I'm having lots of fun with ssh2 for php.(!)
I am testing by ssh-ing into localhost (running ubuntu). I have managed to connect and authenticate with my username( not root ), and some commands (like 'ls' return some info, which is promising. Definitely getting somewhere.
What I want to be able to do next is issue an 'su' command and then give the root password.
I don't get an error, and a resource is returned, but there seems to be no data in the stream. (I'm kind of expecting a 'Password:' prompt). I can't authenticate directly with the root password, because that is disabled for ssh.
Is there any reason why 'su' would return with some text, do you think?
Should I be expecting the 'Password:' prompt back?
Here's my code:
function changeServerPassword( $ip, $port, $sshUser, $sshPassword, $rootPassword, $newRootPassword, $newSSHPassword = false) {
// login to server using $sshUser and $sshPassword
// su as root and enter $rootPassword
// if any of the above steps fail, return with appropriate error message
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in
// Do I have to make sure that port is a number?
if(!($con = ssh2_connect($ip, $port))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, $sshUser, $sshPassword)) {
echo "fail: unable to authenticate\n";
} else {
// alright, we're in!
echo "okay: logged in...<br />";
//
if (!($stream = ssh2_exec($con, "su"))) {
echo "fail: unable to execute command\n";
} else {
echo $stream."<br />";
// collect returning data from command
stream_set_blocking($stream, true);
echo "after stream_set_blocking<br />";
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
echo "data len: " . strlen($data) . "<br />";
echo $data."<br />";
fclose($stream);
}
}
}
}
borrowed from http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/
respect.
The output I get is:
okay: logged in...
Resource id #3
after stream_set_blocking
data len: 0
Thanks in advance for any help :)
Joe
You should try the latest SVN version of phpseclib - a pure PHP SSH implementation - instead. Here's how you'd do su with that:
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('localhost', 22);
$ssh->login('username', 'password');
$ssh->read('[prompt]');
$ssh->write("su - user\n");
$ssh->read('Password:');
$ssh->write("Password\n");
echo $ssh->read('[prompt]');
?>
Maybe try something like bash -c su or su root and bash -c "su root"?
All you have to do is append your superuser password at the moment you execute the "su" command. You can make the following modification to your code.
$cmd = "su";
$cmd = "echo '" . $sshPassword . "' | sudo -S " . $cmd;
if (!($stream = ssh2_exec($con, $cmd))) {
...
}
Related
I am fairly new to php and am currently working on a website for my university. What I am trying to do is make a log in page that allows a user to establish a connection to a remote SSH server and then run linux scripts all from wihtin php. So far, I've found this code that -- I guess is supposed to allow a user to log in. I've tried running the code, but it doesn't seem to work.
Edit: When I run the code, the page simply says "function ssh2_connect doesn't exist."
<?php
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in at server1.example.com on port 22
if(!($con = ssh2_connect("server1.example.com", 22))) {
echo "fail: unable to establish connection\n"; }
else {
// try to authenticate with username and password
if(!ssh2_auth_password($con, "username", "password")) {
echo "fail: unable to authenticate\n";
}
else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, "ls -al" ))) {
echo "fail: unable to execute command\n";
}
else {
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
fclose($stream);
}
}
}
?>
I need to establish a connection to an remote ssh server (debug2) via php. Inside the console everything works fine for me, but I doesnt get my php code running. I get following errormessage:
ssh2_auth_pubkey_file(): Authentication failed for [Username] using public key: Callback returned error
How can I establish a proper connection to debug2 without an registration on this.example.com?
My current code look like this:
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist" . PHP_EOL);
if(!($con = ssh2_connect("this.example.com", 22))){
echo "fail: unable to establish connection" . PHP_EOL;
} else {
if(!ssh2_auth_pubkey_file($con, "[Username]", $pubkeyfile, $privkeyfile)) {
echo "fail: unable to authenticate" . PHP_EOL;
//The point where the script fails
} else {
echo "okay: logged in..." . PHP_EOL;
$tunnel = ssh2_tunnel($con, 'xx.xx.xxx.17', 22);
if (!($stream = ssh2_exec($tunnel, "ls -al" ))) {
echo "fail: unable to execute command" . PHP_EOL;
} else {
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
fclose($stream);
}
}
}
My current ssh_config:
Host example
HostName this.example.com
User [Username]
ForwardAgent yes
IdentityFile ~/.ssh/id_rsa
Host debug2
ProxyCommand ssh exmaple -W xx.xx.xxx.17:22
User [otherusername2]
IdentityFile ~/.ssh/id_rsa
i am wondering how i can run command from GET in PHP...
here is my code:
<?php
$msg = $_GET['msg'];
echo "$msg test";
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
if(!($con = ssh2_connect("ip", 22))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, "root", "password")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, 'wall echo $msg'))) {
echo "fail: unable to execute command\n";
} else {
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
fclose($stream);
}
}
}
?>
So, it wont wall what i say in ?msg= ... it just write blank, but when i echo $msg (like i did it on the top of code) it writes normally, do you guys know where is problem? i already tried "echo $msg" and \"echo $msh\" but same thing... thanks and best regards!
Passing a GET variable to an ssh2_exec() is probably a huge security issue. But disregarding that, single quotes ignore variables - you need double quotes for that.
In other words: change this
if (!($stream = ssh2_exec($con, 'wall echo $msg'))) {
to this
if (!($stream = ssh2_exec($con, "wall echo $msg"))) {
However, I suspect that you're trying to use echo as a PHP construct, and you're only really interested in the $msg variable. In that case, you can just do
if (!($stream = ssh2_exec($con, "wall $msg"))) {
or
if (!($stream = ssh2_exec($con, 'wall ' . $msg))) {
I am trying to ssh from RHEL to SLES machine. I am using PHP function ssh2 to achieve that. Authentication is not happening even after passing correct username and password. But the same code is working fine for RHEL->RHEL. I am able to ssh to the SLES machine from RHEL terminal. But using ssh2 it is not happening.
<?php
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in at ip on port 22
if(!($con = ssh2_connect(ip, 22))){
echo "fail: unable to establish connection\n";
} else {
// try to authenticate with username root, password password
if(!ssh2_auth_password($con, "root", "password")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, 'date' ))) {
echo "fail: unable to execute command\n";
} else {
// collect returning data from command
//echo "in else";
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
echo $data;
fclose($stream);
}
}
}
?>
I am getting the output "fail:unable to authenticate". Why is it happening that way? Any solution to it?
It's possible the server is using keyboard-interactive authentication and not password authentication.
Really, libssh2 doesn't provide any good way for one to know that. My recommendation: try phpseclib, a pure PHP SSH2 implementation. eg.
<?php
include('Net/SSH2.php');
define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);
$ssh = new Net_SSH2('www.domain.tld');
if (!$ssh->login('username', 'password')) {
echo $ssh->getLog();
exit('Login Failed');
}
echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
?>
By default it's $ssh->login() method will try password authentication but (and unlike libssh2) it'll try keyboard-interactive if password auth fails.
And if neither work the code snippet I posted will echo out the logs so you can see what type of input it is expecting. If those logs are posted if you could post them in your response so that people here may diagnose the issue that'd be great.
Thanks!
install libssh2-devel using YAST then do
pecl install ssh2-0.12
I'm trying to use the libssh2-php library functions to connect to an ssh server from PHP. That's all great, but I can't figure out how to read the pre-login banner in PHP. The Pre-login banner is text displayed before SSH prompts for a login, and as far as I can tell I can't get a stream from the connection object.
So given this code, is there any way to do a read prior to logging in?
<?php
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
// log in at server1.example.com on port 22
if(!($con = ssh2_connect("server1.example.com", 22))){
echo "fail: unable to establish connection\n";
} else {
//####### Would really like to get a stream right here to read pre-login banner
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, "root", "secretpassword")) {
echo "fail: unable to authenticate\n";
} else {
// allright, we're in!
echo "okay: logged in...\n";
// execute a command
if (!($stream = ssh2_exec($con, "ls -al" ))) {
echo "fail: unable to execute command\n";
} else {
// collect returning data from command
stream_set_blocking($stream, true);
$data = "";
while ($buf = fread($stream,4096)) {
$data .= $buf;
}
fclose($stream);
}
}
}
?>
You can do this with phpseclib, a pure PHP SSH implementation. The banner should be obtainable by doing $ssh->getLastError() (returns a string) or $ssh->getErrors() (returns an array of strings).
Quoting the source of it:
// see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in
if (($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR) && !($this->bitmap & NET_SSH2_MASK_LOGIN) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
$this->_string_shift($payload, 1);
extract(unpack('Nlength', $this->_string_shift($payload, 4)));
$this->errors[] = 'SSH_MSG_USERAUTH_BANNER: ' . utf8_decode($this->_string_shift($payload, $length));
$payload = $this->_get_binary_packet();
}
Update (after discussion):
Currently I see no way to do this in php except from implementing it on your own. Sending a feature request to developers of the ssh2 extension might be best way to start.
Original (stupid) answer:
The login banner will appear after the login