phpseclib sftp connect with private key and password

key sftp phpseclib

11,250

Solution 1

It's kinda rare that SFTP servers use both password and publickey authentication. My guess would be that what you most likely have is a password protected private key. If so you can login thusly:

<?php
include('Net/SFTP.php');
include('Crypt/RSA.php');

$sftp = new Net_SFTP('www.domain.tld');
$key = new Crypt_RSA();
$key->setPassword('whatever');
$key->loadKey(file_get_contents('privatekey'));
if (!$sftp->login('username', $key)) {
    exit('Login Failed');
}

print_r($sftp->nlist());
?>

If indeed your server truly is doing both the following should work:

<?php
include('Net/SFTP.php');
include('Crypt/RSA.php');

$sftp = new Net_SFTP('www.domain.tld');
$key = new Crypt_RSA();
$key->setPassword('whatever');
$key->loadKey(file_get_contents('privatekey'));
if (!$sftp->login('username', $key) && !$sftp->login('username', 'password')) {
    exit('Login Failed');
}

print_r($sftp->nlist());
?>

Solution 2

I would say just try password auth by itself.

Here's what's happening per the logs.

phpseclib sends a SSH_MSG_SERVICE_REQUEST to the server, effectively saying "hey - i wanna auth - that okay?"

The server responds with a SSH_MSG_SERVICE_ACCEPT, effectively saying "sure - send me what you got!"

phpseclib then sends a SSH_MSG_USERAUTH_REQUEST with the public key corresponding to your private key, effectively saying "ok - let's auth with my private key - to make sure you're gonna accept it... is this public key in your white list?"

The server then responds with a NET_SSH2_MSG_USERAUTH_PK_OK message, effectively saying, "yah - we're okay with the key - please sign the server identifier with it now".

phpseclib does this and then the server is like "never mind! i just remembered - the only type of auth i do is password based auth!"

phpseclib goes "meh" lol and then sends another SSH_MSG_SERVICE_REQUEST, asking to auth, again, and the server is like "what!? why are you asking to auth!?"

Seems like phpseclib perhaps ought not be sending that second SSH_MSG_SERVICE_REQUEST message - that it ought to go direct to a SSH_MSG_USERAUTH_REQUEST - but alas it does currently not do this. I'll try to update the codebase to do just that and will submit a pull request to the author.

Thanks!

11,250

Author by

Ron Paul

Updated on June 04, 2022

Comments

Ron Paul almost 2 years

Is there anyway to connect the sftp with both private key and ftp password by using phpseclib or any other method.
Ron Paul about 11 years

It throws login failed, I can able to connect thru command line and filezilla with that credentials.
neubert about 11 years

Which one fails? I posted two. If you didn't try both try both. If you did... can you get me logs for both? phpseclib.sourceforge.net/ssh/examples.html#logging demonstrates how to enable logging. Thanks!
Ron Paul about 11 years

I need to use your second options co'z client gave me the private key, password for private key and ftp password. It is not returning any logs.
neubert about 11 years

Post the code that you're trying to get your logs with. Also, how tech savvy is the client? Because I've encountered people who give me SFTP credentials and FTP credentials thinking that you need to use both when in reality it's just either or. Just because someone says something is so doesn't mean it is.
Ron Paul about 11 years

I am using your second option, got the following error Error: PHP Notice: Connection closed by server in /usr/local/Cellar/php54/5.4.11/lib/php/phpseclib/Net/SSH2.ph‌p on line 1483 Login FailedPHP Notice: Connection closed prematurely in /usr/local/Cellar/php54/5.4.11/lib/php/phpseclib/Net/SSH2.ph‌p on line 2494
neubert about 11 years

You already said you were running the second option. What I need are the logs. ie. define('NET_SSH2_LOGGING', 2) and $ssh->getLog(). Line numbers, by themselves, aren't super helpful. Among other things.. what version are you running? 0.3.1 or the latest Git version? Or a Git version that's behind by 2-3 commits? And even if I knew that the logs would still be more helpful..
neubert about 11 years

I posted a new answer. I think password auth alone will do the trick but if not some yet to be pushed code updates should do it. Lmk!
Ron Paul about 11 years

That was good explanation. So the solution is to modify the NET library?. Thank you so much for helping this matter.
neubert about 11 years

I would first see if replacing if (!$sftp->login('********', $rsa) && !$sftp->login('********', '********')) { with if (!$sftp->login('********', '********')) { did the trick. The PHP lib should probably be changed anyway but in your case I'm thinking you can get it to work with the lib as is.
Ron Paul about 11 years

That didn't work client server is always expecting both key and password. See my logs in the answer.
Ron Paul about 11 years

Its been dragging for a week to figure out this issue but no luck. Client is using the window server and they are required both key and password to connect the server for PCI compliance. I can able to connect their server thru command line and filezilla by saving the key in the local computer.
neubert about 11 years

As I said I'll be submitting a pull request this evening with some actual code changes. Your patience is appreciated. Thanks!
neubert about 11 years

My git install is messing up so I just put the file up on pastebin for the time being: pastebin.com/Xwn7HZyH Lmk if it works!
Ron Paul about 11 years

Thank you so much neubert its works like a charm. You are the genius and keep helping the people.
Bear over 9 years

You my friend are a star!