Discuss this help topic in SecureBlackbox Forum

Authenticate with a key

Key-based SSH authentication uses a locally stored user's private key to authenticate the user to the server.

Setting up public key authentication (that's the official name for it; it is OK to use 'public key' term here despite the fact that the *private* key is actually used, as the term 'public key' refers to 'public key authentication' concept of cryptography rather than the user's public key) is performed in the following steps:

  1. Provide your username via your SSH component's Username property when using this type of authentication.
  2. Load the user's private key into a TElSSHKey object. You might need to provide the key password on this stage.
  3. Create a TElSSHMemoryKeyStorage object add the key object there:


    	TElSSHMemoryKeyStorage storage = new TElSSHMemoryKeyStorage();

  4. Attach the key storage to your SSH component's KeyStorage property:


    client.KeyStorage = storage;

  5. Ensure that SSH_AUTH_TYPE_PUBLICKEY flag is included in your SSH component's AuthenticationTypes flag set:


    client.AuthenticationTypes = client.AuthenticationTypes | SBSSHConstants.Unit.SSH_AUTH_TYPE_PUBLICKEY;

That's it. Upon connecting with Open() method the key should be taken and used for authentication by the component automatically. Successful authentication is indicated by OnAuthenticationSuccess event being invoked.

If something goes wrong, OnAuthenticationFailed event is invoked instead, and a AuthType parameter of SSH_AUTH_TYPE_PUBLICKEY is passed to it. If no other authentication methods are available, this is followed by SSH error 114 (ERROR_SSH_NO_MORE_AUTH_METHODS_AVAILABLE).

On-demand key loading

If you have a number of keys for the user and do not know which one to use, or you just prefer to load the private key only when it is actually needed, you may choose to use on-demand key provision approach:

  1. Load the user's public key, corresponding to their private key, into a TElSSHKey object (instead of the private key), and follow the rest of the steps (1-4). You can add as many public keys as you want.
  2. Handle the OnPrivateKeyNeeded event. This event will be invoked when one of the public keys from the list is accepted by the server. This key will be passed to the handler in the Key object. Inside the handler, load the corresponding private key into the provided TElSSHKey object. If you don't have a corresponding private key for the chosen public key, or if you want to use a different key, set Skip parameter to false. This will tell the component to proceed to the next key in KeyStorage.

How To articles about SFTP client

Discuss this help topic in SecureBlackbox Forum