0

I am trying to execute an SSH command to a device (firewall). Command is executed when the length is short. When the length is about 1000 characters, command is not being executed.

When I execute the command via putty, that is working as well.

After reading few solutions, I tried to set timeout to 5 seconds. Still, no help.

In the device logs, I can see SSH login and logout. But no activity.

I am using phpseclib ssh version 2.0

$ssh = new SSH2(ip_address);
$ssh->login($user, $password);
$ssh->write($command);
$ssh->setTimeout(5);
$ssh->read()
Dilani
  • 533
  • 1
  • 6
  • 22
  • 1
    try with `$ssh->setTimeout(0);` – Ash-b Mar 11 '19 at 08:59
  • $ssh->setTimeout(0); keeps running indefinetely. – Dilani Mar 11 '19 at 09:05
  • I don't think it's gonna be possible to provide much assistance without the SSH logs. You can get them by doing `define('NET_SSH2_LOGGING', 2);` at the top and then `echo $ssh->getLog();` after the `$ssh->read();`. Also, I do wonder if it might work out better for you if you put that long command into a shell script and then called the shell script. I mean, it sounds like it ought to work without being inside a shell script but it's worth a shot! – neubert Mar 12 '19 at 04:51
  • @neubert, I checked the logs. The channel connection is all fine. NET_SSH2_MSG_CHANNEL_DATA is not transmitting. I do not see this log. – Dilani Mar 12 '19 at 06:04
  • @Dilani - maybe share the logs with us all the same? Like post them on pastebin.com or some such. The PHP code is fine. idk what `$command` is but that is highly relevant. The logs would show that and more. I would prefer the logs but, failing that, `$command` would be good, too. If you can't provide either of those then I am afraid to say that the only person who is going to be able to help you is yourself and I will vote to close this question. – neubert Mar 12 '19 at 06:19
  • @neubert please find the response for the succesful case here https://pastebin.com/xHjdKyMU and the failed one here https://pastebin.com/VJLCvMjg I cannot share the command as it is doing has some confidential details. Howevere, issue is not with the command because it is working if I directly execute from the cli – Dilani Mar 12 '19 at 06:32
  • @Dilani - Well you are getting one bit of data back: `FW1-AMSTERDAM # `. idk what you're expecting back but I guess that's not all of it. Without the command it really is a guessing game but one thing that might be worthwhile to try: don't send the command in one big giant `$ssh->write()` but, instead, send it a character at a time. eg. `for ($i = 0; $i < strlen($command); $i++) $ssh->write($command[$i]);`. That's more analogous to what PuTTY does. It's hard to know for sure what OpenSSH's client does because their client doesn't create logs like PuTTY does. – neubert Mar 12 '19 at 13:11
  • No luck on this one as well. My command is basically trying to add members to a group in fortigate firewall. When it tries to add more members, no activity is being performed on the firewall. When I add few members, activity is successful. I am using SSH to connect to the firewall and execute the command – Dilani Mar 13 '19 at 10:58
  • @Dilani - normally what I'd do in this situation is to connect with PuTTY and run the command with PuTTY and then try it with phpseclib. I'd capture both the PuTTY and phpseclib logs and compare them. I'd do the **full** logs, as well, and not the truncated ones. I would provide instructions for how to enable logging with PuTTY but I guess I'm not really seeing the point since you weren't willing to even provide full phpseclib logs. Since you said confidentiality is an issue one thing I might propose is to email terrafrost@php.net (the phpseclib author) instead of broadcasting it to everyone. – neubert Mar 13 '19 at 13:55

2 Answers2

0

Juddging the source code of the library https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Net/SSH2.php#L4244 we can see, that the waiting time is in-built in the library, so you do not have to set a timeout.

If this doesn't work, you can open an issue on the github, providing your command. IF the library is being supported, you'll get a fix or an answer from the library developers.

Sergej
  • 2,030
  • 1
  • 18
  • 28
  • phpseclib had a release yesterday so it does indeed look like it's still being supported: https://github.com/phpseclib/phpseclib/releases – neubert Mar 11 '19 at 11:23
0

Issue ended up being in the path between server and the device.

Dilani
  • 533
  • 1
  • 6
  • 22