i am wondering how i can run command from GET in PHP...
here is my code:
<?php
$msg = $_GET['msg'];
echo "$msg test";
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
if(!($con = ssh2_connect("ip", 22))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, "root", "password")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, 'wall echo $msg'))) {
echo "fail: unable to execute command\n";
} else {
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
fclose($stream);
}
}
}
?>
So, it wont wall what i say in ?msg= ... it just write blank, but when i echo $msg (like i did it on the top of code) it writes normally, do you guys know where is problem? i already tried "echo $msg" and \"echo $msh\" but same thing... thanks and best regards!
Passing a GET variable to an ssh2_exec() is probably a huge security issue. But disregarding that, single quotes ignore variables - you need double quotes for that.
In other words: change this
if (!($stream = ssh2_exec($con, 'wall echo $msg'))) {
to this
if (!($stream = ssh2_exec($con, "wall echo $msg"))) {
However, I suspect that you're trying to use echo as a PHP construct, and you're only really interested in the $msg variable. In that case, you can just do
if (!($stream = ssh2_exec($con, "wall $msg"))) {
or
if (!($stream = ssh2_exec($con, 'wall ' . $msg))) {
Related
I am fairly new to php and am currently working on a website for my university. What I am trying to do is make a log in page that allows a user to establish a connection to a remote SSH server and then run linux scripts all from wihtin php. So far, I've found this code that -- I guess is supposed to allow a user to log in. I've tried running the code, but it doesn't seem to work.
Edit: When I run the code, the page simply says "function ssh2_connect doesn't exist."
<?php
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in at server1.example.com on port 22
if(!($con = ssh2_connect("server1.example.com", 22))) {
echo "fail: unable to establish connection\n"; }
else {
// try to authenticate with username and password
if(!ssh2_auth_password($con, "username", "password")) {
echo "fail: unable to authenticate\n";
}
else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, "ls -al" ))) {
echo "fail: unable to execute command\n";
}
else {
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
fclose($stream);
}
}
}
?>
I have problem to input a password for new user that generated via ssh with php to a Debian Server.
To add new user I just simpy write "useradd $username". But if I want to set the password for that user it should be like "passwd $username" and then I should insert the password. But how to do this in PHP?
This is my complete code :
<?php
$username = "abcd";
$password = "456789";
$expired = "5";
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in at server1.example.com on port 22
if(!($con = ssh2_connect("128.199.xxx.xx", 22))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, "root", "xxxxxx")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, "passwd 'haha'"))){
echo "fail: unable to execute command\n";
} else {
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
echo "Username berhasil dibuat";
echo $data;
fclose($stream);
}
}
}
?>
Seems you are looking for non-interactive way of changing user password.
Try this
echo "username:newpass"|chpasswd
Here is chpasswd manual page.
This method also suits for changing passwords for larger number of users.
UPD:
To know currently logged in username whoami can be of use.
I am tryin to send a exec command in php to a remote server(aerohive). but the exec command does nothing..
I have my ssh2 extension installed and the authetication is also working fine.
Here is the code :
if (!function_exists("ssh2_connect"))
die("function ssh2_connect doesn't exist");
if (!($con = ssh2_connect("myipadresherenotshowingtoyouguys", 22))) {
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password secretpassword
if (!ssh2_auth_password($con, "blablabla", "blablabla!")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
$command = 'ssid "Wentzo test2" hide-ssid';
if (!($stream = ssh2_exec($con, $command))) {
echo "fail: unable to execute command\n";
} else {
$stream2 = ssh2_exec($con, $command_save);
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream, 4096)) {
$data .= $buf;
}
fclose($stream);
}
}
}
Check the file php.ini if it does disabled the function disable_functions
When I execute the command enable with ssh2_exec(), I can't load the page because it is waiting for the password.
I tried to do ssh2_exec(connection,'password') and the problem persists.
My question is how to put the enable password ?
here is my code :
<?php
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in at server1.example.com on port 22
if(!($con = ssh2_connect("9.0.0.1", 22))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, "mehdi", "123")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, 'enable'))) {
echo "fail: unable to execute command\n";
} else {
// collect returning data from command
stream_set_blocking($stream, true);
ssh2_exec($con, 'PASSWORD');
$data = "";
while ($buf = fread($stream,4096)) {
$data .=PHP_EOL. date("Y-m-d H:i:s ").$buf;
$data .= PHP_EOL."------------------------------------------------------------------------------------------------------------------------\n";
}
echo $data;
$fh = fopen("log".date("Y-m-d").".txt", 'a+') or die("can't open file");
fwrite($fh, $data);
fclose($fh);
fclose($stream);
}
}
}
?>
ps: i am trying to configure a Cisco router
what about this (with phpseclib)?
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('9.0.0.1');
$ssh->login('mehdi', '123');
$ssh->setTimeout(3);
$ssh->enablePTY();
$ssh->exec('enable');
$ssh->read('password:'); // or whatever the password prompt is
$ssh->write("password\m"); // or maybe without the \n
echo $ssh->read();
I'm having lots of fun with ssh2 for php.(!)
I am testing by ssh-ing into localhost (running ubuntu). I have managed to connect and authenticate with my username( not root ), and some commands (like 'ls' return some info, which is promising. Definitely getting somewhere.
What I want to be able to do next is issue an 'su' command and then give the root password.
I don't get an error, and a resource is returned, but there seems to be no data in the stream. (I'm kind of expecting a 'Password:' prompt). I can't authenticate directly with the root password, because that is disabled for ssh.
Is there any reason why 'su' would return with some text, do you think?
Should I be expecting the 'Password:' prompt back?
Here's my code:
function changeServerPassword( $ip, $port, $sshUser, $sshPassword, $rootPassword, $newRootPassword, $newSSHPassword = false) {
// login to server using $sshUser and $sshPassword
// su as root and enter $rootPassword
// if any of the above steps fail, return with appropriate error message
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in
// Do I have to make sure that port is a number?
if(!($con = ssh2_connect($ip, $port))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, $sshUser, $sshPassword)) {
echo "fail: unable to authenticate\n";
} else {
// alright, we're in!
echo "okay: logged in...<br />";
//
if (!($stream = ssh2_exec($con, "su"))) {
echo "fail: unable to execute command\n";
} else {
echo $stream."<br />";
// collect returning data from command
stream_set_blocking($stream, true);
echo "after stream_set_blocking<br />";
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
echo "data len: " . strlen($data) . "<br />";
echo $data."<br />";
fclose($stream);
}
}
}
}
borrowed from http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/
respect.
The output I get is:
okay: logged in...
Resource id #3
after stream_set_blocking
data len: 0
Thanks in advance for any help :)
Joe
You should try the latest SVN version of phpseclib - a pure PHP SSH implementation - instead. Here's how you'd do su with that:
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('localhost', 22);
$ssh->login('username', 'password');
$ssh->read('[prompt]');
$ssh->write("su - user\n");
$ssh->read('Password:');
$ssh->write("Password\n");
echo $ssh->read('[prompt]');
?>
Maybe try something like bash -c su or su root and bash -c "su root"?
All you have to do is append your superuser password at the moment you execute the "su" command. You can make the following modification to your code.
$cmd = "su";
$cmd = "echo '" . $sshPassword . "' | sudo -S " . $cmd;
if (!($stream = ssh2_exec($con, $cmd))) {
...
}