SSH Connection Manager is SSIS Connection Manager for establishing SSH connections. Use the API to build components based on SSH Connection Manager.
The Secure Shell (SSH) Connection implements the following standards:
- SSH Transport Layer Protocol, as described in IETF RFC 4253,
- SSH Authentication protocol, as described in RFC 4252, and
- SSH Connection Protocol as described in RFC 4254.
As a result, it performs the following functionality:
- Authenticates the server for the client
- Authenticates the client for the server
- Multiplexes the encrypted tunnel into several logical channels.
The SSH Connection provides the ability to login securely to a remote server and to use other secure network services over an insecure network. Public/private key encryption is used for the client and server to authenticate each other. A password is used to login to an account on the server.
The secure connection always gets closed at the end of package execution.
Currently, the SSH Connection may be used with the File Transfer Task (for SFTP), the SSH Execute Task, the SCP Task, and the Secure Tunnel Task (this is a script that can be used with Script Task Plus). Other tasks, components, and scripts may be added to this list in the future.
In order to use the SSH Connection, you will need to have access to the encryption key file and the passphrase for it. You’ll also need to have the user name and password, as well as the IP address of the host you are connecting to and the port to use for that connection. The default port is 22 and can be changed to a port of your choosing. Consult with your network and security administrators to obtain the encryption file and other credentials to use for your environment.
The Advanced tab gives you the ability to turn on verbose logging and to select the binary file transfer mode. If you do not select binary file transfer mode, the ASCII file transfer mode will be used by default.
Under the Proxy tab, you may specify all the information necessary for using a proxy server: host IP address, port, user name, password, and proxy type (ie. Tunnel, SOCKS4, SOCKS5).
Use the Server page of the SSH Connection Manager dialog to specify properties for connecting to an SSH-enabled server.
- Test Connection
- Confirm connection manager configuration by clicking Test Connection.
Specify the name or IP address of the SSH server.
Specify the port number on the SSH server to use for the connection. The default value of this property is 22.
Specify user name to access the SSH server.
- This parameter is deprecated since 1.6 SR-3 version.
Specify authentication type. This property has the options listed in the following table.
Value Description By Password User is authenticated with password. Selecting this value displays the dynamic option Password. By Key File User is authenticated with private key file, unlocked with passphrase. Selecting this value displays the dynamic options Key File, Passphrase.
Specify password to access the SSH server. Specify arbitrary value for anonymous account.
Select private key file to access the SSH server.
Specify passphrase to unlock the private key file.
Specify the number of seconds before timing out session connect. The default value of this property is 60 seconds.
Specify if all clients should use the same connection. This property has the options listed in the following table.
Value Description True All clients use same connection. False Every client use different connection (default).This property is not visible in the connection manager dialog.
Use the Advanced page of the SSH Connection Manager dialog to to specify additional properties if your server configuration is different from the default.
Specify verbose log file name for investigating SSH connection issues.
Specify to use binary mode for file transfers.
Specify SSH backend engine in use. This property has the options listed in the following table.
Value Description 1 Use legacy SSH backend engine. 2 Use new 1.5 SSH backend engine (default).This property is not visible in the connection manager dialog.
Specify remote server host fingerprint to verify before authentication.This property is not visible in the connection manager dialog.
Specify to use compression.
Use the Proxy page of the SSH Connection Manager dialog to specify properties if your server is behind firewall.
Specify proxy type. This property has the options listed in the following table.
Value Description None Proxy not specified Tunnel Use tunnel (HTTP) proxy type. SOCKS4 Use SOCKS4 proxy type. SOCKS5 Use SOCKS5 proxy type.
Specify the name or IP address of the proxy server.
Specify the port number on the proxy server to use for the connection. The default value of this property is 80.
Specify user name to access the proxy server.
Specify password to access the proxy server.
- Where can I find the documentation for the SSH Connection?
- Error Message: Please specify server password.
- Error Message: SSH: Negotiation failed. The client and the server have no common encryption algorithm.
- I get "invalid server's version String" error, when trying to connect SFTP server.
- Why do I get the following error when executing a package under Win64?
- Fixed: A regresion with "Access denied" error when trying to upload a file on certain servers (Thank you, Tyler).
- New: Support for file permissions update using File Transfer Task
- New: If key-file authentication fails, the connection will attempt password-only authentication (Thank you, Pavel).
- Fixed: Failed with error "The connection was closed by the server." when transferring large files with certain remote server software.
- New: Modified to permit weaker server RSA keys (512 bits).
- Fixed: Failed with "The server's RSA key (1023 bits) is weaker than expected minimum (1024 bits)." error when connecting to certain servers.
- Fixed: Incomplete file download when file size between 32kb and 49kb and when using SSH-2.0-FileCOPA or Syncplify server software (Thank you Kevin and Greg).
- Fixed: Failed to upload a file to a restricted folder (Thank you, Daniel).
- New: A new parameter Passphrase.
- New: A new parameter ServerFingerprint to verify remote host fingerprint before authentication.
- Fixed: Failed with "Cannot access a disposed object." error when using new backend engine.
- Fixed: Failed with "Bad Message" error when using Serv-U server and Remote parameter contained wildcard.
- Fixed: Disabled zlib compression because of file corruption (Thank you, Dmitry).
- New: A new parameter RetainSameConnection to use same connection in client components.
- Fixed: Failed to connect to servers requiring both key file and password for authentication (Thank you, Jeremy).
- Fixed: When connected to GlobalSCAPE failed with "inputstream is closed" error message, trying to retrieve directory list with more than 250 files.
- New: Included support for keyboard-interactive mode of authentication.
- New: Introduced connection.