ssh2-streams
Advanced tools
The ssh2-streams npm package provides a set of utilities for working with SSH2 protocol streams. It is commonly used for creating and managing SSH connections, executing commands, and transferring files over SFTP.
Creating an SSH Connection
This code demonstrates how to create an SSH connection using the ssh2-streams package. It connects to an SSH server, executes the 'uptime' command, and handles the output and errors.
const { Client } = require('ssh2-streams');
const conn = new Client();
conn.on('ready', () => {
console.log('Client :: ready');
conn.exec('uptime', (err, stream) => {
if (err) throw err;
stream.on('close', (code, signal) => {
console.log('Stream :: close :: code: ' + code + ', signal: ' + signal);
conn.end();
}).on('data', (data) => {
console.log('STDOUT: ' + data);
}).stderr.on('data', (data) => {
console.log('STDERR: ' + data);
});
});
}).connect({
host: '127.0.0.1',
port: 22,
username: 'frylock',
privateKey: require('fs').readFileSync('/here/is/my/key')
});SFTP File Transfer
This code demonstrates how to transfer a file using SFTP with the ssh2-streams package. It connects to an SSH server, initiates an SFTP session, and downloads a file from the remote server to the local machine.
const { Client } = require('ssh2-streams');
const conn = new Client();
conn.on('ready', () => {
console.log('Client :: ready');
conn.sftp((err, sftp) => {
if (err) throw err;
sftp.fastGet('/remote/path/file.txt', '/local/path/file.txt', (err) => {
if (err) throw err;
console.log('File transferred successfully');
conn.end();
});
});
}).connect({
host: '127.0.0.1',
port: 22,
username: 'frylock',
privateKey: require('fs').readFileSync('/here/is/my/key')
});The ssh2 package is a higher-level library built on top of ssh2-streams. It provides a more user-friendly API for managing SSH connections, executing commands, and transferring files. It is more feature-rich and easier to use for most common SSH tasks.
The node-ssh package is another high-level library for SSH connections. It simplifies the process of connecting to SSH servers, executing commands, and transferring files. It is known for its ease of use and good documentation, making it a popular choice for developers.
The simple-ssh package provides a straightforward API for executing commands over SSH. It is designed to be easy to use and is suitable for simple SSH tasks. However, it lacks some of the advanced features and flexibility of ssh2-streams.
SSH2 and SFTP(v3) client/server protocol streams for node.js.
npm install ssh2-streams
require('ssh2-streams').SSH2Stream returns an SSH2Stream constructor.
require('ssh2-streams').SFTPStream returns an SFTPStream constructor.
require('ssh2-streams').utils returns an object of useful utility functions.
require('ssh2-streams').constants returns an object containing useful SSH protocol constants.
Client/Server events
header(< object >headerInfo) - Emitted when the protocol header is seen. headerInfo contains:
greeting - string - (Client-only) An optional greeting message presented by the server.
identRaw - string - The raw identification string sent by the remote party.
versions - object - Contains various information parsed from identRaw:
protocol - string - The protocol version (always 1.99 or 2.0) supported by the remote party.
software - string - The software name used by the remote party.
comments - string - Any additional text that comes after the software name.
GLOBAL_REQUEST(< string >reqName, < boolean >wantReply, < mixed >reqData)
CHANNEL_DATA:<channel>(< Buffer >data)
CHANNEL_EXTENDED_DATA:<channel>(< integer >type, < Buffer >data)
CHANNEL_WINDOW_ADJUST:<channel>(< integer >bytesToAdd)
CHANNEL_SUCCESS:<channel>()
CHANNEL_FAILURE:<channel>()
CHANNEL_EOF:<channel>()
CHANNEL_CLOSE:<channel>()
CHANNEL_OPEN_CONFIRMATION:<channel>(< object >channelInfo) - channelInfo contains:
recipient - integer - The local channel number.
sender - integer - The remote party's channel number.
window - integer - The initial window size for the channel.
packetSize - integer - The maximum packet size for the channel.
CHANNEL_OPEN_FAILURE:<channel>(< object >failInfo) - failInfo contains:
recipient - integer - The local channel number.
reasonCode - integer - The reason code of the failure.
reason - string - A text representation of the reasonCode.
description - string - An optional description of the failure.
DISCONNECT(< string >reason, < integer >reasonCode, < string >description)
DEBUG(< string >message)
NEWKEYS()
REQUEST_SUCCESS([< Buffer >resData])
REQUEST_FAILURE()
Client-only events
fingerprint(< Buffer >hostKey, < function >callback) - This event allows you to verify a host's key. If callback is called with true, the handshake continues. Otherwise a disconnection will occur if callback is called with false. The default behavior is to auto-allow any host key if there are no handlers for this event.
SERVICE_ACCEPT(< string >serviceName)
USERAUTH_PASSWD_CHANGEREQ(< string >message)
USERAUTH_INFO_REQUEST(< string >name, < string >instructions, < string >lang, < array >prompts)
USERAUTH_PK_OK()
USERAUTH_SUCCESS()
USERAUTH_FAILURE(< array >methodsContinue, < boolean >partialSuccess)
USERAUTH_BANNER(< string >message)
CHANNEL_OPEN(< object >channelInfo) - channelInfo contains:
type - string - The channel type (e.g. x11, forwarded-tcpip).
sender - integer - The remote party's channel number.
window - integer - The initial window size for the channel.
packetSize - integer - The maximum packet size for the channel.
data - object - The properties available depend on type:
x11:
srcIP - string - Source IP address of X11 connection request.
srcPort - string - Source port of X11 connection request.
forwarded-tcpip:
srcIP - string - Source IP address of incoming connection.
srcPort - string - Source port of incoming connection.
destIP - string - Destination IP address of incoming connection.
destPort - string - Destination port of incoming connection.
forwarded-streamlocal@openssh.com:
auth-agent@openssh.com has no extra data.
CHANNEL_REQUEST:<channel>(< object >reqInfo) - reqInfo properties depend on reqInfo.request:
exit-status:
exit-signal:
signal - string - The signal name.
coredump - boolean - Was the exit the result of a core dump?
description - string - An optional error message.
Server-only events
SERVICE_REQUEST(< string >serviceName)
USERAUTH_REQUEST(< string >username, < string >serviceName, < string >authMethod, < mixed >authMethodData) - authMethodData depends on authMethod:
For password, it's a string containing the password.
For publickey, it's an object containing:
keyAlgo - string - The public key algorithm.
key - Buffer - The public key data.
signature - mixed - If set, it is a Buffer containing the signature to be verified.
blob - mixed - If set, it is a Buffer containing the data to sign. The resulting signature is what is compared to signature.
For hostbased, it's an object including the properties from publickey but also:
localHostname - string - The client's hostname to be verified.
localUsername - string - The client's (local) username to be verified.
USERAUTH_INFO_RESPONSE(< array >responses)
GLOBAL_REQUEST(< string >reqName, < boolean >wantReply, < mixed >reqData) - reqData depends on reqName:
For tcpip-forward/cancel-tcpip-forward, it's an object containing:
bindAddr - string - The IP address to start/stop binding to.
bindPort - string - The port to start/stop binding to.
For streamlocal-forward@openssh.com/cancel-streamlocal-forward@openssh.com, it's an object containing:
For no-more-sessions@openssh.com, there is no reqData.
For any other requests, it's a Buffer containing raw request-specific data if there is any extra data.
CHANNEL_OPEN(< object >channelInfo) - channelInfo contains:
type - string - The channel type (e.g. session, direct-tcpip).
sender - integer - The remote party's channel number.
window - integer - The initial window size for the channel.
packetSize - integer - The maximum packet size for the channel.
data - object - The properties available depend on type:
direct-tcpip:
srcIP - string - Source IP address of outgoing connection.
srcPort - string - Source port of outgoing connection.
destIP - string - Destination IP address of outgoing connection.
destPort - string - Destination port of outgoing connection.
direct-streamlocal@openssh.com:
session has no extra data.
CHANNEL_REQUEST:<channel>(< object >reqInfo) - reqInfo properties depend on reqInfo.request:
pty-req:
wantReply - boolean - The client is requesting a response to this request.
term - string - The terminal type name.
cols - integer - The number of columns.
rows - integer - The number of rows.
width - integer - The width in pixels.
height - integer - The height in pixels.
modes - object - The terminal modes.
window-change:
cols - integer - The number of columns.
rows - integer - The number of rows.
width - integer - The width in pixels.
height - integer - The height in pixels.
x11-req:
wantReply - boolean - The client is requesting a response to this request.
single - boolean - Whether only a single X11 connection should be allowed.
protocol - string - The X11 authentication protocol to be used.
cookie - string - The hex-encoded X11 authentication cookie.
screen - integer - The screen number for incoming X11 connections.
env:
wantReply - boolean - The client is requesting a response to this request.
key - string - The environment variable name.
val - string - The environment variable value.
shell:
exec:
wantReply - boolean - The client is requesting a response to this request.
command - string - The command to be executed.
subsystem:
wantReply - boolean - The client is requesting a response to this request.
subsystem - string - The name of the subsystem.
signal:
SIG).xon-xoff:
auth-agent-req@openssh.com has no reqInfo.
bytesSent - integer - The number of bytes sent since the last keying. This metric can be useful in determining when to call rekey().
bytesReceived - integer - The number of bytes received since the last keying. This metric can be useful in determining when to call rekey().
(constructor)(< object >config) - Creates and returns a new SSH2Stream instance. SSH2Stream instances are Duplex streams. config can contain:
server - boolean - Set to true to create an instance in server mode. Default: false
hostKeys - object - If in server mode, an object keyed on host key format (see supported serverHostKey values in algorithms option below) with values being (decrypted) _Buffer_s or _string_s that contain PEM-encoded (OpenSSH format) host private key(s). Default: (none)
greeting - string - If in server mode, an optional message to send to the user immediately upon connection, before the handshake. Note: Most clients usually ignore this. Default: (none)
banner - string - If in server mode, an optional message to send to the user once, right before authentication begins. Default: (none)
ident - string - A custom software name/version identifier. Default: 'ssh2js' + moduleVersion + 'srv' (server mode) 'ssh2js' + moduleVersion (client mode)
maxPacketSize - string - This is the maximum packet size that will be accepted. It should be 35000 bytes or larger to be compatible with other SSH2 implementations. Default: 35000
highWaterMark - integer - This is the highWaterMark to use for the stream. Default: 32 * 1024
algorithms - object - This option allows you to explicitly override the default transport layer algorithms used for the connection. Each value must be an array of valid algorithms for that category. The order of the algorithms in the arrays are important, with the most favorable being first. Valid keys:
kex - array - Key exchange algorithms.
Default values:
Supported values:
cipher - array - Ciphers.
Default values:
Supported values:
serverHostKey - array - Server host key formats. In server mode, this list must agree with the host private keys set in the hostKeys config setting.
Default values:
Supported values:
hmac - array - (H)MAC algorithms.
Default values:
Supported values:
compress - array - Compression algorithms.
Default values:
Supported values:
debug - function - Set this to a function that receives a single string argument to get detailed (local) debug information. Default: (none)
Client/Server methods
ping() - boolean - Writes a dummy GLOBAL_REQUEST packet (specifically "keepalive@openssh.com") that requests a reply. Returns false if you should wait for the continue event before sending any more traffic.
disconnect([< integer >reasonCode]) - boolean - Writes a disconnect packet and closes the stream. Returns false if you should wait for the continue event before sending any more traffic.
rekey() - boolean - Starts the re-keying process. Incoming/Outgoing packets are buffered until the re-keying process has finished. Returns false to indicate that no more packets should be written until the NEWKEYS event is seen.
requestSuccess([< Buffer >data]) - boolean - Writes a request success packet. Returns false if you should wait for the continue event before sending any more traffic.
requestFailure() - boolean - Writes a request failure packet. Returns false if you should wait for the continue event before sending any more traffic.
channelSuccess() - boolean - Writes a channel success packet. Returns false if you should wait for the continue event before sending any more traffic.
channelFailure() - boolean - Writes a channel failure packet. Returns false if you should wait for the continue event before sending any more traffic.
channelEOF(< integer >channel) - boolean - Writes a channel EOF packet for the given channel. Returns false if you should wait for the continue event before sending any more traffic.
channelClose(< integer >channel) - boolean - Writes a channel close packet for the given channel. Returns false if you should wait for the continue event before sending any more traffic.
channelWindowAdjust(< integer >channel, < integer >amount) - boolean - Writes a channel window adjust packet for the given channel where amount is the number of bytes to add to the channel window. Returns false if you should wait for the continue event before sending any more traffic.
channelData(< integer >channel, < mixed >data) - boolean - Writes a channel data packet for the given channel where data is a Buffer or string. Returns false if you should wait for the continue event before sending any more traffic.
channelExtData(< integer >channel, < mixed >data, < integer >type) - boolean - Writes a channel extended data packet for the given channel where data is a _Buffer_ or _string_. Returns falseif you should wait for thecontinue` event before sending any more traffic.
channelOpenConfirm(< integer >remoteChannel, < integer >localChannel, < integer >initWindow, < integer >maxPacket) - boolean - Writes a channel open confirmation packet. Returns false if you should wait for the continue event before sending any more traffic.
channelOpenFail(< integer >remoteChannel, < integer >reasonCode[, < string >description]) - boolean - Writes a channel open failure packet. Returns false if you should wait for the continue event before sending any more traffic.
Client-only methods
service(< string >serviceName) - boolean - Writes a service request packet for serviceName. Returns false if you should wait for the continue event before sending any more traffic.
tcpipForward(< string >bindAddr, < integer >bindPort[, < boolean >wantReply]) - boolean - Writes a tcpip forward global request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
cancelTcpipForward(< string >bindAddr, < integer >bindPort[, < boolean >wantReply]) - boolean - Writes a cancel tcpip forward global request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
authPassword(< string >username, < string >password) - boolean - Writes a password userauth request packet. Returns false if you should wait for the continue event before sending any more traffic.
authPK(< string >username, < object >pubKey[, < function >cbSign]) - boolean - Writes a publickey userauth request packet. pubKey is the object returned from using utils.parseKey() on a private or public key. If cbSign is not present, a pubkey check userauth packet is written. Otherwise cbSign is called with (blob, callback), where blob is the data to sign with the private key and the resulting signature Buffer is passed to callback as the first argument. Returns false if you should wait for the continue event before sending any more traffic.
authHostbased(< string >username, < object >pubKey, < string >localHostname, < string >localUsername, < function >cbSign) - boolean - Writes a hostbased userauth request packet. pubKey is the object returned from using utils.parseKey() on a private or public key. cbSign is called with (blob, callback), where blob is the data to sign with the private key and the resulting signature Buffer is passed to callback as the first argument. Returns false if you should wait for the continue event before sending any more traffic.
authKeyboard(< string >username) - boolean - Writes a keyboard-interactive userauth request packet. Returns false if you should wait for the continue event before sending any more traffic.
authNone(< string >username) - boolean - Writes a "none" userauth request packet. Returns false if you should wait for the continue event before sending any more traffic.
authInfoRes(< array >responses) - boolean - Writes a userauth info response packet. responses is an array of zero or more strings corresponding to responses to prompts previously sent by the server. Returns false if you should wait for the continue event before sending any more traffic.
directTcpip(< integer >channel, < integer >initWindow, < integer >maxPacket, < object >config) - boolean - Writes a direct tcpip channel open packet. config must contain srcIP, srcPort, dstIP, and dstPort. Returns false if you should wait for the continue event before sending any more traffic.
session(< integer >channel, < integer >initWindow, < integer >maxPacket) - boolean - Writes a session channel open packet. Returns false if you should wait for the continue event before sending any more traffic.
openssh_agentForward(< integer >channel[, < boolean >wantReply]) - boolean - Writes an auth-agent-req@openssh.com channel request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
windowChange(< integer >channel, < integer >rows, < integer >cols, < integer >height, < integer >width) - boolean - Writes a window change channel request packet. Returns false if you should wait for the continue event before sending any more traffic.
pty(< integer >channel, < integer >rows, < integer >cols, < integer >height, < integer >width, < string >terminalType, < mixed >terminalModes[, < boolean >wantReply]) - boolean - Writes a pty channel request packet. If terminalType is falsey, vt100 is used. terminalModes can be the raw bytes, an object of the terminal modes to set, or a falsey value for no modes. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
env(< integer >channel, < string >key, < mixed >value[, < boolean >wantReply]) - boolean - Writes an env channel request packet. value can be a string or Buffer. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
shell(< integer >channel[, < boolean >wantReply]) - boolean - Writes a shell channel request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
exec(< integer >channel, < string >command[, < boolean >wantReply]) - boolean - Writes an exec channel request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
signal(< integer >channel, < string >signalName) - boolean - Writes a signal channel request packet. Returns false if you should wait for the continue event before sending any more traffic.
x11Forward(< integer >channel, < object >config[, < boolean >wantReply]) - boolean - Writes an X11 forward channel request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic. config can contain:
single - boolean - true if only a single connection should be forwarded.
protocol - string - The name of the X11 authentication method used (e.g. MIT-MAGIC-COOKIE-1).
cookie - string - The X11 authentication cookie encoded in hexadecimal.
screen - integer - The screen number to forward X11 connections for.
subsystem(< integer >channel, < string >name[, < boolean >wantReply]) - boolean - Writes a subsystem channel request packet. name is the name of the subsystem (e.g. sftp or netconf). wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
openssh_noMoreSessions([< boolean >wantReply]) - boolean - Writes a no-more-sessions@openssh.com request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
openssh_streamLocalForward(< string >socketPath[, < boolean >wantReply]) - boolean - Writes a streamlocal-forward@openssh.com request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
openssh_cancelStreamLocalForward(< string >socketPath[, < boolean >wantReply]) - boolean - Writes a cancel-streamlocal-forward@openssh.com request packet. wantReply defaults to true. Returns false if you should wait for the continue event before sending any more traffic.
openssh_directStreamLocal(< integer >channel, < integer >initWindow, < integer >maxPacket, < object >config) - boolean - Writes a direct-streamlocal@openssh.com channel open packet. config must contain socketPath. Returns false if you should wait for the continue event before sending any more traffic.
Server-only methods
serviceAccept(< string >serviceName) - boolean - Writes a service accept packet. Returns false if you should wait for the continue event before sending any more traffic.
authFailure([< array >authMethods[, < boolean >partialSuccess]]) - boolean - Writes a userauth failure packet. authMethods is an array of authentication methods that can continue. Returns false if you should wait for the continue event before sending any more traffic.
authSuccess() - boolean - Writes a userauth success packet. Returns false if you should wait for the continue event before sending any more traffic.
authPKOK(< string >keyAlgorithm, < Buffer >keyData) - boolean - Writes a userauth PK OK packet. Returns false if you should wait for the continue event before sending any more traffic.
authInfoReq(< string >name, < string >instructions, < array >prompts) - boolean - Writes a userauth info request packet. prompts is an array of { prompt: 'Prompt text', echo: true } objects (prompt being the prompt text and echo indicating whether the client's response to the prompt should be echoed to their display). Returns false if you should wait for the continue event before sending any more traffic.
forwardedTcpip(< integer >channel, < integer >initWindow, < integer >maxPacket, < object >info) - boolean - Writes a forwarded tcpip channel open packet. info must contain boundAddr, boundPort, remoteAddr, and remotePort. Returns false if you should wait for the continue event before sending any more traffic.
x11(< integer >channel, < integer >initWindow, < integer >maxPacket, < object >info) - boolean - Writes an X11 channel open packet. info must contain originAddr and originPort. Returns false if you should wait for the continue event before sending any more traffic.
openssh_authAgent(< integer >channel, < integer >initWindow, < integer >maxPacket) - boolean - Writes an auth-agent@openssh.com channel open packet. Returns false if you should wait for the continue event before sending any more traffic.
openssh_forwardedStreamLocal(< integer >channel, < integer >initWindow, < integer >maxPacket, < object >info) - boolean - Writes an forwarded-streamlocal@openssh.com channel open packet. info must contain socketPath. Returns false if you should wait for the continue event before sending any more traffic.
exitStatus(< integer >channel, < integer >exitCode) - boolean - Writes an exit status channel request packet. Returns false if you should wait for the continue event before sending any more traffic.
exitSignal(< integer >channel, < string >signalName, < boolean >coreDumped, < string >errorMessage) - boolean - Writes an exit signal channel request packet. Returns false if you should wait for the continue event before sending any more traffic.
parseKey(< mixed >keyData[, < string >passphrase]) - mixed - Parses a private/public key in OpenSSH, RFC4716, or PPK format. For encrypted private keys, the key will be decrypted with the given passphrase. The returned value will be an array of objects (currently in the case of modern OpenSSH keys) or an object with these properties and methods:
type - string - The full key type (e.g. 'ssh-rsa')
comment - string - The comment for the key
getPrivatePEM() - string - This returns the PEM version of a private key
getPublicPEM() - string - This returns the PEM version of a public key (for either public key or derived from a private key)
getPublicSSH() - string - This returns the SSH version of a public key (for either public key or derived from a private key)
sign(< mixed >data) - mixed - This signs the given data using this key and returns a Buffer containing the signature on success. On failure, an Error will be returned. data can be anything accepted by node's sign.update().
verify(< mixed >data, < Buffer >signature) - mixed - This verifies a signature of the given data using this key and returns true if the signature could be verified. On failure, either false will be returned or an Error will be returned upon a more critical failure. data can be anything accepted by node's verify.update().
FAQs
SSH2 and SFTP(v3) client/server protocol streams for node.js
The npm package ssh2-streams receives a total of 1,215,038 weekly downloads. As such, ssh2-streams popularity was classified as popular.
We found that ssh2-streams demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.