Skip to content

minesworld/ssh2-streams

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

203 Commits
lib
lib
 
 
test
test
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SFTPStream.md
SFTPStream.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

Description

SSH2 and SFTP(v3) client/server protocol streams for node.js.

Requirements

Install

npm install ssh2-streams

API

require('ssh2').SSH2Stream returns an SSH2Stream constructor.

require('ssh2').SFTPStream returns an SFTPStream constructor.

require('ssh2').utils returns an object of useful utility functions.

require('ssh2').constants returns an object containing useful SSH protocol constants.

SSH2Stream events

Client/Server events

  • header(< object >headerInfo) - Emitted when the protocol header is seen. headerInfo contains:

    • greeting - string - (Client-only) An optional greeting message presented by the server.

    • identRaw - string - The raw identification string sent by the remote party.

    • versions - object - Contains various information parsed from identRaw:

      • protocol - string - The protocol version (always 1.99 or 2.0) supported by the remote party.

      • software - string - The software name used by the remote party.

    • comments - string - Any additional text that comes after the software name.

  • GLOBAL_REQUEST(< string >reqName, < boolean >wantReply, < mixed >reqData)

  • CHANNEL_DATA:<channel>(< Buffer >data)

  • CHANNEL_EXTENDED_DATA:<channel>(< integer >type, < Buffer >data)

  • CHANNEL_WINDOW_ADJUST:<channel>(< integer >bytesToAdd)

  • CHANNEL_SUCCESS:<channel>()

  • CHANNEL_FAILURE:<channel>()

  • CHANNEL_EOF:<channel>()

  • CHANNEL_CLOSE:<channel>()

  • CHANNEL_OPEN_CONFIRMATION:<channel>(< object >channelInfo) - channelInfo contains:

    • recipient - integer - The local channel number.

    • sender - integer - The remote party's channel number.

    • window - integer - The initial window size for the channel.

    • packetSize - integer - The maximum packet size for the channel.

  • CHANNEL_OPEN_FAILURE:<channel>(< object >failInfo) - failInfo contains:

    • recipient - integer - The local channel number.

    • reasonCode - integer - The reason code of the failure.

    • reason - string - A text representation of the reasonCode.

    • description - string - An optional description of the failure.

  • DISCONNECT(< string >reason, < integer >reasonCode, < string >description)

  • DEBUG(< string >message)

  • NEWKEYS()

  • REQUEST_SUCCESS([< Buffer >resData])

  • REQUEST_FAILURE()

Client-only events

  • fingerprint(< Buffer >hostKey, < function >callback) - This event allows you to (synchronously) verify a host's key. If callback is called with any value other than undefined or true, a disconnection will occur. The default behavior is to auto-allow any host key.

  • SERVICE_ACCEPT(< string >serviceName)

  • USERAUTH_PASSWD_CHANGEREQ(< string >message)

  • USERAUTH_INFO_REQUEST(< string >name, < string >instructions, < string >lang, < array >prompts)

  • USERAUTH_PK_OK()

  • USERAUTH_SUCCESS()

  • USERAUTH_FAILURE(< array >methodsContinue, < boolean >partialSuccess)

  • USERAUTH_BANNER(< string >message)

  • CHANNEL_OPEN(< object >channelInfo) - channelInfo contains:

    • type - string - The channel type (e.g. x11, forwarded-tcpip).

    • sender - integer - The remote party's channel number.

    • window - integer - The initial window size for the channel.

    • packetSize - integer - The maximum packet size for the channel.

    • data - object - The properties available depend on type:

      • x11:

        • srcIP - string - Source IP address of X11 connection request.

        • srcPort - string - Source port of X11 connection request.

      • forwarded-tcpip:

        • srcIP - string - Source IP address of incoming connection.

        • srcPort - string - Source port of incoming connection.

        • destIP - string - Destination IP address of incoming connection.

        • destPort - string - Destination port of incoming connection.

      • [email protected]:

        • socketPath - string - Source socket path of incoming connection.

      • [email protected] has no extra data.

  • CHANNEL_REQUEST:<channel>(< object >reqInfo) - reqInfo properties depend on reqInfo.request:

    • exit-status:

      • code - integer - The exit status code of the remote process.

    • exit-signal:

      • signal - string - The signal name.

      • coredump - boolean - Was the exit the result of a core dump?

      • description - string - An optional error message.

Server-only events

  • SERVICE_REQUEST(< string >serviceName)

  • USERAUTH_REQUEST(< string >username, < string >serviceName, < string >authMethod, < mixed >authMethodData) - authMethodData depends on authMethod:

    • For password, it's a string containing the password.

    • For publickey, it's an object containing:

      • keyAlgo - string - The public key algorithm.

      • key - Buffer - The public key data.

      • signature - mixed - If set, it is a Buffer containing the signature to be verified.

      • blob - mixed - If set, it is a Buffer containing the data to sign. The resulting signature is what is compared to signature.

    • For hostbased, it's an object including the properties from publickey but also:

      • localHostname - string - The client's hostname to be verified.

      • localUsername - string - The client's (local) username to be verified.

  • USERAUTH_INFO_RESPONSE(< array >responses)

  • GLOBAL_REQUEST(< string >reqName, < boolean >wantReply, < mixed >reqData) - reqData depends on reqName:

    • For tcpip-forward/cancel-tcpip-forward, it's an object containing:

      • bindAddr - string - The IP address to start/stop binding to.

      • bindPort - string - The port to start/stop binding to.

    • For [email protected]/[email protected], it's an object containing:

      • socketPath - string - The socket path to start/stop listening on.

    • For [email protected], there is no reqData.

    • For any other requests, it's a Buffer containing raw request-specific data if there is any extra data.

  • CHANNEL_OPEN(< object >channelInfo) - channelInfo contains:

    • type - string - The channel type (e.g. session, direct-tcpip).

    • sender - integer - The remote party's channel number.

    • window - integer - The initial window size for the channel.

    • packetSize - integer - The maximum packet size for the channel.

    • data - object - The properties available depend on type:

      • direct-tcpip:

        • srcIP - string - Source IP address of outgoing connection.

        • srcPort - string - Source port of outgoing connection.

        • destIP - string - Destination IP address of outgoing connection.

        • destPort - string - Destination port of outgoing connection.

      • [email protected]:

        • socketPath - string - Destination socket path of outgoing connection.

      • session has no extra data.

  • CHANNEL_REQUEST:<channel>(< object >reqInfo) - reqInfo properties depend on reqInfo.request:

    • pty-req:

      • wantReply - boolean - The client is requesting a response to this request.

      • term - string - The terminal type name.

      • cols - integer - The number of columns.

      • rows - integer - The number of rows.

      • width - integer - The width in pixels.

      • height - integer - The height in pixels.

      • modes - object - The terminal modes.

    • window-change:

      • cols - integer - The number of columns.

      • rows - integer - The number of rows.

      • width - integer - The width in pixels.

      • height - integer - The height in pixels.

    • x11-req:

      • wantReply - boolean - The client is requesting a response to this request.

      • single - boolean - Whether only a single X11 connection should be allowed.

      • protocol - string - The X11 authentication protocol to be used.

      • cookie - string - The hex-encoded X11 authentication cookie.

      • screen - integer - The screen number for incoming X11 connections.

    • env:

      • wantReply - boolean - The client is requesting a response to this request.

      • key - string - The environment variable name.

      • val - string - The environment variable value.

    • shell:

      • wantReply - boolean - The client is requesting a response to this request.

    • exec:

      • wantReply - boolean - The client is requesting a response to this request.

      • command - string - The command to be executed.

    • subsystem:

      • wantReply - boolean - The client is requesting a response to this request.

      • subsystem - string - The name of the subsystem.

    • signal:

      • signal - string - The signal name (prefixed with SIG).

    • xon-xoff:

      • clientControl - boolean - Client can/can't perform flow control (control-S/control-Q processing).

    • [email protected] has no reqInfo.

SSH2Stream properties

  • bytesSent - integer - The number of bytes sent since the last keying. This metric can be useful in determining when to call rekey().

  • bytesReceived - integer - The number of bytes received since the last keying. This metric can be useful in determining when to call rekey().

SSH2Stream methods

  • (constructor)(< object >config) - Creates and returns a new SSH2Stream instance. SSH2Stream instances are Duplex streams. config can contain:

    • server - boolean - Set to true to create an instance in server mode. Default: false

    • privateKey - mixed - If in server mode, a Buffer or string that contains the required host private key (OpenSSH format). Default: (none)

    • passphrase - string - For an encrypted host private key, this is the passphrase used to decrypt it. Default: (none)

    • banner - string - If in server mode, an optional message to send to the user immediately upon connection, before the handshake. Default: (none)

    • ident - string - A custom software name/version identifier. Default: 'ssh2js' + moduleVersion + 'srv' (server mode) 'ssh2js' + moduleVersion (client mode)

    • maxPacketSize - string - This is the maximum packet size that will be accepted. It should be 35000 bytes or larger to be compatible with other SSH2 implementations. Default: 35000

    • highWaterMark - integer - This is the highWaterMark to use for the stream. Default: 32 * 1024

    • debug - function - Set this to a function that receives a single string argument to get detailed (local) debug information. Default: (none)

Client/Server methods

  • ping() - boolean - Writes a dummy GLOBAL_REQUEST packet (specifically "[email protected]") that requests a reply. Returns false if you should wait for the continue event before sending any more traffic.

  • disconnect([< integer >reasonCode]) - boolean - Writes a disconnect packet and closes the stream. Returns false if you should wait for the continue event before sending any more traffic.

  • rekey() - boolean - Starts the re-keying process. Incoming/Outgoing packets are buffered until the re-keying process has finished. Returns false to indicate that no more packets should be written until the NEWKEYS event is seen.

  • requestSuccess([< Buffer >data]) - boolean - Writes a request success packet. Returns false if you should wait for the continue event before sending any more traffic.

  • requestFailure() - boolean - Writes a request failure packet. Returns false if you should wait for the continue event before sending any more traffic.

  • channelSuccess() - boolean - Writes a channel success packet. Returns false if you should wait for the continue event before sending any more traffic.

  • channelFailure() - boolean - Writes a channel failure packet. Returns false if you should wait for the continue event before sending any more traffic.

  • channelEOF(< integer >channel) - boolean - Writes a channel EOF packet for the given channel. Returns false if you should wait for the continue event before sending any more traffic.

  • channelClose(< integer >channel) - boolean - Writes a channel close packet for the given channel. Returns false if you should wait for the continue event before sending any more traffic.

  • channelWindowAdjust(< integer >channel, < integer >amount) - boolean - Writes a channel window adjust packet for the given channel where amount is the number of bytes to add to the channel window. Returns false if you should wait for the continue event before sending any more traffic.

  • channelData(< integer >channel, < mixed >data) - boolean - Writes a channel data packet for the given channel where data is a Buffer or string. Returns false if you should wait for the continue event before sending any more traffic.

  • channelExtData(< integer >channel, < mixed >data, < integer >type) - boolean - Writes a channel extended data packet for the given channel where data is a _Buffer_ or _string_. Returns falseif you should wait for thecontinue` event before sending any more traffic.

  • channelOpenConfirm(< integer >remoteChannel, < integer >localChannel, < integer >initWindow, < integer >maxPacket) - boolean - Writes a channel open confirmation packet. Returns false if you should wait for the continue event before sending any more traffic.

  • channelOpenFail(< integer >remoteChannel, < integer >reasonCode[, < string >description]) - boolean - Writes a channel open failure packet. Returns false if you should wait for the continue event before sending any more traffic.

Client-only methods

  • service(< string >serviceName) - boolean - Writes a service request packet for serviceName. Returns false if you should wait for the continue event before sending any more traffic.

  • tcpipForward(< string >bindAddr, < integer >bindPort[, < boolean >wantReply]) - boolean - Writes a tcpip forward global request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • cancelTcpipForward(< string >bindAddr, < integer >bindPort[, < boolean >wantReply]) - boolean - Writes a cancel tcpip forward global request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • authPassword(< string >username, < string >password) - boolean - Writes a password userauth request packet. Returns false if you should wait for the continue event before sending any more traffic.

  • authPK(< string >username, < object >pubKey[, < function >cbSign]) - boolean - Writes a publickey userauth request packet. pubKey is the object returned from using utils.parseKey() on a private or public key. If cbSign is not present, a pubkey check userauth packet is written. Otherwise cbSign is called with (blob, callback), where blob is the data to sign with the private key and the resulting signature Buffer is passed to callback as the first argument. Returns false if you should wait for the continue event before sending any more traffic.

  • authHostbased(< string >username, < object >pubKey, < string >localHostname, < string >localUsername, < function >cbSign) - boolean - Writes a hostbased userauth request packet. pubKey is the object returned from using utils.parseKey() on a private or public key. cbSign is called with (blob, callback), where blob is the data to sign with the private key and the resulting signature Buffer is passed to callback as the first argument. Returns false if you should wait for the continue event before sending any more traffic.

  • authKeyboard(< string >username) - boolean - Writes a keyboard-interactive userauth request packet. Returns false if you should wait for the continue event before sending any more traffic.

  • authNone(< string >username) - boolean - Writes a "none" userauth request packet. Returns false if you should wait for the continue event before sending any more traffic.

  • authInfoRes(< array >responses) - boolean - Writes a userauth info response packet. responses is an array of zero or more strings corresponding to responses to prompts previously sent by the server. Returns false if you should wait for the continue event before sending any more traffic.

  • directTcpip(< integer >channel, < integer >initWindow, < integer >maxPacket, < object >config) - boolean - Writes a direct tcpip channel open packet. config must contain srcIP, srcPort, dstIP, and dstPort. Returns false if you should wait for the continue event before sending any more traffic.

  • session(< integer >channel, < integer >initWindow, < integer >maxPacket) - boolean - Writes a session channel open packet. Returns false if you should wait for the continue event before sending any more traffic.

  • openssh_agentForward(< integer >channel[, < boolean >wantReply]) - boolean - Writes an [email protected] channel request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • windowChange(< integer >channel, < integer >rows, < integer >cols, < integer >height, < integer >width) - boolean - Writes a window change channel request packet. Returns false if you should wait for the continue event before sending any more traffic.

  • pty(< integer >channel, < integer >rows, < integer >cols, < integer >height, < integer >width, < string >terminalType, < mixed >terminalModes[, < boolean >wantReply]) - boolean - Writes a pty channel request packet. If terminalType is falsey, vt100 is used. terminalModes can be the raw bytes, an object of the terminal modes to set, or a falsey value for no modes. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • env(< integer >channel, < string >key, < mixed >value[, < boolean >wantReply]) - boolean - Writes an env channel request packet. value can be a string or Buffer. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • shell(< integer >channel[, < boolean >wantReply]) - boolean - Writes a shell channel request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • exec(< integer >channel, < string >command[, < boolean >wantReply]) - boolean - Writes an exec channel request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • signal(< integer >channel, < string >signalName) - boolean - Writes a signal channel request packet. Returns false if you should wait for the continue event before sending any more traffic.

  • x11Forward(< integer >channel, < object >config[, < boolean >wantReply]) - boolean - Writes an X11 forward channel request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic. config can contain:

    • single - boolean - true if only a single connection should be forwarded.

    • protocol - string - The name of the X11 authentication method used (e.g. MIT-MAGIC-COOKIE-1).

    • cookie - string - The X11 authentication cookie encoded in hexadecimal.

    • screen - integer - The screen number to forward X11 connections for.

  • subsystem(< integer >channel, < string >name[, < boolean >wantReply]) - boolean - Writes a subsystem channel request packet. name is the name of the subsystem (e.g. sftp or netconf). wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • openssh_noMoreSessions([< boolean >wantReply]) - boolean - Writes a [email protected] request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • openssh_streamLocalForward(< string >socketPath[, < boolean >wantReply]) - boolean - Writes a [email protected] request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • openssh_cancelStreamLocalForward(< string >socketPath[, < boolean >wantReply]) - boolean - Writes a [email protected] request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.

  • openssh_directStreamLocal(< integer >channel, < integer >initWindow, < integer >maxPacket, < object >config) - boolean - Writes a [email protected] channel open packet. config must contain socketPath. Returns false if you should wait for the continue event before sending any more traffic.

Server-only methods

  • serviceAccept(< string >serviceName) - boolean - Writes a service accept packet. Returns false if you should wait for the continue event before sending any more traffic.

  • authFailure([< array >authMethods[, < boolean >partialSuccess]]) - boolean - Writes a userauth failure packet. authMethods is an array of authentication methods that can continue. Returns false if you should wait for the continue event before sending any more traffic.

  • authSuccess() - boolean - Writes a userauth success packet. Returns false if you should wait for the continue event before sending any more traffic.

  • authPKOK(< string >keyAlgorithm, < Buffer >keyData) - boolean - Writes a userauth PK OK packet. Returns false if you should wait for the continue event before sending any more traffic.

  • authInfoReq(< string >name, < string >instructions, < array >prompts) - boolean - Writes a userauth info request packet. prompts is an array of { prompt: 'Prompt text', echo: true } objects (prompt being the prompt text and echo indicating whether the client's response to the prompt should be echoed to their display). Returns false if you should wait for the continue event before sending any more traffic.

  • forwardedTcpip(< integer >channel, < integer >initWindow, < integer >maxPacket, < object >info) - boolean - Writes a forwarded tcpip channel open packet. info must contain boundAddr, boundPort, remoteAddr, and remotePort. Returns false if you should wait for the continue event before sending any more traffic.

  • x11(< integer >channel, < integer >initWindow, < integer >maxPacket, < object >info) - boolean - Writes an X11 channel open packet. info must contain originAddr and originPort. Returns false if you should wait for the continue event before sending any more traffic.

  • openssh_forwardedStreamLocal(< integer >channel, < integer >initWindow, < integer >maxPacket, < object >info) - boolean - Writes an [email protected] channel open packet. info must contain socketPath. Returns false if you should wait for the continue event before sending any more traffic.

  • exitStatus(< integer >channel, < integer >exitCode) - boolean - Writes an exit status channel request packet. Returns false if you should wait for the continue event before sending any more traffic.

  • exitSignal(< integer >channel, < string >signalName, < boolean >coreDumped, < string >errorMessage) - boolean - Writes an exit signal channel request packet. Returns false if you should wait for the continue event before sending any more traffic.

Utility methods

  • parseKey(< mixed >keyData) - object - Parses a private/public key in OpenSSH and RFC4716 formats.

  • decryptKey(< object >privKeyInfo, < string >passphrase) - (void) - Takes a private key parsed with parseKey() and decrypts it with passphrase. The decrypted key data overwrites the original encrypted copy.

  • genPublicKey(< object >privKeyInfo) - object - Takes a private key parsed with parseKey() and generates the associated public key and returns the public key information in the same format as parseKey().

About

SSH2 and SFTP client/server protocol streams for node.js

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

18 tags

Packages

No packages published

Languages

  • JavaScript 100.0%