|
Chilkat • HOME • .NET Core C# • Android™ • AutoIt • C • C# • C++ • Chilkat2-Python • CkPython • Classic ASP • DataFlex • Delphi ActiveX • Delphi DLL • Go • Java • Lianja • Mono C# • Node.js • Objective-C • PHP ActiveX • PHP Extension • Perl • PowerBuilder • PowerShell • PureBasic • Ruby • SQL Server • Swift 2 • Swift 3,4,5... • Tcl • Unicode C • Unicode C++ • VB.NET • VBScript • Visual Basic 6.0 • Visual FoxPro • Xojo Plugin
(SQL Server) SSH Authenticate using Smart Card Private KeySee more SSH ExamplesDemonstrates how to use a private key stored on an HSM (smartcard or token) for SSH public-key authentication. (Public-key authentication means the client, which is your application, uses the private key, while the corresponding public key is installed on the server under your SSH account.) Note: This example requires Chilkat v9.5.0.96 or later.
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls. -- CREATE PROCEDURE ChilkatSample AS BEGIN DECLARE @hr int -- Important: Do not use nvarchar(max). See the warning about using nvarchar(max). DECLARE @sTmp0 nvarchar(4000) -- This example requires the Chilkat API to have been previously unlocked. -- See Global Unlock Sample for sample code. -- Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems. DECLARE @pkcs11 int -- Use "Chilkat_9_5_0.Pkcs11" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Pkcs11', @pkcs11 OUT IF @hr <> 0 BEGIN PRINT 'Failed to create ActiveX component' RETURN END -- Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM. -- For example: EXEC sp_OASetProperty @pkcs11, 'SharedLibPath', 'C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS11.dll' -- Use your HSM's PIN. DECLARE @pin nvarchar(4000) SELECT @pin = '0000' -- Normal user = 1 DECLARE @userType int SELECT @userType = 1 -- Establish a logged-on user session with the HSM. DECLARE @success int EXEC sp_OAMethod @pkcs11, 'QuickSession', @success OUT, @userType, @pin IF @success = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 RETURN END -- Provide a template to find a PKCS11 object. DECLARE @jsonTemplate int -- Use "Chilkat_9_5_0.JsonObject" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.JsonObject', @jsonTemplate OUT -- Find an RSA private key with the label "MySshKey". -- Here's an example of how the key was originally imported: -- PKCS11 Import SSH Key EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'class', 'private_key' EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'key_type', 'rsa' EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'label', 'MySshKey' DECLARE @privKeyHandle int EXEC sp_OAMethod @pkcs11, 'FindObject', @privKeyHandle OUT, @jsonTemplate IF @privKeyHandle = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonTemplate RETURN END -- The private key handle is only valid during the PKCS11 session. -- If you wish to use the private key in another PKCS11 session, -- you'll first need to find it. See: PRINT 'private key handle: ' + @privKeyHandle -- We'll also need the PKCS11 public key handle -- Modify the template by updating the "class" to "public_key" EXEC sp_OAMethod @jsonTemplate, 'UpdateString', @success OUT, 'class', 'public_key' DECLARE @pubKeyHandle int EXEC sp_OAMethod @pkcs11, 'FindObject', @pubKeyHandle OUT, @jsonTemplate IF @pubKeyHandle = 0 BEGIN EXEC sp_OAGetProperty @pkcs11, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonTemplate RETURN END PRINT 'public key handle: ' + @pubKeyHandle -- Create an empty SSH key object, and tell it to use the PKCS11 handles. -- We also need to indicate the key type. DECLARE @sshKey int -- Use "Chilkat_9_5_0.SshKey" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.SshKey', @sshKey OUT EXEC sp_OAMethod @sshKey, 'UsePkcs11', @success OUT, @pkcs11, @privKeyHandle, @pubKeyHandle, 'rsa' IF @success = 0 BEGIN EXEC sp_OAGetProperty @sshKey, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonTemplate EXEC @hr = sp_OADestroy @sshKey RETURN END -- Create an SSH object and authenticate using the SSH key, which will utilize the existing PKCS11 session. DECLARE @ssh int -- Use "Chilkat_9_5_0.Ssh" for versions of Chilkat < 10.0.0 EXEC @hr = sp_OACreate 'Chilkat.Ssh', @ssh OUT EXEC sp_OAMethod @ssh, 'Connect', @success OUT, 'my-ssh-server.com', 22 IF @success = 0 BEGIN EXEC sp_OAGetProperty @ssh, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonTemplate EXEC @hr = sp_OADestroy @sshKey EXEC @hr = sp_OADestroy @ssh RETURN END -- This is where the PKCS11 private key on the smart card is used. EXEC sp_OAMethod @ssh, 'AuthenticatePk', @success OUT, 'your_ssh_username', @sshKey IF @success = 0 BEGIN EXEC sp_OAGetProperty @ssh, 'LastErrorText', @sTmp0 OUT PRINT @sTmp0 EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonTemplate EXEC @hr = sp_OADestroy @sshKey EXEC @hr = sp_OADestroy @ssh RETURN END -- Do whatever it is your app needs to do using the authenticated SSH session.... -- ... -- ... EXEC sp_OAMethod @ssh, 'Disconnect', NULL EXEC sp_OAMethod @pkcs11, 'Logout', @success OUT EXEC sp_OAMethod @pkcs11, 'CloseSession', @success OUT EXEC @hr = sp_OADestroy @pkcs11 EXEC @hr = sp_OADestroy @jsonTemplate EXEC @hr = sp_OADestroy @sshKey EXEC @hr = sp_OADestroy @ssh END GO |
||||
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.