Page 1 of 1
Does ssh2_auth_password() work?
Posted: Tue Aug 25, 2009 1:56 am
by mano lo
Hi,
I use a Windows program called SSH Secure Shell to connect to a Linux server.
Yesterday I tried to the connect from a php script to the same server (using the same host, port, user and password).
The call to ssh2_connect() works, but when I try to authenticate with ssh2_auth_password(), I get an error (Authentication failed for...)
Does anybody know if ssh2_auth_password() connects the same way as SSH Secure Shell does?
I am using the same host, port, user and password so I don't undertand why the program works, but the php script doesn't.
Thanks in advance
Re: Does ssh2_auth_password() work?
Posted: Tue Aug 25, 2009 9:36 am
by Ambush Commander
Do you have a full error message you can post? Does your SSH client on Windows offer a verbose mode, so you can find out what authentication mode was used (probably keyboard interactive, but it can't hurt to check).
Re: Does ssh2_auth_password() work?
Posted: Wed Aug 26, 2009 3:37 am
by mano lo
Thank you for answering, Ambush Commander.
I looked into SSH Secure Shell configuration options and found that it uses "Public Key" as default auhtentication method.
So I supose that I can't use ssh2_auth_password() to connect to my server.
I found on Internet the way to connect to a server using a public key:
<?php
$connection = ssh2_connect('shell.example.com', 22, array('hostkey'=>'ssh-rsa'));
if (ssh2_auth_pubkey_file($connection, 'username',
'/home/username/.ssh/id_rsa.pub',
'/home/username/.ssh/id_rsa', 'secret')) {
echo "Public Key Authentication Successful\n";
} else {
die('Public Key Authentication Failed');
}
?>
The problem is that I can't find the correspondent /home/username/.ssh/id_rsa.pub file on my server...
So I give up
Thank you.
Re: Does ssh2_auth_password() work?
Posted: Wed Aug 26, 2009 9:32 am
by Ambush Commander
Although it's the default method, it may not be the one that actually gets used (thus my questioning about your verbose mode); it's merely the first one SSH tries.
Re: Does ssh2_auth_password() work?
Posted: Thu Aug 27, 2009 2:47 am
by mano lo
I don't know how to activate a verbose mode on the program,
but don't worry, I think that I would never be able to connect from php.
Re: Does ssh2_auth_password() work?
Posted: Mon Feb 04, 2013 4:07 pm
by babudro
If I may revive this old post... I'm also having trouble with ssh2_auth_password.
EDIT: After writing this up it finally struck me that the "0.12" version was not referring to the SSH2 library nor to an ancient version of PHP, but to the PECL-SSH2 routine. The version I have is 0.11, so that explains my problem. I'll leave this post here anyway in case it helps someone else.
I can use the PHP function to successfully log-in to one host but not another. Both of them work using "ssh" command.
With the ssh2_auth_none() function I found that one of them has "password" as an auth method while the other does not; it only has publickey and keyboard-interactive.
The page on php.net for the ssh2_auth_password function says, "Since version 0.12 this function also supports keyboard_interactive method", but I don't see any special way to trigger its use. It seems it should be automatic, but apparently it is not since authentication is failing.
Any ideas?
If it helps to see actual output, here is some:
$ php -f router-poll.php np06f04
Attempting connection to np06fdlr04
Checking Arista fingerprint
Auth methods Array
(
[0] => publickey
[1] => keyboard-interactive
)
Encryption keys were negotiated using diffie-hellman-group14-sha1
Client to Server packets will use methods:
Crypt: aes128-ctr
Comp: none
MAC: hmac-sha1
Server to Client packets will use methods:
Crypt: aes128-ctr
Comp: none
MAC: hmac-sha1
Authenticating to np06f04 ...
Warning: ssh2_auth_password(): Authentication failed for (my UID) using password in router-poll.php on line 44
-------------
$ php -f router-poll.php np06f03
Attempting connection to np06f03
Checking Cisco fingerprint
Auth methods Array
(
[0] => publickey
[1] => password
[2] => keyboard-interactive
)
Encryption keys were negotiated using diffie-hellman-group14-sha1
Client to Server packets will use methods:
Crypt: aes128-ctr
Comp: none
MAC: hmac-sha1
Server to Client packets will use methods:
Crypt: aes128-ctr
Comp: none
MAC: hmac-sha1
Authenticating to np06f03 ... OK
Executing 'show hardware profile status'
np06f03 has 1766 multicast entries available.