PHPSecLib Password protected RSA and user authentication
There is an example specifying how to load a password protected key file on the phpseclib website. Note the line $key->setPassword('whatever');
<?php
include('Net/SSH2.php');
include('Crypt/RSA.php');
$ssh = new Net_SSH2('www.domain.tld');
$key = new Crypt_RSA();
$key->setPassword('whatever');
$key->loadKey(file_get_contents('privatekey'));
if (!$ssh->login('username', $key)) {
exit('Login Failed');
}
echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
Keep in mind you're not sending the password to the server. You just need the password in order to successfully load the key file. Then the username and key are sent to the server to authenticate you.
Can not login using phpseclib with RSA keys?
From your post:
$key = new Crypt_RSA();
$key->loadKey('key');
echo file_get_contents('key');
$key->loadKey('key');
isn't expecting a filename - it's expecting the actual key. So if you're having to do file_get_contents('key')
to show the actual key then you'll have to do $key->loadKey(file_get_contents('key'))
.
Also, you need to supply loadKey
with the private key - not the public key. It looks like you're not because the key you did post has -----BEGIN RSA PUBLIC KEY-----
in it. The private key is needed because that's how you verify your identity. You sign with the private key, the server verifies with the public key.
PHPSeclib Proxy send username and password as arguments
Quoting https://github.com/phpseclib/phpseclib/issues/1339#issuecomment-462224179:
With authorization:
$fsock = fsockopen('127.0.0.1', 80, $errno, $errstr, 1);
if (!$fsock) {
echo $errstr; exit;
}
fputs($fsock, "CONNECT website.com:22 HTTP/1.0\r\n");
fputs($fsock, "Proxy-Authorization: Basic " . base64_encode('user:pass') . "\r\n");
fputs($fsock, "\r\n");
while ($line = fgets($fsock, 1024)) {
if ($line == "\r\n") {
break;
}
//echo $line;
}
$ssh = new Net_SSH2($fsock);
$ssh->login('user', 'pass');
echo $ssh->exec('ls -latr');If that doesn't work then run the script and tell me what the headers you get back are. Digest authentication is more of a PITA then Basic but it's not impossible.
More info on how authorization works with HTTP proxies:
https://www.rfc-editor.org/rfc/rfc7235#section-4.3
Integrating PHP, SSH and ssh-agent
Per neubert, what I had to do was add this line to Connection.php and I was able to get agent-based authentication to work:
$this->client->setPreferredAlgorithms(['hostkey' => ['ssh-rsa']]);
I still can't get key-based authentication to work, but I don't care about that as much.
Related Topics
Find and Replace Keywords by Hyperlinks in an HTML Fragment, via PHP Dom
Prevent Browser Back Button Cache
Iterating Through a Stdclass Object in PHP
Cannot Initialize Mbstring with PHP 7
Laravel Changing Timezone Not Reflecting the Correct Time
In PHP, Is There Any Harm in Running Session_Start() Multiple Times
Regular Expression: Find Range Except for One Letter or a Range
How to Upload Image PHP and Insert Path in MySQL
Read the Longest String from an Array in PHP 5.3
Check How Many Times Specific Value in Array PHP
Multidimensional Array Difference PHP
How to Parse HTML Table Using PHP
Saving Div Contents or Canvas as Image
How to Determine the Extension(S) Associated with a Mime Type in PHP