[ Index ]

PHP Cross Reference of DokuWiki

title

Body

[close]

/vendor/phpseclib/phpseclib/phpseclib/Net/ -> SSH2.php (summary)

Pure-PHP implementation of SSHv2. PHP version 5

Author: Jim Wigginton
Copyright: 2007 Jim Wigginton
License: http://www.opensource.org/licenses/mit-license.html MIT License
Link: http://phpseclib.sourceforge.net
File Size: 5433 lines (185 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class

SSH2:: (94 methods):
  __construct()
  setCryptoEngine()
  sendIdentificationStringFirst()
  sendIdentificationStringLast()
  sendKEXINITFirst()
  sendKEXINITLast()
  _connect()
  _generate_identifier()
  _key_exchange()
  _encryption_algorithm_to_key_size()
  _encryption_algorithm_to_crypt_instance()
  _bad_algorithm_candidate()
  login()
  _login()
  _login_helper()
  _keyboard_interactive_login()
  _keyboard_interactive_process()
  _ssh_agent_login()
  _privatekey_login()
  getTimeout()
  setTimeout()
  setKeepAlive()
  getStdError()
  exec()
  _initShell()
  _get_interactive_channel()
  _get_open_channel()
  read()
  write()
  startSubsystem()
  stopSubsystem()
  reset()
  isTimeout()
  disconnect()
  __destruct()
  isConnected()
  isAuthenticated()
  ping()
  _reconnect()
  _reset_connection()
  _get_binary_packet()
  _filter()
  enableQuietMode()
  disableQuietMode()
  isQuietModeEnabled()
  enablePTY()
  disablePTY()
  isPTYEnabled()
  _get_channel_packet()
  _send_binary_packet()
  _append_log()
  _send_channel_packet()
  _close_channel()
  _disconnect()
  _string_shift()
  _define_array()
  getLog()
  _format_log()
  _format_log_helper()
  _on_channel_open()
  _array_intersect_first()
  getErrors()
  getLastError()
  getServerIdentification()
  getKexAlgorithms()
  getServerHostKeyAlgorithms()
  getEncryptionAlgorithmsClient2Server()
  getEncryptionAlgorithmsServer2Client()
  getMACAlgorithmsClient2Server()
  getMACAlgorithmsServer2Client()
  getCompressionAlgorithmsClient2Server()
  getCompressionAlgorithmsServer2Client()
  getLanguagesServer2Client()
  getLanguagesClient2Server()
  getServerAlgorithms()
  getSupportedKEXAlgorithms()
  getSupportedHostKeyAlgorithms()
  getSupportedEncryptionAlgorithms()
  getSupportedMACAlgorithms()
  getSupportedCompressionAlgorithms()
  getAlgorithmsNegotiated()
  setPreferredAlgorithms()
  getBannerMessage()
  getServerPublicHostKey()
  getExitStatus()
  getWindowColumns()
  getWindowRows()
  setWindowColumns()
  setWindowRows()
  setWindowSize()
  _updateLogHistory()
  getAuthMethodsToContinue()
  enableSmartMFA()
  disableSmartMFA()


Class: SSH2  - X-Ref

Pure-PHP implementation of SSHv2.

__construct($host, $port = 22, $timeout = 10)   X-Ref
Default Constructor.

$host can either be a string, representing the host, or a stream resource.

return: \phpseclib\Net\SSH2
see: self::login()
param: mixed $host
param: int $port
param: int $timeout

setCryptoEngine($engine)   X-Ref
Set Crypto Engine Mode

Possible $engine values:
CRYPT_MODE_INTERNAL, CRYPT_MODE_MCRYPT

param: int $engine

sendIdentificationStringFirst()   X-Ref
Send Identification String First

https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established,
both sides MUST send an identification string". It does not say which side sends it first. In
theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy


sendIdentificationStringLast()   X-Ref
Send Identification String Last

https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established,
both sides MUST send an identification string". It does not say which side sends it first. In
theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy


sendKEXINITFirst()   X-Ref
Send SSH_MSG_KEXINIT First

https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending
sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory
it shouldn't matter but it is a fact of life that some SSH servers are simply buggy


sendKEXINITLast()   X-Ref
Send SSH_MSG_KEXINIT Last

https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending
sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory
it shouldn't matter but it is a fact of life that some SSH servers are simply buggy


_connect()   X-Ref
Connect to an SSHv2 server

return: bool

_generate_identifier()   X-Ref
Generates the SSH identifier

You should overwrite this method in your own class if you want to use another identifier

return: string

_key_exchange($kexinit_payload_server = false)   X-Ref
Key Exchange

param: string $kexinit_payload_server optional

_encryption_algorithm_to_key_size($algorithm)   X-Ref
Maps an encryption algorithm name to the number of key bytes.

return: int|null Number of bytes as an integer or null for unknown
param: string $algorithm Name of the encryption algorithm

_encryption_algorithm_to_crypt_instance($algorithm)   X-Ref
Maps an encryption algorithm name to an instance of a subclass of
\phpseclib\Crypt\Base.

return: mixed Instance of \phpseclib\Crypt\Base or null for unknown
param: string $algorithm Name of the encryption algorithm

_bad_algorithm_candidate($algorithm)   X-Ref
Tests whether or not proposed algorithm has a potential for issues

return: bool
param: string $algorithm Name of the encryption algorithm
link: https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-aesctr-openssh.html
link: https://bugzilla.mindrot.org/show_bug.cgi?id=1291

login($username)   X-Ref
Login

The $password parameter can be a plaintext password, a \phpseclib\Crypt\RSA object or an array

return: bool
see: self::_login()
param: string $username

_login($username)   X-Ref
Login Helper

return: bool
see: self::_login_helper()
param: string $username

_login_helper($username, $password = null)   X-Ref
Login Helper

return: bool
param: string $username
param: string $password

_keyboard_interactive_login($username, $password)   X-Ref
Login via keyboard-interactive authentication

See {@link http://tools.ietf.org/html/rfc4256 RFC4256} for details.  This is not a full-featured keyboard-interactive authenticator.

return: bool
param: string $username
param: string $password

_keyboard_interactive_process()   X-Ref
Handle the keyboard-interactive requests / responses.

return: bool

_ssh_agent_login($username, $agent)   X-Ref
Login with an ssh-agent provided key

return: bool
param: string $username
param: \phpseclib\System\SSH\Agent $agent

_privatekey_login($username, $privatekey)   X-Ref
Login with an RSA private key

return: bool
param: string $username
param: \phpseclib\Crypt\RSA $privatekey

getTimeout()   X-Ref
Return the currently configured timeout

return: int

setTimeout($timeout)   X-Ref
Set Timeout

$ssh->exec('ping 127.0.0.1'); on a Linux host will never return and will run indefinitely.  setTimeout() makes it so it'll timeout.
Setting $timeout to false or 0 will mean there is no timeout.

param: mixed $timeout

setKeepAlive($interval)   X-Ref
Set Keep Alive

Sends an SSH2_MSG_IGNORE message every x seconds, if x is a positive non-zero number.

param: int $interval

getStdError()   X-Ref
Get the output from stdError


exec($command, $callback = null)   X-Ref
Execute Command

If $callback is set to false then \phpseclib\Net\SSH2::_get_channel_packet(self::CHANNEL_EXEC) will need to be called manually.
In all likelihood, this is not a feature you want to be taking advantage of.

return: string
param: string $command
param: Callback $callback

_initShell()   X-Ref
Creates an interactive shell

return: bool
see: self::read()
see: self::write()

_get_interactive_channel()   X-Ref
Return the channel to be used with read() / write()

return: int
see: self::read()
see: self::write()

_get_open_channel()   X-Ref
Return an available open channel

return: int

read($expect = '', $mode = self::READ_SIMPLE)   X-Ref
Returns the output of an interactive shell

Returns when there's a match for $expect, which can take the form of a string literal or,
if $mode == self::READ_REGEX, a regular expression.

return: string|bool
see: self::write()
param: string $expect
param: int $mode

write($cmd)   X-Ref
Inputs a command into an interactive shell.

return: bool
see: self::read()
param: string $cmd

startSubsystem($subsystem)   X-Ref
Start a subsystem.

Right now only one subsystem at a time is supported. To support multiple subsystem's stopSubsystem() could accept
a string that contained the name of the subsystem, but at that point, only one subsystem of each type could be opened.
To support multiple subsystem's of the same name maybe it'd be best if startSubsystem() generated a new channel id and
returns that and then that that was passed into stopSubsystem() but that'll be saved for a future date and implemented
if there's sufficient demand for such a feature.

return: bool
see: self::stopSubsystem()
param: string $subsystem

stopSubsystem()   X-Ref
Stops a subsystem.

return: bool
see: self::startSubsystem()

reset()   X-Ref
Closes a channel

If read() timed out you might want to just close the channel and have it auto-restart on the next read() call


isTimeout()   X-Ref
Is timeout?

Did exec() or read() return because they timed out or because they encountered the end?


disconnect()   X-Ref
Disconnect


__destruct()   X-Ref
Destructor.

Will be called, automatically, if you're supporting just PHP5.  If you're supporting PHP4, you'll need to call
disconnect().


isConnected()   X-Ref
Is the connection still active?

return: bool

isAuthenticated()   X-Ref
Have you successfully been logged in?

return: bool

ping()   X-Ref
Pings a server connection, or tries to reconnect if the connection has gone down

Inspired by http://php.net/manual/en/mysqli.ping.php

return: bool

_reconnect()   X-Ref
In situ reconnect method

return: boolean

_reset_connection($reason)   X-Ref
Resets a connection for re-use

param: int $reason

_get_binary_packet($skip_channel_filter = false)   X-Ref
Gets Binary Packets

See '6. Binary Packet Protocol' of rfc4253 for more info.

return: string
see: self::_send_binary_packet()

_filter($payload, $skip_channel_filter)   X-Ref
Filter Binary Packets

Because some binary packets need to be ignored...

return: string
see: self::_get_binary_packet()

enableQuietMode()   X-Ref
Enable Quiet Mode

Suppress stderr from output


disableQuietMode()   X-Ref
Disable Quiet Mode

Show stderr in output


isQuietModeEnabled()   X-Ref
Returns whether Quiet Mode is enabled or not

return: bool
see: self::enableQuietMode()
see: self::disableQuietMode()

enablePTY()   X-Ref
Enable request-pty when using exec()


disablePTY()   X-Ref
Disable request-pty when using exec()


isPTYEnabled()   X-Ref
Returns whether request-pty is enabled or not

return: bool
see: self::enablePTY()
see: self::disablePTY()

_get_channel_packet($client_channel, $skip_extended = false)   X-Ref
Gets channel data

Returns the data as a string if it's available and false if not.

return: mixed|bool
param: int $client_channel
param: bool $skip_extended

_send_binary_packet($data, $logged = null)   X-Ref
Sends Binary Packets

See '6. Binary Packet Protocol' of rfc4253 for more info.

return: bool
see: self::_get_binary_packet()
param: string $data
param: string $logged

_append_log($message_number, $message)   X-Ref
Logs data packets

Makes sure that only the last 1MB worth of packets will be logged

param: string $message_number
param: string $message

_send_channel_packet($client_channel, $data)   X-Ref
Sends channel data

Spans multiple SSH_MSG_CHANNEL_DATAs if appropriate

return: bool
param: int $client_channel
param: string $data

_close_channel($client_channel, $want_reply = false)   X-Ref
Closes and flushes a channel

\phpseclib\Net\SSH2 doesn't properly close most channels.  For exec() channels are normally closed by the server
and for SFTP channels are presumably closed when the client disconnects.  This functions is intended
for SCP more than anything.

return: bool
param: int $client_channel
param: bool $want_reply

_disconnect($reason)   X-Ref
Disconnect

return: bool
param: int $reason

_string_shift(&$string, $index = 1)   X-Ref
String Shift

Inspired by array_shift

return: string
param: string $string
param: int $index

_define_array()   X-Ref
Define Array

Takes any number of arrays whose indices are integers and whose values are strings and defines a bunch of
named constants from it, using the value as the name of the constant and the index as the value of the constant.
If any of the constants that would be defined already exists, none of the constants will be defined.


getLog()   X-Ref
Returns a log of the packets that have been sent and received.

Returns a string if NET_SSH2_LOGGING == self::LOG_COMPLEX, an array if NET_SSH2_LOGGING == self::LOG_SIMPLE and false if !defined('NET_SSH2_LOGGING')

return: array|false|string

_format_log($message_log, $message_number_log)   X-Ref
Formats a log for printing

return: string
param: array $message_log
param: array $message_number_log

_format_log_helper($matches)   X-Ref
Helper function for _format_log

For use with preg_replace_callback()

return: string
param: array $matches

_on_channel_open()   X-Ref
Helper function for agent->_on_channel_open()

Used when channels are created to inform agent
of said channel opening. Must be called after
channel open confirmation received


_array_intersect_first($array1, $array2)   X-Ref
Returns the first value of the intersection of two arrays or false if
the intersection is empty. The order is defined by the first parameter.

return: mixed False if intersection is empty, else intersected value.
param: array $array1
param: array $array2

getErrors()   X-Ref
Returns all errors

return: string[]

getLastError()   X-Ref
Returns the last error

return: string

getServerIdentification()   X-Ref
Return the server identification.

return: string

getKexAlgorithms()   X-Ref
Return a list of the key exchange algorithms the server supports.

return: array

getServerHostKeyAlgorithms()   X-Ref
Return a list of the host key (public key) algorithms the server supports.

return: array

getEncryptionAlgorithmsClient2Server()   X-Ref
Return a list of the (symmetric key) encryption algorithms the server supports, when receiving stuff from the client.

return: array

getEncryptionAlgorithmsServer2Client()   X-Ref
Return a list of the (symmetric key) encryption algorithms the server supports, when sending stuff to the client.

return: array

getMACAlgorithmsClient2Server()   X-Ref
Return a list of the MAC algorithms the server supports, when receiving stuff from the client.

return: array

getMACAlgorithmsServer2Client()   X-Ref
Return a list of the MAC algorithms the server supports, when sending stuff to the client.

return: array

getCompressionAlgorithmsClient2Server()   X-Ref
Return a list of the compression algorithms the server supports, when receiving stuff from the client.

return: array

getCompressionAlgorithmsServer2Client()   X-Ref
Return a list of the compression algorithms the server supports, when sending stuff to the client.

return: array

getLanguagesServer2Client()   X-Ref
Return a list of the languages the server supports, when sending stuff to the client.

return: array

getLanguagesClient2Server()   X-Ref
Return a list of the languages the server supports, when receiving stuff from the client.

return: array

getServerAlgorithms()   X-Ref
Returns a list of algorithms the server supports

return: array

getSupportedKEXAlgorithms()   X-Ref
Returns a list of KEX algorithms that phpseclib supports

return: array

getSupportedHostKeyAlgorithms()   X-Ref
Returns a list of host key algorithms that phpseclib supports

return: array

getSupportedEncryptionAlgorithms()   X-Ref
Returns a list of symmetric key algorithms that phpseclib supports

return: array

getSupportedMACAlgorithms()   X-Ref
Returns a list of MAC algorithms that phpseclib supports

return: array

getSupportedCompressionAlgorithms()   X-Ref
Returns a list of compression algorithms that phpseclib supports

return: array

getAlgorithmsNegotiated()   X-Ref
Return list of negotiated algorithms

Uses the same format as https://www.php.net/ssh2-methods-negotiated

return: array

setPreferredAlgorithms($methods)   X-Ref
Accepts an associative array with up to four parameters as described at
<https://www.php.net/manual/en/function.ssh2-connect.php>

param: array $methods

getBannerMessage()   X-Ref
Returns the banner message.

Quoting from the RFC, "in some jurisdictions, sending a warning message before
authentication may be relevant for getting legal protection."

return: string

getServerPublicHostKey()   X-Ref
Returns the server public host key.

Caching this the first time you connect to a server and checking the result on subsequent connections
is recommended.  Returns false if the server signature is not signed correctly with the public host key.

return: mixed

getExitStatus()   X-Ref
Returns the exit status of an SSH command or false.

return: false|int

getWindowColumns()   X-Ref
Returns the number of columns for the terminal window size.

return: int

getWindowRows()   X-Ref
Returns the number of rows for the terminal window size.

return: int

setWindowColumns($value)   X-Ref
Sets the number of columns for the terminal window size.

param: int $value

setWindowRows($value)   X-Ref
Sets the number of rows for the terminal window size.

param: int $value

setWindowSize($columns = 80, $rows = 24)   X-Ref
Sets the number of columns and rows for the terminal window size.

param: int $columns
param: int $rows

_updateLogHistory($old, $new)   X-Ref
Update packet types in log history

param: string $old
param: string $new

getAuthMethodsToContinue()   X-Ref
Return the list of authentication methods that may productively continue authentication.

return: array|null
see: https://tools.ietf.org/html/rfc4252#section-5.1

enableSmartMFA()   X-Ref
Enables "smart" multi-factor authentication (MFA)


disableSmartMFA()   X-Ref
Disables "smart" multi-factor authentication (MFA)