I am trying to ssh from RHEL to SLES machine. I am using PHP function ssh2 to achieve that. Authentication is not happening even after passing correct username and password. But the same code is working fine for RHEL->RHEL. I am able to ssh to the SLES machine from RHEL terminal. But using ssh2 it is not happening.
<?php
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in at ip on port 22
if(!($con = ssh2_connect(ip, 22))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password password
if(!ssh2_auth_password($con, "root", "password")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, 'date' ))) {
echo "fail: unable to execute command\n";
} else {
// collect returning data from command
//echo "in else";
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
echo $data;
fclose($stream);
}
}
}
?>
I am getting the output "fail:unable to authenticate". Why is it happening that way? Any solution to it?
It's possible the server is using keyboard-interactive authentication and not password authentication.
Really, libssh2 doesn't provide any good way for one to know that. My recommendation: try phpseclib, a pure PHP SSH2 implementation. eg.
<?php
include('Net/SSH2.php');
define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);
$ssh = new Net_SSH2('www.domain.tld');
if (!$ssh->login('username', 'password')) {
echo $ssh->getLog();
exit('Login Failed');
}
echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
?>
By default it's $ssh->login() method will try password authentication but (and unlike libssh2) it'll try keyboard-interactive if password auth fails.
And if neither work the code snippet I posted will echo out the logs so you can see what type of input it is expecting. If those logs are posted if you could post them in your response so that people here may diagnose the issue that'd be great.
Thanks!
install libssh2-devel using YAST then do
pecl install ssh2-0.12
Related
I am fairly new to php and am currently working on a website for my university. What I am trying to do is make a log in page that allows a user to establish a connection to a remote SSH server and then run linux scripts all from wihtin php. So far, I've found this code that -- I guess is supposed to allow a user to log in. I've tried running the code, but it doesn't seem to work.
Edit: When I run the code, the page simply says "function ssh2_connect doesn't exist."
<?php
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in at server1.example.com on port 22
if(!($con = ssh2_connect("server1.example.com", 22))) {
echo "fail: unable to establish connection\n"; }
else {
// try to authenticate with username and password
if(!ssh2_auth_password($con, "username", "password")) {
echo "fail: unable to authenticate\n";
}
else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, "ls -al" ))) {
echo "fail: unable to execute command\n";
}
else {
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
fclose($stream);
}
}
}
?>
I have problem to input a password for new user that generated via ssh with php to a Debian Server.
To add new user I just simpy write "useradd $username". But if I want to set the password for that user it should be like "passwd $username" and then I should insert the password. But how to do this in PHP?
This is my complete code :
<?php
$username = "abcd";
$password = "456789";
$expired = "5";
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in at server1.example.com on port 22
if(!($con = ssh2_connect("128.199.xxx.xx", 22))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, "root", "xxxxxx")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, "passwd 'haha'"))){
echo "fail: unable to execute command\n";
} else {
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
echo "Username berhasil dibuat";
echo $data;
fclose($stream);
}
}
}
?>
Seems you are looking for non-interactive way of changing user password.
Try this
echo "username:newpass"|chpasswd
Here is chpasswd manual page.
This method also suits for changing passwords for larger number of users.
UPD:
To know currently logged in username whoami can be of use.
I have PHP script which uses ssh utility to connect to a remote Ubuntu machine for executing some commands there. The script is as given below.
<?php
include('Net/SSH2.php');
define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);
$ssh = new Net_SSH2('10.3.2.0');
if (!$ssh->login('makesubdomain','abcdabcd')) {
exit('Login Failed');
}
echo $ssh->exec('/usr/local/listdomain.backup/test/makedir.sh');
?>
Here my problem is, how can I give an if condition to check whether the connection failed or not. I am trying to modify the above code something like this, but I know this is very wrong.
<?php
include('Net/SSH2.php');
define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);
if(!$ssh = new Net_SSH2('10.3.2.0')) // Here how can I give condtion
{
echo "Connection failed";
}else{
if (!$ssh->login('abcd','abcdabcd')) {
exit('Login Failed');
}
echo $ssh->exec('./test.sh');
}
?>
Please help me as I am very beginner in php. Thanks
The answer you're looking for is:
It's already all there in the example you've given, no need to modify the code.
$ssh->login() does exactly what you want: It tries to connect AND login to the server you've given it, and it will return false in case that failed.
I'm trying to use the libssh2-php library functions to connect to an ssh server from PHP. That's all great, but I can't figure out how to read the pre-login banner in PHP. The Pre-login banner is text displayed before SSH prompts for a login, and as far as I can tell I can't get a stream from the connection object.
So given this code, is there any way to do a read prior to logging in?
<?php
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in at server1.example.com on port 22
if(!($con = ssh2_connect("server1.example.com", 22))){
echo "fail: unable to establish connection\n";
} else {
//####### Would really like to get a stream right here to read pre-login banner
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, "root", "secretpassword")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, "ls -al" ))) {
echo "fail: unable to execute command\n";
} else {
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
fclose($stream);
}
}
}
?>
You can do this with phpseclib, a pure PHP SSH implementation. The banner should be obtainable by doing $ssh->getLastError() (returns a string) or $ssh->getErrors() (returns an array of strings).
Quoting the source of it:
// see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in
if (($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR) && !($this->bitmap & NET_SSH2_MASK_LOGIN) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
$this->_string_shift($payload, 1);
extract(unpack('Nlength', $this->_string_shift($payload, 4)));
$this->errors[] = 'SSH_MSG_USERAUTH_BANNER: ' . utf8_decode($this->_string_shift($payload, $length));
$payload = $this->_get_binary_packet();
}
Update (after discussion):
Currently I see no way to do this in php except from implementing it on your own. Sending a feature request to developers of the ssh2 extension might be best way to start.
Original (stupid) answer:
The login banner will appear after the login
I'm having lots of fun with ssh2 for php.(!)
I am testing by ssh-ing into localhost (running ubuntu). I have managed to connect and authenticate with my username( not root ), and some commands (like 'ls' return some info, which is promising. Definitely getting somewhere.
What I want to be able to do next is issue an 'su' command and then give the root password.
I don't get an error, and a resource is returned, but there seems to be no data in the stream. (I'm kind of expecting a 'Password:' prompt). I can't authenticate directly with the root password, because that is disabled for ssh.
Is there any reason why 'su' would return with some text, do you think?
Should I be expecting the 'Password:' prompt back?
Here's my code:
function changeServerPassword( $ip, $port, $sshUser, $sshPassword, $rootPassword, $newRootPassword, $newSSHPassword = false) {
// login to server using $sshUser and $sshPassword
// su as root and enter $rootPassword
// if any of the above steps fail, return with appropriate error message
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in
// Do I have to make sure that port is a number?
if(!($con = ssh2_connect($ip, $port))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, $sshUser, $sshPassword)) {
echo "fail: unable to authenticate\n";
} else {
// alright, we're in!
echo "okay: logged in...<br />";
//
if (!($stream = ssh2_exec($con, "su"))) {
echo "fail: unable to execute command\n";
} else {
echo $stream."<br />";
// collect returning data from command
stream_set_blocking($stream, true);
echo "after stream_set_blocking<br />";
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
echo "data len: " . strlen($data) . "<br />";
echo $data."<br />";
fclose($stream);
}
}
}
}
borrowed from http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/
respect.
The output I get is:
okay: logged in...
Resource id #3
after stream_set_blocking
data len: 0
Thanks in advance for any help :)
Joe
You should try the latest SVN version of phpseclib - a pure PHP SSH implementation - instead. Here's how you'd do su with that:
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('localhost', 22);
$ssh->login('username', 'password');
$ssh->read('[prompt]');
$ssh->write("su - user\n");
$ssh->read('Password:');
$ssh->write("Password\n");
echo $ssh->read('[prompt]');
?>
Maybe try something like bash -c su or su root and bash -c "su root"?
All you have to do is append your superuser password at the moment you execute the "su" command. You can make the following modification to your code.
$cmd = "su";
$cmd = "echo '" . $sshPassword . "' | sudo -S " . $cmd;
if (!($stream = ssh2_exec($con, $cmd))) {
...
}