Discuss this help topic in SecureBlackbox Forum

TElSSHPublicKeyClient.OnAttribute

TElSSHPublicKeyClient     See also     


Filter: C#/Java  VB.NET  Pascal  C++  PHP  


This event is fired when the next supported public key attribute is received from the server.

Declaration

[C#/Java]
    event TSBSSHPublicKeyAttributeEvent OnAttribute;
    delegate void TSBSSHPublicKeyAttributeEvent(Object Sender, string Attr, bool Compulsory);

[VB.NET]
    Event OnAttribute As TSBSSHPublicKeyAttributeEvent
    Delegate Sub TSBSSHPublicKeyAttributeEvent(ByVal Sender As Object, ByVal Attr As String, ByVal Compulsory As Boolean)

[Pascal]
    property OnAttribute: TSBSSHPublicKeyAttributeEvent
    TSBSSHPublicKeyAttributeEvent = procedure(Sender: TObject; const Attr: string; Compulsory: boolean) of object;

[C++]
    void get_OnAttribute(TSBSSHPublicKeyAttributeEvent &pMethodOutResult, void * &pDataOutResult);
    void set_OnAttribute(TSBSSHPublicKeyAttributeEvent pMethodValue, void * pDataValue);
    typedef void (SB_CALLBACK *TSBSSHPublicKeyAttributeEvent)(void * _ObjectData, TObjectHandle Sender, const char * pcAttr, int32_t szAttr, int8_t Compulsory);

[PHP]
    TSBSSHPublicKeyAttributeEvent|callable|NULL get_OnAttribute()
    void set_OnAttribute(TSBSSHPublicKeyAttributeEvent|callable|NULL $Value)
    callable TSBSSHPublicKeyAttributeEvent(TObject $Sender, string $Attr, bool $Compulsory)

Parameters

  • Attr - attribute name
  • Compulsory - indicates whether this attribute will be compulsory applied to any added keys (irrespective of whether theattribute has been specified by the client) due to administrativesettings on the server.
  • pcAttr - attribute name
  • szAttr - the length of pcAttr.

Description

    TElSSHPublicKeyClient fires this event when the next supported key attribute is received from the server as result of the ListAttributes command. This event can be fired only if version is 2 or higher.

    The following paragraph is taken from Secure Shell Public-Key Subsystem draft:

    «The following attributes are currently defined:

     "comment"

     The value of the comment attribute contains user-specified text about the public key. The server SHOULD make every effort to preserve this value and return it with the key during any subsequent list operation. The server MUST NOT attempt to interpret or act upon the content of the comment field in any way. The comment attribute must be specified in UTF-8 format [6]. The comment field is useful so the user can identify the key without resorting to comparing its fingerprint. This attribute SHOULD NOT be mandatory.

     "comment-language"

     If this attribute is specified, it MUST immediately follow a "comment" attribute and specify the language for that attribute [5]. The client MAY specify more than one comment if it additionally specifies a different language for each of those comments. The server SHOULD attempt to store each comment with its language attribute. This attribute SHOULD NOT be mandatory.

     "command-override"

     "command-override" specifies a command to be executed when this key is in use. The command should be executed by the server when it receives an "exec" or "shell" request from the client, in place of the command or shell which would otherwise have been executed as a result of that request. If the command string is empty, both "exec" and "shell" requests should be denied. If no "command-override" attribute is specified, all "exec" and "shell" requests should be permitted (as long as they satisfy other security or authorization checks the server may perform). This attribute SHOULD be mandatory.

     "subsystem"

     "subsystem" specifies a comma-separated list of subsystems that may be started (using a "subsystem" request) when this key is in use. This attribute SHOULD be mandatory. If the value is empty, no subsystems may be started. If the "subsystem" attribute is not specified, no restrictions are placed on which subsystems may be started when authenticated using this key.

     "x11"

     "x11" specifies that X11 forwarding may not be performed when this key is in use. The attribute-value field SHOULD be empty for this attribute. This attribute SHOULD be mandatory.

     "shell"

     "shell" specifies that session channel "shell" requests should be denied when this key is in use. The attribute-value field SHOULD be empty for this attribute. This attribute SHOULD be mandatory.

     "exec"

     "exec" specifies that session channel "exec" requests should be denied when this key is in use. The attribute-value field SHOULD be empty for this attribute. This attribute SHOULD be mandatory.

     "agent"

     "agent" specifies that session channel "auth-agent-req" requests should be denied when this key is in use. The attribute-value field SHOULD be empty for this attribute. This attribute SHOULD be mandatory.

     "env"

     "env" specifies that session channel "env" requests should be denied when this key is in use. The attribute-value field SHOULD be empty for this attribute. This attribute SHOULD be mandatory.

     "from"

     "from" specifies a comma-separated list of hosts from which the key may be used. If a host not in this list attempts to use this key for authorization purposes, the authorization attempt MUST be denied. The server SHOULD make a log entry regarding this. The server MAY provide a method for administrators to disallow the appearance of a host in this list.

     "port-forward"

     "port-forward" specifies that no "direct-tcpip" requests should be accepted, except those to hosts specified in the comma-separated list supplied as a value to this attribute. If the value of this attribute is empty, all "direct-tcpip" requests should be refused when using this key. This attribute SHOULD be mandatory.

     "reverse-forward"

     "reverse-forward" specifies that no "tcpip-forward" requests should be accepted, except for the port numbers in the comma-separated list supplied as a value to this attribute. If the value of this attribute is empty, all "tcpip-forward" requests should be refused when using this key. This attribute SHOULD be mandatory. »

See also:     OnCloseConnection     OnError     OnOpenConnection     OnPublicKey     OnStatus    

Discuss this help topic in SecureBlackbox Forum