SshTunnel C Reference Documentation

SshTunnel

Current Version: 10.1.0

The SSH tunnel class provides for the ability to run a self-contained SSH tunnel in a background thread. It can behave as a SOCKS proxy, accepting connections from SOCKS4 or SOCK5 proxy clients and fowarding connections through an SSH tunnel. This is the "dynamic port forwarding" mode of operation. It can also behave in a static port forwarding mode (where it accepts connections and forwards the connection to a pre-defined remote destination IP:port).

Create/Dispose

HCkSshTunnel instance = CkSshTunnel_Create();
// ...
CkSshTunnel_Dispose(instance);
HCkSshTunnel CkSshTunnel_Create(void);

Creates an instance of the HCkSshTunnel object and returns a handle ("void *" pointer). The handle is passed in the 1st argument for the functions listed on this page.

void CkSshTunnel_Dispose(HCkSshTunnel handle);

Objects created by calling CkSshTunnel_Create must be freed by calling this method. A memory leak occurs if a handle is not disposed by calling this function. Also, any handle returned by a Chilkat "C" function must also be freed by the application by calling the appropriate Dispose method, such as CkSshTunnel_Dispose.

Callback Functions

Callback Functions introduced in Chilkat v9.5.0.56
void CkSshTunnel_setAbortCheck(HCkSshTunnel cHandle, BOOL (*fnAbortCheck)(void));

Provides the opportunity for a method call to be aborted. If TRUE is returned, the operation in progress is aborted. Return FALSE to allow the current method call to continue. This callback function is called periodically based on the value of the HeartbeatMs property. (If HeartbeatMs is 0, then no callbacks are made.) As an example, to make 5 AbortCheck callbacks per second, set the HeartbeatMs property equal to 200.

void CkSshTunnel_setPercentDone(HCkSshTunnel cHandle, BOOL (*fnPercentDone)(int pctDone));

Provides the percentage completed for any method that involves network communications or time-consuming processing (assuming it is a method where a percentage completion can be measured). This callback is only called when it is possible to know a percentage completion, and when it makes sense to express the operation as a percentage completed. The pctDone argument will have a value from 1 to 100. For methods that complete very quickly, the number of PercentDone callbacks will vary, but the final callback should have a value of 100. For long running operations, no more than one callback per percentage point will occur (for example: 1, 2, 3, ... 98, 99, 100).

This callback counts as an AbortCheck callback, and takes the place of the AbortCheck event when it fires.

The return value indicates whether the method call should be aborted, or whether it should proceed. Return TRUE to abort, and FALSE to proceed.

void CkSshTunnel_setProgressInfo(HCkSshTunnel cHandle, void (*fnProgressInfo)(const char *name, const char *value));

This is a general callback that provides name/value information about what is happening at certain points during a method call. To see the information provided in ProgressInfo callbacks, if any, write code to handle this event and log the name/value pairs. Most are self-explanatory.

void CkSshTunnel_setTaskCompleted(HCkSshTunnel cHandle, void (*fnTaskCompleted)(HCkTask hTask));

Called in the background thread when an asynchronous task completes. (Note: When an async method is running, all callbacks are in the background thread.)

Properties

AbortCurrent
BOOL CkSshTunnel_getAbortCurrent(HCkSshTunnel cHandle);
void CkSshTunnel_putAbortCurrent(HCkSshTunnel cHandle, BOOL newVal);
Introduced in version 9.5.0.58

When set to TRUE, causes the currently running method to abort. Methods that always finish quickly (i.e.have no length file operations or network communications) are not affected. If no method is running, then this property is automatically reset to FALSE when the next method is called. When the abort occurs, this property is reset to FALSE. Both synchronous and asynchronous method calls can be aborted. (A synchronous method call could be aborted by setting this property from a separate thread.)

top
AcceptLog
void CkSshTunnel_getAcceptLog(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putAcceptLog(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_acceptLog(HCkSshTunnel cHandle);

Contains an in-memory log of the listen thread. This will only contain content if the KeepAcceptLog property is TRUE.

top
AcceptLogPath
void CkSshTunnel_getAcceptLogPath(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putAcceptLogPath(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_acceptLogPath(HCkSshTunnel cHandle);
Introduced in version 9.5.0.50

Specifies a log file to be kept for the activity in the listen thread.

top
ClientIdentifier
void CkSshTunnel_getClientIdentifier(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putClientIdentifier(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_clientIdentifier(HCkSshTunnel cHandle);
Introduced in version 9.5.0.95

The client-identifier string to be used when connecting to an SSH/SFTP server. Starting in Chilkat v9.5.0.99, the default is "SSH-2.0-Chilkat_" + the Chilkat version number, such as "SSH-2.0-Chilkat_9.5.0.99".

Note: The client identifier should always begin with "SSH-2.0-". SSH servers may disconnect if it does not.

top
ConnectTimeoutMs
int CkSshTunnel_getConnectTimeoutMs(HCkSshTunnel cHandle);
void CkSshTunnel_putConnectTimeoutMs(HCkSshTunnel cHandle, int newVal);

Maximum number of milliseconds to wait when connecting to an SSH server. The default value is 10000 (i.e. 10 seconds). A value of 0 indicates no timeout (wait forever).

top
DebugLogFilePath
void CkSshTunnel_getDebugLogFilePath(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putDebugLogFilePath(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_debugLogFilePath(HCkSshTunnel cHandle);

If set to a file path, causes each Chilkat method or property call to automatically append it's LastErrorText to the specified log file. The information is appended such that if a hang or crash occurs, it is possible to see the context in which the problem occurred, as well as a history of all Chilkat calls up to the point of the problem. The VerboseLogging property can be set to provide more detailed information.

This property is typically used for debugging the rare cases where a Chilkat method call hangs or generates an exception that halts program execution (i.e. crashes). A hang or crash should generally never happen. The typical causes of a hang are:

  1. a timeout related property was set to 0 to explicitly indicate that an infinite timeout is desired,
  2. the hang is actually a hang within an event callback (i.e. it is a hang within the application code), or
  3. there is an internal problem (bug) in the Chilkat code that causes the hang.

More Information and Examples
top
DestHostname
void CkSshTunnel_getDestHostname(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putDestHostname(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_destHostname(HCkSshTunnel cHandle);

The destination hostname or IP address (in dotted decimal notation) of the service (such as a database server). Data sent through the SSH tunnel is forwarded by the SSH server to this destination. Data received from the destination (by the SSH server) is forwarded back to the client through the SSH tunnel.

top
DestPort
int CkSshTunnel_getDestPort(HCkSshTunnel cHandle);
void CkSshTunnel_putDestPort(HCkSshTunnel cHandle, int newVal);

The destination port of the service (such as a database server).

top
DynamicPortForwarding
BOOL CkSshTunnel_getDynamicPortForwarding(HCkSshTunnel cHandle);
void CkSshTunnel_putDynamicPortForwarding(HCkSshTunnel cHandle, BOOL newVal);
Introduced in version 9.5.0.50

If TRUE, then this behaves as a SOCKS proxy server for inbound connections. When this property is TRUE, the DestHostname and DestPort properties are unused because the destination IP:port is dynamically provided by the SOCKS client. The default value of this property is FALSE.

When dynamic port forwarding is used, the InboundSocksVersion property must be set to 4 or 5. If inbound SOCKS5 is used, then the InboundSocksUsername and InboundSocksPassword may be set to the required login/password for a client to gain access.

More Information and Examples
top
HostKeyFingerprint
void CkSshTunnel_getHostKeyFingerprint(HCkSshTunnel cHandle, HCkString retval);
const char *CkSshTunnel_hostKeyFingerprint(HCkSshTunnel cHandle);
Introduced in version 9.5.0.56

Set after connecting to an SSH server. The format of the fingerprint looks like this: "ssh-rsa 1024 68:ff:d1:4e:6c:ff:d7:b0:d6:58:73:85:07:bc:2e:d5"

top
HttpProxyAuthMethod
void CkSshTunnel_getHttpProxyAuthMethod(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putHttpProxyAuthMethod(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_httpProxyAuthMethod(HCkSshTunnel cHandle);

If an HTTP proxy requiring authentication is to be used, set this property to the HTTP proxy authentication method name. Valid choices are "Basic" or "NTLM".

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.

top
HttpProxyDomain
void CkSshTunnel_getHttpProxyDomain(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putHttpProxyDomain(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_httpProxyDomain(HCkSshTunnel cHandle);

The NTLM authentication domain (optional) if NTLM authentication is used w/ the HTTP proxy.

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.

top
HttpProxyHostname
void CkSshTunnel_getHttpProxyHostname(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putHttpProxyHostname(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_httpProxyHostname(HCkSshTunnel cHandle);

If an HTTP proxy is to be used, set this property to the HTTP proxy hostname or IPv4 address (in dotted decimal notation).

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.

top
HttpProxyPassword
void CkSshTunnel_getHttpProxyPassword(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putHttpProxyPassword(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_httpProxyPassword(HCkSshTunnel cHandle);

If an HTTP proxy requiring authentication is to be used, set this property to the HTTP proxy password.

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.

top
HttpProxyPort
int CkSshTunnel_getHttpProxyPort(HCkSshTunnel cHandle);
void CkSshTunnel_putHttpProxyPort(HCkSshTunnel cHandle, int newVal);

If an HTTP proxy is to be used, set this property to the HTTP proxy port number. (Two commonly used HTTP proxy ports are 8080 and 3128.)

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.

top
HttpProxyUsername
void CkSshTunnel_getHttpProxyUsername(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putHttpProxyUsername(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_httpProxyUsername(HCkSshTunnel cHandle);

If an HTTP proxy requiring authentication is to be used, set this property to the HTTP proxy login name.

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.

top
IdleTimeoutMs
int CkSshTunnel_getIdleTimeoutMs(HCkSshTunnel cHandle);
void CkSshTunnel_putIdleTimeoutMs(HCkSshTunnel cHandle, int newVal);

A tunnel will fail when progress for sending or receiving data halts for more than this number of milliseconds. The default value is 10,000 (which is 10 seconds). A timeout of 0 indicates an infinite wait time (i.e. no timeout).

top
InboundSocksPassword
void CkSshTunnel_getInboundSocksPassword(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putInboundSocksPassword(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_inboundSocksPassword(HCkSshTunnel cHandle);
Introduced in version 9.5.0.50

If dynamic port forwarding is used, then this may be set to the password required for authenticating inbound connections.

top
InboundSocksUsername
void CkSshTunnel_getInboundSocksUsername(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putInboundSocksUsername(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_inboundSocksUsername(HCkSshTunnel cHandle);
Introduced in version 9.5.0.50

If dynamic port forwarding is used, then this may be set to the username required for authenticating inbound connections. If no username is set, then the inbound connection needs no authentication.

top
IsAccepting
BOOL CkSshTunnel_getIsAccepting(HCkSshTunnel cHandle);

TRUE if a background thread is running and accepting connections.

top
KeepAcceptLog
BOOL CkSshTunnel_getKeepAcceptLog(HCkSshTunnel cHandle);
void CkSshTunnel_putKeepAcceptLog(HCkSshTunnel cHandle, BOOL newVal);

If TRUE, then an in-memory log of the listen thread is kept. The default value is FALSE.

top
KeepTunnelLog
BOOL CkSshTunnel_getKeepTunnelLog(HCkSshTunnel cHandle);
void CkSshTunnel_putKeepTunnelLog(HCkSshTunnel cHandle, BOOL newVal);
Introduced in version 9.5.0.50

If TRUE, then a log of the SSH tunnel thread activity is kept in memory. The default value is FALSE.

top
LastErrorHtml
void CkSshTunnel_getLastErrorHtml(HCkSshTunnel cHandle, HCkString retval);
const char *CkSshTunnel_lastErrorHtml(HCkSshTunnel cHandle);

Provides information in HTML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

top
LastErrorText
void CkSshTunnel_getLastErrorText(HCkSshTunnel cHandle, HCkString retval);
const char *CkSshTunnel_lastErrorText(HCkSshTunnel cHandle);

Provides information in plain-text format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

top
LastErrorXml
void CkSshTunnel_getLastErrorXml(HCkSshTunnel cHandle, HCkString retval);
const char *CkSshTunnel_lastErrorXml(HCkSshTunnel cHandle);

Provides information in XML format about the last method/property called. If a method call returns a value indicating failure, or behaves unexpectedly, examine this property to get more information.

top
LastMethodSuccess
BOOL CkSshTunnel_getLastMethodSuccess(HCkSshTunnel cHandle);
void CkSshTunnel_putLastMethodSuccess(HCkSshTunnel cHandle, BOOL newVal);

Indicate whether the last method call succeeded or failed. A value of TRUE indicates success, a value of FALSE indicates failure. This property is automatically set for method calls. It is not modified by property accesses. The property is automatically set to indicate success for the following types of method calls:

  • Any method that returns a string.
  • Any method returning a Chilkat object, binary bytes, or a date/time.
  • Any method returning a standard boolean status value where success = TRUE and failure = FALSE.
  • Any method returning an integer where failure is defined by a return value less than zero.

Note: Methods that do not fit the above requirements will always set this property equal to TRUE. For example, a method that returns no value (such as a "void" in C++) will technically always succeed.

top
ListenBindIpAddress
void CkSshTunnel_getListenBindIpAddress(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putListenBindIpAddress(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_listenBindIpAddress(HCkSshTunnel cHandle);

In most cases, this property does not need to be set. It is provided for cases where it is required to bind the listen socket to a specific IP address (usually for computers with multiple network interfaces or IP addresses). For computers with a single network interface (i.e. most computers), this property should not be set. For multihoming computers, the default IP address is automatically used if this property is not set.

top
ListenPort
int CkSshTunnel_getListenPort(HCkSshTunnel cHandle);

If a port number equal to 0 is passed to BeginAccepting, then this property will contain the actual allocated port number used. Otherwise it is equal to the port number passed to BeginAccepting, or 0 if BeginAccepting was never called.

top
OutboundBindIpAddress
void CkSshTunnel_getOutboundBindIpAddress(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putOutboundBindIpAddress(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_outboundBindIpAddress(HCkSshTunnel cHandle);

In most cases, this property does not need to be set. It is provided for cases where it is required to bind the socket that is to connect to the SSH server (in the background thread) to a specific IP address (usually for computers with multiple network interfaces or IP addresses). For computers with a single network interface (i.e. most computers), this property should not be set. For multihoming computers, the default IP address is automatically used if this property is not set.

top
OutboundBindPort
int CkSshTunnel_getOutboundBindPort(HCkSshTunnel cHandle);
void CkSshTunnel_putOutboundBindPort(HCkSshTunnel cHandle, int newVal);

Unless there is a specific requirement for binding to a specific port, leave this unset (at the default value of 0). (99.9% of all users should never need to set this property.)

top
PreferIpv6
BOOL CkSshTunnel_getPreferIpv6(HCkSshTunnel cHandle);
void CkSshTunnel_putPreferIpv6(HCkSshTunnel cHandle, BOOL newVal);
Introduced in version 9.5.0.70

If TRUE, then use IPv6 over IPv4 when both are supported for a particular domain. The default value of this property is FALSE, which will choose IPv4 over IPv6.

top
SocksHostname
void CkSshTunnel_getSocksHostname(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putSocksHostname(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_socksHostname(HCkSshTunnel cHandle);

The SOCKS4/SOCKS5 hostname or IPv4 address (in dotted decimal notation). This property is only used if the SocksVersion property is set to 4 or 5).

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through a SOCKS4 or SOCKS5 proxy.

top
SocksPassword
void CkSshTunnel_getSocksPassword(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putSocksPassword(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_socksPassword(HCkSshTunnel cHandle);

The SOCKS5 password (if required). The SOCKS4 protocol does not include the use of a password, so this does not apply to SOCKS4.

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through a SOCKS4 or SOCKS5 proxy.

top
SocksPort
int CkSshTunnel_getSocksPort(HCkSshTunnel cHandle);
void CkSshTunnel_putSocksPort(HCkSshTunnel cHandle, int newVal);

The SOCKS4/SOCKS5 proxy port. The default value is 1080. This property only applies if a SOCKS proxy is used (if the SocksVersion property is set to 4 or 5).

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through a SOCKS4 or SOCKS5 proxy.

top
SocksUsername
void CkSshTunnel_getSocksUsername(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putSocksUsername(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_socksUsername(HCkSshTunnel cHandle);

The SOCKS4/SOCKS5 proxy username. This property is only used if the SocksVersion property is set to 4 or 5).

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through a SOCKS4 or SOCKS5 proxy.

top
SocksVersion
int CkSshTunnel_getSocksVersion(HCkSshTunnel cHandle);
void CkSshTunnel_putSocksVersion(HCkSshTunnel cHandle, int newVal);

SocksVersion May be set to one of the following integer values:

0 - No SOCKS proxy is used. This is the default.
4 - Connect via a SOCKS4 proxy.
5 - Connect via a SOCKS5 proxy.

Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through a SOCKS4 or SOCKS5 proxy.

top
SoRcvBuf
int CkSshTunnel_getSoRcvBuf(HCkSshTunnel cHandle);
void CkSshTunnel_putSoRcvBuf(HCkSshTunnel cHandle, int newVal);

Sets the receive buffer size socket option. Normally, this property should be left unchanged. The default value is 4194304.

This property can be increased if download performance seems slow. It is recommended to be a multiple of 4096.

top
SoSndBuf
int CkSshTunnel_getSoSndBuf(HCkSshTunnel cHandle);
void CkSshTunnel_putSoSndBuf(HCkSshTunnel cHandle, int newVal);

Sets the send buffer size socket option. Normally, this property should be left unchanged. The default value is 262144.

This property can be increased if upload performance seems slow. It is recommended to be a multiple of 4096. Testing with sizes such as 512K and 1MB is reasonable.

top
TcpNoDelay
BOOL CkSshTunnel_getTcpNoDelay(HCkSshTunnel cHandle);
void CkSshTunnel_putTcpNoDelay(HCkSshTunnel cHandle, BOOL newVal);

Controls whether the TCP_NODELAY socket option is used for the underlying TCP/IP socket. The default value is FALSE. Setting this property equal to TRUE disables the Nagle algorithm and allows for better performance when small amounts of data are sent.

top
TunnelLog
void CkSshTunnel_getTunnelLog(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putTunnelLog(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_tunnelLog(HCkSshTunnel cHandle);
Introduced in version 9.5.0.50

Contains an in-memory log of the SSH tunnel thread. This will only contain content if the KeepTunnelLog property is TRUE.

top
TunnelLogPath
void CkSshTunnel_getTunnelLogPath(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putTunnelLogPath(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_tunnelLogPath(HCkSshTunnel cHandle);
Introduced in version 9.5.0.50

Set to keep a log file of the SSH tunnel thread.

top
UncommonOptions
void CkSshTunnel_getUncommonOptions(HCkSshTunnel cHandle, HCkString retval);
void CkSshTunnel_putUncommonOptions(HCkSshTunnel cHandle, const char *newVal);
const char *CkSshTunnel_uncommonOptions(HCkSshTunnel cHandle);
Introduced in version 9.5.0.73

This is a catch-all property to be used for uncommon needs. This property defaults to the empty string, and should typically remain empty.

Can be set to a list of the following comma separated keywords:

  • ForceUserAuthRsaSha1 - Introduced in v9.5.0.98. When doing public-key authentication, forces rsa-sha1 to be used for the userauth algorithm even if the server supports rsa-sha2-256, rsa-sha2-512, but still requires SHA1 for the userauth algorithm. Make sure to set this option before connecting to the server.
  • NoKeepAliveIgnoreMsg - Introduced in v9.5.0.76. Prevents the default behavior of the SSH tunnel sending an "ignore" message every 20 seconds to keep an unused connection alive.
  • no-weak-mac-algs - Introduced in v9.5.0.98. Removes all weaker MAC algorithms from the list offered to the SSH server when negotiating the connection parameters during a Connect. Specifically, removes hmac-sha1-96, hmac-sha1, hmac-md5, and hmac-ripemd160. Note: Stronger algorithms such as hmac-sha2-256, hmac-sha2-512, etc., will already be automatically chosen because they are given higher preference. The only way a weaker algorithm is chosen is if the SSH server ONLY supports weaker algorithms. This option would only be set if you explicitly want to avoid connecting to older SSH servers, or servers configured in some unusual way where only weaker algorithms are supported on the server (which is rare).
  • ProtectFromVpn - Introduced in v9.5.0.80. On Android systems, will bypass any VPN that may be installed or active.
  • +ssh-hmac-etm - Introduced in v9.5.0.97. Version 9.5.0.97 disabled the *-etm MAC algorithms to mitigate the Terrapin attack. Use this keyword to include the etm MAC algorithms.
  • +chacha20-poly1305@openssh.com - Introduced in v9.5.0.97. To mitigate the Terrapin attack, chacha20-poly1305@openssh.com is no longer included by default. It can be re-added by adding this keyword.

top
Utf8
BOOL CkSshTunnel_getUtf8(HCkSshTunnel cHandle);
void CkSshTunnel_putUtf8(HCkSshTunnel cHandle, BOOL newVal);

When set to TRUE, all "const char *" arguments are interpreted as utf-8 strings. If set to FALSE (the default), then "const char *" arguments are interpreted as ANSI strings. Also, when set to TRUE, and Chilkat method returning a "const char *" is returning the utf-8 representation. If set to FALSE, all "const char *" return values are ANSI strings.

top
VerboseLogging
BOOL CkSshTunnel_getVerboseLogging(HCkSshTunnel cHandle);
void CkSshTunnel_putVerboseLogging(HCkSshTunnel cHandle, BOOL newVal);

If set to TRUE, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is FALSE. Verbose logging should only be used for debugging. The potentially large quantity of logged information may adversely affect peformance.

top
Version
void CkSshTunnel_getVersion(HCkSshTunnel cHandle, HCkString retval);
const char *CkSshTunnel_version(HCkSshTunnel cHandle);

Version of the component/library, such as "9.5.0.94"

More Information and Examples
top

Methods

AuthenticatePk
BOOL CkSshTunnel_AuthenticatePk(HCkSshTunnel cHandle, const char *username, HCkSshKey privateKey);
Introduced in version 9.5.0.50

Authenticates with the SSH server using public-key authentication. The corresponding public key must have been installed on the SSH server for the username. Authentication will succeed if the matching privateKey is provided.

Important: When reporting problems, please send the full contents of the LastErrorText property to support@chilkatsoft.com.

Returns TRUE for success, FALSE for failure.

top
AuthenticatePkAsync (1)
HCkTask CkSshTunnel_AuthenticatePkAsync(HCkSshTunnel cHandle, const char *username, HCkSshKey privateKey);
Introduced in version 9.5.0.50

Creates an asynchronous task to call the AuthenticatePk method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns NULL on failure

top
AuthenticatePw
BOOL CkSshTunnel_AuthenticatePw(HCkSshTunnel cHandle, const char *login, const char *password);
Introduced in version 9.5.0.50

Authenticates with the SSH server using a login and password.

An SSH session always begins by first calling Connect to connect to the SSH server, and then calling either AuthenticatePw or AuthenticatePk to login.

Important: When reporting problems, please send the full contents of the LastErrorText property to support@chilkatsoft.com.
Note: To learn about how to handle password change requests, see the PasswordChangeRequested property (above).

Returns TRUE for success, FALSE for failure.

top
AuthenticatePwAsync (1)
HCkTask CkSshTunnel_AuthenticatePwAsync(HCkSshTunnel cHandle, const char *login, const char *password);
Introduced in version 9.5.0.50

Creates an asynchronous task to call the AuthenticatePw method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns NULL on failure

top
AuthenticatePwPk
BOOL CkSshTunnel_AuthenticatePwPk(HCkSshTunnel cHandle, const char *username, const char *password, HCkSshKey privateKey);
Introduced in version 9.5.0.50

Authentication for SSH servers that require both a password and private key. (Most SSH servers are configured to require one or the other, but not both.)

Important: When reporting problems, please send the full contents of the LastErrorText property to support@chilkatsoft.com.

Returns TRUE for success, FALSE for failure.

top
AuthenticatePwPkAsync (1)
HCkTask CkSshTunnel_AuthenticatePwPkAsync(HCkSshTunnel cHandle, const char *username, const char *password, HCkSshKey privateKey);
Introduced in version 9.5.0.50

Creates an asynchronous task to call the AuthenticatePwPk method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns NULL on failure

top
AuthenticateSecPw
BOOL CkSshTunnel_AuthenticateSecPw(HCkSshTunnel cHandle, HCkSecureString login, HCkSecureString password);
Introduced in version 9.5.0.71

The same as AuthenticatePw, except the login and password strings are passed in secure string objects.

Returns TRUE for success, FALSE for failure.

More Information and Examples
top
AuthenticateSecPwAsync (1)
HCkTask CkSshTunnel_AuthenticateSecPwAsync(HCkSshTunnel cHandle, HCkSecureString login, HCkSecureString password);
Introduced in version 9.5.0.71

Creates an asynchronous task to call the AuthenticateSecPw method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns NULL on failure

top
AuthenticateSecPwPk
BOOL CkSshTunnel_AuthenticateSecPwPk(HCkSshTunnel cHandle, HCkSecureString username, HCkSecureString password, HCkSshKey privateKey);
Introduced in version 9.5.0.71

The same as AuthenticatePwPk, except the login and password strings are passed in secure string objects.

Returns TRUE for success, FALSE for failure.

top
AuthenticateSecPwPkAsync (1)
HCkTask CkSshTunnel_AuthenticateSecPwPkAsync(HCkSshTunnel cHandle, HCkSecureString username, HCkSecureString password, HCkSshKey privateKey);
Introduced in version 9.5.0.71

Creates an asynchronous task to call the AuthenticateSecPwPk method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns NULL on failure

top
BeginAccepting
BOOL CkSshTunnel_BeginAccepting(HCkSshTunnel cHandle, int listenPort);

Starts a background thread for listening on listenPort. A new SSH tunnel is created and managed for each accepted connection. SSH tunnels are managed in a 2nd background thread: the SSH tunnel pool thread.

BeginAccepting starts a background thread that creates a socket, binds to the port, and begins listening. If the bind fails (meaning something else may have already bound to the same port), then the background thread exits. You may check to see if BeginAccepting succeeds by waiting a short time (perhaps 50 millisec) and then examine the IsAccepting property. If it is FALSE, then BeginAccepting failed.

Important: The listenPort must be a port number that nothing else on the local computer is listening on.

Returns TRUE for success, FALSE for failure.

top
BeginAcceptingAsync (1)
HCkTask CkSshTunnel_BeginAcceptingAsync(HCkSshTunnel cHandle, int listenPort);

Creates an asynchronous task to call the BeginAccepting method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns NULL on failure

top
CloseTunnel
BOOL CkSshTunnel_CloseTunnel(HCkSshTunnel cHandle, BOOL waitForThreads);
Introduced in version 9.5.0.50

Closes the SSH tunnel and disconnects all existing clients. If waitForThreads is TRUE, the method will wait for the tunnel and client threads to exit before returning.

Returns TRUE for success, FALSE for failure.

top
Connect
BOOL CkSshTunnel_Connect(HCkSshTunnel cHandle, const char *hostname, int port);
Introduced in version 9.5.0.50

Connects to the SSH server to be used for SSH tunneling.

Important: Make sure to call CloseTunnel when finished with the tunnel, such as before exiting your program.

Note: Chilkat automatically sends an "ignore" message every 20 seconds to keep the connection with the SSH server alive. This can be turned off by adding the "NoKeepAliveIgnoreMsg" to the UncommonOptions property.

Returns TRUE for success, FALSE for failure.

More Information and Examples
top
ConnectAsync (1)
HCkTask CkSshTunnel_ConnectAsync(HCkSshTunnel cHandle, const char *hostname, int port);
Introduced in version 9.5.0.50

Creates an asynchronous task to call the Connect method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns NULL on failure

top
ConnectThroughSsh
BOOL CkSshTunnel_ConnectThroughSsh(HCkSshTunnel cHandle, HCkSsh ssh, const char *hostname, int port);
Introduced in version 9.5.0.55

Connects to an SSH server through an existing SSH connection. The ssh is an existing connected and authenticated SSH object. The connection to hostname:port is made through the existing SSH connection via port-forwarding. If successful, the connection is as follows: application => ServerSSH1 => ServerSSH2. (where ServerSSH1 is the ssh and ServerSSH2 is the SSH server at hostname:port) Once connected in this way, all communications are routed through ServerSSH1 to ServerSSH2. This includes authentication -- which means the application must still call one of the Authenticate* methods to authenticate with ServerSSH2.

Returns TRUE for success, FALSE for failure.

top
ConnectThroughSshAsync (1)
HCkTask CkSshTunnel_ConnectThroughSshAsync(HCkSshTunnel cHandle, HCkSsh ssh, const char *hostname, int port);
Introduced in version 9.5.0.55

Creates an asynchronous task to call the ConnectThroughSsh method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns NULL on failure

top
ContinueKeyboardAuth
BOOL CkSshTunnel_ContinueKeyboardAuth(HCkSshTunnel cHandle, const char *response, HCkString outStr);
const char *CkSshTunnel_continueKeyboardAuth(HCkSshTunnel cHandle, const char *response);
Introduced in version 9.5.0.78

Continues keyboard-interactive authentication with the SSH server. The response is typically the password. If multiple responses are required (because there were multiple prompts in the infoRequest XML returned by StartKeyboardAuth), then the response should be formatted as XML (as shown below) otherwise the response simply contains the single response string.

<response>
    <response1>response to first prompt</response1>
    <response2>response to second prompt</response2>
    ...
    <responseN>response to Nth prompt</responseN>
</response>

If the interactive authentication completed with success or failure, the XML response will be:

<success>success_message</success>

or

<error>error_message</error>
If additional steps are required to complete the interactive authentication, then an XML string that provides the name, instruction, and prompts is returned. The XML has the following format:
 	<infoRequest numPrompts="N">
	    <name>name_string</name>
	    <instruction>instruction_string</instruction>
	    <prompt1 echo="1_or_0">prompt_string</prompt1>
	    ...
	    <promptN echo="1_or_0">prompt_string</promptN>
	</infoRequest>

Returns TRUE for success, FALSE for failure.

top
ContinueKeyboardAuthAsync (1)
HCkTask CkSshTunnel_ContinueKeyboardAuthAsync(HCkSshTunnel cHandle, const char *response);
Introduced in version 9.5.0.78

Creates an asynchronous task to call the ContinueKeyboardAuth method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns NULL on failure

top
DisconnectAllClients
BOOL CkSshTunnel_DisconnectAllClients(HCkSshTunnel cHandle, BOOL waitForThreads);
Introduced in version 9.5.0.50

Disconnects all clients, keeping the SSH tunnel open. If waitForThreads is TRUE, the method will wait for the client threads to exit before returning.

Returns TRUE for success, FALSE for failure.

top
GetCurrentState
BOOL CkSshTunnel_GetCurrentState(HCkSshTunnel cHandle, HCkString outStr);
const char *CkSshTunnel_getCurrentState(HCkSshTunnel cHandle);
Introduced in version 9.5.0.65

Returns the current state of existing tunnels in an XML string.

Returns TRUE for success, FALSE for failure.

top
IsSshConnected
BOOL CkSshTunnel_IsSshConnected(HCkSshTunnel cHandle);
Introduced in version 9.5.0.61

Returns TRUE if connected to the SSH server. Returns FALSE if the connection has been lost (or was never established).

top
LoadTaskCaller
BOOL CkSshTunnel_LoadTaskCaller(HCkSshTunnel cHandle, HCkTask task);
Introduced in version 9.5.0.80

Loads the caller of the task's async method.

Returns TRUE for success, FALSE for failure.

top
SetAllowedAlgorithms
BOOL CkSshTunnel_SetAllowedAlgorithms(HCkSshTunnel cHandle, HCkJsonObject json);
Introduced in version 9.5.0.99

Provides a way to specific the exact set of algorithms allowed for the connection.

Returns TRUE for success, FALSE for failure.

More Information and Examples
top
StartKeyboardAuth
BOOL CkSshTunnel_StartKeyboardAuth(HCkSshTunnel cHandle, const char *login, HCkString outStr);
const char *CkSshTunnel_startKeyboardAuth(HCkSshTunnel cHandle, const char *login);
Introduced in version 9.5.0.78

Begins keyboard-interactive authentication with the SSH server. Returns an XML string providing the name, instruction, and prompts. The XML has the following format:

 	<infoRequest numPrompts="N">
	    <name>name_string</name>
	    <instruction>instruction_string</instruction>
	    <prompt1 echo="1_or_0">prompt_string</prompt1>
	    ...
	    <promptN echo="1_or_0">prompt_string</promptN>
	</infoRequest>

If the authentication immediately succeeds because no password is required, or immediately fails, the XML response can be:

<success>success_message</success>

or

<error>error_message</error>

Returns TRUE for success, FALSE for failure.

top
StartKeyboardAuthAsync (1)
HCkTask CkSshTunnel_StartKeyboardAuthAsync(HCkSshTunnel cHandle, const char *login);
Introduced in version 9.5.0.78

Creates an asynchronous task to call the StartKeyboardAuth method with the arguments provided. (Async methods are available starting in Chilkat v9.5.0.52.)

Returns NULL on failure

top
StopAccepting
BOOL CkSshTunnel_StopAccepting(HCkSshTunnel cHandle, BOOL waitForThread);

Stops the listen background thread. It is possible to continue accepting connections by re-calling BeginAccepting. If waitForThread is TRUE, the method will wait for the listen thread to exit before returning.

Returns TRUE for success, FALSE for failure.

top