Rebex SSH Shell
SSH shell, tunneling, telnet, ANSI terminal emulation library for .NET
Download 30-day free trial Buy from $699More .NET libraries
-
Rebex SFTP
SFTP client
-
Rebex SSH Pack
SSH Shell + SFTP + SSH server
-
Rebex Total Pack
All Rebex .NET libraries together
Back to feature list...
Authentication modes
On this page:
Username and password
Password-based authentication is simple:
// connect to a server and verify fingerprint var ssh = new Rebex.Net.Ssh(); ssh.Connect(hostname); // log in ssh.Login(username, password);
' connect to a server and verify fingerprint Dim ssh = New Rebex.Net.Ssh() ssh.Connect(hostname) ' log in ssh.Login(username, password)
In addition to password
authentication, this method supports simple forms of keyboard-interactive
authentication methods as well.
Public/private key authentication
Asymmetric cryptography makes it possible to authenticate using a private key without revealing it to the server (or anyone else) - only the corresponding
public key needs to be associated with your account.
Use SshPrivateKey
class for this kind of authentication:
// connect to a server and verify fingerprint var ssh = new Rebex.Net.Ssh(); ssh.Connect(hostname); // load the private key SshPrivateKey privateKey = new SshPrivateKey("my_key.ppk", "key_password"); // log in ssh.Login(username, privateKey);
' connect to a server and verify fingerprint Dim ssh = New Rebex.Net.Ssh() ssh.Connect(hostname) ' load the private key Dim privateKey As New SshPrivateKey("my_key.ppk", "key_password") ' log in ssh.Login(username, privateKey)
How do you get the private key? Usually, you generate it yourself, either using Rebex KeyGenerator sample, our key-generator API or a third-party utility (most SSH vendors provide one). Once generated, the corresponding public key has to be associated with your account (this is server-specific, consult your server administrator if needed).
Note: In case you already have your private key, just load it into the SshPrivateKey
object - it supports lot of private key formats.
X.509 certificate authentication
Some SSH servers - such as Rebex Buru SFTP Server,
VanDyke VShell or Tectia SSH Server - support authentication using X.509 certificates.
Simply load the certificate with an associated private key into the SshPrivateKey
object and pass it to the
Login
method.
// connect to a server and verify fingerprint var ssh = new Rebex.Net.Ssh(); ssh.Connect(hostname, port); // load X.509 certificate Certificate x509 = Rebex.Security.Certificates.Certificate.LoadPfx(certPath, certPassword); // wrap X.509 certificate to SshPrivateKey SshPrivateKey privateKey = new SshPrivateKey(x509); // log in ssh.Login(username, privateKey);
' connect to a server and verify fingerprint Dim ssh = New Rebex.Net.Ssh() ssh.Connect(hostname, port) ' load X.509 certificate Dim x509 As Certificate = Rebex.Security.Certificates.Certificate.LoadPfx(certPath, certPassword) ' wrap X.509 certificate to SshPrivateKey Dim privateKey As New SshPrivateKey(x509) ' log in ssh.Login(username, privateKey)
X509Certificate2
object as well instead of our Certificate
object.
GSSAPI
GSSAPI support makes it possible to use Kerberos or NTLM authentication mechanisms, both in single sign-on mode and username/password(/domain)-based mode.
Note: GSSAPI is only supported on Windows platforms.
Single sign-on
With single sign-on, the current user can authenticate without having to enter his password. Single sign-on is only possible with Kerberos or NTLM authentication mechanisms on servers that support them (through GSSAPI). Additionally, both the client and server machines must be part of the same domain (or a domain trust has to be implemented).
Note: Single sign-on is only supported on Windows platforms.
Kerberos authentication
If the server supports Kerberos authentication, it is possible to use GSSAPI Kerberos v5 authentication mechanism.
Kerberos with single sign-on
// connect to a server and verify fingerprint var ssh = new Rebex.Net.Ssh(); ssh.Connect(hostname); // initialize GSSAPI for Kerberos single sign-on var credentials = new SshGssApiCredentials(); credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5); // log in using Kerberos single sign-on ssh.Login(credentials);
' connect to a server and verify fingerprint Dim ssh = New Rebex.Net.Ssh() ssh.Connect(hostname) ' initialize GSSAPI for Kerberos single sign-on Dim credentials = New SshGssApiCredentials() credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5) ' log in using Kerberos single sign-on ssh.Login(credentials)
Kerberos with username/password/domain
// connect to a server and verify fingerprint var ssh = new Rebex.Net.Ssh(); ssh.Connect(hostname); // initialize GSSAPI for Kerberos authentication var credentials = new SshGssApiCredentials(username, password, domain); credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5); // log in using Kerberos ssh.Login(credentials);
' connect to a server and verify fingerprint Dim ssh = New Rebex.Net.Ssh() ssh.Connect(hostname) ' initialize GSSAPI for Kerberos authentication Dim credentials = New SshGssApiCredentials(username, password, domain) credentials.SetMechanisms(SshGssApiMechanisms.KerberosV5) ' log in using Kerberos ssh.Login(credentials)
Note: Kerberos is only supported on Windows platforms. However, it's possible to authenticate Windows-based clients to Unix-based servers using Kerberos.
NTLM authentication
If the server supports NTLM authentication, it is possible to use GSSAPI NTLM authentication mechanism.
NTLM with single sign-on
// connect to a server and verify fingerprint var ssh = new Rebex.Net.Ssh(); ssh.Connect(hostname); // initialize GSSAPI for NTLM single sign-on var credentials = new SshGssApiCredentials(); credentials.SetMechanisms(SshGssApiMechanisms.Ntlm); // log in using NTLM single sign-on ssh.Login(credentials);
' connect to a server and verify fingerprint Dim ssh = New Rebex.Net.Ssh() ssh.Connect(hostname) ' initialize GSSAPI for NTLM single sign-on Dim credentials = New SshGssApiCredentials() credentials.SetMechanisms(SshGssApiMechanisms.Ntlm) ' log in using NTLM single sign-on ssh.Login(credentials)
NTLM with username/password/domain
// connect to a server and verify fingerprint var ssh = new Rebex.Net.Ssh(); ssh.Connect(hostname); // initialize GSSAPI for NTLM authentication var credentials = new SshGssApiCredentials(username, password, domain); credentials.SetMechanisms(SshGssApiMechanisms.Ntlm); // log in using NTLM single sign-on ssh.Login(credentials);
' connect to a server and verify fingerprint Dim ssh = New Rebex.Net.Ssh() ssh.Connect(hostname) ' initialize GSSAPI for NTLM authentication Dim credentials = New SshGssApiCredentials(username, password, domain) credentials.SetMechanisms(SshGssApiMechanisms.Ntlm) ' log in using NTLM single sign-on ssh.Login(credentials)
Note: On non-Windows platforms (Linux, Android, macOS, iOS), NTLM is only available with NTLM plugin.
Advanced keyboard-interactive authentication
In most cases, password-based authentication will take care
of servers that use keyboard-interactive
authentication method. To handle rare cases where the server utilizes interactive authentication to ask non-trivial questions,
register an AuthenticationRequest
event handler both to get notified about them and to answer them.
Note: Login
method's username
and password
arguments are optional. If you omit them, the event handler will be called when required.
// connect to a server and verify fingerprint var ssh = new Rebex.Net.Ssh(); ssh.Connect(hostname); // register AuthenticationRequest event handler ssh.AuthenticationRequest += client_AuthenticationRequest; // log in (alternatively, omit username and password as well) ssh.Login(username, password);
' connect to a server and verify fingerprint Dim ssh = New Rebex.Net.Ssh() ssh.Connect(hostname) ' register AuthenticationRequest event handler AddHandler ssh.AuthenticationRequest, AddressOf client_AuthenticationRequest ' log in (alternatively, omit username and password as well) ssh.Login(username, password)
The event handler implementing the actual logic:
void client_AuthenticationRequest(object sender, SshAuthenticationRequestEventArgs e) { Console.WriteLine("Server: {0}", e.Name); Console.WriteLine("Instructions: {0}", e.Instructions); foreach (SshAuthenticationRequestItem item in e.Items) { // display question Console.Write(item.Prompt); // set answer item.Response = Console.ReadLine(); } }
Private Sub client_AuthenticationRequest(sender As Object, e As SshAuthenticationRequestEventArgs) Console.WriteLine("Server: {0}", e.Name) Console.WriteLine("Instructions: {0}", e.Instructions) For Each item As SshAuthenticationRequestItem In e.Items ' display question Console.Write(item.Prompt) ' set answer item.Response = Console.ReadLine() Next End Sub
Telnet authentication
Authentication is not a part of the Telnet protocol. Most servers ask for a username and password. Some don't require any authentication at all. Other behavior is rare but perfectly possible as well. To authenticate to a telnet server, you need to know whether the server you are connecting to requires any authentication and how it is performed. It is then up to you to authenticate properly.
The following code connects and authenticates to a telnet server that prints a welcome message and then asks for a username and password. Once connected, the code assumes the server provides a well-behaved shell, and tries detecting its prompt automatically.
Check out Scripting
features
for an overview of terminal scripting capabilities.
// create the telnet client Telnet client = new Telnet(hostname); // connect and get a scripting object Scripting scripting = client.StartScripting(); // wait for "login" prompt scripting.WaitFor(ScriptEvent.FromString("ogin:")); // send user name scripting.SendCommand(username); // wait for "password" prompt scripting.WaitFor(ScriptEvent.FromString("assword:")); // send password scripting.SendCommand(password); // detect prompt scripting.DetectPrompt(); // start sending commands and processing responses // ...
' create the telnet client Dim client As New Telnet(hostname) ' connect and get a scripting object Dim scripting As Scripting = client.StartScripting() ' wait for "login" prompt scripting.WaitFor(ScriptEvent.FromString("ogin:")) ' send user name scripting.SendCommand(username) ' wait for "password" prompt scripting.WaitFor(ScriptEvent.FromString("assword:")) ' send password scripting.SendCommand(password) ' detect prompt scripting.DetectPrompt() ' start sending commands and processing responses ' ...
Note: When using VirtualTerminal
class, or when using TerminalControl
class
in non-interactive mode,
you have to authenticate this way as well. However, instead of calling Telnet.StartScripting
, use the Scripting
object
provided by VirtualTerminal
or TerminalControl
object's Scripting
property.
We support Telnet/SSL as well.
Serial ports and authentication
When connecting over a serial port, authentication is not part of the underlying communication protocol. Most devices simply ask for a username and password over the terminal. Some don't require any authentication at all. Other behavior is rare but perfectly possible as well. To authenticate to a device, you need to know whether it requires any authentication and how it is performed. It is then up to you to authenticate properly.
The following code connects and authenticates to a device that prints a welcome message and then asks for a username and password. Once connected, the code assumes the device provides a well-behaved shell, and tries detecting its prompt automatically.
Check out Scripting
features
for an overview of terminal scripting capabilities.
// open serial port SerialPortChannel client = new SerialPortChannel("COM1"); // connect and get a scripting object Scripting scripting = client.StartScripting(); // wait for "login" prompt scripting.WaitFor(ScriptEvent.FromString("ogin:")); // send user name scripting.SendCommand(username); // wait for "password" prompt scripting.WaitFor(ScriptEvent.FromString("assword:")); // send password scripting.SendCommand(password); // detect prompt scripting.DetectPrompt(); // start sending commands and processing responses // ...
' open serial port Dim client As SerialPortChannel = New SerialPortChannel("COM1") ' connect and get a scripting object Dim scripting As Scripting = client.StartScripting() ' wait for "login" prompt scripting.WaitFor(ScriptEvent.FromString("ogin:")) ' send user name scripting.SendCommand(username) ' wait for "password" prompt scripting.WaitFor(ScriptEvent.FromString("assword:")) ' send password scripting.SendCommand(password) ' detect prompt scripting.DetectPrompt() ' start sending commands and processing responses ' ...
Note: When using VirtualTerminal
class, or when using TerminalControl
class
in non-interactive mode,
you have to authenticate this way as well. However, instead of calling SerialPortChannel.StartScripting
, use the Scripting
object
provided by VirtualTerminal
or TerminalControl
object's Scripting
property.
Back to feature list...