phpseclib connection closed by server?


phpseclib connection closed by server?



I have a pretty simple PHP script that tries to connect to SFTP server from a CENTOS 7 box. Using phpseclib via composer.


<?php
require('vendor/autoload.php');
$usr = 'xx';
$pwd = 'xx';
$host = 'sftp.domain.com.au';

$sftp = new SFTP($host);

if($sftp->login($usr, $pwd)){
echo "Connected.";
}else {
echo "Failed";
}
?>



And even used an RSA key


<?php
require('vendor/autoload.php');
$usr = 'xx';
$pwd = 'xx';
$host = 'sftp.domain.com.au';

$sftp = new SFTP($host);
$rsa = new RSA();
$rsa->loadKey(file_get_contents("../../.ssh/id_rsa"));
if($sftp->login($usr, $pwd, $rsa)){
echo "Connected.";
}else {
echo "Failed";
}
?>



The script above with RSA actually did work a few times and got me connected. So I thought I need to understand why it works, and change a few things. I tried generating another key overwriting the existing key. But this time it didnt work anymore.



I also turned on the NET_SFTP_LOGGING with no display error just a plain "Connection closed by server". I have been working on this for days..



Only thing I could think of is when I regenerated the key and overwrite the ID_RSA somehow maybe the server thinks its not the right key anymore?



Also when I connect using WinSCP, it seems the FTP server is giving me an algorithm: ssh-rsa 4096 , sha256 and md5 code. Is this something I need to use in my PHP script to properly connect? Just trying to rule out any possibilities.



MORE DETAILS:



Please anyone give us some advise as this is consuming me for DAYS hopefully not for weeks! Thanks in advance.




1 Answer
1



From your code:


$rsa->loadKey("../../.ssh/id_rsa");



Try this:


$rsa->loadKey(file_get_contents("../../.ssh/id_rsa"));



Also,


if($sftp->login($usr, $pwd, $rsa)){



Are you actually wanting to use multi-factor auth? In my experience SSH servers setup to do that are quite rare. What seems more likely is that you have a password protected RSA private key, at which point you'd do something more like this:


$rsa->setPassword($pwd);
$rsa->loadKey(file_get_contents("../../.ssh/id_rsa"));





Thank you for chiming in. Yes I just forgot to include the file_get_content in the post. But with your second suggestion when you do setPassword, are you refering to my generated rsa private key or is it the remote server rsa key? I always thought its for the paraphrase?
– Chopnut
Jun 30 at 8:36





@Chopnut - in-so-far as SSH clients are concerned the remote server rsa key is always a public key. I've never heard of an RSA public key format that had a password associated with it nor would one really be necessary since the public is supposed to be public. So, yes, I'm referring to your generated rsa private key. Re: "I always thought its for the paraphrase?". $rsa->setPassowrd($pwd); sets the key to decrypt the RSA private key if it's encrypted. idk if your private key is encrypted or not but, in my experience, encrypted private keys are more common than multi factor auth servers..
– neubert
Jun 30 at 14:45


$rsa->setPassowrd($pwd);





ugh that worked. Here’s what I did. I regenerated my private key with the password of the FTP server, then feed the login both with $ftp->login($user,$pwd,$rsa). Now my question, why did it work? The only difference I did this time is use the FTP password as passhrase to my new key. Is this how I meant to generate my key with the ftp password then? Thank you neubert.
– Chopnut
2 days ago





@Chopnut - first, let's verify the auth methods that you're using. If you could do define('NET_SSH2_LOGGING', 2); at the top of the file and then echo $ssh->getLog(); after you've logged in if you could then post the log output in a pastebin.com link and then post that link here that'd be great. This'll tell us if the RSA key is even needed. I'm kinda wondering if it isn't needed. If you do $sftp->login('username', 'rightpw', 'wrongpw')` and multi factor auth isn't being employed than that'll let you login without issue. 'wrongpw'` will be ignored and will never be submitted to the server.
– neubert
2 days ago


define('NET_SSH2_LOGGING', 2);


echo $ssh->getLog();






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Comments

Popular posts from this blog

paramiko-expect timeout is happening after executing the command

Possible Unhandled Promise Rejection (id: 0): ReferenceError: user is not defined ReferenceError: user is not defined

Opening a url is failing in Swift