1

Here is my code:

error_reporting(E_ALL);
require __DIR__ . '/vendor/autoload.php';

use phpseclib\Net\SSH2;
use phpseclib\Crypt\RSA;

$ssh = new SSH2('stg.net');
$key = new RSA();
$key->loadKey(file_get_contents('/Users/me/.ssh/my_private_key'));
if (!$ssh->login('username', $key)) {
    print_r($ssh->getLastError());
    print_r($ssh->getErrors());
    exit('Login Failed');
}

echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');

Output:

Array
(
)

In vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php there is function _privatekey_login($username, $privatekey)

$publickey = $privatekey->getPublicKey(RSA::PUBLIC_FORMAT_RAW);
if ($publickey === false) {
    return false;
}

I'm getting false, maybe I have to set public key too? How can it be done? How to debug it?

+++ UPDATE +++

I tried advices/hints from these tickets too:

phpseclib always gives login failed with no log

Net/SSH2 - phpseclib login failing - error: "failedArray"

Improve this question
4
  • 1
    What'd be more useful than the errors are the log files. You can get them by doing define('NET_SSH2_LOGGING', 2); at the top and then $ssh->getLog() before the exit;. That said, based on your _privatekey_login comment it sounds like maybe you're trying to use a DSA or ECDSA key in place of an RSA key. Most RSA private keys include the public key within them and it's hard to imagine you using one that doesn't. I mean, it's not impossible but it is improbable. Commented Jun 18, 2018 at 3:34
  • @neubert thank you so much for your comment, you are right I'm using ECDSA key. Is it still not supported? stackoverflow.com/questions/29688283/… Commented Jun 18, 2018 at 4:00
  • 1
    A status update on that was posted recently at github.com/phpseclib/phpseclib/issues/… . Quoting it, "I'm not ready to make my code public yet. I just thought I'd post a progress report for anyone interested". My guess is that the code changes would be in the master branch, however, and not the 2.0 branch. I say that because the DSA changes were in the master branch and not the 2.0 branch. Eventually the master branch (as I understand it) will become 3.0.0 but idk when that'd happen. Commented Jun 18, 2018 at 4:10
  • thank you for your awesome help, you can post it as the answer & I'll mark it Commented Jun 18, 2018 at 4:12

1 Answer 1

Reset to default
1

The problem is that the key in question is an ECDSA key. Quoting https://github.com/phpseclib/phpseclib/issues/1082#issuecomment-396122366 :

My library supports EdDSA keys in the OpenSSH format (ie. the kind that ssh-keygen would generate), the PuTTY format (ie. the kind puttygen would generate), in libsodium format and in the format specified in this IETF Draft:

https://datatracker.ietf.org/doc/html/draft-ietf-curdle-pkix-07

If libsodium / sodium_compat are being used the keys are converted from whatever format they were in to the libsodium format to facilitate libsodium's use.

Encrypted OpenSSH private keys are not supported for the same reason sodium_compat does not support Argon2i - it's too slow. OpenSSH uses a custom form of bcrypt that does bcrypt 128 times as I recall and encrypts a different string etc so PHP's bcrypt implementation cannot be used and since bcrypt uses a custom key expansion OpenSSL's implementation of Blowfish can't be used either.

Here the author is talking about EdDSA - not ECDSA - but from the rest of the post it sounds like ECDSA over prime finite fields is complete as well.

Quoting the post that follows that one:

Also, I'm not ready to make my code public yet. I just thought I'd post a progress report for anyone interested.

My guess is that this implementation will live in the master branch and not the 2.0 branch. I say that because the DSA changes were in the master branch and not the 2.0 branch. Eventually the master branch (as I understand it) will become 3.0.0 but idk when that'd happen.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.