/** * @param $config * @return NoPasswordAuthentication|PasswordAuthentication|RSAKeyAuthentication|null * @throws SSH2Exception */ protected function factoryAuthentication($config) { $type = $config['type']; $username = $config['username']; $authentication = null; switch ($type) { case 'password': $password = $config['password']; $authentication = new PasswordAuthentication($username, $password); break; case 'no_password': $authentication = new NoPasswordAuthentication($username); break; case 'rsa': $file = $config['file']; $keyRSA = new RSA(); $keyRSA->loadKey(file_get_contents($file)); $authentication = new RSAKeyAuthentication($username, $keyRSA); break; case 'rsa_password': $file = $config['file']; $keyRSA = new RSA(); $keyRSA->loadKey(file_get_contents($file)); $password = $config['password']; $keyRSA->setPassword($password); $authentication = new RSAKeyAuthentication($username, $keyRSA); break; } if (is_null($authentication)) { throw new SSH2Exception(sprintf("No authentication for given type '%s'", $type)); } return $authentication; }
/** * @param string $commandName * @param string $target * @param array $targetConfig * @param array $inputCommand * @param array $userHomeDir * @return string */ public function executeCommand($commandName, $target, $targetConfig, $inputCommand, $userHomeDir) { $remoteCommand = str_replace([sprintf('\'%s\'', $commandName), sprintf('target=\'%s\'', $target)], [$commandName, sprintf('root=%s', $targetConfig['root'])], $inputCommand); $remoteCommand = sprintf('%s %s', $targetConfig['console'], $remoteCommand); $key = null; if (array_key_exists('password', $targetConfig)) { $key = $targetConfig['password']; } if (!$key) { $key = new RSA(); if (array_key_exists('passphrase', $targetConfig['keys'])) { $passphrase = $targetConfig['keys']['passphrase']; $passphrase = realpath(preg_replace('/~/', $userHomeDir, $passphrase, 1)); $key->setPassword(trim(file_get_contents($passphrase))); } $private = $targetConfig['keys']['private']; $private = realpath(preg_replace('/~/', $userHomeDir, $private, 1)); if (!$key->loadKey(trim(file_get_contents($private)))) { return $this->getTranslator()->trans('commands.site.debug.messages.private-key'); } } $ssh = new SSH2($targetConfig['host'], $targetConfig['port']); if (!$ssh->login($targetConfig['user'], $key)) { return sprintf('%s - %s', $ssh->getExitStatus(), $ssh->getErrors()); } else { return $ssh->exec($remoteCommand); } }
/** * Connects to remote server. * * @throws \InvalidArgumentException|\RuntimeException */ protected function connect() { $host = $this->gitEnvironment->getHost(); $username = $this->gitEnvironment->getUsername(); $port = $this->gitEnvironment->getPort(); $password = $this->gitEnvironment->getPassword(); $privateKey = $this->gitEnvironment->getPrivateKey(); $privateKeyPassword = $this->gitEnvironment->getPrivateKeyPassword(); $this->sftp = new SFTP($host, 22); if (!$this->sftp) { throw new SshLoginException(sprintf('SSH connection failed on "%s:%s"', $host, $port)); } if (isset($username) && $privateKey != null) { $key = new RSA(); //Set Private Key Password if ($privateKeyPassword) { $key->setPassword($privateKeyPassword); } $key->loadKey($privateKey); //Login using private key if (!$this->sftp->login($username, $key)) { throw new SshLoginException(sprintf('SFTP authentication failed for user "%s" using private key', $username)); } } else { if (!$this->sftp->login($username, $password)) { throw new SshLoginException(sprintf('SFTP authentication failed for user "%s" using password', $username)); } } }
/** * Generate a keypair * * @return array ['privatekey' => $privateKey, 'publickey' => $publicKey] */ public function createKey() { $rsa = new RSACrypt(); $rsa->setPublicKeyFormat(RSACrypt::PUBLIC_FORMAT_OPENSSH); $rsa->setPassword($this->config->getSystemValue('secret', '')); return $rsa->createKey(self::CREATE_KEY_BITS); }
/** * {@inheritdoc} */ public function connect() { $serverConfig = $this->getConfiguration(); $this->sftp = new SFTP($serverConfig->getHost(), $serverConfig->getPort(), 3600); switch ($serverConfig->getAuthenticationMethod()) { case Configuration::AUTH_BY_PASSWORD: $result = $this->sftp->login($serverConfig->getUser(), $serverConfig->getPassword()); break; case Configuration::AUTH_BY_IDENTITY_FILE: $key = new RSA(); $key->setPassword($serverConfig->getPassPhrase()); $key->loadKey(file_get_contents($serverConfig->getPrivateKey())); $result = $this->sftp->login($serverConfig->getUser(), $key); break; case Configuration::AUTH_BY_PEM_FILE: $key = new RSA(); $key->loadKey(file_get_contents($serverConfig->getPemFile())); $result = $this->sftp->login($serverConfig->getUser(), $key); break; case Configuration::AUTH_BY_AGENT: $key = new Agent(); $key->startSSHForwarding(null); $result = $this->sftp->login($serverConfig->getUser(), $key); break; default: throw new RuntimeException('You need to specify authentication method.'); } if (!$result) { throw new RuntimeException('Unable to login with the provided credentials.'); } }
/** * */ public function connect() { $this->ssh = new SSH2($this->configuration['hostname'], $this->configuration['port']); $authenticationMethod = $this->configuration[SftpDriver::CONFIG_AUTHENTICATION_METHOD]; if (static::AUTHENTICATION_PASSWORD === (int) $authenticationMethod) { $authentication = $this->configuration['password']; } elseif (static::AUTHENTICATION_PUBKEY === (int) $authenticationMethod) { $authentication = new RSA(); if (!empty($this->configuration['privateKeyPassword'])) { $authentication->setPassword($this->configuration['privateKeyPassword']); } $authentication->loadKey(file_get_contents($this->configuration['privateKey'])); } else { throw new \LogicException('Wrong authentication type for phpseclibAdapter', 1476626149); } $sshConnected = $this->ssh->login($this->configuration['username'], $authentication); if ($sshConnected) { $this->sftp = new SFTP($this->configuration['hostname'], $this->configuration['port']); $sftpConnected = $this->sftp->login($this->configuration['username'], $authentication); if ($sftpConnected) { $this->info['userId'] = (int) $this->ssh->exec('echo $EUID'); $this->info['groupIds'] = GeneralUtility::intExplode(' ', $this->ssh->exec('echo ${GROUPS[*]}'), true); return true; } } return false; }
private function generateSshKeys() { $rsa = new RSA(); $rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_OPENSSH); $rsa->setPassword(\OC::$server->getConfig()->getSystemValue('secret', '')); $key = $rsa->createKey(); // Replace the placeholder label with a more meaningful one $key['publicKey'] = str_replace('phpseclib-generated-key', gethostname(), $key['publickey']); return $key; }
/** * Returns the private key to be used for authentication to the remote server. * * @return RSA instance or null in case of a failure to load the key. */ private function getPrivateKey() { $key = new RSA(); $key->setPassword(\OC::$server->getConfig()->getSystemValue('secret', '')); if (!$key->loadKey($this->privateKey)) { // Should this exception rather than return null? return null; } return $key; }
public static function generate($bits = 2048, $password = '') { $bits = (int) $bits; $rsa = new RSA(); if (!empty($password)) { $rsa->setPassword($password); } $keys = $rsa->createKey($bits); $publicKey = new SshPublicKey($keys['publickey']); $privateKey = new SshPrivateKey($keys['privatekey'], $password); return new SshKeyPair($publicKey, $privateKey); }
/** * Log into the server. * * @return void */ public function login() { // Do nothing if already logged in if ($this->in) { return; } if ($this->config('key')) { // We prefer logging in via keys $key = new RSA(); if ($phrase = $this->config('keyphrase')) { $key->setPassword($phrase); } $key->loadKey(file_get_contents($this->config('key'))); } else { // Password is less preferred, but anyway... $key = $this->config('password'); } if (!($this->in = $this->ssh->login($this->config('username'), $key))) { throw new Exception('Failed to log in.'); } }
private function rsa($public_or_private_key, $padding_mode, $password = null) { if ($public_or_private_key instanceof JOSE_JWK) { $rsa = $public_or_private_key->toKey(); } else { if ($public_or_private_key instanceof RSA) { $rsa = $public_or_private_key; } else { $rsa = new RSA(); if ($password) { $rsa->setPassword($password); } $rsa->loadKey($public_or_private_key); } } $rsa->setHash($this->digest()); $rsa->setMGFHash($this->digest()); $rsa->setSaltLength(false); # NOTE: https://github.com/phpseclib/phpseclib/issues/768 $rsa->setSignatureMode($padding_mode); return $rsa; }
/** * @param string $Username * @param string $File * @param null|string $Password * * @return SFTP * @throws ComponentException */ public function loginCredentialKey($Username, $File, $Password = null) { $this->Username = $Username; $this->Key = $File; $this->Password = $Password; $Key = new RSA(); if (null !== $Password) { $Key->setPassword($Password); } if (!$Key->loadKey(file_get_contents($File))) { throw new ComponentException(__METHOD__ . ': Key failed'); } if (!$this->Connection->login($Username, $Key)) { throw new ComponentException(__METHOD__ . ': Login failed'); } return $this; }
/** * Get the private get with the password or private key contents. * * @return RSA */ public function getPrivateKey() { if (is_file($this->privatekey)) { $this->privatekey = file_get_contents($this->privatekey); } $key = new RSA(); if ($this->password) { $key->setPassword($this->password); } $key->loadKey($this->privatekey); return $key; }
/** * @param SSH2|SFTP $connector * @return SSH2|SFTP * @throws \Exception */ protected function auth($connector) { switch ($this->auth) { case self::AUTH_KEYFILE: $password = new RSA(); if (!is_null($this->getPassword())) { $password->setPassword($this->getPassword()); } $password->loadKey($this->getKeyfile()); break; case self::AUTH_PASSWORD: // break intentionally omitted // break intentionally omitted default: $password = $this->getPassword(); break; } if (!isset($password)) { $loggedIn = $connector->login($this->username); } else { $loggedIn = $connector->login($this->username, $password); } if (!$loggedIn) { throw new \Exception(sprintf('SSH authentication (%s) with %s on %s:%s failed!', $this->auth, $this->username, $this->hostname, $this->port)); } return $connector; }
public function testSavePKCS8PrivateKey() { $rsa = new RSA(); $key = '-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5 1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh 3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2 pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ 37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0= -----END RSA PRIVATE KEY-----'; $rsa->setPassword('password'); $this->assertTrue($rsa->loadKey($key)); $key = $rsa->getPrivateKey(RSA::PRIVATE_FORMAT_PKCS8); $this->assertInternalType('string', $key); $this->assertTrue($rsa->loadKey($key)); }
public function testPKCS1EncryptionChange() { $rsa = new RSA(); $key = 'PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: phpseclib-generated-key Public-Lines: 4 AAAAB3NzaC1yc2EAAAADAQABAAAAgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4 eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RK NUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDy R4e9T04ZZw== Private-Lines: 8 AAAAgBYo5KOevqhsjfDNEVcmkQF8/vsU6hwS4d7ceFYDLa0PlhIAo4aE8KNtyjAQ LiRkmJ0ZqAWTN5TH0ynryJAInTxMb2AnZuXWKt106C5JC7+S9qSCFThTAxvihEpw BVe5dnPnJ80TFtPm+n/JkdQic2bsVSy+kNNn7y4uef5m0mMRAAAAQQDeAw6fiIQX GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJ rmfPwIGm63ilAAAAQQDEIvkdBvZtCvgHKitwxab+EQ/YxnNE5XvfIXjWE+xEL2br oquF470c9Mm6jf/2zmn6yobE6UUvQ0O3hKSiyOAbAAAAQBGoiuSoSjafUhV7i1cE Gpb88h5NBYZzWXGZ37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ 4p0= Private-MAC: 03e2cb74e1d67652fbad063d2ed0478f31bdf256 '; $key = preg_replace('#(?<!\\r)\\n#', "\r\n", $key); $this->assertTrue($rsa->load($key)); PKCS1::setEncryptionAlgorithm('AES-256-CBC'); $rsa->setPassword('demo'); $encryptedKey = (string) $rsa; $this->assertRegExp('#AES-256-CBC#', $encryptedKey); $rsa = new RSA(); $rsa->setPassword('demo'); $this->assertTrue($rsa->load($encryptedKey)); $rsa->setPassword(); $rsa->setPrivateKeyFormat('PuTTY'); $key2 = (string) $rsa; $this->assertSame($key, $key2); }
/** * @throws \InvalidArgumentException|\RuntimeException * * @param array $connection */ protected function connect($host, $username, $port = 22, $password = null, $pubkeyFile = null, $privateKey = null, $privateKeyPassword = null) { $this->shell = new SSH2($host, $port); if (!$this->shell) { throw new \InvalidArgumentException(sprintf('SSH connection failed on "%s:%s"', $host, $port)); } if (isset($username) && trim($privateKey)) { $key = new RSA(); if ($privateKeyPassword) { $key->setPassword($privateKeyPassword); } $key->loadKey($privateKey); if (!$this->shell->login($username, $key)) { throw new \InvalidArgumentException(sprintf('SSH authentication failed for user "%s" using private key', $username, $pubkeyFile)); } } elseif ($username && $password) { if (!$this->shell->login($username, $password)) { throw new \InvalidArgumentException(sprintf('SSH authentication failed for user "%s"', $username)); } } $this->shell->getServerPublicHostKey(); $this->stdout = array(); $this->stdin = array(); }
public function login() { $this->connectIfNeeded(false); if ($this->user === null) { throw new FtpException(Yii::t('gsftp', 'Could not login to SFTP server "{host}" on port "{port}" without username.', ['host' => $this->host, 'port' => $this->port])); } else { if ($this->privateKeyFile != null) { $key = new RSA(); if ($this->pass != null && !empty($this->pass)) { $key->setPassword($this->pass); } if ($this->publicKeyFile != null && !empty($this->publicKeyFile)) { $key->setPublicKey(self::_readKeyFile('Public', $this->publicKeyFile)); } $key->setPrivateKey(self::_readKeyFile('Private', $this->privateKeyFile)); if (!$this->handle->login($this->user, $key)) { throw new FtpException(Yii::t('gsftp', 'Could not login to SFTP server "{host}" on port "{port}" with user "{user}" using RSA key.', ['host' => $this->host, 'port' => $this->port, 'user' => $this->user])); } } else { if ($this->pass != null && !empty($this->pass)) { if (!$this->handle->login($this->user, $this->pass)) { throw new FtpException(Yii::t('gsftp', 'Could not login to SFTP server "{host}" on port "{port}" with user "{user}".', ['host' => $this->host, 'port' => $this->port, 'user' => $this->user])); } } } } }