4

I'm having lots of fun with ssh2 for php.(!)

I am testing by ssh-ing into localhost (running ubuntu). I have managed to connect and authenticate with my username( not root ), and some commands (like 'ls' return some info, which is promising. Definitely getting somewhere.

What I want to be able to do next is issue an 'su' command and then give the root password.

I don't get an error, and a resource is returned, but there seems to be no data in the stream. (I'm kind of expecting a 'Password:' prompt). I can't authenticate directly with the root password, because that is disabled for ssh.

Is there any reason why 'su' would return with some text, do you think?

Should I be expecting the 'Password:' prompt back?

Here's my code:

function changeServerPassword( $ip, $port, $sshUser, $sshPassword, $rootPassword, $newRootPassword, $newSSHPassword = false) {
        // login to server using $sshUser and $sshPassword
        // su as root and enter $rootPassword
        // if any of the above steps fail, return with appropriate error message
        if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist");
        // log in 
        // Do I have to make sure that port is a number?
        if(!($con = ssh2_connect($ip, $port))){
            echo "fail: unable to establish connection\n";
        } else {
            // try to authenticate with username root, password secretpassword
            if(!ssh2_auth_password($con, $sshUser, $sshPassword)) {
                echo "fail: unable to authenticate\n";
            } else {
                // alright, we're in!
                echo "okay: logged in...<br />";

                // 
                if (!($stream = ssh2_exec($con, "su"))) {
                    echo "fail: unable to execute command\n";
                } else {
                    echo $stream."<br />";
                    // collect returning data from command
                    stream_set_blocking($stream, true);
                    echo "after stream_set_blocking<br />";
                    $data = "";
                    while ($buf = fread($stream,4096)) {
                        $data .= $buf;
                    }
                    echo "data len: " . strlen($data) . "<br />";
                    echo $data."<br />";
                    fclose($stream);
                }
            }
        }
    }

borrowed from http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/ respect.

The output I get is:

okay: logged in...
Resource id #3
after stream_set_blocking
data len: 0

Thanks in advance for any help :)

Joe

Joe
  • 4,852
  • 10
  • 63
  • 82

3 Answers3

5

You should try the latest SVN version of phpseclib - a pure PHP SSH implementation - instead. Here's how you'd do su with that:

<?php
include('Net/SSH2.php');

$ssh = new Net_SSH2('localhost', 22);
$ssh->login('username', 'password');

$ssh->read('[prompt]');
$ssh->write("su - user\n");
$ssh->read('Password:');
$ssh->write("Password\n");
echo $ssh->read('[prompt]');
?>
nevershown
  • 79
  • 3
  • Thank you very much for you answer. I have in fact been checking out the phpseclib library and it seems good, but as I've posted at http://stackoverflow.com/questions/5735432/how-do-i-set-flags-when-using-phpseclib-ssh2-exec-function, I really need to be able to set flags. – Joe Apr 20 '11 at 19:25
  • I also can't find the write and read functions in the SSH2.php file anywhere. Where are the docs for these functions, I can't see them in the phpseclib docs? And I'm sorry to ask another stupid question,but what do you mean by [prompt]? What is the read function doing here? – Joe Apr 20 '11 at 19:28
  • Sorry, I meant to say before all the above that when I try using su with the phplibsec, I get the error 'su: must be run from a terminal' error as my post that I link to above details. Long post, I warn you. – Joe Apr 20 '11 at 19:32
  • The write and read functions are in the latest SVN version of phpseclib: http://phpseclib.svn.sourceforge.net/viewvc/phpseclib/trunk/phpseclib/Net/SSH2.php?revision=153&content-type=text%2Fplain You'd as in the same way nevershown shows them being used. –  Apr 21 '11 at 03:53
  • Thanks for your comment Tiffany. I wasn't aware there was a new version. My attempts to use it always end up with the program hanging. I've isolated the issue down to the read() method, although I can't be any more definite about it than that because when it hangs, it seems to hang immediatI'm not even sure that I would be ableto do what I need to do which is issue the following command "ssh -t -t -l username host su -" because the program would have already ssh'd in. Unformtunately, I think I in well over my skill level here and I might not be able to get it to work. – Joe Apr 21 '11 at 10:10
  • You need to add new line characters to the commands in write(). Maybe try posting on the phpseclib support forums? –  Apr 21 '11 at 12:34
2

Maybe try something like bash -c su or su root and bash -c "su root"?

cdmckay
  • 31,832
  • 25
  • 83
  • 114
0

All you have to do is append your superuser password at the moment you execute the "su" command. You can make the following modification to your code.

$cmd = "su";
$cmd = "echo '" . $sshPassword . "' | sudo -S " . $cmd;
if (!($stream = ssh2_exec($con, $cmd))) { 
... 
}
sagunms
  • 8,030
  • 5
  • 41
  • 43