Trying to use phpseclib to replace the SSH2 dll on my server so i can move to php 5.6 and up. I use SSH to log into Sonicwall firewalls and export configuration files.
Logging in via SSH isnt like remoting to a linux box. Putty, for instance, asks for a username when you first connect, but the sonicwall ignores that, shows its welcome banner, and then asks for a username and password.
I am able to connect currently using the following code:
$connection = ssh2_connect($host);
ssh2_auth_none($connection,$user);
$shell = ssh2_shell($connection,'vt102',null,80,40,SSH2_TERM_UNIT_CHARS);
fwrite($shell, $user."\n");
fwrite($shell, $pass."\n");
// etc
I tried the following with phpseclib using the example from http://phpseclib.sourceforge.net/ssh/auth.html#noauth:
$ssh = new \Net_SSH2('172.17.1.99');
$ssh->login("admin");
$ssh->read('User:');
$ssh->write('admin');
$ssh->read('Password:');
$ssh->write('password');
But something is getting hung up and i get nothing until my execution timeout hits.
I found the answer, I completely missed the newline after the username and password.
Related
I am trying to do the following.
Have php execute shell commands on our remote servers. This because i would like to be able to install scripts through bash So php is going to execute the bash scripts on the remote server.
The issue is the can't connect to the remote server for some reason. I have tried several way to do this and i have to do with the root and password. Later i can look at encrypting them or something like that, but i can't use a ssh key so that is not going to work. I am pretty new to php part of it so i need some help figuring out hot to connect to remote servers.
the code i am trying right now is
$ip = '37.130.000.00';
$user = 'admin';
$pass = 'xxxxxxxxx';
$connection = ssh2_connect($ip);
ssh2_auth_password($connection,$user,$pass);
$shell = ssh2_shell($connection,"uptime");
echo $shell;
For some reason this code is giving me the following error
Fatal error: Call to undefined function ssh2_connect() in
How can i make this work or what else should i do to properly connect to the remote servers and this all should be very flexible as we are talking around 100 server who should be able to connect this way.
Thanks for any input.
That function is provided by an optional extension that you don't seem to have installed. Provided you have libssh and other dependencies in your system, get pecl-ssh by executing
sudo pecl install ssh2 channel://pecl.php.net/ssh2-0.11.3
and then restart php-fpm or apache if you're using modphp.
Edit: btw, this question has been asked before and one of the wisest advises I've seen in regards to is was to switch over to a pure php implementation, no pecl extensions whatsoever:
php-function-ssh2-connect-is-not-working
I have already written a php file that connects to the mysql database locally. Now, I want to connect to a remote database via SSH. Currently the connect function for my database is the following in php:
$this->db = new mysqli(_SERVR_URL, _SERVR_USER , _SERVR_PASS, _SERVR_DB);
if ($this->db->connect_errno) {
echo "Failed to connect to MySQL: (" . $this->db->connect_errno . ") " . $this->db->connect_error;
}
else{
//echo "Successfully connected!! <BR><BR>";
}
I want to only change the connect function (above) so that the rest of the code still works. I have successfully installed the phpseclib and am not interested in installing php's ssh extensions because those were not working after nearly 5 hours of effort. The phpseclib is working, and I think this because when I use require it does not die.
However, when I try to start working with the ssh stuff, it throws a server error:
$ssh = new Net_SSH1(myURL);
The way that I usually SSH into my server is with a .pem file. Can I get some guidance on:
Why the current code may be throwing an error?
If this is possible.
How would you write the connection code with the .pem file.
I think you are out of luck on this one. You can either use the ssh
extension in your PHP code, or if you have access to the server, you
could try to create a ssh tunnel on the command-line.
You probably need special permissions to do that, though. It also
looks like you don't have ssh access to this hosting account.
duplicate answered by #jpm
Setting up tunneling posted by #Ólafur Waage on Connect to a MySQL server over SSH in PHP
And this one for tunneling by #Sosy
shell_exec(“ssh -f -L 3307:127.0.0.1:3306 user#remote.rjmetrics.com sleep 60 >> logfile”);
$db = mysqli_connect(’127.0.0.1′, ‘sqluser’, ‘sqlpassword’, ‘rjmadmin’, 3307);
The mysql extension doesn't currently support this. Modifying the extension, itself, might not be that difficult, but at that point, it'd have to be a custom PECL extension, at best. The idea was discussed on the PHP Internals mailing list a while back:
http://comments.gmane.org/gmane.comp.php.devel/79520
ssh_exec() is refusing to execute a command in Windows.
Here is my code:
<?php
$connection = ssh2_connect('localhost', 22);
ssh2_auth_none($connection, 'root');
$stream = ssh2_exec($connection, 'C:\Program Files\CCleaner\CCleaner.exe',FALSE);
?>
It shows me the following warning: Unable to request a channel from remote host in.
Firstly, it is unlikely that you are going to be able to connect to your Windows server using ssh2_connect, because SSH is not a protocol typically used to connect to Windows, nor is it an available item in any Windows install.
Secondly, make sure that you have created the user 'root' on the Windows server, because it won't exist by default.
Alternatively
If you are actually connecting to a Unix/Linux server FROM a Windows box, then the fact that you are trying to run a Windows command on it ('C:\Program Files\CCleaner\CCleaner.exe'), will fail. You can only execute commands on the remote server that are present, and any command that begins with "C:\" will obviously fail because Linux has an entirely different filesystem structure from Windows.
So from the code above it looks like you're probably trying to connect to a Linux server using the username 'root' with no password (which according to the PHP.net manual (ssh2_auth_none:
Attempt "none" authentication which usually will (and should) fail.
But as you have said you are trying to execute a command in Windows, and you are connecting to the server with host name 'localhost' - perhaps you actually are running this on Windows, and simply trying to use SSH to connect to the Windows server - which is pointless as the PHP code shown above will already be being executed on the Windows server, making the SSH connection completely redundant except to attempt to execute a command with elevated privileges (as 'root').
If you are trying to execute the command remotely using PHP as an administrator user, which is probably a bad idea, then you could consider using the function.exec.php command in combination with the Windows runas command. Or you could just run your web server as an administrator, which is both very easy to do and very bad for security.
You could basically achieve what you are trying to do above, by installing an SSH server on Windows (What are some good SSH Servers for windows?) - after which you would have to log into the server using a user that exists, and use the password for that user (or create the user 'root' and use that).
Depending on your SSH server installation, running the command C:\Program Files\CCleaner\CCleaner.exe could work in the way you described above.
Is there any 'sudo' command for Windows?
How to run PHP as an Administrator
There are more examples of how to go about this in Linux, different methods have different advantages and disadvantages.
Execute root commands via PHP
How to run PHP exec() as root?
<?php
$connection = ssh2_connect('localhost', 22);
ssh2_auth_none($connection, 'root');
$stream = ssh2_exec($connection, 'C:\Program Files\CCleaner\CCleaner.exe', false);
stream_set_blocking ($stream, true);
I have putty.exe on my desktop so if I will go to command prompt and then to C:\Documents and Settings\user\Desktop location and execute following command it will launch the Putty window of telnet connection to server specified:
putty.exe telnet://a.b.c.d/
I am trying to launch the putty to telnet to specific server using following but its not working for me:
<?php
$securecrt = "C:\\Documents and Settings\\user\\Desktop\\putty.exe telnet://a.b.c.d/ ";
exec($securecrt);
?>
If I try following then it launches the putty application but will have to provide the host name or IP to login:
<?php
$securecrt = "C:\\Documents and Settings\\user\\Desktop\\putty.exe ";
exec($securecrt);
?>
Not sure if I am missing something very basic, It will be great if someone can help with this.
Instead of using Putty, you could try to use PHP with fsock or use a class like http://www.geckotribe.com/php-telnet/
However, you can try the following using your current setup:
$securecrt = '"C:\Documents and Settings\user\Desktop\putty.exe" telnet://a.b.c.d/';
I'd like to establish an ssh tunnel over ssh to my mysql server.
Ideally I'd return a mysqli db pointer just like I was connecting directly.
I'm on a shared host that doesn't have the SSH2 libraries but I might be able to get them installed locally using PECL.
If there's a way that uses native commands that would be great.
I was thinking something like this, but without those libraries it won't work.
$connection = ssh2_connect('SERVER IP', 22);
ssh2_auth_password($connection, 'username', 'password');
$tunnel = ssh2_tunnel($connection, 'DESTINATION IP', 3307);
$db = new mysqli_connect('127.0.0.1', 'DB_USERNAME', 'DB_PASSWORD',
'dbname', 3307, $tunnel)
or die ('Fail: ' . mysql_error());
Anyone have any ideas? I'm running a shared CentOS linux host at liquidweb.
Any thoughts on making the tunnel persistent? Is it possible to establish it with another script and just take advantage of it in PHP?
Thanks.
I would use the autossh tool to create a persistent ssh tunnel to your mysql database. Then all you have to do in your PHP code is point it to localhost.
You can test this (without automatic restart) by doing:
ssh -L 3306:localhost:3306 user#domain.com
Setup a ssh key so that you don't need to use passwords, and tweak the .ssh/authorized_keys file on the mysql system to only allow it to be used for port forwarding.
For more info on ssh tricks see Brian Hatch's excellent series on SSH and port forwarding.
The tunnel must be keep open during the course of the SQL action(s). The following example from RJMetrics explains:
Here's the generic SSH command syntax:
ssh -f -L bind-ip-address:bind-port:remote-ip-address:remote-port \
username#remote-server [command] >> /path/to/logfile
Here's how to securely establish a remote database connection in just 2 lines of PHP code:
shell_exec("ssh -f -L 127.0.0.1:3307:127.0.0.1:3306 user#remote.rjmetrics.com sleep 60 >> logfile");
$db = mysqli_connect("127.0.0.1", "sqluser", "sqlpassword", "rjmadmin", 3307);
We use the shell_exec() function to create the tunnel with a 60 second opening window, and then use the mysqli_connect() function to open a database connection using the forwarded port. Note that we must use the "mysqli" library here because mysql_connect() does not allow us to specify a port and mysql_* functions are deprecated.
sleep 60: When it comes to tunnel connections, we basically have two options: leave the connection open all the time or open it and close it as needed. We prefer the latter, and as such we don't specify the -N option when establishing a tunnel, which would leave it open until the process is manually killed (bad for automation). Since -N is not specified, our tunnel will close itself as soon as its SSH session isn't being used for anything. This is ideal behavior, except for the few seconds between when we create the tunnel and when we get a MySQL connection up and running via the tunnel. To buy us some time during this period, we issue the harmless sleep 60 command when the tunnel is created, which basically buys us 60 seconds to get something else going through the tunnel before it closes itself. As long as a MySQL connection is established in that timeframe, we are all set.
I tried it by doing SSH both by root credentials and and public private key pair. It allows me to conect through command line but not through PHP code.
I also tried by creating a tunnel (by using SSH2 functions), and running shell commands from PHP code (system, exec, etc.); nothing worked.
Finally I tried SSH2 function to execute shell command and it finally worked :)
Here is my code, if it helps you:
$connection = ssh2_connect($remotehost, '22');
if (ssh2_auth_password($connection, $user,$pass)) {
echo "Authentication Successful!\n";
} else {
die('Authentication Failed...');
}
$stream=ssh2_exec($connection,'echo "select * from zingaya.users where id=\"1606\";" | mysql');
stream_set_blocking($stream, true);
while($line = fgets($stream)) {
flush();
echo $line."\n";
}
Try this if want to use PHP functions specifically.
It is possible, but why? It's more complicated than it needs to be, and error prone.
Can you not run the database locally? If not, can you not use something like SQLite, XML files or something else that doesn't require a separate server daemon?
You really do not want to initialise the tunnel inside the PHP scripts. Initialising an SSH tunnel takes a long time (can easily be a second or two), so that will mean every page that connects to the database will have a 2 seconds delay while loading..
If you have to do this (which I strongly recommend against), the best method would be to have a script that maintains the connection in the background..
Setup a SSH keypair. Then using autossh, or a simple script which would execute the required SSH command, wait till the process died and start it again. It could be more intelligent and try and run a command every 10-20 seconds, reconnecting if it fails.
Using the SSH keypair, you wouldn't have to hardcode the remote users password in the script. I would recommend limiting what the remote user can do (by using a dedicated tunnel user, and giving it a restricted shell, see this question)
In short, I would strongly suggest trying SQLite first, then see how feasible it to store data using XML files, then try bugging your web-host about getting a local MySQL server, then look into the SSH tunnelling option.
Eric,
I think you are out of luck on this one. You can either use the ssh extension in your PHP code, or if you have access to the server, you could try to create a ssh tunnel on the command-line.
You probably need special permissions to do that, though. It also looks like you don't have ssh access to this hosting account.
--Joao
I think your best bet is to find a different hosting provider; I suggest a VPS solution (Virtual Private Server) which gives you full control over your web host. THat way, if you don't like the default configuration, you can upgrade it yourself.