3

Is there anyway to connect the sftp with both private key and ftp password by using phpseclib or any other method.

Ron Paul
  • 31
  • 1
  • 1
  • 4
  • Can you show us more about your specific situation, or show the resource you've done to try and find the answer yourself, and why those answers don't work for you? Try this SO question: http://stackoverflow.com/questions/13806699/phpseclib-can-i-connect-using-username-key-and-password-not-a-key-password – Luke Shaheen Apr 03 '13 at 20:13
  • Possible duplicate of [phpseclib - Can I connect using username, key and password (Not a key password)](http://stackoverflow.com/questions/13806699/phpseclib-can-i-connect-using-username-key-and-password-not-a-key-password) – Martin Prikryl Mar 31 '17 at 20:55

2 Answers2

11

It's kinda rare that SFTP servers use both password and publickey authentication. My guess would be that what you most likely have is a password protected private key. If so you can login thusly:

<?php
include('Net/SFTP.php');
include('Crypt/RSA.php');

$sftp = new Net_SFTP('www.domain.tld');
$key = new Crypt_RSA();
$key->setPassword('whatever');
$key->loadKey(file_get_contents('privatekey'));
if (!$sftp->login('username', $key)) {
    exit('Login Failed');
}

print_r($sftp->nlist());
?>

If indeed your server truly is doing both the following should work:

<?php
include('Net/SFTP.php');
include('Crypt/RSA.php');

$sftp = new Net_SFTP('www.domain.tld');
$key = new Crypt_RSA();
$key->setPassword('whatever');
$key->loadKey(file_get_contents('privatekey'));
if (!$sftp->login('username', $key) && !$sftp->login('username', 'password')) {
    exit('Login Failed');
}

print_r($sftp->nlist());
?>
neubert
  • 15,947
  • 24
  • 120
  • 212
  • It throws login failed, I can able to connect thru command line and filezilla with that credentials. – Ron Paul Apr 03 '13 at 20:49
  • Which one fails? I posted two. If you didn't try both try both. If you did... can you get me logs for both? http://phpseclib.sourceforge.net/ssh/examples.html#logging demonstrates how to enable logging. Thanks! – neubert Apr 03 '13 at 21:05
  • I need to use your second options co'z client gave me the private key, password for private key and ftp password. It is not returning any logs. – Ron Paul Apr 03 '13 at 21:21
  • Post the code that you're trying to get your logs with. Also, how tech savvy is the client? Because I've encountered people who give me SFTP credentials and FTP credentials thinking that you need to use both when in reality it's just either or. Just because someone says something is so doesn't mean it is. – neubert Apr 03 '13 at 21:25
  • I am using your second option, got the following error Error: PHP Notice: Connection closed by server in /usr/local/Cellar/php54/5.4.11/lib/php/phpseclib/Net/SSH2.php on line 1483 Login FailedPHP Notice: Connection closed prematurely in /usr/local/Cellar/php54/5.4.11/lib/php/phpseclib/Net/SSH2.php on line 2494 – Ron Paul Apr 17 '13 at 18:07
  • You already said you were running the second option. What I need are the logs. ie. `define('NET_SSH2_LOGGING', 2)` and `$ssh->getLog()`. Line numbers, by themselves, aren't super helpful. Among other things.. what version are you running? 0.3.1 or the latest Git version? Or a Git version that's behind by 2-3 commits? And even if I knew that the logs would still be more helpful.. – neubert Apr 17 '13 at 19:24
  • I posted a new answer. I think password auth alone will do the trick but if not some yet to be pushed code updates should do it. Lmk! – neubert Apr 18 '13 at 19:14
  • 1
    You my friend are a star! – Bear Jul 30 '14 at 14:04
2

I would say just try password auth by itself.

Here's what's happening per the logs.

phpseclib sends a SSH_MSG_SERVICE_REQUEST to the server, effectively saying "hey - i wanna auth - that okay?"

The server responds with a SSH_MSG_SERVICE_ACCEPT, effectively saying "sure - send me what you got!"

phpseclib then sends a SSH_MSG_USERAUTH_REQUEST with the public key corresponding to your private key, effectively saying "ok - let's auth with my private key - to make sure you're gonna accept it... is this public key in your white list?"

The server then responds with a NET_SSH2_MSG_USERAUTH_PK_OK message, effectively saying, "yah - we're okay with the key - please sign the server identifier with it now".

phpseclib does this and then the server is like "never mind! i just remembered - the only type of auth i do is password based auth!"

phpseclib goes "meh" lol and then sends another SSH_MSG_SERVICE_REQUEST, asking to auth, again, and the server is like "what!? why are you asking to auth!?"

Seems like phpseclib perhaps ought not be sending that second SSH_MSG_SERVICE_REQUEST message - that it ought to go direct to a SSH_MSG_USERAUTH_REQUEST - but alas it does currently not do this. I'll try to update the codebase to do just that and will submit a pull request to the author.

Thanks!

neubert
  • 15,947
  • 24
  • 120
  • 212
  • That was good explanation. So the solution is to modify the NET library?. Thank you so much for helping this matter. – Ron Paul Apr 18 '13 at 19:20
  • I would first see if replacing `if (!$sftp->login('********', $rsa) && !$sftp->login('********', '********')) {` with `if (!$sftp->login('********', '********')) {` did the trick. The PHP lib should probably be changed anyway but in your case I'm thinking you can get it to work with the lib as is. – neubert Apr 18 '13 at 19:25
  • That didn't work client server is always expecting both key and password. See my logs in the answer. – Ron Paul Apr 18 '13 at 19:35
  • Its been dragging for a week to figure out this issue but no luck. Client is using the window server and they are required both key and password to connect the server for PCI compliance. I can able to connect their server thru command line and filezilla by saving the key in the local computer. – Ron Paul Apr 18 '13 at 19:43
  • As I said I'll be submitting a pull request this evening with some actual code changes. Your patience is appreciated. Thanks! – neubert Apr 18 '13 at 19:52
  • My git install is messing up so I just put the file up on pastebin for the time being: http://pastebin.com/Xwn7HZyH Lmk if it works! – neubert Apr 19 '13 at 07:06
  • Thank you so much neubert its works like a charm. You are the genius and keep helping the people. – Ron Paul Apr 19 '13 at 12:37