(Unicode C++) SFTP Set Allowed Algorithms

See more SFTP Examples

Demonstrates how to explicitly set the algorithms allowed in the SSH connection protocol for SFTP.

Note: This example requires Chilkat v9.5.0.99 or greater.

Chilkat C/C++ Library Downloads
MS Visual C/C++ Linux/CentOS C/C++ Alpine Linux C/C++ MAC OS X C/C++	armhf/aarch64 C/C++ C++ Builder iOS C/C++ Android C/C++	Solaris C/C++ MinGW C/C++

#include <CkSFtpW.h>
#include <CkJsonObjectW.h>

void ChilkatSample(void)
    {
    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    bool success;
    CkSFtpW sftp;

    CkJsonObjectW json;

    // Here are the algorithms supported by Chilkat at the time this example was written (14-June-2024)

    // ---------------------------
    // SSH Key-Exchange Algorithms
    // ---------------------------
    // curve25519-sha256
    // curve25519-sha256@libssh.org
    // ecdh-sha2-nistp256
    // ecdh-sha2-nistp384
    // ecdh-sha2-nistp521
    // diffie-hellman-group14-sha256
    // diffie-hellman-group16-sha512
    // diffie-hellman-group18-sha512
    // diffie-hellman-group-exchange-sha256
    // diffie-hellman-group1-sha1
    // diffie-hellman-group14-sha1
    // diffie-hellman-group-exchange-sha1

    // ---------------------------
    // SSH Host Key Algorithms
    // ---------------------------
    // ssh-ed25519
    // ecdsa-sha2-nistp256
    // ecdsa-sha2-nistp384
    // ecdsa-sha2-nistp521
    // rsa-sha2-256
    // rsa-sha2-512
    // ssh-rsa
    // ssh-dss

    // ---------------------------
    // SSH Cipher Algorithms
    // ---------------------------
    // chacha20-poly1305@openssh.com
    // aes128-ctr
    // aes256-ctr
    // aes192-ctr
    // aes128-cbc
    // aes256-cbc
    // aes192-cbc
    // aes128-gcm@openssh.com
    // aes256-gcm@openssh.com
    // twofish256-cbc
    // twofish128-cbc
    // blowfish-cbc

    // ---------------------------
    // SSH MAC Algorithms
    // ---------------------------
    // hmac-sha2-256
    // hmac-sha2-512
    // hmac-sha2-256-etm@openssh.com
    // hmac-sha2-512-etm@openssh.com
    // hmac-sha1-etm@openssh.com
    // hmac-sha1
    // hmac-ripemd160
    // hmac-sha1-96
    // hmac-md5

    // Specify the allowed key-exchange, host-key, cipher (i.e. encryption), and mac (i.e. hash) algorithms allowed, in the order of preference.
    // -------------------------------------------------------------------------------------------------------------------------------------------
    // Note: You typically should NOT explicitly set allowed algorithms.
    // By default, Chilkat orders algorithms according to best practices, and pays attention to vulnerabilities such as the "Terrapin Attack".
    // Hard-coding algorthims can make your application brittle and prone to breaking over a long period of time,
    // if a server (at some point in the future) changes its allowed algorithms, or if you connect to a different server,
    // such that the client (Chilkat) and server cannot find a set of mutually agreed-upon algorithms.
    // -------------------------------------------------------------------------------------------------------------------------------------------
    const wchar_t *allowed_kex = L"curve25519-sha256@libssh.org,ecdh-sha2-nistp256";
    const wchar_t *allowed_hostKey = L"ssh-ed25519,ecdsa-sha2-nistp256";
    const wchar_t *allowed_cipher = L"chacha20-poly1305@openssh.com,aes256-ctr";
    const wchar_t *allowed_mac = L"hmac-sha2-256,hmac-sha2-512";

    json.UpdateString(L"kex",allowed_kex);
    json.UpdateString(L"hostKey",allowed_hostKey);
    json.UpdateString(L"cipher",allowed_cipher);
    json.UpdateString(L"mac",allowed_mac);
    sftp.SetAllowedAlgorithms(json);

    int port = 22;
    success = sftp.Connect(L"example.com",port);
    if (success != true) {
        wprintf(L"%s\n",sftp.lastErrorText());
        return;
    }

    wprintf(L"Connected.\n");

    // ....
    // ....
    }