EzDevInfo.com

phpseclib

PHP Secure Communications Library phpseclib: pure PHP implementations of SSH, SFTP, RSA and X.509 easy to use, easy to install, actively maintained and actively supported, phpseclib is the best way to utilize ssh, sftp, rsa and x.509 in php

PHP Telnet/SSH dynamic login

I have an issue that's stumped me.

I'm trying to automate a CLI login to a router and run some commands obtained via a webpage. However I don't know if the router has telnet or SSH enabled (might be one,the other, or both) and I have a list of possible username/password combos that I need to try to gain access.
Oh, and I can't change either the protocol type or the credentials on the device, so that's not really an option.

I was able to figure out how to login to a router with a known protocol and login credentials and run the necessary commands(included below), but I don't know if I should use an if/else block to work through the telnet/ssh decisions, or if a switch statement might be better? Would using Expect inside PHP be an easier way to go?

function tunnelRun($commands,$user,$pass, $yubi){
    $cpeIP = "1.2.3.4";
    $commands_explode = explode("\n", $commands);

    $screenOut = "";

    $ssh = new Net_SSH2('router_jumphost');
    if (!$ssh->login($user, $pass . $yubi)) {
        exit('Login Failed');
    }


    $ssh->setTimeout(2);
    $ssh->write("ssh -l username $cpeIP\n");
    $ssh->read("assword:");
    $ssh->write("password\n");
    $ssh->read("#");
    $ssh->write("\n");
    $cpePrompt = $ssh->read('/.*[#|>]/', NET_SSH2_READ_REGEX);
    $cpePrompt = str_replace("\n", '', trim($cpePrompt));
    $ssh->write("config t\n");


    foreach ($commands_explode as $i) {
        $ssh->write("$i\n"); // note the "\n"
        $ssh->setTimeout(2);
        $screenOut .= $ssh->read();

    }
    $ssh->write("end\n");
    $ssh->read($cpePrompt);
    $ssh->write("exit\n");
    echo "Router Update completed! Results below:<br><br>";

    echo "<div id=\"text_out\"><textarea style=\" border:none; width: 700px;\" rows=\"20\">".$screenOut."</textarea></div>";

Update:

The solution I went with was a while/switch loop. I would of gone the Expect route, but I kept running into issues on getting the Expect module integrated into PHP on my server (Windows box.) If I had been using a Unix/Linux server Expect would of been the simplest way to achieve this. I just made it into a working demo for now, so there are a lot of variations missing from the case statements still, and error-handling still needs to bef figured out, but the basic idea is there. I still want to move the preg_match statements around a bit more to do the matching at the top of the while loop (so I don't spam the whole case section with different preg_match lines), but that may prove to be more work than I want for now. Hope this might help someone else trying to do the same!

    <?php
 include('Net/SSH2.php');
 define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);
 ini_set('display_errors', 1);

$conn = new Net_SSH2('somewhere.outthere.com');
if (!$conn->login($user, $pass . $yubi)) {
    exit('Login Failed');
}

$prompt = "Testing#";

$conn->setTimeout(2);
$conn->write("PS1=\"$prompt\"");
$conn->read();
$conn->write("\n");
$screenOut = $conn->read();

//echo "$screenOut is set on the shell<br><br>";
echo $login_db[3][0]. "  ". $login_db[3][1];

$logged_in = false;
$status = "SSH";
$status_prev = "";
$login_counter = 0;
while (!$logged_in && $login_counter <=3) {
    switch ($status) {

        case "Telnet":
            break;
        case "SSH":
            $conn->write("\n");
            $conn->write("ssh -l " . $login_db[$login_counter][0] . " $cpeIP\n");
            $status_prev = $status;
            $status = $conn->read('/\n([.*])$/', NET_SSH2_READ_REGEX);
            break;
        case (preg_match('/Permission denied.*/', $status) ? true : false):
            $conn->write(chr(3)); //Sends Ctrl+C
            $status = $conn->read();
            if (strstr($status, "Testing#")) {
                $status = "SSH";
                $login_counter++;
                break;
            } else {
                break 2;
            }
        case (preg_match('/[pP]assword:/', $status) ? true : false):

            $conn->write($login_db[$login_counter][1] . "\n");
            $status_prev = $status;
            $status = $conn->read('/\n([.*])$/', NET_SSH2_READ_REGEX);
            break;
        case (preg_match('/yes\/no/', $status) ? true : false):
            $conn->write("yes\n");
            $status_prev = $status;
            $status = $conn->read('/\n([.*])$/', NET_SSH2_READ_REGEX);
            break;
        case (preg_match('/(^[a-zA-Z0-9_]+[#]$)|(>)/', $status,$matches) ? true : false):


            $conn->write("show version\n");
            $status = $conn->read(">");
            if(preg_match('/ADTRAN|Adtran|Cisco/', $status)? true:false){
                $logged_in = true;
                break;
            }

        default:
            echo "<br>Something done messed up! Exiting";
            break 2;

    }
    //echo "<pre>" . $conn->getLog() . "</pre>";
}
if ($logged_in === true) {
    echo "<br> Made it out of the While loop cleanly";
} else {
    echo "<br> Made it out of the While loop, but not cleanly";
}
echo "<pre>" . $conn->getLog() . "</pre>";

$conn->disconnect();
echo "disconnected cleanly";
}
?>

Source: (StackOverflow)

PHP FTP/SFTP switch class

OK, so accessing other servers from your own via either ftp or sftp... I have written a small class to handle either.. It is obviously new and could easily be improved so thought i would throw it out here and see what other people think (stackoverflow gets a hell of a lot of views so hopefully this could help someone else), and how they can improve on it... so i guess the question is... how can this be improved?

class ftp_sftp{
//determine, if ssh, to use phpseclib or php's inbuilt ssh_sftp 'libssh'
public $ssh_type = 'phpseclib';
//set ths path to the directory containing the entire phpseclib files
public $phpseclib_path = 'scripts/phpseclib0.3.0';

//private vars generated by this class
public $host;
public $username;
public $password;
public $connection_type;
public $port_number;
public $connection = false;

//contruct method which will attempt to set the connection details and automatically attempt to establisha connection to the server
public function __construct( $host, $username, $password, $connection_type, $port_number = false ){

    //add the webroot to the beginning of the $this->phpseclib_path (this is bespoke to my own configuration)
    $this->phpseclib_path = WEBROOT_PRIVATE.$this->phpseclib_path;

    //setting the classes vars
    $this->host         = $host;
    $this->username     = $username;
    $this->password     = $password;
    $this->connection_type = $connection_type;

    //set the port number to defaults based on connection type if none passed
    if( $port_number === false ){
        if( $connection_type == 'ftp' ){
            $port_number = 21;
        } else {
            $port_number = 22;
        }
    }
    $this->port_number = $port_number;

    //now set the server connection into this classes connection var
    $this->connection = $this->connect();
}

//tests the details passed and tries to establish a connection, returns false on fail.
function connect(){
    br($this->connection_type);
    switch( $this->connection_type )
        {
            case 'ftp':
                        $connection = ftp_connect($this->host);
                        $login = ftp_login($connection, $this->username, $this->password);

                        //if no connection was possible return false and leave $this-connection as false
                        if(!$connection || !$login){
                            return false;
                        } else {
                            // enabling passive mode
                            ftp_pasv( $connection, true );
                            return $connection;
                        }
            break;

            case 'sftp':
                        //decide which ssh type to use
                        switch( $this->ssh_type ){
                            case 'phpseclib':
                                    //inlcude the phpseclib path in the include array and include the ssh2 class
                                    set_include_path($this->phpseclib_path );
                                    if(!include('Net/SSH2.php')){
                                        echo 'Sorry failed to load SSH2 class';
                                        br();
                                    }
                                    if(!include('Net/SFTP.php')){
                                        echo 'Sorry failed to load SFTP class';
                                        br();
                                    }

                                    $connection = new Net_SFTP($this->host, $this->port_number);
                                    $login = $connection->login($this->username, $this->password);
                            break;

                            case 'libssh2':
                                    $connection = ssh2_connect($this->host, $this->port_number);
                                    $login = ssh2_auth_password($connection, 'username', 'secret');
                            break;

                            default:
                                    echo 'No ssh method defined, please define one in: $ftp_sftp->ssh_type';
                                    exit();
                            break;
                        }


                        //if no connection was possible return false and leave $this-connection as false
                        if (!$connection || !$login) {
                            return false;
                        } else {
                            return $connection;
                        }
            break;

            default: echo 'No connection type set cannot choose a method to connect';
            break;
        }
}

//acces the phpseclib errors
public function errors(){
if($this->connection_type == 'sftp' && $this->ssh_type == 'phpseclib'){
        print_r($this->connection->getErrors());
    } else {
        echo 'no error logs available';
    }
}

//function used by this class to check certain values are set
public function connection_check(){
    if( $this->connection === false){
        echo 'Sorry there seems to be a connection problem please try again';
        br();
    }

    if( $this->connection_type === false){
        echo 'Sorry there seems to be a no connection type set';
    }

    if( $this->connection === false || $this->connection_type === false ){
        exit();
    }
}

//transfers a file to the connected server
public function put($targetLocationToSendTo, $existingLocationToSendFrom){

    //check the connection
    $this->connection_check();

    switch( $this->connection_type )
        {
            case 'ftp':
                        //ftp_put the file across
                        $put = ftp_put( $this->connection, $targetLocationToSendTo, $existingLocationToSendFrom, FTP_BINARY);
            break;

            case 'sftp':
                        //decide which ssh type to use
                        switch( $this->ssh_type ){
                            case 'phpseclib':
                                    $put = $this->connection->put( $targetLocationToSendTo, $existingLocationToSendFrom, NET_SFTP_LOCAL_FILE );
                            break;

                            case 'libssh2':
                                    $put = ssh2_scp_send($this->connection, $targetLocationToSendTo, $existingLocationToSendFrom, 0755);
                            break;
                        }
            break;
        }

    return $put;
}

//list the contents of a remote directory
public function dir_list( $dirToList ){

    //check the connection
    $this->connection_check();

    //run appropriate list
    switch( $this->connection_type )
        {
            case 'ftp':
                        $list = $this->connection = ftp_nlist($this->connection, $dirToList);
            break;

            case 'sftp':
                        //decide which ssh type to use
                        switch( $this->ssh_type ){
                            case 'phpseclib':
                                    $list = $this->connection->nlist( $dirToList );
                            break;

                            case 'libssh2':
                                    echo 'Sorry there is no support for nlist with libssh2, however this link has a possible answer: http://randomdrake.com/2012/02/08/listing-and-downloading-files-over-sftp-with-php-and-ssh2/';
                            break;
                        }
            break;
        }

    return $list;
}

//get the timestamp of the file on another server
public function remote_filemtime( $pathToFile ){

    //check the connection
    $this->connection_check();

    //run appropriate list
    switch( $this->connection_type )
        {
            case 'ftp':
                        $timeStamp = ftp_mdtm($this->connection, $pathToFile);
            break;

            case 'sftp':
                        //decide which ssh type to use
                        switch( $this->ssh_type ){
                            case 'phpseclib':
                                    $statinfo = $this->connection->stat( $pathToFile );
                            break;

                            case 'libssh2':
                                    $statinfo = ssh2_sftp_stat($this->connection, $pathToFile);
                            break;
                        }

                        if($statinfo['mtime']){
                            $timeStamp = $statinfo['mtime'];
                        } else {
                            $timeStamp = false;
                        }
            break;
        }

    return $timeStamp;
}

//make a directory on the remote server
public function make_dir( $dirToMake ){
    //check the connection
    $this->connection_check();

    //run appropriate list
    switch( $this->connection_type )
        {
            case 'ftp':
                        $dir_made = ftp_mkdir($this->connection, $dirToMake);
            break;

            case 'sftp':
                        //decide which ssh type to use
                        switch( $this->ssh_type ){
                            case 'phpseclib':
                                    $statinfo = $this->connection->mkdir( $dirToMake );
                            break;

                            case 'libssh2':
                                    $statinfo = ssh2_sftp_mkdir($this->connection, $dirToMake, 0755);
                            break;
                        }
            break;
        }

    return $dir_made;
}

//change directory
public function change_dir( $dirToMoveTo ){
    //check the connection
    $this->connection_check();

    //run appropriate list
    switch( $this->connection_type )
        {
            case 'ftp': $chdir = ftp_chdir($this->connection, $dirToMoveTo );
            break;

            case 'sftp':
                        //decide which ssh type to use
                        switch( $this->ssh_type ){
                            case 'phpseclib':
                                    $chdir = $this->connection->chdir( $dirToMoveTo );
                            break;

                            case 'libssh2':
                                    echo 'Sorry this feature does exist yet for when using libssh2 with the ftp_sftp class';
                                    exit();
                            break;
                        }
            break;
        }

    return $chdir;
}

//curent directory we are looking in
public function pwd(){

    //check the connection
    $this->connection_check();

    //run appropriate list
    switch( $this->connection_type )
        {
            case 'ftp': $pwd = ftp_pwd($this->connection);
            break;

            case 'sftp':
                        //decide which ssh type to use
                        switch( $this->ssh_type ){
                            case 'phpseclib':
                                    $pwd = $this->connection->pwd();
                            break;

                            case 'libssh2':
                                    echo 'Sorry this feature does exist yet for when using libssh2';
                                    exit();
                            break;
                        }
            break;
        }

    return $pwd;
}

//delete file
public function delete_file($fileToDelete){
    //check the connection
    $this->connection_check();

    //run appropriate list
    switch( $this->connection_type )
        {
            case 'ftp': $unlink = ftp_delete($this->connection, $fileToDelete);
            break;

            case 'sftp':
                        //decide which ssh type to use
                        switch( $this->ssh_type ){
                            case 'phpseclib':
                                    $unlink = $this->connection->delete( $fileToDelete );
                            break;

                            case 'libssh2':
                                    $unlink = ssh2_sftp_unlink($this->connection, $fileToDelete);
                            break;
                        }
            break;
        }

    return $unlink;
}   }//end of class

Using the class:

$ftp_sftp = new ftp_sftp( '92.21.627.163', 'ftpuser', 'yourpassword', '', 'ftp', '21' );
echo $ftp_sftp->pwd();

I am having a little trouble getting the phpseclib to connect on my win7 machine using easyPHP and have started a Q.. if anyone has any ideas i would be very grateful... Cannot get phpseclib to connect - error 10060


Source: (StackOverflow)

Advertisements

RSA Publickey implemenation in android

I have implemented RSA cryptography using in php, javascript, and android app using library:

1) phpseclib for php side

2) pidcrypt for javascript

3) bouncrycastle version(bcprov-jdk14-151) for anrdroid serviceprovider

I have my cryptography mechanism like:

user->request->publickey
     ->server->generate(publickey,privatekey) and save private key into Database
     ->server->sendpublickey->user
     ->user->encryptdata->send->server->decrypt

however this mechanism works fine between javascript and php encryption and decryption but in android platform when server send public key. It cannot decrypt the public key.

now i have tested different scenario for this

PHP KeyGenerating

$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$rsa->setPrivateKeyFormat(CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
$rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_PKCS1);
define('CRYPT_RSA_EXPONENT', 65537);
extract($rsa->createKey(1024));

PHP DecryptingCode

$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_PKCS1);
$rsa->setPrivateKeyFormat(CRYPT_RSA_PRIVATE_FORMAT_PKCS1);
$rsa->loadKey($pri);
$binaryCiphertext=base64_decode($encrypted);
$strBase64DecryptedData=$rsa->decrypt($binaryCiphertext);
$plaintText = base64_decode($strBase64DecryptedData);

as my public key is.

-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBALrBdN8F83hT2+pBsAwiNx+v3FWp51IdEElE8UvVhfZYmePbitpzLcJi
jZ4/tvRFXJGhqa3PKPUQkH2F4VrHruA2kNceiL/Btywc9oM+tDMeX1jcRKwXwK1k
KdccKwn0qywG6YxQuqWQIotOfV+IIuhcHdaHBl6CZ05/cBo6AlMlAgMBAAE=
-----END RSA PUBLIC KEY-----

1) request key from server and server generates publickey and private key and send public key MODULUS and EXPONENT to android app and apply this code :

RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(mod,exp);
KeyFactory keyFactory = KeyFactory.getInstance("RSA","BS");
PublicKey publicKey = keyFactory.generatePublic(rsaPublicKeySpec);
Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BS");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedBytes = cipher.doFinal(plaintText.getBytes());
byte[] encodedBytes = org.bouncycastle.util.encoders.Base64.encode(encryptedBytes);
String encryptedData = new String(encodedBytes);

this code unable to decrypt message and i get this error from PHP SIDE

Decryption error in /security/RSA.php on line **2493**

RSA.php 2493 code

 if (ord($em[0]) != 0 || ord($em[1]) > 2) {
     user_error('Decryption error');
     return false;
 }

2) Second scenario is getting the publick key string and parse it

byte[] keyBytes =   Base64.decode(keyString, Base64.DEFAULT);
String rsaPublicKeyString = new String(keyBytes); 
String sliceKeyHeader = rsaPublicKeyString.replaceAll("(-+BEGIN RSA PUBLIC KEY-+\\r?\\n|-+END RSA PUBLICKEY-+\\r?\\n?)", "");
byte[] encodedDER = Base64.encode(sliceKeyHeader.getBytes(),Base64.DEFAULT);

X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(encodedDER);
KeyFactory kf = KeyFactory.getInstance("RSA","BC");
PublicKey pkPublic = (PublicKey) kf.generatePublic(publicKeySpec);

with this i get error

java.security.spec.InvalidKeySpecException: 
java.lang.ClassCastException: com.android.org.bouncycastle.asn1.DERApplicationSpecific
cannot be cast to com.android.org.bouncycastle.asn1.ASN1Sequence

I know that the encoded public key is DER encoded but still i dont know what to do here --- i think someone can guide me with DER encode decode ---

3) The third scenario is

 final Reader reader = new StringReader(rsaPublicKeyString);
 PemReader pemReader = new PemReader(reader);
 PemObject pemObject= pemReader.readPemObject();
 pemReader.close();
 AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(pemObject.getContent());

I forgot the error it was like unable to cast pemObject to asymmetric ( not sure but something like that )

I even tried some of the codes from the above link but i am getting different errors

RSA Android Encrypt / RSA PHP Decrypt PhpSeclib <-> BouncyCastle RSA

Please look into code and help me.


Source: (StackOverflow)

How to catch un-handled errors with PHPseclib?

Let's say I have the following piece of code.

To test this, I change the server IP to mimic the error messages. The IP below doesn't exist so the Unhandled Exception message is: Cannot connect to 10.199.1.7. Error 113. No route to host

This displays an ugly screen with PHP code. Is it possible to catch this error?

try {
      $ssh = new Net_SSH2('10.199.1.7');        
  if (!$ssh->login('deploy', $key)) {
       throw new Exception("Failed login");
  }
} catch (Exception $e) {
     ???
}

Source: (StackOverflow)

"Segmentation fault" when using phpseclib

I downloaded phpseclib-0.3.10 from http://phpseclib.sourceforge.net/

My php Version : PHP 5.2.4

OS : CentOS release 6.6

When I run following I am getting "Segmentation fault" at this line $ssh->login('username', 'password')

<?php
set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');
include('Net/SSH2.php');
$ssh=new Net_SSH2('servername');
if (!$ssh->login('username', 'password')) {
     exit('Login Failed');
}
echo $ssh->exec('pwd');
?>

I am unable find the reason for this issue. Could you please help me to find the reason for this.


Source: (StackOverflow)

set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');

I have stumbled upon two functions i have never used before in php

set_include_path(); get_include_path();

I am currently looking to implement the phpseclib onto a project I am working on.. As i need to use the SFTP class extension of the SSH2 which in turn requires the MathBigInteger class.. etc etc.

The manual says about set_include_path(): "Sets the include_path configuration option for the duration of the script. "

What does this mean for the rest of my framework, will it set ALL include paths from the 'phpseclib' dir?

Also, I really don't get:

set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');

I am storing the php sec in a custom library directory in my file system, does get_include_path() some how magically find the phpseclib directory in my filesystem?

As you can see I am completely lost here.. could anyone be kind enough to shed some light for me please?

PS/ I only need this library at one partivular point in the application thus only want to include it when needed, at present I am wanting to include it within a child of my model class.


Source: (StackOverflow)

removing password from rsa private key

Here's how I'd do it with phpseclib (which works):

<?php
include('Crypt/RSA.php');

$rsa = new Crypt_RSA();
$rsa->setPassword('password');
$result = $rsa->loadKey('-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E3B1C06E0D0C2633

gvmXzl6W7eV1a3N5rQNwBWKY9on3IgxZudS33cip5f88FotsPSDJMvqj6LVw2RxobDjhlOOzqmTb
VrlTnoQ6CogXFZSfiPmixiyyptCUEKJkSiEhYGM5GQm0OoGcLeLbgBb9tRpWh5IlXulKD6XFhx8q
/eGg5a+mSkX1i7kv2+Ih3jHmEKwrnfzhcA29pBF3OQJo+Ks9IYneuk676pHtsIs7CpFKq1tDvD8Q
O7URxnVnHLltaFvIxshqyZu92xbUYZR7YzjXl5+3w4TVgeAHUogEV+H9iZTosD/copUsbQO+78w2
E1D3iDS94wRgx0Tjv4xlwrTpOV38FS5rdL32492DcCRlCYM4VtuwjYeWi5shJg69jCb0EwGRqfAo
xko+lbKWELTuFKwD7n1rc/2fTarbGuf8S2AEggBLZyfXHC/9N84mXLFO2XKq+0WdiEFhQj2Cze+a
9qcSK6tPSrjK1LPlnOOppFgDElZaZ0rxsgjtiWSIAEw/Ad+SIM5u+vqwzF8J317JlsdKoBFDw8mS
MxCMuMksKJ23mgvY+THRIVgH3E7lEDZQzCi1Uy6ldLJcran/6wHwP88pVM2odiHkpnrJGcEBbbIk
qsxJZhFT8aUt/cUEBj3fnP7cxoNLQfTHMPqUTqKBWaVufFzGU9YB1R+XWFULLddwJHnV7gPheBlk
MDapowb+Is77+a9Y2VDsOXEvNpqTY0giiSrckG05IZnrhJ24JnSCwyNd99lm7XKdEGGrjBCMqIyI
Fqox8Ahkv3KWAJPYK1eOCc5d/KwZHlnlFJq7ZYy9u3fEnxQCjOEmeXLkLangKA==
-----END RSA PRIVATE KEY-----');

echo $result ? 'true' : 'false';
?>

For comparison purposes, however, I'm trying to do it with OpenSSL. Here's my code:

<?php
$pkey = openssl_pkey_get_private('-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E3B1C06E0D0C2633

gvmXzl6W7eV1a3N5rQNwBWKY9on3IgxZudS33cip5f88FotsPSDJMvqj6LVw2RxobDjhlOOzqmTb
VrlTnoQ6CogXFZSfiPmixiyyptCUEKJkSiEhYGM5GQm0OoGcLeLbgBb9tRpWh5IlXulKD6XFhx8q
/eGg5a+mSkX1i7kv2+Ih3jHmEKwrnfzhcA29pBF3OQJo+Ks9IYneuk676pHtsIs7CpFKq1tDvD8Q
O7URxnVnHLltaFvIxshqyZu92xbUYZR7YzjXl5+3w4TVgeAHUogEV+H9iZTosD/copUsbQO+78w2
E1D3iDS94wRgx0Tjv4xlwrTpOV38FS5rdL32492DcCRlCYM4VtuwjYeWi5shJg69jCb0EwGRqfAo
xko+lbKWELTuFKwD7n1rc/2fTarbGuf8S2AEggBLZyfXHC/9N84mXLFO2XKq+0WdiEFhQj2Cze+a
9qcSK6tPSrjK1LPlnOOppFgDElZaZ0rxsgjtiWSIAEw/Ad+SIM5u+vqwzF8J317JlsdKoBFDw8mS
MxCMuMksKJ23mgvY+THRIVgH3E7lEDZQzCi1Uy6ldLJcran/6wHwP88pVM2odiHkpnrJGcEBbbIk
qsxJZhFT8aUt/cUEBj3fnP7cxoNLQfTHMPqUTqKBWaVufFzGU9YB1R+XWFULLddwJHnV7gPheBlk
MDapowb+Is77+a9Y2VDsOXEvNpqTY0giiSrckG05IZnrhJ24JnSCwyNd99lm7XKdEGGrjBCMqIyI
Fqox8Ahkv3KWAJPYK1eOCc5d/KwZHlnlFJq7ZYy9u3fEnxQCjOEmeXLkLangKA==
-----END RSA PRIVATE KEY-----', 'password');
if ($pkey === false) exit('FAILURE');
openssl_pkey_export($pkey, $out_key_file);
echo $out_key_file;
?>

Only problem: the code dies prematurely, echo'ing out FAILURE. ie. openssl_pkey_get_private() isn't loading the key. openssl_error_string says "error:0906D066:PEM routines:PEM_read_bio:bad end line".

Any ideas?


Source: (StackOverflow)

Encryption PHP, Decryption Java

I have a web-service in php that generates a keypair to encrypt a message, and one application in java that retrives the privatekey and decrypt the message.

For php I'm using http://phpseclib.sourceforge.net/ and have this two files:

keypair.php

<?php

set_time_limit(0);
if( file_exists('private.key') )
{
    echo file_get_contents('private.key');
}
else
{
    include('Crypt/RSA.php');
    $rsa = new Crypt_RSA();
    $rsa->createKey();
    $res = $rsa->createKey();

    $privateKey = $res['privatekey'];
    $publicKey  = $res['publickey'];

    file_put_contents('public.key', $publicKey);
    file_put_contents('private.key', $privateKey);
}

?>

encrypt.php

<?php

include('Crypt/RSA.php');

//header("Content-type: text/plain");

set_time_limit(0);
$rsa = new Crypt_RSA();
$rsa->setEncryptionMode(CRYPT_RSA_ENCRYPTION_OAEP);
$rsa->loadKey(file_get_contents('public.key')); // public key

$plaintext = 'Hello World!';
$ciphertext = $rsa->encrypt($plaintext);

echo base64_encode($ciphertext);

?>

and in java I have this code:

package com.example.app;

import java.io.DataInputStream;
import java.net.URL;
import java.security.Security;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

import sun.misc.BASE64Decoder;

public class MainClass {

    /**
     * @param args
     */
    public static void main(String[] args)
    {
        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

        try {
            BASE64Decoder decoder   = new BASE64Decoder();
            String b64PrivateKey    = getContents("http://localhost/api/keypair.php").trim();
            String b64EncryptedStr  = getContents("http://localhost/api/encrypt.php").trim();

            System.out.println("PrivateKey (b64): " + b64PrivateKey);
            System.out.println(" Encrypted (b64): " + b64EncryptedStr);

            SecretKeySpec privateKey    = new SecretKeySpec( decoder.decodeBuffer(b64PrivateKey) , "AES");
            Cipher cipher               = Cipher.getInstance("RSA/None/OAEPWithSHA1AndMGF1Padding", "BC");
            cipher.init(Cipher.DECRYPT_MODE, privateKey);

            byte[] plainText            = decoder.decodeBuffer(b64EncryptedStr);

            System.out.println("         Message: " + plainText);
        }
        catch( Exception e )
        {
            System.out.println("           Error: " + e.getMessage());
        }

    }

    public static String getContents(String url)
    {
        try {
            String result = "";
            String line;
            URL u = new URL(url);
            DataInputStream theHTML = new DataInputStream(u.openStream());
            while ((line = theHTML.readLine()) != null)
                result = result + "\n" + line;

            return result;
        }
        catch(Exception e){}

        return "";
    }
}

My questions are:

  1. Why I'm having a exception saying "not an RSA key!"?
  2. How can I improve this code? I have used base64 to avoid encoding and comunication errors between Java and PHP.
  3. This concept is correct? I mean, I'm using it correctly?

Source: (StackOverflow)

How to SFTP upload files from PHP

I'm having trouble using PHP to SFTP upload files to a remote server. When I use cURL, I'm getting the error described here:

http://stackoverflow.com/questions/1766822/sftp-from-php-undefined-constant-curloptprotocols-and-curlprotosftp

I also tried phpseclib as suggested in:

http://stackoverflow.com/questions/717854/sftp-from-within-php

But when i try phpseclib, i get these errors:

Warning: require_once(Math/BigInteger.php) [function.require-once]: failed to open stream: No such file or directory in /home/john/public_html/test/Net/SSH2.php on line 53

Fatal error: require_once() [function.require]: Failed opening required 'Math/BigInteger.php' (include_path='.:/usr/share/php:/usr/share/pear') in /home/john/public_html/test/Net/SSH2.php on line 53

I then tried using system commands in php like so, but nothing happened:

<?php
echo system('sftp user@ftp.domain.com');
echo system('password');
echo system('put file.csv');
?>

I also tried

<?php
$connection = ssh2_connect('shell.example.com', 22);
ssh2_auth_password($connection, 'username', 'password');

ssh2_scp_send($connection, '/local/filename', '/remote/filename', 0644);
?>

but my php server says ss2_connect is not defined.

I tried to do the following from terminal

scp file.csv user@ftp.remote.com
password

But the server does not allow scp command. I do not have shell access to create ssh keys.

All i can do right now is sftp from terminal and manually upload. But I really want to automate this so a PHP website can do all this.

There aren't many tutorials on how to SFTP upload from PHP. Is it because it's a bad thing to do? If so, what should I be doing? The server I want to upload to only allows sftp connections.


Source: (StackOverflow)

using phpseclib with net_ssh how to su to root using $ssh->exec

So i need to execute one command but it will only run if i su to root (or sudo ) but I can't seem to figure out how to send the command to su to root

(i can log in and execute other commands with loginuser fine)

http://phpseclib.sourceforge.net/ssh/examples.html

My code as follows

<?php
include('Net/SSH2.php');

$ssh = new Net_SSH2('255.255.255.255',22);
if (!$ssh->login('loginuser', 'fakepassword')) {
    exit('Login Failed');
}

echo $ssh->read('[prompt]');
echo $ssh->write("su\n");
echo $ssh->read('Password:');
echo $ssh->write("rootfakepassword");
echo $ssh->read('[prompt]');
echo $ssh->exec('cc get_wireless_status');
?>

I've also tried using the exec command to do roughly the same thing with no luck

any suggestions?

current revision of the code (doesnt work)

<?php
    include('Net/SSH2.php');

    $ssh = new Net_SSH2('255.255.99.74',22);
    if (!$ssh->login('loginuser', 'password')) {
        exit('Login Failed');
    }

    echo $ssh->read('loginuser@intranet:/home/login >');
    $ssh->write("su\n");
    echo $ssh->read('Password:');
    $ssh->write("rootpassword\n");
    echo $ssh->read('intranet:/home/login #');
    $ssh->write("cc get_wireless_status\n");
    echo $ssh->read('[prompt]');
?>

putty text of log in

login as: loginuser
loginuser@255.255.99.74's password:
Last login: Thu Feb 14 13:57:16 2013 from infong1045.lxa.perfora.net


Sophos UTM
(C) Copyrights by Astaro and by others 2000-2012.
For more copyright information look at /doc/astaro-license.txt
or http://www.astaro.com/doc/astaro-license.txt

NOTE: Any modifications done by root will void your support.
      Please use WebAdmin for any configuration changes.

loginuser@intranet:/home/login > su
Password:
intranet:/home/login #

response from code on newest version

Last login: Thu Feb 14 14:00:00 2013 from 10.10.10.194 Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > Last login: Tue Feb 19 11:09:18 2013 from infong1045.lxa.perfora.net Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > su Password: intranet:/home/login # Last login: Tue Feb 19 11:09:23 2013 from infong1045.lxa.perfora.net Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > cc get_wireless_status -bash: /usr/local/bin/confd-client.plx: Permission denied loginuser@intranet:/home/login > 

Source: (StackOverflow)

Why is phpseclib not signing this cert corrrectly?

I try to sign a key with phpseclib and when I decode the result with openssl I get the following:

140513785948000:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:
140513785948000:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306:
140513785948000:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509
140513785948000:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:

Why is it doing this?

(This bug took me a while to figure out, so I figured I'd help the next person with this issue out by posting it here)


Source: (StackOverflow)

phpseclib or ssh2 pecl extension

My post from yesterday: phpseclib sftp port number

Ok, so yesterday I started learning about SSH / SFTP with php. I searched a bunch of forum posts and surmised that i needed to download the phpseclib.

Being relatively new to php thus starting on php5 i was not aware of previous php4's non-use of the __constructor, hence the above question/post.

The responses were conflicting, and a little off topic to the original Q however has delivered me to a question that I feel needs answering before i continue:

Which is better to use, ssh2 pecl extension OR phpseclib?

This question: phpseclib vs libssh2 is the same but I feel a little outdated now as asked on Nov 5 '10 at 17:37


Source: (StackOverflow)

How to download a file from an SFTP server using PHP

I'm looking to allow a user to download a file directly from an sftp server, but in the browser.

I've found methods to read the file and echo the string (connections using ssh2.sftp or phpseclib) but I need to download, rather than read.

Also, I've seen solutions that suggest downloading from the sftp server to the web server, then use readfile() from the web server to the user's local disk. But this means two file transfers, and if the file is large I imagine this would be slow.

Can you download directly from sftp to the user's disk?

Cheers for any responses!


Source: (StackOverflow)

PHP SFTP Simple File Upload

I'm using phpseclib - SFTP class and am trying to upload a file like so -

$sftp = new Net_SFTP('mydomain.com');
if (!$sftp->login('user', 'password')) {
    exit('Login Failed');
}
$sftp->put('/some-dir/',$fileTempName);

The file however isn't being uploaded inside some-dir but is uploaded one directory before (to the starting directory, lets say it's root). This is driving me crazy, I think I've tried all combinations of some-dir/ or /some-dir or /some-dir/, but the file won't upload there.


Source: (StackOverflow)

Public/private key encryption Android-PHP

I'm trying to encrypt data in android side and decrypt it in php side i'm using phpseclib in php to generate public/private keys

after i generate keys this public key i got in PHP side :

-----BEGIN RSA PUBLIC KEY-----".
            "MIGJAoGBAKks62Itns2uU/dVZJ4kCkMinHgyeh/rdMD53a4Zu2a76OIJvdSZ8q4c".
            "YTWvPj0giefVtMc7tV4c6AAw04jyIfmCTvcQUlHI+sspHxXDlQTagNoxCuA29b5L".
            "9MKO6Ok0LwF9rGgTywC1heNEulZz9ISn9FQDazJT+Bd9cnNOrJRdAgMBAAE=".
            "-----END RSA PUBLIC KEY-----

and then i encoded it to base64 and got this base64 encoded key

LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tTUlHSkFvR0JBS2tzNjJJdG5zMnVVL2RWWko0a0NrTWluSGd5ZWgvcmRNRDUzYTRadTJhNzZPSUp2ZFNaOHE0Y1lUV3ZQajBnaWVmVnRNYzd0VjRjNkFBdzA0anlJZm1DVHZjUVVsSEkrc3NwSHhYRGxRVGFnTm94Q3VBMjliNUw5TUtPNk9rMEx3RjlyR2dUeXdDMWhlTkV1bFp6OUlTbjlGUURhekpUK0JkOWNuTk9ySlJkQWdNQkFBRT0tLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0t

i copied it to android side to encrypt data using it but i got InvalidKeySpecException

Android Side Code:

public static byte[] encrypt(String text) {

        byte[] encodedPublicKey= Base64.decode("LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tTUlHSkFvR0JBS2tzNjJJdG5zMnVVL2RWWko0a0NrTWluSGd5ZWgvcmRNRDUzYTRadTJhNzZPSUp2ZFNaOHE0Y1lUV3ZQajBnaWVmVnRNYzd0VjRjNkFBdzA0anlJZm1DVHZjUVVsSEkrc3NwSHhYRGxRVGFnTm94Q3VBMjliNUw5TUtPNk9rMEx3RjlyR2dUeXdDMWhlTkV1bFp6OUlTbjlGUURhekpUK0JkOWNuTk9ySlJkQWdNQkFBRT0tLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0t", Base64.DEFAULT);



   PublicKey publicKey=null;
    KeyFactory keyFactory = null;
    try {
        keyFactory = KeyFactory.getInstance("RSA");
        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(encodedPublicKey);
        publicKey = keyFactory.generatePublic(publicKeySpec);

    } catch (NoSuchAlgorithmException e) {
        e.printStackTrace();
    }catch (InvalidKeySpecException e) {
        e.printStackTrace();
    }


    byte[] cipherText = null;
    try {
        // get an RSA cipher object and print the provider
        final Cipher cipher = Cipher.getInstance("RSA");
        // encrypt the plain text using the public key
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
        cipherText = cipher.doFinal(text.getBytes());
    } catch (Exception e) {
        e.printStackTrace();
    }
    return cipherText;
}

Source: (StackOverflow)