SSHClient supports public key authentication. Depending on the requirements of the SSH server, it can be used instead of or alongside password authentication.
To use public key authentication, you need to load a private key file. The component supports the PPK format as generated by the PuTTYgen utility (an RSA and DSA key generation utility). This format was chosen for these reasons:
It is easy to create and manipulate keys with the utility.
The format is secure.
It has good support on Windows.
The utility can import keys from different formats to the PPK format.
The PuTTYPrivateKeyFile class implements the PPK file format. Load your private key file into the class by using the Read() method or the constructor. The class takes the data from a Stream object that you supply or from an AbstractFile and a passphrase (if used) to decrypt the private key.
The passphrase can be a string or a byte array (generated by encoding the passphrase string into ASCII bytes).
The Read method will throw an SSHIncorrectPasswordException if the passphrase for the private key is incorrect. It will throw an SSHPublicKeyAuthenticationDataException if the private key file is malformed, uses unsupported algorithms, or if the message authenticity code check for the private key fails when an unencrypted private key file is used.
Once you've successfully loaded your private key file into a PuTTYPrivateKeyFile object, you supply that object to the Authenticate method. The method has a flavor that takes a username string and a ISSHPublicKeyAuthenticationData object. PuTTYPrivateKeyFile implements this interface.
Authenticate() will throw a SSHAuthenticationFailedException if the public key is rejected by the server. Authenticate() will throw a SSHAuthenticationPartialSuccessException if the public key is accepted by the server but more authentications are required. If that happens, you can then call Authenticate again with your username and password to attempt the 'password' authentication method.
PPK files
The PPK file format has multiple versions: 1, 2 and 3. All versions are written as .ppk files. Version 1 files are very old and no longer used in the field. Version 2 files are the most common. Starting with PuTTY version 0.75, version 3 of the file format was introduced. The PuTTYPrivateKeyFile class only supports version 2 files. An exception will be thrown if a version 3 files is loaded by the class.
Using the puttygen utility, it is possible to convert a version 3 PPK file to a version 2 PPK file.
using Xceed.SSH.Client;
using Xceed.SSH.Core;
using Xceed.SSH.Protocols;
using Xceed.FileSystem;
namespace DocumentationExamples.SSH
{
class PublicKeyAuthentication1
{
staticvoid Example()
{
string host = "sftptest.dreamhosters.com";
string username = "snippet_sftp";
using( SSHClient ssh = new SSHClient() )
{
ssh.Connect( host );
// Get the private key file
AbstractFile privateKeyFile = new DiskFile( @"D:\MyPrivateKey.ppk" );
// The key file has a passphrase we will need to read it
string passphrase = "mypassphrase";
// Create a PuTTYPrivate key file object
PuTTYPrivateKeyFile privateKey = new PuTTYPrivateKeyFile();
// Decrypt the key file using the passphrase
privateKey.Read( privateKeyFile, passphrase );
try
{
// Authenticate using the private key file object we set up
ssh.Authenticate( username, privateKey );
/* ... */
}
// These exceptions can be thrown by a call to Authenticate()
catch( SSHIncorrectPasswordException )
{
// This means the authentication method is supported by the server but the password
// was incorrect for the specified username
throw;
}
catch( SSHAuthenticationPartialSuccessException )
{
// This means the authentication was successful but the server requires an additional authentication
// using another method specified in the exception information
throw;
}
catch( SSHUnsupportedAuthenticationMethodException )
{
// This means the authentication method is not supported by the server
throw;
}
catch( SSHAuthenticationFailedException )
{
// This means the authentication method failed
throw;
}
}
}
}
}
Imports Xceed.SSH.Client
Imports Xceed.SSH.Core
Imports Xceed.SSH.Protocols
Imports Xceed.FileSystem
Namespace DocumentationExamples.SSH
FriendClass PublicKeyAuthentication1
PrivateSharedSub Example()
Dim host AsString = "sftptest.dreamhosters.com"Dim username AsString = "snippet_sftp"Using ssh AsNew SSHClient()
ssh.Connect(host)
' Get the private key file
Dim privateKeyFile As AbstractFile = New DiskFile("D:\MyPrivateKey.ppk")
' The key file has a passphrase we will need to read it
Dim passphrase AsString = "mypassphrase"' Create a PuTTYPrivate key file object
Dim privateKey AsNew PuTTYPrivateKeyFile()
' Decrypt the key file using the passphrase
privateKey.Read(privateKeyFile, passphrase)
Try' Authenticate using the private key file object we set up
ssh.Authenticate(username, privateKey)
'...
' These exceptions can be thrown by a call to Authenticate()
Catch e1 As SSHIncorrectPasswordException
' This means the authentication method is supported by the server but the password
' was incorrect for the specified username
ThrowCatch e2 As SSHAuthenticationPartialSuccessException
' This means the authentication was successful but the server requires an additional authentication
' using another method specified in the exception information
ThrowCatch e3 As SSHUnsupportedAuthenticationMethodException
' This means the authentication method is not supported by the server
ThrowCatch e4 As SSHAuthenticationFailedException
' This means the authentication method failed
ThrowEndTryEndUsingEnd SubEnd ClassEnd Namespace
