SshTunnel Xojo Plugin Reference Documentation
SshTunnel
Current Version: 11.1.0
The SSH tunnel class provides for the ability to run a self-contained SSH tunnel in a background thread. It can behave as a SOCKS proxy, accepting connections from SOCKS4 or SOCK5 proxy clients and fowarding connections through an SSH tunnel. This is the "dynamic port forwarding" mode of operation. It can also behave in a static port forwarding mode (where it accepts connections and forwards the connection to a pre-defined remote destination IP:port).
Object Creation
Dim sshTunnel As New Chilkat.SshTunnel
Properties
AbortCurrent
When set to True, causes the currently running method to abort.  Methods that always finish quickly (i.e.have no length file operations or network communications) are not affected.  If no method is running, then this property is automatically reset to False when the next method is called.  When the abort occurs, this property is reset to False.  Both synchronous and asynchronous method calls can be aborted.  (A synchronous method call could be aborted by setting this property from a separate thread.)
AcceptLog
Contains an in-memory log of the listen thread.  This will only contain content if the KeepAcceptLog property is True.
AcceptLogPath
Specifies a log file to be kept for the activity in the listen thread.
topClientIdentifier
The client-identifier string to be used when connecting to an SSH/SFTP server.  Starting in Chilkat v9.5.0.99, the default is SSH-2.0-Chilkat_ + the Chilkat version number, such as SSH-2.0-Chilkat_9.5.0.99.
Note: The client identifier should always begin with SSH-2.0-.  SSH servers may disconnect if it does not.
ClientLogDir
If not empty, this property specifies a directory path where a log file for each tunnel client will be created. Each log file will be named in the format: tunnel_client_log_{random_id}.txt.
ConnectTimeoutMs
Maximum number of milliseconds to wait when connecting to an SSH server. The default value is 10000 (i.e. 10 seconds). A value of 0 indicates no timeout (wait forever).
topDebugLogFilePath
If set to a file path, this property logs the LastErrorText of each Chilkat method or property call to the specified file. This logging helps identify the context and history of Chilkat calls leading up to any crash or hang, aiding in debugging.
Enabling the VerboseLogging property provides more detailed information. This property is mainly used for debugging rare instances where a Chilkat method call causes a hang or crash, which should generally not happen.
Possible causes of hangs include:
- A timeout property set to 0, indicating an infinite timeout.
- A hang occurring within an event callback in the application code.
- An internal bug in the Chilkat code causing the hang.
DestHostname
The destination hostname or IP address (in dotted decimal notation) of the service (such as a database server). Data sent through the SSH tunnel is forwarded by the SSH server to this destination. Data received from the destination (by the SSH server) is forwarded back to the client through the SSH tunnel.
topDestPort
The destination port of the service (such as a database server).
topDynamicPortForwarding
If True, then this behaves as a SOCKS proxy server for inbound connections.    When this property is True, the DestHostname and DestPort properties are unused because the destination IP:port is dynamically provided by the SOCKS client.  The default value of this property is False.
When dynamic port forwarding is used, the InboundSocksVersion property must be set to 4 or 5. If inbound SOCKS5 is used, then the InboundSocksUsername and InboundSocksPassword may be set to the required login/password for a client to gain access.
HostKeyFingerprint
Set after connecting to an SSH server.  The format of the fingerprint looks like this:  ssh-rsa 1024 68:ff:d1:4e:6c:ff:d7:b0:d6:58:73:85:07:bc:2e:d5
HttpProxyAuthMethod
If an HTTP proxy requiring authentication is to be used, set this property to the HTTP proxy authentication method name.  Valid choices are Basic or NTLM.
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.
topHttpProxyDomain
The NTLM authentication domain (optional) if NTLM authentication is used w/ the HTTP proxy.
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.
topHttpProxyHostname
If an HTTP proxy is to be used, set this property to the HTTP proxy hostname or IPv4 address (in dotted decimal notation).
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.
topHttpProxyPassword
If an HTTP proxy requiring authentication is to be used, set this property to the HTTP proxy password.
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.
topHttpProxyPort
If an HTTP proxy is to be used, set this property to the HTTP proxy port number. (Two commonly used HTTP proxy ports are 8080 and 3128.)
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.
topHttpProxyUsername
If an HTTP proxy requiring authentication is to be used, set this property to the HTTP proxy login name.
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through an HTTP proxy.
topIdleTimeoutMs
A tunnel will fail when progress for sending or receiving data halts for more than this number of milliseconds. The default value is 10,000 (which is 10 seconds). A timeout of 0 indicates an infinite wait time (i.e. no timeout).
topInboundSocksPassword
If dynamic port forwarding is used, then this may be set to the password required for authenticating inbound connections.
topInboundSocksUsername
If dynamic port forwarding is used, then this may be set to the username required for authenticating inbound connections. If no username is set, then the inbound connection needs no authentication.
topIsAccepting
True if a background thread is running and accepting connections.
KeepAcceptLog
If True, then an in-memory log of the listen thread is kept.  The default value is False.
KeepTunnelLog
If True, then a log of the SSH tunnel thread activity is kept in memory.  The default value is False.
LastErrorHtml
Provides HTML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
topLastErrorText
Provides plain text information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
LastErrorXml
Provides XML-formatted information about the last called method or property. If a method call fails or behaves unexpectedly, check this property for details. Note that information is available regardless of the method call's success.
topLastMethodSuccess
Indicates the success or failure of the most recent method call: True means success, False means failure. This property remains unchanged by property setters or getters.  This method is present to address challenges in checking for null or Nothing returns in certain programming languages.
ListenBindIpAddress
In most cases, this property does not need to be set. It is provided for cases where it is required to bind the listen socket to a specific IP address (usually for computers with multiple network interfaces or IP addresses). For computers with a single network interface (i.e. most computers), this property should not be set. For multihoming computers, the default IP address is automatically used if this property is not set.
topListenPort
If a port number equal to 0 is passed to BeginAccepting, then this property will contain the actual allocated port number used. Otherwise it is equal to the port number passed to BeginAccepting, or 0 if BeginAccepting was never called.
topOutboundBindIpAddress
In most cases, this property does not need to be set. It is provided for cases where it is required to bind the socket that is to connect to the SSH server (in the background thread) to a specific IP address (usually for computers with multiple network interfaces or IP addresses). For computers with a single network interface (i.e. most computers), this property should not be set. For multihoming computers, the default IP address is automatically used if this property is not set.
topOutboundBindPort
Unless there is a specific requirement for binding to a specific port, leave this unset (at the default value of 0). (99.9% of all users should never need to set this property.)
topPreferIpv6
If True, then use IPv6 over IPv4 when both are supported for a particular domain.   The default value of this property is False, which will choose IPv4 over IPv6.
SocksHostname
The SOCKS4/SOCKS5 hostname or IPv4 address (in dotted decimal notation). This property is only used if the SocksVersion property is set to 4 or 5).
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through a SOCKS4 or SOCKS5 proxy.
topSocksPassword
The SOCKS5 password (if required). The SOCKS4 protocol does not include the use of a password, so this does not apply to SOCKS4.
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through a SOCKS4 or SOCKS5 proxy.
topSocksPort
The SOCKS4/SOCKS5 proxy port. The default value is 1080. This property only applies if a SOCKS proxy is used (if the SocksVersion property is set to 4 or 5).
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through a SOCKS4 or SOCKS5 proxy.
topSocksUsername
The SOCKS4/SOCKS5 proxy username. This property is only used if the SocksVersion property is set to 4 or 5).
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through a SOCKS4 or SOCKS5 proxy.
topSocksVersion
SocksVersion May be set to one of the following integer values:
0 - No SOCKS proxy is used.  This is the default.
4 - Connect via a SOCKS4 proxy.
5 - Connect via a SOCKS5 proxy.
Note: This is for the outbound connection to the SSH server. It is used when the outbound connection to the SSH server must go through a SOCKS4 or SOCKS5 proxy.
topSoRcvBuf
Sets the receive buffer size socket option. Normally, this property should be left unchanged. The default value is 4194304.
This property can be increased if download performance seems slow. It is recommended to be a multiple of 4096.
SoSndBuf
Sets the send buffer size socket option. Normally, this property should be left unchanged. The default value is 262144.
This property can be increased if upload performance seems slow. It is recommended to be a multiple of 4096. Testing with sizes such as 512K and 1MB is reasonable.
TcpNoDelay
Controls whether the TCP_NODELAY socket option is used for the underlying TCP/IP socket.  The default value is False.  Setting this property equal to True disables the Nagle algorithm and allows for better performance when small amounts of data are sent.
TunnelLog
Contains an in-memory log of the SSH tunnel  thread.  This will only contain content if the KeepTunnelLog property is True.
TunnelLogPath
Set to keep a log file of the SSH tunnel thread.
topUncommonOptions
This is a catch-all property to be used for uncommon needs. This property defaults to the empty string, and should typically remain empty.
Can be set to a list of the following comma separated keywords:
- ForceUserAuthRsaSha1 - Introduced in v9.5.0.98. When doing public-key authentication, forces rsa-sha1 to be used for the userauth algorithm even if the server supports rsa-sha2-256, rsa-sha2-512, but still requires SHA1 for the userauth algorithm. Make sure to set this option before connecting to the server.
- NoKeepAliveIgnoreMsg - Introduced in v9.5.0.76.  Prevents the default behavior of the SSH tunnel sending an ignoremessage every 20 seconds to keep an unused connection alive.
- no-weak-mac-algs - Introduced in v9.5.0.98. Removes all weaker MAC algorithms from the list offered to the SSH server when negotiating the connection parameters during a Connect. Specifically, removes hmac-sha1-96, hmac-sha1, hmac-md5, and hmac-ripemd160. Note: Stronger algorithms such as hmac-sha2-256, hmac-sha2-512, etc., will already be automatically chosen because they are given higher preference. The only way a weaker algorithm is chosen is if the SSH server ONLY supports weaker algorithms. This option would only be set if you explicitly want to avoid connecting to older SSH servers, or servers configured in some unusual way where only weaker algorithms are supported on the server (which is rare).
- ProtectFromVpn - Introduced in v9.5.0.80. On Android systems, will bypass any VPN that may be installed or active.
- +ssh-hmac-etm - Introduced in v9.5.0.97. Version 9.5.0.97 disabled the *-etm MAC algorithms to mitigate the Terrapin attack. Use this keyword to include the etm MAC algorithms.
- +chacha20-poly1305@openssh.com - Introduced in v9.5.0.97. To mitigate the Terrapin attack, chacha20-poly1305@openssh.com is no longer included by default. It can be re-added by adding this keyword.
VerboseLogging
If set to True, then the contents of LastErrorText (or LastErrorXml, or LastErrorHtml) may contain more verbose information. The default value is False.  Verbose logging should only be used for debugging.  The potentially large quantity of logged information may adversely affect peformance.
Version
Methods
AuthenticatePk
Authenticates with the SSH server using public-key authentication. The corresponding public key must have been installed on the SSH server for the username. Authentication will succeed if the matching privateKey is provided.
Important: When reporting problems, please send the full contents of the LastErrorText property to support@chilkatsoft.com.
Returns True for success, False for failure.
AuthenticatePkAsync (1)
Creates an asynchronous task to call the AuthenticatePk method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns Nil on failure
AuthenticatePw
Authenticates with the SSH server using a login and password.
An SSH session always begins by first calling Connect to connect to the SSH server, and then calling either AuthenticatePw or AuthenticatePk to login.
Important: When reporting problems, please send the full contents of the LastErrorText property to support@chilkatsoft.com.
Note: To learn about how to handle password change requests, see the PasswordChangeRequested property (above).
Returns True for success, False for failure.
AuthenticatePwAsync (1)
Creates an asynchronous task to call the AuthenticatePw method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns Nil on failure
AuthenticatePwPk
Authentication for SSH servers that require both a password and private key. (Most SSH servers are configured to require one or the other, but not both.)
Important: When reporting problems, please send the full contents of the LastErrorText property to support@chilkatsoft.com.
Returns True for success, False for failure.
topAuthenticatePwPkAsync (1)
Creates an asynchronous task to call the AuthenticatePwPk method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns Nil on failure
AuthenticateSecPw
The same as AuthenticatePw, except the login and password strings are passed in secure string objects.
Returns True for success, False for failure.
AuthenticateSecPwAsync (1)
Creates an asynchronous task to call the AuthenticateSecPw method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns Nil on failure
AuthenticateSecPwPk
The same as AuthenticatePwPk, except the login and password strings are passed in secure string objects.
Returns True for success, False for failure.
topAuthenticateSecPwPkAsync (1)
Creates an asynchronous task to call the AuthenticateSecPwPk method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns Nil on failure
BeginAccepting
Starts a background thread for listening on listenPort. A new SSH tunnel is created and managed for each accepted connection. SSH tunnels are managed in a 2nd background thread: the SSH tunnel pool thread.
BeginAccepting starts a background thread that creates a socket, binds to the port, and begins listening.  If the bind fails (meaning something else may have already bound to the same port), then the background thread exits.  You may check to see if BeginAccepting succeeds by waiting a short time (perhaps 50 millisec) and then examine the IsAccepting property.  If it is False, then BeginAccepting failed.
Important: The listenPort must be a port number that nothing else on the local computer is listening on.
Returns True for success, False for failure.
BeginAcceptingAsync (1)
Creates an asynchronous task to call the BeginAccepting method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns Nil on failure
CloseTunnel
Closes the SSH tunnel and disconnects all existing clients.  If waitForThreads is True, the method will wait for the tunnel and client threads to exit before returning.
Returns True for success, False for failure.
topConnect
Connects to the SSH server to be used for SSH tunneling.
Important: Make sure to call CloseTunnel when finished with the tunnel, such as before exiting your program.
Note:  Chilkat automatically sends an ignore message every 20 seconds to keep the connection with the SSH server alive.  This can be turned off by adding the NoKeepAliveIgnoreMsg to the UncommonOptions property.
Returns True for success, False for failure.
ConnectAsync (1)
Creates an asynchronous task to call the Connect method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns Nil on failure
ConnectThroughSsh
Connects to an SSH server through an existing SSH connection. The ssh is an existing connected and authenticated SSH object. The connection to hostname:port is made through the existing SSH connection via port-forwarding. If successful, the connection is as follows: application => ServerSSH1 => ServerSSH2. (where ServerSSH1 is the ssh and ServerSSH2 is the SSH server at hostname:port) Once connected in this way, all communications are routed through ServerSSH1 to ServerSSH2. This includes authentication -- which means the application must still call one of the Authenticate* methods to authenticate with ServerSSH2.
Returns True for success, False for failure.
topConnectThroughSshAsync (1)
Creates an asynchronous task to call the ConnectThroughSsh method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns Nil on failure
ContinueKeyboardAuth
Continues keyboard-interactive authentication with the SSH server. The response is typically the password. If multiple responses are required (because there were multiple prompts in the infoRequest XML returned by StartKeyboardAuth), then the response should be formatted as XML (as shown below) otherwise the response simply contains the single response string.
<response>
    <response1>response to first prompt</response1>
    <response2>response to second prompt</response2>
    ...
    <responseN>response to Nth prompt</responseN>
</response>
If the interactive authentication completed with success or failure, the XML response will be:
<success>success_message</success> or <error>error_message</error>If additional steps are required to complete the interactive authentication, then an XML string that provides the name, instruction, and prompts is returned. The XML has the following format:
<infoRequest numPrompts="N"> <name>name_string</name> <instruction>instruction_string</instruction> <prompt1 echo="1_or_0">prompt_string</prompt1> ... <promptN echo="1_or_0">prompt_string</promptN> </infoRequest>
Returns Nil on failure
ContinueKeyboardAuthAsync (1)
Creates an asynchronous task to call the ContinueKeyboardAuth method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns Nil on failure
DisconnectAllClients
Disconnects all clients, keeping the SSH tunnel open. If waitForThreads is True, the method will wait for the client threads to exit before returning.
Returns True for success, False for failure.
topGetCurrentState
IsSshConnected
Returns True  if connected to the SSH server.  Returns False if the connection has been lost (or was never established).
LoadTaskCaller
SetAllowedAlgorithms
Provides a way to specific the exact set of algorithms allowed for the connection.
Returns True for success, False for failure.
StartKeyboardAuth
Begins keyboard-interactive authentication with the SSH server. Returns an XML string providing the name, instruction, and prompts. The XML has the following format:
<infoRequest numPrompts="N"> <name>name_string</name> <instruction>instruction_string</instruction> <prompt1 echo="1_or_0">prompt_string</prompt1> ... <promptN echo="1_or_0">prompt_string</promptN> </infoRequest>
If the authentication immediately succeeds because no password is required, or immediately fails, the XML response can be:
<success>success_message</success> or <error>error_message</error>
Returns Nil on failure
StartKeyboardAuthAsync (1)
Creates an asynchronous task to call the StartKeyboardAuth method with the arguments provided.
Note: Async method event callbacks happen in the background thread. Accessing and updating UI elements existing in the main thread may require special considerations.
Returns Nil on failure
StopAccepting
Stops the listen background thread.  It is possible to continue accepting connections by re-calling BeginAccepting.  If waitForThread is True, the method will wait for the listen thread to exit before returning.
Returns True for success, False for failure.
topEvents
To implement events, your application would define and implement a class that is a subclass of Chilkat.SshTunnel. Your custom class would implement (i.e. override) some or all of the event methods.
For example:
class MySshTunnel
    Inherits Chilkat.SshTunnel
    Function AbortCheck() As Boolean
    Function PercentDone(pctDone As Int32) As Boolean
    Sub ProgressInfo(name As String, value As String)
    Sub TaskCompleted(task As Chilkat.Task)
End ClassAbortCheck
Enables a method call to be aborted by triggering the AbortCheck event at intervals defined by the HeartbeatMs property. If HeartbeatMs is set to its default value of 0, no events will occur. For instance, set HeartbeatMs to 200 to trigger 5 AbortCheck events per second. 
PercentDone
This provides the percentage completion for any method involving network communications or time-consuming processing, assuming the progress can be measured as a percentage. This event is triggered only when it's possible and logical to express the operation's progress as a percentage. The pctDone argument will range from 1 to 100. For methods that finish quickly, the number of PercentDone callbacks may vary, but the final callback will have pctDone equal to 100. For longer operations, callbacks will not exceed one per percentage point (e.g., 1, 2, 3, ..., 98, 99, 100).
The PercentDone callback also acts as an AbortCheck event. For fast methods where PercentDone fires, an AbortCheck event may not trigger since the PercentDone callback already provides an opportunity to abort. For longer operations, where time between PercentDone callbacks is extended, AbortCheck callbacks enable more responsive operation termination.
        To abort the operation, set the abort output argument to True. This will cause the method to terminate and return a failure status or corresponding failure value.
ProgressInfo
This event callback provides tag name/value pairs that detail what occurs during a method call. To discover existing tag names, create code to handle the event, emit the pairs, and review them. Most tag names are self-explanatory.
TaskCompleted
Called from the background thread when an asynchronous task completes.