phpseclib ssh 登录失败,没有错误
phpseclib ssh login fails with no errors
这是我的代码:
error_reporting(E_ALL);
require __DIR__ . '/vendor/autoload.php';
use phpseclib\Net\SSH2;
use phpseclib\Crypt\RSA;
$ssh = new SSH2('stg.net');
$key = new RSA();
$key->loadKey(file_get_contents('/Users/me/.ssh/my_private_key'));
if (!$ssh->login('username', $key)) {
print_r($ssh->getLastError());
print_r($ssh->getErrors());
exit('Login Failed');
}
echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
输出:
Array
(
)
在vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php中有function _privatekey_login($username, $privatekey)
$publickey = $privatekey->getPublicKey(RSA::PUBLIC_FORMAT_RAW);
if ($publickey === false) {
return false;
}
我得到 false,也许我还必须设置 public 键?如何做呢?
如何调试?
+++更新+++
我也尝试了 advices/hints 这些门票:
phpseclib always gives login failed with no log
Net/SSH2 - phpseclib login failing - error: "failedArray"
问题是有问题的密钥是 ECDSA 密钥。引用 https://github.com/phpseclib/phpseclib/issues/1082#issuecomment-396122366 :
My library supports EdDSA keys in the OpenSSH format (ie. the kind
that ssh-keygen would generate), the PuTTY format (ie. the kind
puttygen would generate), in libsodium format and in the format
specified in this IETF Draft:
https://datatracker.ietf.org/doc/html/draft-ietf-curdle-pkix-07
If libsodium / sodium_compat are being used the keys are converted
from whatever format they were in to the libsodium format to
facilitate libsodium's use.
Encrypted OpenSSH private keys are not supported for the same reason
sodium_compat does not support Argon2i - it's too slow. OpenSSH uses a
custom form of bcrypt that does bcrypt 128 times as I recall and
encrypts a different string etc so PHP's bcrypt implementation cannot
be used and since bcrypt uses a custom key expansion OpenSSL's
implementation of Blowfish can't be used either.
作者在这里谈论的是 EdDSA - 不是 ECDSA - 但从 post 的其余部分来看,素数有限域上的 ECDSA 听起来也很完整。
引用那个后面的post:
Also, I'm not ready to make my code public yet. I just thought I'd post a progress report for anyone interested.
我的猜测是此实现将存在于 master 分支中,而不是 2.0 分支中。我这么说是因为 DSA 的变化是在 master 分支而不是 2.0 分支。最终 master 分支(据我所知)将变为 3.0.0 但我不知道什么时候会发生。
这是我的代码:
error_reporting(E_ALL);
require __DIR__ . '/vendor/autoload.php';
use phpseclib\Net\SSH2;
use phpseclib\Crypt\RSA;
$ssh = new SSH2('stg.net');
$key = new RSA();
$key->loadKey(file_get_contents('/Users/me/.ssh/my_private_key'));
if (!$ssh->login('username', $key)) {
print_r($ssh->getLastError());
print_r($ssh->getErrors());
exit('Login Failed');
}
echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
输出:
Array
(
)
在vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php中有function _privatekey_login($username, $privatekey)
$publickey = $privatekey->getPublicKey(RSA::PUBLIC_FORMAT_RAW);
if ($publickey === false) {
return false;
}
我得到 false,也许我还必须设置 public 键?如何做呢?
如何调试?
+++更新+++
我也尝试了 advices/hints 这些门票:
phpseclib always gives login failed with no log
Net/SSH2 - phpseclib login failing - error: "failedArray"
问题是有问题的密钥是 ECDSA 密钥。引用 https://github.com/phpseclib/phpseclib/issues/1082#issuecomment-396122366 :
My library supports EdDSA keys in the OpenSSH format (ie. the kind that
ssh-keygenwould generate), the PuTTY format (ie. the kindputtygenwould generate), in libsodium format and in the format specified in this IETF Draft:https://datatracker.ietf.org/doc/html/draft-ietf-curdle-pkix-07
If libsodium / sodium_compat are being used the keys are converted from whatever format they were in to the libsodium format to facilitate libsodium's use.
Encrypted OpenSSH private keys are not supported for the same reason sodium_compat does not support Argon2i - it's too slow. OpenSSH uses a custom form of bcrypt that does bcrypt 128 times as I recall and encrypts a different string etc so PHP's bcrypt implementation cannot be used and since bcrypt uses a custom key expansion OpenSSL's implementation of Blowfish can't be used either.
作者在这里谈论的是 EdDSA - 不是 ECDSA - 但从 post 的其余部分来看,素数有限域上的 ECDSA 听起来也很完整。
引用那个后面的post:
Also, I'm not ready to make my code public yet. I just thought I'd post a progress report for anyone interested.
我的猜测是此实现将存在于 master 分支中,而不是 2.0 分支中。我这么说是因为 DSA 的变化是在 master 分支而不是 2.0 分支。最终 master 分支(据我所知)将变为 3.0.0 但我不知道什么时候会发生。