Sample code for 30+ languages & platforms
PureBasic

SFTP Authentication using X.509 Certificates

See more SFTP Examples

Demonstrates how to authenticate with an SSH/SFTP server using an certificate's private key.

Note: See X.509v3 Certificates for SSH Authentication for more information.

Chilkat PureBasic Downloads

PureBasic
IncludeFile "CkSshKey.pb"
IncludeFile "CkCert.pb"
IncludeFile "CkSFtp.pb"

Procedure ChilkatExample()

    success.i = 0

    ; This example assumes the Chilkat API to have been previously unlocked.
    ; See Global Unlock Sample for sample code.

    sftp.i = CkSFtp::ckCreate()
    If sftp.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    hostname.s = "sftp.example.com"
    port.i = 22
    success = CkSFtp::ckConnect(sftp,hostname,port)
    If success <> 1
        Debug CkSFtp::ckLastErrorText(sftp)
        CkSFtp::ckDispose(sftp)
        ProcedureReturn
    EndIf

    ; Load the cert + private key from a .pfx.
    ; Note: Chilkat provides methods for loading certs and private keys from many sources, including smart cards and USB tokens (HSM's)
    cert.i = CkCert::ckCreate()
    If cert.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    success = CkCert::ckLoadPfxFile(cert,"qa_data/pfx/example.pfx","pfx_password")
    If success <> 1
        Debug CkCert::ckLastErrorText(cert)
        CkSFtp::ckDispose(sftp)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    ; Get the cert's private key (as PEM) to be used for SSH authentication.
    ; (The public key is installed on the server.)
    privKeyPem.s = CkCert::ckGetPrivateKeyPem(cert)
    If CkCert::ckLastMethodSuccess(cert) = 0
        Debug CkCert::ckLastErrorText(cert)
        CkSFtp::ckDispose(sftp)
        CkCert::ckDispose(cert)
        ProcedureReturn
    EndIf

    key.i = CkSshKey::ckCreate()
    If key.i = 0
        Debug "Failed to create object."
        ProcedureReturn
    EndIf

    ; Load a private key from a PEM string:
    success = CkSshKey::ckFromOpenSshPrivateKey(key,privKeyPem)
    If success <> 1
        Debug CkSshKey::ckLastErrorText(key)
        CkSFtp::ckDispose(sftp)
        CkCert::ckDispose(cert)
        CkSshKey::ckDispose(key)
        ProcedureReturn
    EndIf

    ; Authenticate with the SSH server.
    success = CkSFtp::ckAuthenticatePk(sftp,"myLogin",key)
    If success <> 1
        Debug CkSFtp::ckLastErrorText(sftp)
        CkSFtp::ckDispose(sftp)
        CkCert::ckDispose(cert)
        CkSshKey::ckDispose(key)
        ProcedureReturn
    EndIf

    Debug "Public-Key Authentication Successful!"


    CkSFtp::ckDispose(sftp)
    CkCert::ckDispose(cert)
    CkSshKey::ckDispose(key)


    ProcedureReturn
EndProcedure