// chacha20-poly1305@openssh.com
// aes128-ctr
// aes256-ctr
// aes192-ctr
// aes128-cbc
// aes256-cbc
// aes192-cbc
// aes128-gcm@openssh.com
// aes256-gcm@openssh.com
// twofish256-cbc
// twofish128-cbc
// blowfish-cbc
// ---------------------------
// SSH MAC Algorithms
// ---------------------------
// hmac-sha2-256
// hmac-sha2-512
// hmac-sha2-256-etm@openssh.com
// hmac-sha2-512-etm@openssh.com
// hmac-sha1-etm@openssh.com
// hmac-sha1
// hmac-ripemd160
// hmac-sha1-96
// hmac-md5
// Specify the allowed key-exchange, host-key, cipher (i.e. encryption), and mac (i.e. hash) algorithms allowed, in the order of preference.
// -------------------------------------------------------------------------------------------------------------------------------------------
// Note: You typically should NOT explicitly set allowed algorithms.
// By default, Chilkat orders algorithms according to best practices, and pays attention to vulnerabilities such as the "Terrapin Attack".
// Hard-coding algorthims can make your application brittle and prone to breaking over a long period of time,
// if a server (at some point in the future) changes its allowed algorithms, or if you connect to a different server,
// such that the client (Chilkat) and server cannot find a set of mutually agreed-upon algorithms.
// -------------------------------------------------------------------------------------------------------------------------------------------
allowed_kex := 'curve25519-sha256@libssh.org,ecdh-sha2-nistp256';
allowed_hostKey := 'ssh-ed25519,ecdsa-sha2-nistp256';
allowed_cipher := 'chacha20-poly1305@openssh.com,aes256-ctr';
allowed_mac := 'hmac-sha2-256,hmac-sha2-512';
json.UpdateString('kex',allowed_kex);
json.UpdateString('hostKey',allowed_hostKey);
json.UpdateString('cipher',allowed_cipher);
json.UpdateString('mac',allowed_mac);
ssh_tunnel.SetAllowedAlgorithms(json.ControlInterface);
port := 22;
success := ssh_tunnel.Connect('example.com',port);
if (success <> 1) then
begin
Memo1.Lines.Add(ssh_tunnel.LastErrorText);
Exit;
end;
Memo1.Lines.Add('Connected.');
// ....
// ....
end;