Sample code for 30+ languages & platforms
Objective-C

SSH Authentication using X.509 Certificates

See more SSH Examples

Demonstrates how to authenticate with an SSH/SFTP server using an certificate's private key.

Note: See X.509v3 Certificates for SSH Authentication for more information.

Chilkat Objective-C Downloads

Objective-C
#import <CkoSsh.h>
#import <NSString.h>
#import <CkoCert.h>
#import <CkoSshKey.h>

BOOL success = NO;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

CkoSsh *ssh = [[CkoSsh alloc] init];

NSString *hostname = @"ssh.example.com";
int port = 22;
success = [ssh Connect: hostname port: [NSNumber numberWithInt: port]];
if (success != YES) {
    NSLog(@"%@",ssh.LastErrorText);
    return;
}

// Load the cert + private key from a .pfx.
// Note: Chilkat provides methods for loading certs and private keys from many sources, including smart cards and USB tokens (HSM's)
CkoCert *cert = [[CkoCert alloc] init];
success = [cert LoadPfxFile: @"qa_data/pfx/example.pfx" password: @"pfx_password"];
if (success != YES) {
    NSLog(@"%@",cert.LastErrorText);
    return;
}

// Get the cert's private key (as PEM) to be used for SSH authentication.
// (The public key is installed on the server.)
NSString *privKeyPem = [cert GetPrivateKeyPem];
if (cert.LastMethodSuccess == NO) {
    NSLog(@"%@",cert.LastErrorText);
    return;
}

CkoSshKey *key = [[CkoSshKey alloc] init];

// Load a private key from a PEM string:
success = [key FromOpenSshPrivateKey: privKeyPem];
if (success != YES) {
    NSLog(@"%@",key.LastErrorText);
    return;
}

// Authenticate with the SSH server.
success = [ssh AuthenticatePk: @"myLogin" privateKey: key];
if (success != YES) {
    NSLog(@"%@",ssh.LastErrorText);
    return;
}

NSLog(@"%@",@"Public-Key Authentication Successful!");