0

I have to connect to a SFTP server. I used first this code :

$Key = new RSA();
$Key->setPassword("password");
$Key->loadKey(file_get_contents('path_to_RSA_private_key'));
$sftp = new SFTP($IP_addr, $port_number);
if (!$sftp->login('username', $Key))
  echo date('Y/m/d H:i:s').' SFTP login failed to $IP_addr';

It worked well. I know phpseclib uses default sha1 and I would like to use sha256. So I tried with that code :

$Key = new RSA();
$Key->setHash('sha256');
$Key->setMGFHash('sha256');
$Key->setPassword("password");
$Key->loadKey(file_get_contents('path_to_RSA_private_key'));
$sftp = new SFTP($IP_addr, $port_number);
if (!$sftp->login('username', $Key))
  echo date('Y/m/d H:i:s').' SFTP login failed to $IP_addr';

But it doesn't work. I got that message on server :

error: key_verify: invalid format

If necessary, I can send debug logging on server side. This server uses default values for Ciphers, KexAlgorithms and MACs parameters.

Thanks for help.

Schonke
  • 11
  • 5

2 Answers2

1

I've made several tests by coding different values for kexalgorithms and MAcs on sshd_config of a server I want to connect to. And it work as I wanted it to work.

Thank you very much Neubert for your help and for the time you had to take to solve that issue.

Schonke
  • 11
  • 5
0

Quoting RFC4253:

The "ssh-rsa" key format has the following specific encoding:

  string    "ssh-rsa"
  mpint     e
  mpint     n

Here the 'e' and 'n' parameters form the signature key blob.

Signing and verifying using this key format is performed according to the RSASSA-PKCS1-v1_5 scheme in [RFC3447] using the SHA-1 hash.

So your setting the hash to sha256 is probably breaking things. And the MGF Hash isn't even used since SSH doesn't support PSS signatures (which is what phpseclib defaults to).

That said, I do think you've hit on an area where phpseclib could use improvement - it sets the signature scheme for SSH to PKCS1 but it doesn't set the hash to sha1. It ought to.

Also, FWIW, RFC8332 describes signing with SHA-256. But this signing still uses RSASSA-PKCS1-v1_5. And just because an RFC exists doesn't mean your server supports it. You can check to see if it does by doing print_r($ssh->getServerHostKeyAlgorithms()) and then seeing if rsa-sha2-256 is in the list that's returned.

phpseclib doesn't currently support RFC8332 but I can look into adding support for that in the next few days and submitting a pull request...

Community
  • 1
  • 1
neubert
  • 15,947
  • 24
  • 120
  • 212
  • Thank you very much for your quick answer. I have access to that server and command "sshd -T" tells me that rsa-sha2-256 is in the list of returned values for hostkeyalgorithms parameter. – Schonke May 23 '18 at 13:09
  • Does it mean that neither phpseclib nor libssh2 allow to connect to a SSH or a SFTP server from a php script otherwise than by using sha1 ? – Schonke May 23 '18 at 15:30
  • @Schonke - I have no idea about libssh2 but for phpseclib, yah, that appears to be the case. But like I said, I'll try to make a pull request that implements the feature (I'll try to have this done this weekend). My pull request won't let you tell it sha1 / sha256, however. Instead, my pull request will automatically do sha256 if it's available and sha1 otherwise. – neubert May 23 '18 at 18:10
  • that's what I've understand. Very nice from you to act on this case. I hope it will help other people. – Schonke May 24 '18 at 12:10
  • @Schonke - The latest git version of 2.0 should use sha256 / sha512 as previously discussed! The commit that did this: https://github.com/phpseclib/phpseclib/commit/b57976ec5ffc556f31036f713d5079ad59feb5d7 (the commit is in the 1.0 branch but it was merged and updated to work with the 2.0 and master branches as well) – neubert May 27 '18 at 16:47
  • Thank you very much. I will try it as soon as possible and let you know. – Schonke May 30 '18 at 07:45
  • I have some problems to make it work. I'm on a RedHat 6 server using PHP 5.3.3. Some instructions don't work as `$config = []` on RSA.php. The previous phpseclib version was installed with yum and was titled 2.0.11-1.el6. I saw that phpseclib can work with PHP 5.3.3 so I've unzipped zip file into another folder and put the old autoload.php into that folder. What did I wrong ? Thanks. – Schonke May 30 '18 at 15:23
  • @Schonke - sounds like you're using the master branch - not the 2.0 branch. To download the latest git version of the 2.0 branch use this link: https://github.com/phpseclib/phpseclib/archive/2.0.zip – neubert May 30 '18 at 15:36
  • I'm confused. It works much better. I have to try with sha256. Thanks. – Schonke May 30 '18 at 15:56
  • @Schonke - the master branch only works on PHP 5.6+. The 2.0 branch works on PHP 5.3+. The 1.0 branch should work on any version of PHP5 and even PHP4 if you shim out a few functions. – neubert May 30 '18 at 16:06