Tcl
Tcl
SSH Authentication using X.509 Certificates
See more SSH Examples
Demonstrates how to authenticate with an SSH/SFTP server using an certificate's private key.Note: See X.509v3 Certificates for SSH Authentication for more information.
Chilkat Tcl Downloads
load ./chilkat.dll
set success 0
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
set ssh [new_CkSsh]
set hostname "ssh.example.com"
set port 22
set success [CkSsh_Connect $ssh $hostname $port]
if {$success != 1} then {
puts [CkSsh_lastErrorText $ssh]
delete_CkSsh $ssh
exit
}
# Load the cert + private key from a .pfx.
# Note: Chilkat provides methods for loading certs and private keys from many sources, including smart cards and USB tokens (HSM's)
set cert [new_CkCert]
set success [CkCert_LoadPfxFile $cert "qa_data/pfx/example.pfx" "pfx_password"]
if {$success != 1} then {
puts [CkCert_lastErrorText $cert]
delete_CkSsh $ssh
delete_CkCert $cert
exit
}
# Get the cert's private key (as PEM) to be used for SSH authentication.
# (The public key is installed on the server.)
set privKeyPem [CkCert_getPrivateKeyPem $cert]
if {[CkCert_get_LastMethodSuccess $cert] == 0} then {
puts [CkCert_lastErrorText $cert]
delete_CkSsh $ssh
delete_CkCert $cert
exit
}
set key [new_CkSshKey]
# Load a private key from a PEM string:
set success [CkSshKey_FromOpenSshPrivateKey $key $privKeyPem]
if {$success != 1} then {
puts [CkSshKey_lastErrorText $key]
delete_CkSsh $ssh
delete_CkCert $cert
delete_CkSshKey $key
exit
}
# Authenticate with the SSH server.
set success [CkSsh_AuthenticatePk $ssh "myLogin" $key]
if {$success != 1} then {
puts [CkSsh_lastErrorText $ssh]
delete_CkSsh $ssh
delete_CkCert $cert
delete_CkSshKey $key
exit
}
puts "Public-Key Authentication Successful!"
delete_CkSsh $ssh
delete_CkCert $cert
delete_CkSshKey $key