(SQL Server) SFTP Authentication using X.509 Certificates

See more SFTP Examples

Demonstrates how to authenticate with an SSH/SFTP server using an certificate's private key.

Note: See X.509v3 Certificates for SSH Authentication for more information.

Chilkat ActiveX Downloads ActiveX for 32-bit and 64-bit Windows

-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    -- This example assumes the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    DECLARE @sftp int
    -- Use "Chilkat_9_5_0.SFtp" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.SFtp', @sftp OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @hostname nvarchar(4000)
    SELECT @hostname = 'sftp.example.com'
    DECLARE @port int
    SELECT @port = 22
    DECLARE @success int
    EXEC sp_OAMethod @sftp, 'Connect', @success OUT, @hostname, @port
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @sftp, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sftp
        RETURN
      END

    -- Load the cert + private key from a .pfx.
    -- Note: Chilkat provides methods for loading certs and private keys from many sources, including smart cards and USB tokens (HSM's)
    DECLARE @cert int
    -- Use "Chilkat_9_5_0.Cert" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.Cert', @cert OUT

    EXEC sp_OAMethod @cert, 'LoadPfxFile', @success OUT, 'qa_data/pfx/example.pfx', 'pfx_password'
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sftp
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    -- Get the cert's private key (as PEM) to be used for SSH authentication.
    -- (The public key is installed on the server.)
    DECLARE @privKeyPem nvarchar(4000)
    EXEC sp_OAMethod @cert, 'GetPrivateKeyPem', @privKeyPem OUT
    EXEC sp_OAGetProperty @cert, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 = 0
      BEGIN
        EXEC sp_OAGetProperty @cert, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sftp
        EXEC @hr = sp_OADestroy @cert
        RETURN
      END

    DECLARE @key int
    -- Use "Chilkat_9_5_0.SshKey" for versions of Chilkat < 10.0.0
    EXEC @hr = sp_OACreate 'Chilkat.SshKey', @key OUT

    -- Load a private key from a PEM string:
    EXEC sp_OAMethod @key, 'FromOpenSshPrivateKey', @success OUT, @privKeyPem
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @key, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sftp
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @key
        RETURN
      END

    -- Authenticate with the SSH server.
    EXEC sp_OAMethod @sftp, 'AuthenticatePk', @success OUT, 'myLogin', @key
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @sftp, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @sftp
        EXEC @hr = sp_OADestroy @cert
        EXEC @hr = sp_OADestroy @key
        RETURN
      END


    PRINT 'Public-Key Authentication Successful!'

    EXEC @hr = sp_OADestroy @sftp
    EXEC @hr = sp_OADestroy @cert
    EXEC @hr = sp_OADestroy @key


END
GO