Objective-C
SSHKit ships a parallel Objective-C façade (SSHKitObjC) covering connection, command, shell, SFTP, tunneling, and forwarding. A few Swift-only conveniences — the SCP helpers, the keychain credential store, key generation wrappers, the algorithm-profile struct, and the latency probe — do not have direct Obj-C counterparts and are listed at the bottom of this page. Import the umbrella header:
#import <SSHKitObjC/SSHKitObjC.h>
Canonical example
SSHKitConfiguration *configuration =
[[SSHKitConfiguration alloc] initWithHost:@"example.com"
username:@"deploy"];
configuration.authentication = [SSHKitAuthentication password:@"secret"];
// Use a known_hosts file on first connection; switch to a populated
// keychain trust store after you have stored the server's fingerprint.
configuration.hostKeyPolicy =
[SSHKitHostKeyPolicy knownHostsFile:[@"~/.ssh/known_hosts" stringByExpandingTildeInPath]];
[SSHKitClient connectWithConfiguration:configuration
completion:^(SSHKitConnection *connection, NSError *error) {
if (error != nil) {
NSLog(@"connect failed: %@", error);
return;
}
[connection executeCommand:@"uname -a"
completion:^(SSHKitCommandResult *result, NSError *error) {
if (error != nil) {
NSLog(@"execute failed: %@", error);
return;
}
NSString *stdout = [[NSString alloc] initWithData:result.standardOutput
encoding:NSUTF8StringEncoding];
NSLog(@"%@ (exit %d)", stdout, result.exitStatus);
[connection disconnectWithCompletion:^(NSError *error) {}];
}];
}];
Class & type inventory
Entry & configuration
| Type | Header | Purpose |
|---|
SSHKitClient | SSHKitClient.h | Connect + auth-method discovery class methods. |
SSHKitConfiguration | SSHKitConfiguration.h | Connection settings (auth, host trust, proxy, algorithms, logging). |
SSHKitAuthentication | SSHKitConfiguration.h | Auth method wrapper with +password:, +privateKeyFileAtPath:passphrase:, +keyboardInteractiveWithResponder:, +agent, +agentWithSocketPath:. |
SSHKitAuthenticationKind | SSHKitConfiguration.h | NS_ENUM: password / privateKeyFile / keyboardInteractive / agent. |
SSHKitKeyboardInteractivePrompt | SSHKitConfiguration.h | Prompt passed to the keyboard-interactive responder. |
SSHKitProxyRouteKind | SSHKitConfiguration.h | NS_ENUM: none / SOCKS5 / HTTPConnect / ProxyJump. |
Host trust
| Type | Header | Purpose |
|---|
SSHKitHostKeyPolicy | SSHKitConfiguration.h | Wrapper with +knownHostsFile:, +pinnedFingerprint:, +trustStore:, +keychainTrustStoreWithService:, +memoryTrustStore, +insecureAcceptAnyHostKey. |
SSHKitHostKeyPolicyKind | SSHKitConfiguration.h | NS_ENUM: insecure / knownHostsFile / pinned / trusted. |
SSHKitHostTrustStore | SSHKitConfiguration.h | Abstract base — fingerprintForHost:port:error:, saveFingerprint:host:port:error:, removeFingerprintForHost:port:error:. |
SSHKitMemoryTrustStore | SSHKitConfiguration.h | In-memory subclass. |
SSHKitKeychainTrustStore | SSHKitConfiguration.h | Keychain-backed subclass; +defaultService = wiki.qaq.sshkit. |
Connection & jobs
| Type | Header | Purpose |
|---|
SSHKitConnection | SSHKitConnection.h | Connect, execute (with optional PTY via executePTYCommand:completion:), open command/shell/SFTP/tunnel/forward, disconnect. |
SSHKitCommandResult | SSHKitConnection.h | Collected command output + exit status + optional exit signal. |
SSHKitCommand | SSHKitConnection.h | Streamed command channel (writeData:, sendEOF, close). |
SSHKitCommandEvent / SSHKitCommandEventKind | SSHKitConnection.h | Event delivered to the streamed-command handler. |
SSHKitShell | SSHKitConnection.h | PTY shell channel (writeData:, resizeWithColumns:rows:, close). |
SSHKitShellEvent / SSHKitShellEventKind | SSHKitConnection.h | Event delivered to the shell handler. |
SSHKitTunnelChannel | SSHKitConnection.h | Direct TCP channel I/O. |
SSHKitPortForward | SSHKitConnection.h | Local / remote / dynamic forward handle (boundHost, boundPort). |
SFTP
| Type | Header | Purpose |
|---|
SSHKitSFTPClient | SSHKitConnection.h | Full SFTP surface: list, stat, mkdir, rmdir, rename, symlink, open, read, write, upload, download, resumable transfers with progress. |
SSHKitSFTPFileHandle | SSHKitConnection.h | Streaming file handle (readDataWithMaximumLength:, writeData:, seekToOffset:, close). |
SSHKitSFTPEntry | SSHKitConnection.h | Directory entry (filename, attributes). |
SSHKitSFTPAttributes | SSHKitConnection.h | File attributes (size, permissions, uid, gid, type, dates). |
SSHKitSFTPFileOpenFlags | SSHKitConnection.h | NS_OPTIONS: Read / Write / Create / Truncate / Append. |
Authentication discovery
| Type | Header | Purpose |
|---|
SSHKitAuthenticationDiscoveryResult | SSHKitConnection.h | Returned by discoverAuthenticationMethodsWithCompletion:: methods + banners. |
SSHKitAuthenticationMethod | SSHKitConnection.h | NS_ENUM: none / password / publicKey / hostBased / keyboardInteractive / gssapi. |
Host-key discovery
| Symbol | Header | Purpose |
|---|
SSHKitHostKeyDiscoveryResult | SSHKitConnection.h | NSObject with host (NSString), port (uint16_t), and fingerprint (NSString in SHA256:… form). |
SSHKitHostKeyDiscoveryCompletion | SSHKitConnection.h | Block typedef: void(^)(SSHKitHostKeyDiscoveryResult *_Nullable, NSError *_Nullable). |
+[SSHKitClient discoverHostKeyWithConfiguration:completion:] | SSHKitClient.h | Stateless entry point. Builds a discovery-only session from an SSHKitConfiguration, returns the result, and tears the session down. |
-[SSHKitConnection discoverHostKeyWithCompletion:] | SSHKitConnection.h | Instance variant for callers that have already constructed an SSHKitConnection from a discovery configuration. |
Either entry point performs a transport-only handshake. Build an SSHKitConfiguration with the host, port, timeout, proxy, and algorithm fields — authentication and username are not consulted during discovery.
Logging
| Type | Header | Purpose |
|---|
SSHKitLogLevel | SSHKitConfiguration.h | NS_ENUM: debug / info / warning / error. |
SSHKitLogEvent | SSHKitConfiguration.h | Level + phase + message + metadata + timestamp. |
SSHKitLogRecorder | SSHKitConfiguration.h | Bounded log buffer; events stored in their redacted form. |
SSHKitLogHandler | SSHKitConfiguration.h | Block typedef: void(^)(SSHKitLogEvent *). |
Errors
| Symbol | Header | Purpose |
|---|
SSHKitErrorDomain | SSHKitError.h | NSErrorDomain used by every emitted NSError. |
SSHKitErrorCode | SSHKitError.h | NS_ERROR_ENUM with codes 1–11 (see the code table). |
SSHKitMakeError(code, message) | SSHKitError.h | Helper to build an NSError in the SSHKit domain. |
Key generation & algorithm inspection
| Type | Header | Purpose |
|---|
SSHKitGeneratedKeyPair | SSHKitGeneratedKeyPair.h | +generateOpenSSHKeyPairWithType:bits:comment:passphrase:error:. |
SSHKitKeyGenerationType | SSHKitGeneratedKeyPair.h | NS_ENUM: Ed25519 / RSA / ECDSAP256 / ECDSAP384 / ECDSAP521. |
SSHKitAlgorithmInspector | SSHKitAlgorithmInspector.h | +inspectAlgorithmsWith… — resolves a profile against the vendored libssh build. |
Swift → Obj-C mapping
| Swift | Objective-C |
|---|
SSHClient | SSHKitClient |
SSHClient.Configuration / SSHClientConfiguration | SSHKitConfiguration |
SSHAuthentication | SSHKitAuthentication + SSHKitAuthenticationKind |
SSHKeyboardInteractivePrompt | SSHKitKeyboardInteractivePrompt |
SSHHostKeyPolicy | SSHKitHostKeyPolicy + SSHKitHostKeyPolicyKind |
SSHHostTrustStore | SSHKitHostTrustStore (abstract base class) |
SSHMemoryHostTrustStore | SSHKitMemoryTrustStore |
SSHKeychainHostTrustStore | SSHKitKeychainTrustStore |
SSHProxyRoute | SSHKitProxyRouteKind + proxy fields on SSHKitConfiguration |
SSHConnection | SSHKitConnection |
SSHCommandResult | SSHKitCommandResult |
SSHCommand / SSHCommandEvent | SSHKitCommand / SSHKitCommandEvent |
SSHShell / SSHShellEvent | SSHKitShell / SSHKitShellEvent |
SFTPClient | SSHKitSFTPClient |
SFTPFileHandle | SSHKitSFTPFileHandle |
SFTPEntry / SFTPAttributes / SFTPFileOpenFlags | SSHKitSFTPEntry / SSHKitSFTPAttributes / SSHKitSFTPFileOpenFlags |
SSHTunnelChannel | SSHKitTunnelChannel |
SSHPortForward | SSHKitPortForward |
SSHAuthenticationMethod / SSHAuthenticationDiscoveryResult | SSHKitAuthenticationMethod / SSHKitAuthenticationDiscoveryResult |
SSHHostKeyDiscoveryConfiguration / SSHDiscoveredHostKey / SSHClient.discoverHostKey | SSHKitConfiguration (transport fields) / SSHKitHostKeyDiscoveryResult / +[SSHKitClient discoverHostKeyWithConfiguration:completion:] (or -[SSHKitConnection discoverHostKeyWithCompletion:]) |
SSHLogLevel / SSHLogEvent / SSHLogRecorder | SSHKitLogLevel / SSHKitLogEvent / SSHKitLogRecorder |
SSHKitError / SSHKitErrorCode | NSError in SSHKitErrorDomain / SSHKitErrorCode |
SSHGeneratedKeyPair / SSHKeyGenerator / SSHKeyGenerationType | SSHKitGeneratedKeyPair / SSHKitKeyGenerationType |
SSHAlgorithmProfile (inspection) | SSHKitAlgorithmInspector |
Obj-C-only surface
One method has no direct Swift counterpart:
-[SSHKitConnection executePTYCommand:completion:] — runs a collected command through a PTY-backed channel and returns an SSHKitCommandResult the same way executeCommand:completion: does. Use it for commands that detect a TTY (sudo without -n, interactive prompts, programs that gate their output on isatty). Swift callers needing the same behavior can fall through to the Obj-C façade directly, or open a streamed channel via openShell for fully interactive use.
Swift-only surface
These are Swift conveniences with no direct Obj-C counterpart:
- SCP helpers —
uploadFileWithSCP / downloadFileWithSCP live as a public extension SSHConnection built on top of streamed commands. Obj-C callers can re-implement the SCP protocol on top of SSHKitCommand if needed.
- Keychain credential store —
SSHKeychainCredentialStore persists passwords and private keys keyed by account.
- Key generation —
SSHKeyGenerator is a Swift wrapper. Obj-C callers can call SSHKitGeneratedKeyPair directly with its SSHKitKeyGenerationType enum.
- Algorithm profile struct —
SSHAlgorithmProfile is Swift; the Obj-C side exposes raw fields on SSHKitConfiguration and +SSHKitAlgorithmInspector inspectAlgorithmsWith… for resolved snapshots.
- Latency probe —
SSHPortLatencyProbe.measure(...) is Swift-only.