Lines Matching +full:select +full:- +full:user +full:- +full:groups -(+path:inc +path:lang) -(+path:lib +path:plugins +path:lang) -(+path:lib +path:tpl +path:dokuwiki +path:lang)
4 * Pure-PHP implementation of SSHv2.
14 * if (!$ssh->login('username', 'password')) {
18 * echo $ssh->exec('pwd');
19 * echo $ssh->exec('ls -la');
30 * if (!$ssh->login('username', $key)) {
34 * echo $ssh->read('username@username:~$');
35 * $ssh->write("ls -la\n");
36 * echo $ssh->read('username@username:~$');
42 * @license http://www.opensource.org/licenses/mit-license.html MIT License
63 use phpseclib3\Crypt\TripleDES; // Used to do Diffie-Hellman key exchange and DSA/RSA signature verification.
75 * Pure-PHP implementation of SSHv2.
97 /**#@-*/
141 * Outputs the content real-time
145 * Dumps the content real-time to a file
149 * Outputs the message numbers real-time
191 * @var resource|closed-resource|null
239 * Minimum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
247 * Preferred Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
255 * Maximum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
274 * some servers (eg. Azure) will support rsa-sha2-512 as a server host key algorithm but
362 * -- http://tools.ietf.org/html/rfc4253#section-6
532 * -- http://tools.ietf.org/html/rfc4253#section-7.2
579 * @link http://tools.ietf.org/html/rfc4254#section-8
589 * @link http://tools.ietf.org/html/rfc4254#section-5.2
697 * When PuTTY resizes the window it doesn't add an additional 0x7FFFFFFF bytes - it adds 0x40000000 bytes.
730 * Verified against $this->session_id
740 * ssh-rsa or ssh-dss.
788 * Real-time log file pointer
791 * @var resource|closed-resource
796 * Real-time log file size
812 * Real-time log file wrap boolean
971 * {@link http://php.net/manual/en/wrappers.ssh2.php#refsect1-wrappers.ssh2-examples}
999 * Should we try to re-connect to re-establish keys?
1036 * @see https://tools.ietf.org/html/rfc4252#section-5.1
1084 * Smart multi-factor authentication flag
1108 * "During initial KEX, terminate the connection if any unexpected or out-of-sequence packet is received"
1109 * -- https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5
1199 // RFC 4419 - diffie-hellman-group-exchange-sha{1,256}
1205 // RFC 5656 - Elliptic Curves (for curve25519-sha256@libssh.org)
1215 self::$connections[$this->getResourceId()] = class_exists('WeakReference')
1219 $this->timeout = $timeout;
1222 $this->fsock = $host;
1227 $this->host = $host;
1228 $this->port = $port;
1248 * https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established,
1255 $this->send_id_string_first = true;
1261 * https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established,
1268 $this->send_id_string_first = false;
1274 * https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending
1281 $this->send_kex_first = true;
1287 * https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending
1294 $this->send_kex_first = false;
1314 $elapsed = microtime(true) - $start;
1315 $seconds = (int) ($remaining - floor($elapsed));
1316 $microseconds = (int) (1000000 * ($remaining - $seconds));
1331 if ($this->bitmap & self::MASK_CONSTRUCTOR) {
1335 $this->bitmap |= self::MASK_CONSTRUCTOR;
1337 $this->curTimeout = $this->timeout;
1339 $this->last_packet = microtime(true);
1341 if (!is_resource($this->fsock)) {
1346 $this->fsock = @fsockopen($this->host, $this->port, $errno, $errstr, $this->curTimeout == 0 ? 100000 : $this->curTimeout);
1347 if (!$this->fsock) {
1348 $host = $this->host . ':' . $this->port;
1351 $elapsed = microtime(true) - $start;
1353 if ($this->curTimeout) {
1354 $this->curTimeout -= $elapsed;
1355 if ($this->curTimeout < 0) {
1361 $this->identifier = $this->generate_identifier();
1363 if ($this->send_id_string_first) {
1364 fputs($this->fsock, $this->identifier . "\r\n");
1371 Feed. Such lines MUST NOT begin with "SSH-", and SHOULD be encoded
1372 in ISO-10646 UTF-8 [RFC3629] (language is not specified). Clients
1375 while (!feof($this->fsock) && !preg_match('#(.*)^(SSH-(\d\.\d+).*)#ms', $data, $matches)) {
1378 if ($this->curTimeout) {
1379 if ($this->curTimeout < 0) {
1382 $read = [$this->fsock];
1385 $sec = (int) floor($this->curTimeout);
1386 $usec = (int) (1000000 * ($this->curTimeout - $sec));
1390 $elapsed = microtime(true) - $start;
1391 $this->curTimeout -= $elapsed;
1394 $temp = stream_get_line($this->fsock, 255, "\n");
1410 //if (substr($line, -2) == "\r\n") {
1420 if (feof($this->fsock)) {
1421 $this->bitmap = 0;
1428 $this->append_log('<-', $matches[0]);
1429 $this->append_log('->', $this->identifier . "\r\n");
1432 $this->server_identifier = trim($temp, "\r\n");
1434 $this->errors[] = $data;
1438 $this->bitmap = 0;
1444 // https://lists.ubuntu.com/archives/oneiric-changes/2011-July/005772.html discusses
1446 // https://marc.info/?l=openssh-unix-dev&m=163409903417589&w=2 discusses some of the
1448 $pattern = '#^SSH-2\.0-OpenSSH_([\d.]+)[^ ]* Ubuntu-.*$#';
1449 $match = preg_match($pattern, $this->server_identifier, $matches);
1452 $this->errorOnMultipleChannels = $match;
1454 if (!$this->send_id_string_first) {
1455 fputs($this->fsock, $this->identifier . "\r\n");
1458 if (!$this->send_kex_first) {
1459 $response = $this->get_binary_packet();
1462 $this->bitmap = 0;
1466 $this->key_exchange($response);
1469 if ($this->send_kex_first) {
1470 $this->key_exchange();
1473 $this->bitmap |= self::MASK_CONNECTED;
1487 $identifier = 'SSH-2.0-phpseclib_3.0';
1524 $preferred = $this->preferred;
1552 $kex_algorithms = array_merge($kex_algorithms, ['ext-info-c', 'kex-strict-c-v00@openssh.com']);
1556 case $this->server_identifier == 'SSH-2.0-SSHD':
1557 case substr($this->server_identifier, 0, 13) == 'SSH-2.0-DLINK':
1561 ['hmac-sha1-96', 'hmac-md5-96']
1567 ['hmac-sha1-96', 'hmac-md5-96']
1571 case substr($this->server_identifier, 0, 24) == 'SSH-2.0-TurboFTP_SERVER_':
1575 ['aes128-gcm@openssh.com', 'aes256-gcm@openssh.com']
1581 ['aes128-gcm@openssh.com', 'aes256-gcm@openssh.com']
1606 $this->send_binary_packet($kexinit_payload_client);
1608 $this->extra_packets = 0;
1609 $kexinit_payload_server = $this->get_binary_packet();
1616 $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
1628 $this->kex_algorithms,
1629 $this->server_host_key_algorithms,
1630 $this->encryption_algorithms_client_to_server,
1631 $this->encryption_algorithms_server_to_client,
1632 $this->mac_algorithms_client_to_server,
1633 $this->mac_algorithms_server_to_client,
1634 $this->compression_algorithms_client_to_server,
1635 $this->compression_algorithms_server_to_client,
1636 $this->languages_client_to_server,
1637 $this->languages_server_to_client,
1640 if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) {
1641 if ($this->session_id === false && $this->extra_packets) {
1646 $this->supported_private_key_algorithms = $this->server_host_key_algorithms;
1649 $this->send_binary_packet($kexinit_payload_client);
1652 // we need to decide upon the symmetric encryption algorithms before we do the diffie-hellman key exchange
1654 // we don't initialize any crypto-objects, yet - we do that, later. for now, we need the lengths to make the
1655 // diffie-hellman key exchange as fast as possible
1656 $decrypt = self::array_intersect_first($s2c_encryption_algorithms, $this->encryption_algorithms_server_to_client);
1657 $decryptKeyLength = $this->encryption_algorithm_to_key_size($decrypt);
1659 $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
1663 $encrypt = self::array_intersect_first($c2s_encryption_algorithms, $this->encryption_algorithms_client_to_server);
1664 $encryptKeyLength = $this->encryption_algorithm_to_key_size($encrypt);
1666 $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
1670 // through diffie-hellman key exchange a symmetric key is obtained
1671 $this->kex_algorithm = self::array_intersect_first($kex_algorithms, $this->kex_algorithms);
1672 if ($this->kex_algorithm === false) {
1673 $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
1677 $server_host_key_algorithm = self::array_intersect_first($server_host_key_algorithms, $this->server_host_key_algorithms);
1679 $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
1683 $mac_algorithm_out = self::array_intersect_first($c2s_mac_algorithms, $this->mac_algorithms_client_to_server);
1685 $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
1689 $mac_algorithm_in = self::array_intersect_first($s2c_mac_algorithms, $this->mac_algorithms_server_to_client);
1691 $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
1701 $compression_algorithm_in = self::array_intersect_first($s2c_compression_algorithms, $this->compression_algorithms_server_to_client);
1703 $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
1706 $this->decompress = $compression_map[$compression_algorithm_in];
1708 $compression_algorithm_out = self::array_intersect_first($c2s_compression_algorithms, $this->compression_algorithms_client_to_server);
1710 $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
1713 $this->compress = $compression_map[$compression_algorithm_out];
1715 switch ($this->kex_algorithm) {
1716 case 'diffie-hellman-group15-sha512':
1717 case 'diffie-hellman-group16-sha512':
1718 case 'diffie-hellman-group17-sha512':
1719 case 'diffie-hellman-group18-sha512':
1720 case 'ecdh-sha2-nistp521':
1723 case 'ecdh-sha2-nistp384':
1726 case 'diffie-hellman-group-exchange-sha256':
1727 case 'diffie-hellman-group14-sha256':
1728 case 'ecdh-sha2-nistp256':
1729 case 'curve25519-sha256@libssh.org':
1730 case 'curve25519-sha256':
1737 // Only relevant in diffie-hellman-group-exchange-sha{1,256}, otherwise empty.
1741 if (strpos($this->kex_algorithm, 'curve25519-sha256') === 0 || strpos($this->kex_algorithm, 'ecdh-sha2-nistp') === 0) {
1742 $curve = strpos($this->kex_algorithm, 'curve25519-sha256') === 0 ?
1744 substr($this->kex_algorithm, 10);
1746 $ourPublicBytes = $ourPrivate->getPublicKey()->getEncodedCoordinates();
1750 if (strpos($this->kex_algorithm, 'diffie-hellman-group-exchange') === 0) {
1753 $this->kex_dh_group_size_min,
1754 $this->kex_dh_group_size_preferred,
1755 $this->kex_dh_group_size_max
1762 $this->send_binary_packet($packet);
1763 $this->updateLogHistory('UNKNOWN (34)', 'NET_SSH2_MSG_KEXDH_GEX_REQUEST');
1765 $response = $this->get_binary_packet();
1769 $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
1772 $this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP');
1773 $prime = new BigInteger($primeBytes, -256);
1774 $g = new BigInteger($gBytes, -256);
1786 $params = DH::createParameters($this->kex_algorithm);
1791 $keyLength = min($kexHash->getLengthInBytes(), max($encryptKeyLength, $decryptKeyLength));
1794 $ourPublic = $ourPrivate->getPublicKey()->toBigInteger();
1795 $ourPublicBytes = $ourPublic->toBytes(true);
1800 $this->send_binary_packet($data);
1804 $this->updateLogHistory('NET_SSH2_MSG_KEXDH_INIT', 'NET_SSH2_MSG_KEX_ECDH_INIT');
1807 $this->updateLogHistory('UNKNOWN (32)', 'NET_SSH2_MSG_KEXDH_GEX_INIT');
1810 $response = $this->get_binary_packet();
1816 $this->signature
1820 $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
1825 $this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEX_ECDH_REPLY');
1828 $this->updateLogHistory('UNKNOWN (33)', 'NET_SSH2_MSG_KEXDH_GEX_REPLY');
1831 $this->server_public_host_key = $server_public_host_key;
1833 if (strlen($this->signature) < 4) {
1836 $temp = unpack('Nlength', substr($this->signature, 0, 4));
1837 $this->signature_format = substr($this->signature, 4, $temp['length']);
1846 $this->exchange_hash = Strings::packSSH2(
1848 $this->identifier,
1849 $this->server_identifier,
1852 $this->server_public_host_key
1854 $this->exchange_hash .= $exchange_hash_rfc4419;
1855 $this->exchange_hash .= Strings::packSSH2(
1862 $this->exchange_hash = $kexHash->hash($this->exchange_hash);
1864 if ($this->session_id === false) {
1865 $this->session_id = $this->exchange_hash;
1869 case 'rsa-sha2-256':
1870 case 'rsa-sha2-512':
1871 //case 'ssh-rsa':
1872 $expected_key_format = 'ssh-rsa';
1877 if ($public_key_format != $expected_key_format || $this->signature_format != $server_host_key_algorithm) {
1879 case $this->signature_format == $server_host_key_algorithm:
1880 case $server_host_key_algorithm != 'rsa-sha2-256' && $server_host_key_algorithm != 'rsa-sha2-512':
1881 case $this->signature_format != 'ssh-rsa':
1882 $this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
1883 throw new \RuntimeException('Server Host Key Algorithm Mismatch (' . $this->signature_format . ' vs ' . $server_host_key_algorithm . ')');
1888 $this->send_binary_packet($packet);
1890 $response = $this->get_binary_packet();
1893 $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
1899 $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
1903 if (in_array('kex-strict-s-v00@openssh.com', $this->kex_algorithms)) {
1904 $this->get_seq_no = $this->send_seq_no = 0;
1909 $this->encrypt = self::encryption_algorithm_to_crypt_instance($encrypt);
1910 if ($this->encrypt) {
1912 $this->encrypt->setPreferredEngine(self::$crypto_engine);
1914 if ($this->encrypt->getBlockLengthInBytes()) {
1915 $this->encrypt_block_size = $this->encrypt->getBlockLengthInBytes();
1917 $this->encrypt->disablePadding();
1919 if ($this->encrypt->usesIV()) {
1920 $iv = $kexHash->hash($keyBytes . $this->exchange_hash . 'A' . $this->session_id);
1921 while ($this->encrypt_block_size > strlen($iv)) {
1922 $iv .= $kexHash->hash($keyBytes . $this->exchange_hash . $iv);
1924 $this->encrypt->setIV(substr($iv, 0, $this->encrypt_block_size));
1928 case 'aes128-gcm@openssh.com':
1929 case 'aes256-gcm@openssh.com':
1930 $nonce = $kexHash->hash($keyBytes . $this->exchange_hash . 'A' . $this->session_id);
1931 $this->encryptFixedPart = substr($nonce, 0, 4);
1932 $this->encryptInvocationCounter = substr($nonce, 4, 8);
1933 // fall-through
1934 case 'chacha20-poly1305@openssh.com':
1937 $this->encrypt->enableContinuousBuffer();
1940 $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'C' . $this->session_id);
1942 $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key);
1945 case 'chacha20-poly1305@openssh.com':
1947 $this->lengthEncrypt = self::encryption_algorithm_to_crypt_instance($encrypt);
1948 $this->lengthEncrypt->setKey(substr($key, 32, 32));
1950 $this->encrypt->setKey(substr($key, 0, $encryptKeyLength));
1951 $this->encryptName = $encrypt;
1954 $this->decrypt = self::encryption_algorithm_to_crypt_instance($decrypt);
1955 if ($this->decrypt) {
1957 $this->decrypt->setPreferredEngine(self::$crypto_engine);
1959 if ($this->decrypt->getBlockLengthInBytes()) {
1960 $this->decrypt_block_size = $this->decrypt->getBlockLengthInBytes();
1962 $this->decrypt->disablePadding();
1964 if ($this->decrypt->usesIV()) {
1965 $iv = $kexHash->hash($keyBytes . $this->exchange_hash . 'B' . $this->session_id);
1966 while ($this->decrypt_block_size > strlen($iv)) {
1967 $iv .= $kexHash->hash($keyBytes . $this->exchange_hash . $iv);
1969 $this->decrypt->setIV(substr($iv, 0, $this->decrypt_block_size));
1973 case 'aes128-gcm@openssh.com':
1974 case 'aes256-gcm@openssh.com':
1975 // see https://tools.ietf.org/html/rfc5647#section-7.1
1976 $nonce = $kexHash->hash($keyBytes . $this->exchange_hash . 'B' . $this->session_id);
1977 $this->decryptFixedPart = substr($nonce, 0, 4);
1978 $this->decryptInvocationCounter = substr($nonce, 4, 8);
1979 // fall-through
1980 case 'chacha20-poly1305@openssh.com':
1983 $this->decrypt->enableContinuousBuffer();
1986 $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'D' . $this->session_id);
1988 $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key);
1991 case 'chacha20-poly1305@openssh.com':
1993 $this->lengthDecrypt = self::encryption_algorithm_to_crypt_instance($decrypt);
1994 $this->lengthDecrypt->setKey(substr($key, 32, 32));
1996 $this->decrypt->setKey(substr($key, 0, $decryptKeyLength));
1997 $this->decryptName = $decrypt;
2001 [SCHNEIER], using a 128-bit key. The first 1536 bytes of keystream
2006 -- http://tools.ietf.org/html/rfc4345#section-4 */
2008 $this->encrypt->encrypt(str_repeat("\0", 1536));
2011 $this->decrypt->decrypt(str_repeat("\0", 1536));
2014 if (!$this->encrypt->usesNonce()) {
2015 list($this->hmac_create, $createKeyLength) = self::mac_algorithm_to_hash_instance($mac_algorithm_out);
2017 $this->hmac_create = new \stdClass();
2018 $this->hmac_create_name = $mac_algorithm_out;
2023 if ($this->hmac_create instanceof Hash) {
2024 $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'E' . $this->session_id);
2026 $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key);
2028 $this->hmac_create->setKey(substr($key, 0, $createKeyLength));
2029 $this->hmac_create_name = $mac_algorithm_out;
2030 $this->hmac_create_etm = preg_match('#-etm@openssh\.com$#', $mac_algorithm_out);
2033 if (!$this->decrypt->usesNonce()) {
2034 list($this->hmac_check, $checkKeyLength) = self::mac_algorithm_to_hash_instance($mac_algorithm_in);
2035 $this->hmac_size = $this->hmac_check->getLengthInBytes();
2037 $this->hmac_check = new \stdClass();
2038 $this->hmac_check_name = $mac_algorithm_in;
2041 $this->hmac_size = 0;
2044 if ($this->hmac_check instanceof Hash) {
2045 $key = $kexHash->hash($keyBytes . $this->exchange_hash . 'F' . $this->session_id);
2047 $key .= $kexHash->hash($keyBytes . $this->exchange_hash . $key);
2049 $this->hmac_check->setKey(substr($key, 0, $checkKeyLength));
2050 $this->hmac_check_name = $mac_algorithm_in;
2051 $this->hmac_check_etm = preg_match('#-etm@openssh\.com$#', $mac_algorithm_in);
2054 $this->regenerate_compression_context = $this->regenerate_decompression_context = true;
2067 if ($this->bad_key_size_fix && self::bad_algorithm_candidate($algorithm)) {
2074 case 'aes128-gcm@openssh.com':
2075 case 'aes128-cbc':
2076 case 'aes128-ctr':
2079 case 'blowfish-cbc':
2080 case 'blowfish-ctr':
2081 case 'twofish128-cbc':
2082 case 'twofish128-ctr':
2084 case '3des-cbc':
2085 case '3des-ctr':
2086 case 'aes192-cbc':
2087 case 'aes192-ctr':
2088 case 'twofish192-cbc':
2089 case 'twofish192-ctr':
2091 case 'aes256-gcm@openssh.com':
2092 case 'aes256-cbc':
2093 case 'aes256-ctr':
2095 case 'twofish-cbc':
2096 case 'twofish256-cbc':
2097 case 'twofish256-ctr':
2099 case 'chacha20-poly1305@openssh.com':
2115 case '3des-cbc':
2117 case '3des-ctr':
2119 case 'aes256-cbc':
2120 case 'aes192-cbc':
2121 case 'aes128-cbc':
2123 case 'aes256-ctr':
2124 case 'aes192-ctr':
2125 case 'aes128-ctr':
2127 case 'blowfish-cbc':
2129 case 'blowfish-ctr':
2131 case 'twofish128-cbc':
2132 case 'twofish192-cbc':
2133 case 'twofish256-cbc':
2134 case 'twofish-cbc':
2136 case 'twofish128-ctr':
2137 case 'twofish192-ctr':
2138 case 'twofish256-ctr':
2144 case 'aes128-gcm@openssh.com':
2145 case 'aes256-gcm@openssh.com':
2147 case 'chacha20-poly1305@openssh.com':
2163 case 'umac-64@openssh.com':
2164 case 'umac-64-etm@openssh.com':
2165 return [new Hash('umac-64'), 16];
2166 case 'umac-128@openssh.com':
2167 case 'umac-128-etm@openssh.com':
2168 return [new Hash('umac-128'), 16];
2169 case 'hmac-sha2-512':
2170 case 'hmac-sha2-512-etm@openssh.com':
2172 case 'hmac-sha2-256':
2173 case 'hmac-sha2-256-etm@openssh.com':
2175 case 'hmac-sha1':
2176 case 'hmac-sha1-etm@openssh.com':
2178 case 'hmac-sha1-96':
2179 return [new Hash('sha1-96'), 20];
2180 case 'hmac-md5':
2182 case 'hmac-md5-96':
2183 return [new Hash('md5-96'), 16];
2190 * @link https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-aesctr-openssh.html
2199 case 'aes192-ctr':
2200 case 'aes256-ctr':
2219 if (!$this->retry_connect) {
2220 $this->auth[] = func_get_args();
2225 if (substr($this->server_identifier, 0, 15) != 'SSH-2.0-CoreFTP' && $this->auth_methods_to_continue === null) {
2226 if ($this->sublogin($username)) {
2233 return $this->sublogin($username, ...$args);
2246 if (!($this->bitmap & self::MASK_CONSTRUCTOR)) {
2247 $this->connect();
2251 return $this->login_helper($username);
2269 if (!$this->auth_methods_to_continue || !$this->smartMFA) {
2274 foreach ($this->auth_methods_to_continue as $method) {
2285 case 'keyboard-interactive':
2305 // fall-through
2321 if ($this->login_helper($username, $arg)) {
2332 * {@internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis}
2343 if (!($this->bitmap & self::MASK_CONNECTED)) {
2347 if (!($this->bitmap & self::MASK_LOGIN_REQ)) {
2348 $packet = Strings::packSSH2('Cs', NET_SSH2_MSG_SERVICE_REQUEST, 'ssh-userauth');
2349 $this->send_binary_packet($packet);
2352 $response = $this->get_binary_packet();
2354 if ($this->retry_connect) {
2355 $this->retry_connect = false;
2356 $this->connect();
2357 return $this->login_helper($username, $password);
2359 $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
2369 if ($extension_name == 'server-sig-algs') {
2370 $this->supported_private_key_algorithms = explode(',', $extension_value);
2374 $response = $this->get_binary_packet();
2380 if ($type != NET_SSH2_MSG_SERVICE_ACCEPT || $service != 'ssh-userauth') {
2381 $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
2384 $this->bitmap |= self::MASK_LOGIN_REQ;
2387 if (strlen($this->last_interactive_response)) {
2388 return !Strings::is_stringable($password) && !is_array($password) ? false : $this->keyboard_interactive_process($password);
2392 return $this->privatekey_login($username, $password);
2396 return $this->ssh_agent_login($username, $password);
2400 if ($this->keyboard_interactive_login($username, $password)) {
2401 $this->bitmap |= self::MASK_LOGIN;
2412 'ssh-connection',
2416 $this->send_binary_packet($packet);
2418 $response = $this->get_binary_packet();
2423 $this->bitmap |= self::MASK_LOGIN;
2427 $this->auth_methods_to_continue = $auth_methods;
2428 // fall-through
2438 'ssh-connection',
2452 'ssh-connection',
2459 $this->send_binary_packet($packet, $logged);
2461 $response = $this->get_binary_packet();
2468 $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ');
2471 $this->errors[] = 'SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: ' . $message;
2473 return $this->disconnect_helper(NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
2475 // can we use keyboard-interactive authentication? if not then either the login is bad or the server employees
2476 // multi-factor authentication
2478 $this->auth_methods_to_continue = $auth_methods;
2479 if (!$partial_success && in_array('keyboard-interactive', $auth_methods)) {
2480 if ($this->keyboard_interactive_login($username, $password)) {
2481 $this->bitmap |= self::MASK_LOGIN;
2488 $this->bitmap |= self::MASK_LOGIN;
2496 * Login via keyboard-interactive authentication
2498 * See {@link http://tools.ietf.org/html/rfc4256 RFC4256} for details. This is not a full-featured keyboard-interactive authenticator.
2510 'ssh-connection',
2511 'keyboard-interactive',
2515 $this->send_binary_packet($packet);
2517 return $this->keyboard_interactive_process($password);
2521 * Handle the keyboard-interactive requests / responses.
2529 if (strlen($this->last_interactive_response)) {
2530 $response = $this->last_interactive_response;
2532 $orig = $response = $this->get_binary_packet();
2548 $this->keyboard_requests_responses[$key] = $value;
2555 if (isset($this->keyboard_requests_responses)) {
2558 $prompt, // prompt - ie. "Password: "; must not be empty
2561 foreach ($this->keyboard_requests_responses as $key => $value) {
2570 // see http://tools.ietf.org/html/rfc4256#section-3.2
2571 if (strlen($this->last_interactive_response)) {
2572 $this->last_interactive_response = '';
2574 $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_INFO_REQUEST');
2578 $this->last_interactive_response = $orig;
2583 After obtaining the requested information from the user, the client
2586 // see http://tools.ietf.org/html/rfc4256#section-3.4
2590 $logged .= Strings::packSSH2('s', 'dummy-answer');
2593 $this->send_binary_packet($packet, $logged);
2595 $this->updateLogHistory('UNKNOWN (61)', 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE');
2604 return $this->keyboard_interactive_process();
2609 $this->auth_methods_to_continue = $auth_methods;
2617 * Login with an ssh-agent provided key
2625 $this->agent = $agent;
2626 $keys = $agent->requestIdentities();
2628 if ($this->privatekey_login($username, $key)) {
2639 * {@internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis}
2649 $publickey = $privatekey->getPublicKey();
2652 $privatekey = $privatekey->withPadding(RSA::SIGNATURE_PKCS1);
2653 $algos = ['rsa-sha2-256', 'rsa-sha2-512', 'ssh-rsa'];
2654 if (isset($this->preferred['hostkey'])) {
2655 $algos = array_intersect($algos, $this->preferred['hostkey']);
2657 $algo = self::array_intersect_first($algos, $this->supported_private_key_algorithms);
2659 case 'rsa-sha2-512':
2661 $signatureType = 'rsa-sha2-512';
2663 case 'rsa-sha2-256':
2665 $signatureType = 'rsa-sha2-256';
2667 //case 'ssh-rsa':
2670 $signatureType = 'ssh-rsa';
2673 $privatekey = $privatekey->withSignatureFormat('SSH2');
2674 $curveName = $privatekey->getCurve();
2678 $signatureType = 'ssh-ed25519';
2682 $signatureType = 'ecdsa-sha2-nistp256';
2686 $signatureType = 'ecdsa-sha2-nistp384';
2690 $signatureType = 'ecdsa-sha2-nistp521';
2699 $privatekey = $privatekey->withSignatureFormat('SSH2');
2701 $signatureType = 'ssh-dss';
2706 $publickeyStr = $publickey->toString('OpenSSH', ['binary' => true]);
2712 'ssh-connection',
2718 $this->send_binary_packet($packet);
2720 $response = $this->get_binary_packet();
2726 if (in_array('publickey', $auth_methods) && substr($signatureType, 0, 9) == 'rsa-sha2-') {
2727 $this->supported_private_key_algorithms = array_diff($this->supported_private_key_algorithms, ['rsa-sha2-256', 'rsa-sha2-512']);
2728 return $this->privatekey_login($username, $privatekey);
2730 $this->auth_methods_to_continue = $auth_methods;
2731 $this->errors[] = 'SSH_MSG_USERAUTH_FAILURE';
2736 $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PK_OK');
2739 $this->bitmap |= self::MASK_LOGIN;
2742 $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
2747 $privatekey = $privatekey->withHash($hash);
2748 $signature = $privatekey->sign(Strings::packSSH2('s', $this->session_id) . $packet);
2754 $this->send_binary_packet($packet);
2756 $response = $this->get_binary_packet();
2761 // either the login is bad or the server employs multi-factor authentication
2763 $this->auth_methods_to_continue = $auth_methods;
2766 $this->bitmap |= self::MASK_LOGIN;
2770 $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
2781 return $this->timeout;
2787 * $ssh->exec('ping 127.0.0.1'); on a Linux host will never return and will run indefinitely. setTimeout() makes it so it'll timeout.
2794 $this->timeout = $this->curTimeout = $timeout;
2800 * Sends an SSH2_MSG_IGNORE message every x seconds, if x is a positive non-zero number.
2806 $this->keepAlive = $interval;
2815 return $this->stdErrorLog;
2826 * @psalm-return ($callback is callable ? bool : string|bool)
2831 $this->curTimeout = $this->timeout;
2832 $this->is_timeout = false;
2833 $this->stdErrorLog = '';
2835 if (!$this->isAuthenticated()) {
2839 //if ($this->isPTYOpen()) {
2840 // throw new \RuntimeException('If you want to run multiple exec()\'s you will need to disable (and re-enable if appropriate) a PTY for each one.');
2843 $this->open_channel(self::CHANNEL_EXEC);
2845 if ($this->request_pty === true) {
2850 $this->server_channels[self::CHANNEL_EXEC],
2851 'pty-req',
2853 $this->term,
2854 $this->windowColumns,
2855 $this->windowRows,
2861 $this->send_binary_packet($packet);
2863 $this->channel_status[self::CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_REQUEST;
2864 if (!$this->get_channel_packet(self::CHANNEL_EXEC)) {
2865 $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
2866 throw new \RuntimeException('Unable to request pseudo-terminal');
2870 // sending a pty-req SSH_MSG_CHANNEL_REQUEST message is unnecessary and, in fact, in most cases, slows things
2872 // with a pty-req SSH_MSG_CHANNEL_REQUEST, exec() will return immediately and the ping process will then
2877 // SSH_MSG_CHANNEL_OPEN_CONFIRMATION, RFC4254#section-5.1 states that the "maximum packet size" refers to the
2878 // "maximum size of an individual data packet". ie. SSH_MSG_CHANNEL_DATA. RFC4254#section-5.2 corroborates.
2882 $this->server_channels[self::CHANNEL_EXEC],
2887 $this->send_binary_packet($packet);
2889 $this->channel_status[self::CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_REQUEST;
2891 if (!$this->get_channel_packet(self::CHANNEL_EXEC)) {
2895 $this->channel_status[self::CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_DATA;
2897 if ($this->request_pty === true) {
2898 $this->channel_id_last_interactive = self::CHANNEL_EXEC;
2904 $temp = $this->get_channel_packet(self::CHANNEL_EXEC);
2913 $this->close_channel(self::CHANNEL_EXEC);
2930 return $this->channelCount;
2942 if (isset($this->channel_status[$channel]) && $this->channel_status[$channel] != NET_SSH2_MSG_CHANNEL_CLOSE) {
2946 $this->channelCount++;
2948 if ($this->channelCount > 1 && $this->errorOnMultipleChannels) {
2955 // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info
2956 $this->window_size_server_to_client[$channel] = $this->window_size;
2957 // 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy
2966 $this->window_size_server_to_client[$channel],
2970 $this->send_binary_packet($packet);
2972 $this->channel_status[$channel] = NET_SSH2_MSG_CHANNEL_OPEN;
2974 return $this->get_channel_packet($channel, $skip_extended);
2993 if (!$this->isAuthenticated()) {
2997 $this->open_channel(self::CHANNEL_SHELL);
3003 $this->server_channels[self::CHANNEL_SHELL],
3004 'pty-req',
3006 $this->term,
3007 $this->windowColumns,
3008 $this->windowRows,
3014 $this->send_binary_packet($packet);
3016 $this->channel_status[self::CHANNEL_SHELL] = NET_SSH2_MSG_CHANNEL_REQUEST;
3018 if (!$this->get_channel_packet(self::CHANNEL_SHELL)) {
3025 $this->server_channels[self::CHANNEL_SHELL],
3029 $this->send_binary_packet($packet);
3031 $response = $this->get_channel_packet(self::CHANNEL_SHELL);
3036 $this->channel_status[self::CHANNEL_SHELL] = NET_SSH2_MSG_CHANNEL_DATA;
3038 $this->channel_id_last_interactive = self::CHANNEL_SHELL;
3040 $this->bitmap |= self::MASK_SHELL;
3048 * with method which guarantees open-ness of all yielded channels and throws
3057 case $this->is_channel_status_data(self::CHANNEL_SUBSYSTEM):
3059 case $this->is_channel_status_data(self::CHANNEL_EXEC):
3074 return isset($this->channel_status[$channel]) && $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_DATA;
3086 if (isset($this->channel_status[$channel]) && $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_OPEN) {
3101 $request_channel = $this->get_open_channel();
3109 $this->server_channels[$request_channel],
3110 'auth-agent-req@openssh.com',
3114 $this->channel_status[$request_channel] = NET_SSH2_MSG_CHANNEL_REQUEST;
3116 $this->send_binary_packet($packet);
3118 if (!$this->get_channel_packet($request_channel)) {
3122 $this->channel_status[$request_channel] = NET_SSH2_MSG_CHANNEL_OPEN;
3150 if (!$this->isAuthenticated()) {
3154 $this->curTimeout = $this->timeout;
3155 $this->is_timeout = false;
3158 $channel = $this->get_interactive_channel();
3161 if (!$this->is_channel_status_data($channel) && empty($this->channel_buffers[$channel])) {
3164 } elseif (!$this->openShell()) {
3170 return $this->get_channel_packet($channel);
3176 preg_match($expect, substr($this->interactiveBuffer, -1024), $matches);
3179 $pos = strlen($match) ? strpos($this->interactiveBuffer, $match) : false;
3181 return Strings::shift($this->interactiveBuffer, $pos + strlen($match));
3183 $response = $this->get_channel_packet($channel);
3185 return Strings::shift($this->interactiveBuffer, strlen($this->interactiveBuffer));
3188 $this->interactiveBuffer .= $response;
3211 if (!$this->isAuthenticated()) {
3216 $channel = $this->get_interactive_channel();
3219 if (!$this->is_channel_status_data($channel)) {
3222 } elseif (!$this->openShell()) {
3227 $this->send_channel_packet($channel, $cmd);
3245 $this->open_channel(self::CHANNEL_SUBSYSTEM);
3250 $this->server_channels[self::CHANNEL_SUBSYSTEM],
3255 $this->send_binary_packet($packet);
3257 $this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_REQUEST;
3259 if (!$this->get_channel_packet(self::CHANNEL_SUBSYSTEM)) {
3263 $this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_DATA;
3265 $this->channel_id_last_interactive = self::CHANNEL_SUBSYSTEM;
3278 if ($this->isInteractiveChannelOpen(self::CHANNEL_SUBSYSTEM)) {
3279 $this->close_channel(self::CHANNEL_SUBSYSTEM);
3287 * If read() timed out you might want to just close the channel and have it auto-restart on the next read() call
3301 $channel = $this->get_interactive_channel();
3303 if ($this->isInteractiveChannelOpen($channel)) {
3304 $this->close_channel($channel);
3316 return $this->is_timeout;
3325 $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
3326 if (isset($this->realtime_log_file) && is_resource($this->realtime_log_file)) {
3327 fclose($this->realtime_log_file);
3329 unset(self::$connections[$this->getResourceId()]);
3341 $this->disconnect();
3366 return ($this->bitmap & self::MASK_CONNECTED) && is_resource($this->fsock) && !feof($this->fsock);
3370 $this->send_binary_packet(pack('CN', NET_SSH2_MSG_IGNORE, 0));
3372 $this->open_channel(self::CHANNEL_KEEP_ALIVE);
3373 $this->close_channel(self::CHANNEL_KEEP_ALIVE);
3388 return (bool) ($this->bitmap & self::MASK_LOGIN);
3398 return $this->isInteractiveChannelOpen(self::CHANNEL_SHELL);
3408 return $this->isInteractiveChannelOpen(self::CHANNEL_EXEC);
3419 return $this->isAuthenticated() && $this->is_channel_status_data($channel);
3431 return $this->channel_id_last_interactive;
3443 if (!$this->isAuthenticated()) {
3444 if (!empty($this->auth)) {
3445 return $this->reconnect();
3451 $this->open_channel(self::CHANNEL_KEEP_ALIVE);
3453 return $this->reconnect();
3456 $this->close_channel(self::CHANNEL_KEEP_ALIVE);
3467 $this->reset_connection(NET_SSH2_DISCONNECT_CONNECTION_LOST);
3468 $this->retry_connect = true;
3469 $this->connect();
3470 foreach ($this->auth as $auth) {
3471 $result = $this->login(...$auth);
3477 * Resets a connection for re-use
3483 $this->disconnect_helper($reason);
3484 $this->decrypt = $this->encrypt = false;
3485 $this->decrypt_block_size = $this->encrypt_block_size = 8;
3486 $this->hmac_check = $this->hmac_create = false;
3487 $this->hmac_size = false;
3488 $this->session_id = false;
3489 $this->retry_connect = true;
3490 $this->get_seq_no = $this->send_seq_no = 0;
3491 $this->channel_status = [];
3492 $this->channel_id_last_interactive = 0;
3507 if (!is_resource($this->fsock)) {
3510 $read = [$this->fsock];
3513 if (!$this->curTimeout) {
3514 if ($this->keepAlive <= 0) {
3517 if (!static::stream_select($read, $write, $except, $this->keepAlive)) {
3518 $this->send_binary_packet(pack('CN', NET_SSH2_MSG_IGNORE, 0));
3519 return $this->get_binary_packet(true);
3523 if ($this->curTimeout < 0) {
3524 $this->is_timeout = true;
3530 if ($this->keepAlive > 0 && $this->keepAlive < $this->curTimeout) {
3531 if (!static::stream_select($read, $write, $except, $this->keepAlive)) {
3532 $this->send_binary_packet(pack('CN', NET_SSH2_MSG_IGNORE, 0));
3533 $elapsed = microtime(true) - $start;
3534 $this->curTimeout -= $elapsed;
3535 return $this->get_binary_packet(true);
3537 $elapsed = microtime(true) - $start;
3538 $this->curTimeout -= $elapsed;
3541 $sec = (int) floor($this->curTimeout);
3542 $usec = (int) (1000000 * ($this->curTimeout - $sec));
3544 // this can return a "stream_select(): unable to select [4]: Interrupted system call" error
3546 $this->is_timeout = true;
3549 $elapsed = microtime(true) - $start;
3550 $this->curTimeout -= $elapsed;
3554 if (!is_resource($this->fsock) || feof($this->fsock)) {
3555 $this->bitmap = 0;
3564 if ($this->curTimeout) {
3565 $sec = (int) floor($this->curTimeout);
3566 $usec = (int) (1000000 * ($this->curTimeout - $sec));
3567 stream_set_timeout($this->fsock, $sec, $usec);
3569 $raw = stream_get_contents($this->fsock, $this->decrypt_block_size);
3572 $this->bitmap = 0;
3576 if ($this->decrypt) {
3577 switch ($this->decryptName) {
3578 case 'aes128-gcm@openssh.com':
3579 case 'aes256-gcm@openssh.com':
3580 $this->decrypt->setNonce(
3581 $this->decryptFixedPart .
3582 $this->decryptInvocationCounter
3584 Strings::increment_str($this->decryptInvocationCounter);
3585 $this->decrypt->setAAD($temp = Strings::shift($raw, 4));
3591 $raw .= $this->read_remaining_bytes($packet_length - $this->decrypt_block_size + 4);
3593 $tag = stream_get_contents($this->fsock, $this->decrypt_block_size);
3594 $this->decrypt->setTag($tag);
3595 $raw = $this->decrypt->decrypt($raw);
3599 case 'chacha20-poly1305@openssh.com':
3601 if (!($this->decrypt instanceof ChaCha20)) {
3602 throw new \LogicException('$this->decrypt is not a ' . ChaCha20::class);
3605 $nonce = pack('N2', 0, $this->get_seq_no);
3607 $this->lengthDecrypt->setNonce($nonce);
3608 $temp = $this->lengthDecrypt->decrypt($aad = Strings::shift($raw, 4));
3614 $raw .= $this->read_remaining_bytes($packet_length - $this->decrypt_block_size + 4);
3616 $tag = stream_get_contents($this->fsock, 16);
3618 $this->decrypt->setNonce($nonce);
3619 $this->decrypt->setCounter(0);
3622 // for ChaCha20-Poly1305 so we won't rely on it (see Salsa20::poly1305())
3623 $this->decrypt->setPoly1305Key(
3624 $this->decrypt->encrypt(str_repeat("\0", 32))
3626 $this->decrypt->setAAD($aad);
3627 $this->decrypt->setCounter(1);
3628 $this->decrypt->setTag($tag);
3629 $raw = $this->decrypt->decrypt($raw);
3634 if (!$this->hmac_check instanceof Hash || !$this->hmac_check_etm) {
3635 $raw = $this->decrypt->decrypt($raw);
3642 $raw .= $this->read_remaining_bytes($packet_length - $this->decrypt_block_size + 4);
3645 $raw = $temp . $this->decrypt->decrypt($raw);
3651 $this->bitmap = 0;
3661 $remaining_length = $packet_length + 4 - $this->decrypt_block_size;
3664 $buffer = $this->read_remaining_bytes($remaining_length);
3670 $raw .= $this->decrypt ? $this->decrypt->decrypt($buffer) : $buffer;
3673 $payload = Strings::shift($raw, $packet_length - $padding_length - 1);
3676 if ($this->hmac_check instanceof Hash) {
3677 $hmac = stream_get_contents($this->fsock, $this->hmac_size);
3678 if ($hmac === false || strlen($hmac) != $this->hmac_size) {
3679 $this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
3683 $reconstructed = !$this->hmac_check_etm ?
3686 if (($this->hmac_check->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') {
3687 $this->hmac_check->setNonce("\0\0\0\0" . pack('N', $this->get_seq_no));
3688 if ($hmac != $this->hmac_check->hash($reconstructed)) {
3689 $this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
3693 if ($hmac != $this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed))) {
3694 $this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
3700 switch ($this->decompress) {
3702 if (!$this->isAuthenticated()) {
3705 // fall-through
3707 if ($this->regenerate_decompression_context) {
3708 $this->regenerate_decompression_context = false;
3729 $this->decompress_context = inflate_init(ZLIB_ENCODING_RAW, ['window' => $cinfo + 8]);
3732 if ($this->decompress_context) {
3733 $payload = inflate_add($this->decompress_context, $payload, ZLIB_PARTIAL_FLUSH);
3737 $this->get_seq_no++;
3742 $message_number = '<- ' . $message_number .
3743 ' (since last: ' . round($current - $this->last_packet, 4) . ', network: ' . round($stop - $start, 4) . 's)';
3744 $this->append_log($message_number, $payload);
3745 $this->last_packet = $current;
3748 return $this->filter($payload, $skip_channel_filter);
3765 if ($this->decrypt) {
3767 case $this->decryptName == 'aes128-gcm@openssh.com':
3768 case $this->decryptName == 'aes256-gcm@openssh.com':
3769 case $this->decryptName == 'chacha20-poly1305@openssh.com':
3770 case $this->hmac_check instanceof Hash && $this->hmac_check_etm:
3771 $remaining_length += $this->decrypt_block_size - 4;
3776 // quoting <http://tools.ietf.org/html/rfc4253#section-6.1>,
3780 if ($remaining_length < -$this->decrypt_block_size || $remaining_length > 0x9000 || $remaining_length % $this->decrypt_block_size != 0) {
3781 if (!$this->bad_key_size_fix && self::bad_algorithm_candidate($this->decrypt ? $this->decryptName : '') && !($this->bitmap & SSH2::MASK_LOGIN)) {
3782 $this->bad_key_size_fix = true;
3783 $this->reset_connection(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
3790 $remaining_length -= $this->decrypt_block_size - 4;
3795 $temp = stream_get_contents($this->fsock, $remaining_length);
3796 if ($temp === false || feof($this->fsock)) {
3797 $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
3801 $remaining_length -= strlen($temp);
3823 $this->errors[] = 'SSH_MSG_DISCONNECT: ' . self::$disconnect_reasons[$reason_code] . "\r\n$message";
3824 $this->bitmap = 0;
3827 $this->extra_packets++;
3828 $payload = $this->get_binary_packet($skip_channel_filter);
3831 $this->extra_packets++;
3834 $this->errors[] = "SSH_MSG_DEBUG: $message";
3835 $payload = $this->get_binary_packet($skip_channel_filter);
3840 // this is here for key re-exchanges after the initial key exchange
3841 if ($this->session_id !== false) {
3842 if (!$this->key_exchange($payload)) {
3843 $this->bitmap = 0;
3846 $payload = $this->get_binary_packet($skip_channel_filter);
3850 // see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in
3851 if (($this->bitmap & self::MASK_CONNECTED) && !$this->isAuthenticated() && !is_bool($payload) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
3853 list($this->banner_message) = Strings::unpackSSH2('s', $payload);
3854 $payload = $this->get_binary_packet();
3858 if (($this->bitmap & self::MASK_CONNECTED) && $this->isAuthenticated()) {
3867 if (substr($payload, 9, $length) == 'keepalive@openssh.com' && isset($this->server_channels[$channel])) {
3869 $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_SUCCESS, $this->server_channels[$channel]));
3871 $payload = $this->get_binary_packet($skip_channel_filter);
3879 if (!$skip_channel_filter && !empty($this->server_channels)) {
3880 $this->binary_packet_buffer = $payload;
3881 $this->get_channel_packet(true);
3882 $payload = $this->get_binary_packet();
3885 case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4
3888 $this->errors[] = "SSH_MSG_GLOBAL_REQUEST: $request_name";
3891 $this->send_binary_packet(pack('C', NET_SSH2_MSG_REQUEST_FAILURE));
3893 return $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
3896 $payload = $this->get_binary_packet($skip_channel_filter);
3898 case NET_SSH2_MSG_CHANNEL_OPEN: // see http://tools.ietf.org/html/rfc4254#section-5.1
3902 case 'auth-agent':
3903 case 'auth-agent@openssh.com':
3904 if (isset($this->agent)) {
3912 $this->packet_size_client_to_server[$new_channel] = $remote_window_size;
3913 $this->window_size_server_to_client[$new_channel] = $remote_maximum_packet_size;
3914 $this->window_size_client_to_server[$new_channel] = $this->window_size;
3927 $this->server_channels[$new_channel] = $server_channel;
3928 $this->channel_status[$new_channel] = NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION;
3929 $this->send_binary_packet($packet);
3943 $this->send_binary_packet($packet);
3945 return $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
3949 $payload = $this->get_binary_packet($skip_channel_filter);
3955 $this->window_size_client_to_server[$channel] += $window_size;
3957 $payload = ($this->bitmap & self::MASK_WINDOW_ADJUST) ? true : $this->get_binary_packet($skip_channel_filter);
3972 $this->quiet_mode = true;
3983 $this->quiet_mode = false;
3995 return $this->quiet_mode;
3999 * Enable request-pty when using exec()
4004 $this->request_pty = true;
4008 * Disable request-pty when using exec()
4013 if ($this->isPTYOpen()) {
4014 $this->close_channel(self::CHANNEL_EXEC);
4016 $this->request_pty = false;
4020 * Returns whether request-pty is enabled or not
4028 return $this->request_pty;
4036 * - the server closes the channel
4037 * - if the connection times out
4038 * - if the channel status is CHANNEL_OPEN and the response was CHANNEL_OPEN_CONFIRMATION
4039 * - if the channel status is CHANNEL_REQUEST and the response was CHANNEL_SUCCESS
4040 * - if the channel status is CHANNEL_CLOSE and the response was CHANNEL_CLOSE
4044 * - if the channel status is CHANNEL_REQUEST and the response was CHANNEL_FAILURE
4053 if (!empty($this->channel_buffers[$client_channel])) {
4054 switch ($this->channel_status[$client_channel]) {
4056 foreach ($this->channel_buffers[$client_channel] as $i => $packet) {
4060 unset($this->channel_buffers[$client_channel][$i]);
4066 return substr(array_shift($this->channel_buffers[$client_channel]), 1);
4071 if ($this->binary_packet_buffer !== false) {
4072 $response = $this->binary_packet_buffer;
4073 $this->binary_packet_buffer = false;
4075 $response = $this->get_binary_packet(true);
4076 if ($response === true && $this->is_timeout) {
4077 if ($client_channel == self::CHANNEL_EXEC && !$this->request_pty) {
4078 $this->close_channel($client_channel);
4083 $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
4088 if ($client_channel == -1 && $response === true) {
4094 if (isset($channel) && isset($this->channel_status[$channel]) && isset($this->window_size_server_to_client[$channel])) {
4095 $this->window_size_server_to_client[$channel] -= strlen($response);
4098 if ($this->window_size_server_to_client[$channel] < 0) {
4100 //if ($this->window_size_server_to_client[$channel] < 0x3FFFFFFF) {
4101 $packet = pack('CNN', NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST, $this->server_channels[$channel], $this->window_resize);
4102 $this->send_binary_packet($packet);
4103 $this->window_size_server_to_client[$channel] += $this->window_resize;
4110 $this->send_channel_packet($client_channel, chr(0));
4115 $this->stdErrorLog .= $data;
4116 if ($skip_extended || $this->quiet_mode) {
4119 if ($client_channel == $channel && $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_DATA) {
4122 $this->channel_buffers[$channel][] = chr($type) . $data;
4126 if ($this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_CLOSE) {
4131 case 'exit-signal':
4139 $this->errors[] = "SSH_MSG_CHANNEL_REQUEST (exit-signal): $signal_name";
4141 $this->errors[count($this->errors) - 1] .= "\r\n$error_message";
4144 $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_EOF, $this->server_channels[$client_channel]));
4145 $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$channel]));
4147 $this->channel_status[$channel] = NET_SSH2_MSG_CHANNEL_EOF;
4150 case 'exit-status':
4151 list(, $this->exit_status) = Strings::unpackSSH2('CN', $response);
4154 // -- http://tools.ietf.org/html/rfc4254#section-6.10
4159 // -- http://tools.ietf.org/html/rfc4254#section-6.9
4164 switch ($this->channel_status[$channel]) {
4169 $this->server_channels[$channel],
4171 $this->packet_size_client_to_server[$channel]
4178 $this->window_size_client_to_server[$channel] = $window_size;
4179 $result = $client_channel == $channel ? true : $this->get_channel_packet($client_channel, $skip_extended);
4180 $this->on_channel_open();
4183 $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
4187 $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
4190 return $this->get_channel_packet($client_channel, $skip_extended);
4201 $this->channel_buffers[$channel][] = chr($type) . $data;
4202 return $this->get_channel_packet($client_channel, $skip_extended);
4204 $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
4211 return $this->get_channel_packet($client_channel, $skip_extended);
4215 // ie. $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_DATA
4225 $this->send_channel_packet($channel, chr(0));
4231 $agent_response = $this->agent->forwardData($data);
4233 $this->send_channel_packet($channel, $agent_response);
4241 $this->channel_buffers[$channel][] = chr($type) . $data;
4244 $this->curTimeout = 5;
4246 $this->close_channel_bitmap($channel);
4248 if ($this->channel_status[$channel] != NET_SSH2_MSG_CHANNEL_EOF) {
4249 $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$channel]));
4252 $this->channel_status[$channel] = NET_SSH2_MSG_CHANNEL_CLOSE;
4253 $this->channelCount--;
4258 // fall-through
4262 $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
4280 if (!is_resource($this->fsock) || feof($this->fsock)) {
4281 $this->bitmap = 0;
4289 switch ($this->compress) {
4291 if (!$this->isAuthenticated()) {
4294 // fall-through
4296 if (!$this->regenerate_compression_context) {
4299 $this->regenerate_compression_context = false;
4300 $this->compress_context = deflate_init(ZLIB_ENCODING_RAW, ['window' => 15]);
4303 if ($this->compress_context) {
4304 $data = $header . deflate_add($this->compress_context, $data, ZLIB_PARTIAL_FLUSH);
4310 if ($this->encrypt && $this->encrypt->usesNonce()) {
4311 $packet_length -= 4;
4313 // round up to the nearest $this->encrypt_block_size
4314 $packet_length += (($this->encrypt_block_size - 1) * $packet_length) % $this->encrypt_block_size;
4315 // subtracting strlen($data) is obvious - subtracting 5 is necessary because of packet_length and padding_length
4316 $padding_length = $packet_length - strlen($data) - 5;
4318 case $this->encrypt && $this->encrypt->usesNonce():
4319 case $this->hmac_create instanceof Hash && $this->hmac_create_etm:
4327 $packet = pack('NCa*', $packet_length - 4, $padding_length, $data . $padding);
4330 if ($this->hmac_create instanceof Hash && !$this->hmac_create_etm) {
4331 if (($this->hmac_create->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') {
4332 $this->hmac_create->setNonce("\0\0\0\0" . pack('N', $this->send_seq_no));
4333 $hmac = $this->hmac_create->hash($packet);
4335 $hmac = $this->hmac_create->hash(pack('Na*', $this->send_seq_no, $packet));
4339 if ($this->encrypt) {
4340 switch ($this->encryptName) {
4341 case 'aes128-gcm@openssh.com':
4342 case 'aes256-gcm@openssh.com':
4343 $this->encrypt->setNonce(
4344 $this->encryptFixedPart .
4345 $this->encryptInvocationCounter
4347 Strings::increment_str($this->encryptInvocationCounter);
4348 $this->encrypt->setAAD($temp = ($packet & "\xFF\xFF\xFF\xFF"));
4349 $packet = $temp . $this->encrypt->encrypt(substr($packet, 4));
4351 case 'chacha20-poly1305@openssh.com':
4353 if (!($this->encrypt instanceof ChaCha20)) {
4354 throw new \LogicException('$this->encrypt is not a ' . ChaCha20::class);
4357 $nonce = pack('N2', 0, $this->send_seq_no);
4359 $this->encrypt->setNonce($nonce);
4360 $this->lengthEncrypt->setNonce($nonce);
4362 $length = $this->lengthEncrypt->encrypt($packet & "\xFF\xFF\xFF\xFF");
4364 $this->encrypt->setCounter(0);
4367 // for ChaCha20-Poly1305 so we won't rely on it (see Salsa20::poly1305())
4368 $this->encrypt->setPoly1305Key(
4369 $this->encrypt->encrypt(str_repeat("\0", 32))
4371 $this->encrypt->setAAD($length);
4372 $this->encrypt->setCounter(1);
4373 $packet = $length . $this->encrypt->encrypt(substr($packet, 4));
4376 $packet = $this->hmac_create instanceof Hash && $this->hmac_create_etm ?
4377 ($packet & "\xFF\xFF\xFF\xFF") . $this->encrypt->encrypt(substr($packet, 4)) :
4378 $this->encrypt->encrypt($packet);
4382 if ($this->hmac_create instanceof Hash && $this->hmac_create_etm) {
4383 if (($this->hmac_create->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') {
4384 $this->hmac_create->setNonce("\0\0\0\0" . pack('N', $this->send_seq_no));
4385 $hmac = $this->hmac_create->hash($packet);
4387 $hmac = $this->hmac_create->hash(pack('Na*', $this->send_seq_no, $packet));
4391 $this->send_seq_no++;
4393 $packet .= $this->encrypt && $this->encrypt->usesNonce() ? $this->encrypt->getTag() : $hmac;
4396 $sent = @fputs($this->fsock, $packet);
4402 $message_number = '-> ' . $message_number .
4403 ' (since last: ' . round($current - $this->last_packet, 4) . ', network: ' . round($stop - $start, 4) . 's)';
4404 $this->append_log($message_number, $logged);
4405 $this->last_packet = $current;
4409 $this->bitmap = 0;
4427 $this->append_log_helper(
4431 $this->message_number_log,
4432 $this->message_log,
4433 $this->log_size,
4434 $this->realtime_log_file,
4435 $this->realtime_log_wrap,
4436 $this->realtime_log_size
4477 $log_size -= strlen(array_shift($message_log));
4482 // passwords won't be filtered out and select other packets may not be correctly
4493 echo $start . $this->format_log([$message], [$message_number]) . $stop;
4511 $entry = $this->format_log([$message], [$message_number]);
4515 fseek($realtime_log_file, ftell($realtime_log_file) - strlen($temp));
4539 if (!$this->window_size_client_to_server[$client_channel]) {
4540 $this->bitmap ^= self::MASK_WINDOW_ADJUST;
4542 $this->get_channel_packet(-1);
4543 $this->bitmap ^= self::MASK_WINDOW_ADJUST;
4549 -- http://tools.ietf.org/html/rfc4254#section-5.2 */
4551 $this->packet_size_client_to_server[$client_channel],
4552 $this->window_size_client_to_server[$client_channel]
4559 $this->server_channels[$client_channel],
4562 $this->window_size_client_to_server[$client_channel] -= strlen($temp);
4563 $this->send_binary_packet($packet);
4580 // see http://tools.ietf.org/html/rfc4254#section-5.3
4582 $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_EOF, $this->server_channels[$client_channel]));
4585 $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$client_channel]));
4588 $this->channel_status[$client_channel] = NET_SSH2_MSG_CHANNEL_CLOSE;
4589 $this->channelCount--;
4591 $this->curTimeout = 5;
4593 while (!is_bool($this->get_channel_packet($client_channel))) {
4597 $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$client_channel]));
4600 $this->close_channel_bitmap($client_channel);
4615 if ($this->bitmap & self::MASK_SHELL) {
4616 $this->bitmap &= ~self::MASK_SHELL;
4630 if ($this->bitmap & self::MASK_CONNECTED) {
4633 $this->send_binary_packet($data);
4638 $this->bitmap = 0;
4639 if (is_resource($this->fsock) && get_resource_type($this->fsock) === 'stream') {
4640 fclose($this->fsock);
4684 return $this->message_number_log;
4686 $log = $this->format_log($this->message_log, $this->message_number_log);
4711 $fragment = Strings::shift($current_log, $this->log_short_width);
4713 return $this->log_boundary . str_pad(dechex(ord($matches[0])), 2, '0', STR_PAD_LEFT);
4714 }, $fragment), strlen($this->log_boundary));
4718 $raw = preg_replace('#[^\x20-\x7E]|<#', '.', $fragment);
4719 $output .= str_pad($hex, $this->log_long_width - $this->log_short_width, ' ') . $raw . "\r\n";
4729 * Helper function for agent->on_channel_open()
4738 if (isset($this->agent)) {
4739 $this->agent->registerChannelOpen($this);
4770 return $this->errors;
4782 $count = count($this->errors);
4785 return $this->errors[$count - 1];
4796 $this->connect();
4798 return $this->server_identifier;
4808 $this->connect();
4811 'kex' => $this->kex_algorithms,
4812 'hostkey' => $this->server_host_key_algorithms,
4814 'crypt' => $this->encryption_algorithms_client_to_server,
4815 'mac' => $this->mac_algorithms_client_to_server,
4816 'comp' => $this->compression_algorithms_client_to_server,
4817 'lang' => $this->languages_client_to_server
4820 'crypt' => $this->encryption_algorithms_server_to_client,
4821 'mac' => $this->mac_algorithms_server_to_client,
4822 'comp' => $this->compression_algorithms_server_to_client,
4823 'lang' => $this->languages_server_to_client
4836 // Elliptic Curve Diffie-Hellman Key Agreement (ECDH) using
4837 // Curve25519. See doc/curve25519-sha256@libssh.org.txt in the
4839 'curve25519-sha256',
4840 'curve25519-sha256@libssh.org',
4842 'ecdh-sha2-nistp256', // RFC 5656
4843 'ecdh-sha2-nistp384', // RFC 5656
4844 'ecdh-sha2-nistp521', // RFC 5656
4846 'diffie-hellman-group-exchange-sha256',// RFC 4419
4847 'diffie-hellman-group-exchange-sha1', // RFC 4419
4849 // Diffie-Hellman Key Agreement (DH) using integer modulo prime
4850 // groups.
4851 'diffie-hellman-group14-sha256',
4852 'diffie-hellman-group14-sha1', // REQUIRED
4853 'diffie-hellman-group15-sha512',
4854 'diffie-hellman-group16-sha512',
4855 'diffie-hellman-group17-sha512',
4856 'diffie-hellman-group18-sha512',
4858 'diffie-hellman-group1-sha1', // REQUIRED
4872 'ssh-ed25519', // https://tools.ietf.org/html/draft-ietf-curdle-ssh-ed25519-02
4873 'ecdsa-sha2-nistp256', // RFC 5656
4874 'ecdsa-sha2-nistp384', // RFC 5656
4875 'ecdsa-sha2-nistp521', // RFC 5656
4876 'rsa-sha2-256', // RFC 8332
4877 'rsa-sha2-512', // RFC 8332
4878 'ssh-rsa', // RECOMMENDED sign Raw RSA Key
4879 'ssh-dss' // REQUIRED sign Raw DSS Key
4892 'aes128-gcm@openssh.com',
4893 'aes256-gcm@openssh.com',
4895 // from <http://tools.ietf.org/html/rfc4345#section-4>:
4899 //'arcfour', // OPTIONAL the ARCFOUR stream cipher with a 128-bit key
4901 // CTR modes from <http://tools.ietf.org/html/rfc4344#section-4>:
4902 'aes128-ctr', // RECOMMENDED AES (Rijndael) in SDCTR mode, with 128-bit key
4903 'aes192-ctr', // RECOMMENDED AES with 192-bit key
4904 'aes256-ctr', // RECOMMENDED AES with 256-bit key
4906 // from <https://github.com/openssh/openssh-portable/blob/001aa55/PROTOCOL.chacha20poly1305>:
4907 // one of the big benefits of chacha20-poly1305 is speed. the problem is...
4910 // part, pure-PHP has to be used for the poly1305 part and that's gonna cause a big slow down.
4911 // speed-wise it winds up being faster to use AES (when openssl or mcrypt are available) and some HMAC
4914 'chacha20-poly1305@openssh.com',
4916 'twofish128-ctr', // OPTIONAL Twofish in SDCTR mode, with 128-bit key
4917 'twofish192-ctr', // OPTIONAL Twofish with 192-bit key
4918 'twofish256-ctr', // OPTIONAL Twofish with 256-bit key
4920 'aes128-cbc', // RECOMMENDED AES with a 128-bit key
4921 'aes192-cbc', // OPTIONAL AES with a 192-bit key
4922 'aes256-cbc', // OPTIONAL AES in CBC mode, with a 256-bit key
4924 'twofish128-cbc', // OPTIONAL Twofish with a 128-bit key
4925 'twofish192-cbc', // OPTIONAL Twofish with a 192-bit key
4926 'twofish256-cbc',
4927 'twofish-cbc', // OPTIONAL alias for "twofish256-cbc"
4930 'blowfish-ctr', // OPTIONAL Blowfish in SDCTR mode
4932 'blowfish-cbc', // OPTIONAL Blowfish in CBC mode
4934 '3des-ctr', // RECOMMENDED Three-key 3DES in SDCTR mode
4936 '3des-cbc', // REQUIRED three-key 3DES in CBC mode
4960 $obj->setKeyLength(preg_replace('#[^\d]#', '', $algo));
4963 case 'chacha20-poly1305@openssh.com':
4970 case 'aes128-gcm@openssh.com':
4971 case 'aes256-gcm@openssh.com':
4975 $obj->setNonce('dummydummydu');
4977 if ($obj->isValidEngine($engine)) {
4995 'hmac-sha2-256-etm@openssh.com',
4996 'hmac-sha2-512-etm@openssh.com',
4997 'umac-64-etm@openssh.com',
4998 'umac-128-etm@openssh.com',
4999 'hmac-sha1-etm@openssh.com',
5002 'hmac-sha2-256',// RECOMMENDED HMAC-SHA256 (digest length = key length = 32)
5003 'hmac-sha2-512',// OPTIONAL HMAC-SHA512 (digest length = key length = 64)
5005 // from <https://tools.ietf.org/html/draft-miller-secsh-umac-01>:
5006 'umac-64@openssh.com',
5007 'umac-128@openssh.com',
5009 'hmac-sha1-96', // RECOMMENDED first 96 bits of HMAC-SHA1 (digest length = 12, key length = 20)
5010 'hmac-sha1', // REQUIRED HMAC-SHA1 (digest length = key length = 20)
5011 'hmac-md5-96', // OPTIONAL first 96 bits of HMAC-MD5 (digest length = 12, key length = 16)
5012 'hmac-md5', // OPTIONAL HMAC-MD5 (digest length = key length = 16)
5026 $algos[] = 'zlib@openssh.com'; // https://datatracker.ietf.org/doc/html/draft-miller-secsh-compression-delayed
5035 * Uses the same format as https://www.php.net/ssh2-methods-negotiated
5041 $this->connect();
5050 'kex' => $this->kex_algorithm,
5051 'hostkey' => $this->signature_format,
5053 'crypt' => $this->encryptName,
5054 'mac' => $this->hmac_create_name,
5055 'comp' => $compression_map[$this->compress],
5058 'crypt' => $this->decryptName,
5059 'mac' => $this->hmac_check_name,
5060 'comp' => $compression_map[$this->decompress],
5070 $this->errorOnMultipleChannels = false;
5080 $this->term = $term;
5085 * <https://www.php.net/manual/en/function.ssh2-connect.php>
5164 $this->preferred = $preferred;
5177 return $this->banner_message;
5192 if (!($this->bitmap & self::MASK_CONSTRUCTOR)) {
5193 $this->connect();
5196 $signature = $this->signature;
5197 $server_public_host_key = base64_encode($this->server_public_host_key);
5199 if ($this->signature_validated) {
5200 return $this->bitmap ?
5201 $this->signature_format . ' ' . $server_public_host_key :
5205 $this->signature_validated = true;
5207 switch ($this->signature_format) {
5208 case 'ssh-ed25519':
5209 case 'ecdsa-sha2-nistp256':
5210 case 'ecdsa-sha2-nistp384':
5211 case 'ecdsa-sha2-nistp521':
5213 ->withSignatureFormat('SSH2');
5214 switch ($this->signature_format) {
5215 case 'ssh-ed25519':
5218 case 'ecdsa-sha2-nistp256':
5221 case 'ecdsa-sha2-nistp384':
5224 case 'ecdsa-sha2-nistp521':
5227 $key = $key->withHash($hash);
5229 case 'ssh-dss':
5231 ->withSignatureFormat('SSH2')
5232 ->withHash('sha1');
5234 case 'ssh-rsa':
5235 case 'rsa-sha2-256':
5236 case 'rsa-sha2-512':
5237 // could be ssh-rsa, rsa-sha2-256, rsa-sha2-512
5243 ->withPadding(RSA::SIGNATURE_PKCS1);
5244 switch ($this->signature_format) {
5245 case 'rsa-sha2-512':
5248 case 'rsa-sha2-256':
5251 //case 'ssh-rsa':
5255 $key = $key->withHash($hash);
5258 $this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
5262 if (!$key->verify($this->exchange_hash, $signature)) {
5263 return $this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
5266 return $this->signature_format . ' ' . $server_public_host_key;
5276 if (is_null($this->exit_status)) {
5279 return $this->exit_status;
5289 return $this->windowColumns;
5299 return $this->windowRows;
5309 $this->windowColumns = $value;
5319 $this->windowRows = $value;
5330 $this->windowColumns = $columns;
5331 $this->windowRows = $rows;
5342 return $this->getResourceId();
5349 * {@link http://tools.ietf.org/html/rfc3986#section-2 RFC}.
5370 return self::$connections[$id] instanceof \WeakReference ? self::$connections[$id]->get() : self::$connections[$id];
5388 $temp[$key] = $ref->get();
5402 $this->message_number_log[count($this->message_number_log) - 1] = str_replace(
5405 $this->message_number_log[count($this->message_number_log) - 1]
5413 * @see https://tools.ietf.org/html/rfc4252#section-5.1
5418 return $this->auth_methods_to_continue;
5422 * Enables "smart" multi-factor authentication (MFA)
5426 $this->smartMFA = true;
5430 * Disables "smart" multi-factor authentication (MFA)
5434 $this->smartMFA = false;