ssh2_connect

(PECL ssh2 >= 0.9.0)

ssh2_connect — Conecta-se a um servidor SSH

Descrição

ssh2_connect(
    string $host,
    int $port = 22,
    array $methods = ?,
    array $callbacks = ?
): resource|false

Estabelece uma conexão com um servidor SSH remoto.

Uma vez conectado, o cliente deve verificar a chave do host do servidor usando ssh2_fingerprint() e, em seguida, autenticar usando senha ou chave pública.

Parâmetros

host

port

methods

methods pode ser um array associativo com até quatro parâmetros, conforme descrito abaixo.

**`methods` pode ser um array associativo com qualquer ou todos dos parâmetros a seguir**
Índice	Significado	Valores suportados*
kex	Lista de métodos de troca de chaves para anunciar, separados por vírgula em ordem de preferência.	`diffie-hellman-group1-sha1`, `diffie-hellman-group14-sha1` e `diffie-hellman-group-exchange-sha1`
hostkey	Lista de métodos hostkey a serem anunciados, separados por vírgula em ordem de preferência.	`ssh-rsa` and `ssh-dss`
client_to_server	Array associativo contendo criptografia, compactação e preferências de método de código de autenticação de mensagem (MAC) para mensagens enviadas do cliente para o servidor.
server_to_client	Array associativo contendo criptografia, compactação e preferências de método de código de autenticação de mensagem (MAC) para mensagens enviadas do servidor para o cliente.

* - Os valores suportados dependem dos métodos suportados pela biblioteca subjacente. Consulte a documentação de » libssh2 para obter informações adicionais.

**`client_to_server` e `server_to_client` podem ser um array associativo com qualquer um ou todos os seguintes parâmetros**
Índice	Significado	Valores suportados*
crypt	Lista de métodos de criptografia para anunciar, separados por vírgula em ordem de preferência.	`[email protected]`, `aes256-cbc`, `aes192-cbc`, `aes128-cbc`, `3des-cbc`, `blowfish-cbc`, `cast128-cbc`, `arcfour` e `none**`
comp	Lista de métodos de compactação para anunciar, separados por vírgula em ordem de preferência.	`zlib` e `none`
mac	Lista de métodos MAC para anunciar, separados por vírgula em ordem de preferência.	`hmac-sha1`, `hmac-sha1-96`, `hmac-ripemd160`, `[email protected]` e `none**`

Nota: Método Crypt e MAC "none"

Por motivos de segurança, none é desabilitado pela biblioteca subjacente » libssh2, a menos que seja explicitamente habilitado durante o tempo de compilação usando as opções ./configure apropriadas. Consulte a documentação da biblioteca subjacente para obter mais informações.

callbacks

callbacks pode ser um array associativo com qualquer ou todos os parâmetros a seguir.

**Parâmetros de callbacks**
Índice	Significado	Protótipo
ignore	Nome da função a ser chamada quando um pacote `SSH2_MSG_IGNORE` é recebido	void ignore_cb($message)
debug	Nome da função a ser chamada quando um pacote `SSH2_MSG_DEBUG` é recebido	void debug_cb($message, $language, $always_display)
macerror	Nome da função a ser chamada quando um pacote é recebido, mas o código de autenticação da mensagem falhou. Se o retorno de chamada retornar `true`, a incompatibilidade será ignorada; caso contrário, a conexão será encerrada.	bool macerror_cb($packet)
disconnect	Nome da função a ser chamada quando um pacote `SSH2_MSG_DISCONNECT` é recebido	void disconnect_cb($reason, $message, $language)

Valor Retornado

Retorna um recurso em caso de sucesso ou false em caso de erro.

Exemplos

Exemplo #1 Exemplo de ssh2_connect()

Abre uma conexão forçando 3des-cbc ao enviar pacotes, cifra aes de força qualquer ao receber pacotes, sem compactação em qualquer direção, e troca de chaves do Grupo 1.

<?php
/* Notifica o usuário se o servidor encerrar a conexão */
function my_ssh_disconnect($reason, $message, $language) {
    printf("Servidor desconectado com código de motivo [%d] e mensagem: %s\n",
         $reason, $message);
}

$methods = array(
    'kex' => 'diffie-hellman-group1-sha1',
    'client_to_server' => array(
        'crypt' => '3des-cbc',
        'comp' => 'none'),
    'server_to_client' => array(
    'crypt' => 'aes256-cbc,aes192-cbc,aes128-cbc',
    'comp' => 'none'));

$callbacks = array('disconnect' => 'my_ssh_disconnect');

$connection = ssh2_connect('shell.example.com', 22, $methods, $callbacks);
if (!$connection) die('Falha na conexão');
?>

Veja Também

ssh2_fingerprint() - Recupera a impressão digital do servidor remoto
ssh2_auth_none() - Autentica como "nenhum"
ssh2_auth_password() - Autentica via SSH usando uma senha simples
ssh2_auth_pubkey_file() - Autentica usando uma chave pública
ssh2_disconnect() - Fecha uma conexão com um servidor SSH remoto

Melhore Esta Página

Aprenda Como Melhorar Esta Página • Envie uma Solicitação de Modificação • Reporte um Problema

＋adicione uma nota

Notas Enviadas por Usuários (em inglês) 8 notes

down

Steve Kamerman ¶

13 years ago

Due to a lack of complete examples, here's a simple SSH2 class for connecting to a server, authenticating with public key authentication, verifying the server's fingerprint, issuing commands and reading their STDOUT and properly disconnecting.  Note: You may need to make sure you commands produce output so the response can be pulled.  Some people suggest that the command is not executed until you pull the response back.

<?php

class NiceSSH {

    // SSH Host

    private $ssh_host = 'myserver.example.com';

    // SSH Port

    private $ssh_port = 22;

    // SSH Server Fingerprint

    private $ssh_server_fp = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

    // SSH Username

    private $ssh_auth_user = 'username';

    // SSH Public Key File

    private $ssh_auth_pub = '/home/username/.ssh/id_rsa.pub';

    // SSH Private Key File

    private $ssh_auth_priv = '/home/username/.ssh/id_rsa';

    // SSH Private Key Passphrase (null == no passphrase)

    private $ssh_auth_pass;

    // SSH Connection

    private $connection;

    

    public function connect() {

        if (!($this->connection = ssh2_connect($this->ssh_host, $this->ssh_port))) {

            throw new Exception('Cannot connect to server');

        }

        $fingerprint = ssh2_fingerprint($this->connection, SSH2_FINGERPRINT_MD5 | SSH2_FINGERPRINT_HEX);

        if (strcmp($this->ssh_server_fp, $fingerprint) !== 0) {

            throw new Exception('Unable to verify server identity!');

        }

        if (!ssh2_auth_pubkey_file($this->connection, $this->ssh_auth_user, $this->ssh_auth_pub, $this->ssh_auth_priv, $this->ssh_auth_pass)) {

            throw new Exception('Autentication rejected by server');

        }

    }

    public function exec($cmd) {

        if (!($stream = ssh2_exec($this->connection, $cmd))) {

            throw new Exception('SSH command failed');

        }

        stream_set_blocking($stream, true);

        $data = "";

        while ($buf = fread($stream, 4096)) {

            $data .= $buf;

        }

        fclose($stream);

        return $data;

    }

    public function disconnect() {

        $this->exec('echo "EXITING" && exit;');

        $this->connection = null;

    }

    public function __destruct() {

        $this->disconnect();

    }

}

?>



[EDIT BY danbrown AT php DOT net: Contains two bugfixes suggested by 'AlainC' in user note #109185 (removed) on 26-JUN-2012.]

down

thessoro at gmail dot com ¶

10 years ago

Be careful when providing a specific hostkey order. 

<?php
ssh2_connect('IP', 'port', array('hostkey'=>'ssh-rsa, ssh-dss'));
?>

Will only work when the public key of the server is RSA, and not DSA also as expected. This is caused by the empty space before the "ssh-dss". 

So a similar code:

<?php
ssh2_connect('IP', 'port',   array('hostkey'=>'ssh-rsa,ssh-dss'));
?>

Will work. The HOSTKEY method is overriden using exactly what you write, so no empty spaces are allowed.

This took me some time that you could save ;)

down

christophermjgray at gmail dot com ¶

7 years ago

This page is out of date.  Any of the SHA-1 in the Key Exchange Methods in the kex section should be discarded, due to Logjam (https://weakdh.org/logjam.html).  If you continue to use them, connects will result in the following warning: 
"Warning: ssh2_connect(): Error starting up SSH connection(-5): Unable to exchange encryption keys in ..."

The following is an example of what works.  Also by removing the 'hex' section all together, results in libssl (https://libssh2.org/) falling back to discovering which is the strongest cipher to authenticate with. 

<?php

if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");

function ssh2_debug($message, $language, $always_display) {
   printf("%s %s %s\n",$message,$language,$always_display);
}

/* Notify the user if the server terminates the connection */
function my_ssh_disconnect($reason, $message, $language) {
  printf("Server disconnected with reason code [%d] and message: %s\n", $reason, $message);
}

$methods = array(
    'hostkey'=>'ssh-rsa,ssh-dss',
//    'kex' => 'diffie-hellman-group-exchange-sha256',
    'client_to_server' => array(
        'crypt' => 'aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc',
        'comp' => 'none'),
    'server_to_client' => array(
        'crypt' => 'aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc,blowfish-cbc',
        'comp' => 'none'));
        
$callbacks = array('disconnect' => 'my_ssh_disconnect');

foreach (array('192.168.1.1') as $host) {
  $connection = ssh2_connect($host, 22, $methods, $callbacks);
  if (!$connection) die("Connection failed:");

  ssh2_auth_password($connection, 'user', 'my_password') or die("Unable to authenticate");
  $stream = ssh2_exec($connection, 'free -m');
  stream_set_blocking($stream, true);
  $stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO);
  echo stream_get_contents($stream_out);
}

?>

down

jrdbrndt at gmail dot com ¶

5 years ago

Trying to include "aes256-cbc" in the encryption methods list caused an error. The documentation here may be out of date, and you might find a more accurate list of what values are acceptable by checking the libssh2 documentation at libssh2.org.

down

devoldemar ¶

1 year ago

Usage of 'hostkey' option makes sence when you need to check authenticity of the remote server, e.g. by means of ssh2_fingerprint function. For that purpose you specify a list of possible algorithms sorted by priority in descending order. Supported values also include 'ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384' and 'ecdsa-sha2-nistp521'.
For instance:
<?php
$ssh = ssh2_connect('192.168.3.1', 22, ['hostkey' => 'ssh-ed25519,ssh-rsa']);
$md5 = ssh2_fingerprint($ssh); // returns MD5 hash of ED25519 host key, or MD5 hash of RSA key if the key of previous type is absent
?>

Note, if the remote server does not have a key of appropriate type connection will fail:
<?php
$ssh = ssh2_connect('192.168.3.1', 22, ['hostkey' => 'ssh-dss']);
PHP Warning:  ssh2_connect(): Error starting up SSH connection(-5): Unable to exchange encryption keys in php shell code on line 1
PHP Warning:  ssh2_connect(): Unable to connect to 192.168.3.1 in php shell code on line 1
?>

down

Trev White ¶

11 years ago

Hi,
If you are having problems with running a ssh2 session and it waits forever during the execution of stream_get_contents, it might be because the remote system has run the command and is now sitting at a # prompt waiting for the next command.  I had this issue on a HP MSA box, here is the code to get around the issue.

Assuming you are connected with your authentication method and $ssh contains the handle.

<?php
$command = "check disk";
// Open a nice large window to stop wrapping
$stream = ssh2_shell ($ssh, 'xterm', null, 200, 200, SSH2_TERM_UNIT_CHARS); 

// Hook into the error stream
$errorStream = ssh2_fetch_stream($stream, SSH2_STREAM_STDERR);  

// Block the streams so we wait until they complete
stream_set_blocking ($stream, true);
stream_set_blocking($errorStream, true);

// Send the commands to the terminal
fwrite ($stream, $command . PHP_EOL );

// Wait give the terminal a chance to accept and start processing the command, this is a slow storage device after all
sleep(2);

// IMPORTANT BIT!!  Send exit to the terminal to close the connection BEFORE WE WAIT FOR THE STREAM
fwrite ($stream, "exit" . PHP_EOL );
sleep (2);

// Print the output
echo stream_get_contents($stream);
$errortext=stream_get_contents($errorStream);

if (strlen($errortext) > 0) {
          // Error Data
         echo "Error Data: $errortext";
         exit (1);
}

// All Good
exit (0);

?>

You can't use ssh2_exec with this method (well at lease I couldn't) because on executing the first command the stream gets blocked and then you can't run the exit command, whereas a terminal seems to use one session.

I hope this helps someone.

down

suri dot suribala dot com ¶

20 years ago

With Sara's help, I have the following SS2 class that is quite flexible. If anyone improves it, please feel free to let me know.

<?php

// ssh protocols
// note: once openShell method is used, cmdExec does not work

class ssh2 {

  private $host = 'host';
  private $user = 'user';
  private $port = '22';
  private $password = 'password';
  private $con = null;
  private $shell_type = 'xterm';
  private $shell = null;
  private $log = '';

  function __construct($host='', $port=''  ) {

     if( $host!='' ) $this->host  = $host;
     if( $port!='' ) $this->port  = $port;

     $this->con  = ssh2_connect($this->host, $this->port);
     if( !$this->con ) {
       $this->log .= "Connection failed !"; 
     }

  }

  function authPassword( $user = '', $password = '' ) {

     if( $user!='' ) $this->user  = $user;
     if( $password!='' ) $this->password  = $password;

     if( !ssh2_auth_password( $this->con, $this->user, $this->password ) ) {
       $this->log .= "Authorization failed !"; 
     }

  }

  function openShell( $shell_type = '' ) {

        if ( $shell_type != '' ) $this->shell_type = $shell_type;
    $this->shell = ssh2_shell( $this->con,  $this->shell_type );
    if( !$this->shell ) $this->log .= " Shell connection failed !";

  }

  function writeShell( $command = '' ) {

    fwrite($this->shell, $command."\n");

  }

  function cmdExec( ) {

        $argc = func_num_args();
        $argv = func_get_args();

    $cmd = '';
    for( $i=0; $i<$argc ; $i++) {
        if( $i != ($argc-1) ) {
          $cmd .= $argv[$i]." && ";
        }else{
          $cmd .= $argv[$i];
        }
    }
    echo $cmd;

        $stream = ssh2_exec( $this->con, $cmd );
    stream_set_blocking( $stream, true );
    return fread( $stream, 4096 );

  }

  function getLog() {

     return $this->log; 

  }

}

?>

down

-1

rainerkrauss at googlemail dot com ¶

10 years ago

Warning! If you open a ssh connection and execute an external program opening another ssh connection it may result in very strange behavior.

I used an sftp connection to get a file list and used "exec" to download the files afterwards with an external sftp. lftp downloaded zeros with no comment, psftp exits with error code 11 most of the time, but sometimes it works - probably depending on how quickly php collects garbage and closes the unused connection first.

As there is no function to close a connection, you need to be sure to destroy all references (unset) to close it.

＋adicione uma nota