ssh2_connect

(PECL)

ssh2_connect --  Connect to an SSH server

Description

resource ssh2_connect ( string host [, int port [, array methods [, array callbacks]]] )

Establish a connection to a remote SSH server and return a resource on success, FALSE on error.

methods may be an associative array with up to four parameters as described below.

表格 1. methods may be an associative array with any or all of the following parameters.

IndexMeaningSupported Values*
kex List of key exchange methods to advertise, comma separated in order of preference. diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, and diffie-hellman-group-exchange-sha1
hostkey List of hostkey methods to advertise, come separated in order of preference. ssh-rsa and ssh-dss
client_to_server Associative array containing crypt, compression, and message authentication code (MAC) method preferences for messages sent from client to server.  
server_to_client Associative array containing crypt, compression, and message authentication code (MAC) method preferences for messages sent from client to server.  

* - Supported Values are dependent on methods supported by underlying library. See libssh2 documentation for additional information.

表格 2. client_to_server and server_to_client may be an associative array with any or all of the following parameters.

IndexMeaningSupported Values*
cryptList of crypto methods to advertise, comma separated in order of preference. rijndael-cbc@lysator.liu.se, aes256-cbc, aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc, cast128-cbc, arcfour, and none**
compList of compression methods to advertise, comma separated in order of preference. zlib and none
macList of MAC methods to advertise, come separated in order of preference. hmac-sha1, hmac-sha1-96, hmac-ripemd160, hmac-ripemd160@openssh.com, and none**

Crypt and MAC method "none": For security reasons, none is disabled by the underlying libssh2 library unless explicitly enabled during build time by using the appropriate ./configure options. See documentation for the underlying library for more information.

表格 3. callbackss may be an associative array with any or all of the following parameters.

IndexMeaningPrototype
ignore Name of function to call when an SSH2_MSG_IGNORE packet is received void ignore_cb($message)
debug Name of function to call when an SSH2_MSG_DEBUG packet is received void debug_cb($message, $language, $always_display)
macerror Name of function to call when a packet is received but the message authentication code failed. If the callback returns TRUE, the mismatch will be ignored, otherwise the connection will be terminated. bool macerror_cb($packet)
disconnect Name of function to call when an SSH2_MSG_DISCONNECT packet is received void disconnect_cb($reason, $message, $language)

例子 1. Open a connection forcing 3des-cbc when sending packets, any strength aes cipher when receiving packets, no compression in either direction, and Group1 key exchange.

<?php
/* Notify the user if the server terminates the connection */
function my_ssh_disconnect($reason, $message, $language) {
  
printf("Server disconnected with reason code [%d] and message: %s\n",
         
$reason, $message);
}

$methods = array(
  
'kex' => 'diffie-hellman-group1-sha1',
  
'client_to_server' => array(
    
'crypt' => '3des-cbc',
    
'comp' => 'none'),
  
'server_to_client' => array(
    
'crypt' => 'aes256-cbc,aes192-cbc,aes128-cbc',
    
'comp' => 'none'));

$callbacks = array('disconnect' => 'my_ssh_disconnect');

$connection = ssh2_connect('shell.example.com', 22, $methods, $callbacks);
if (!
$connection) die('Connection failed');
?>

Once connected, the client should verify the server's hostkey using ssh2_fingerprint(), then authenticate using either password or public key.

See Also: ssh2_fingerprint(), ssh2_auth_none(), ssh2_auth_password(), and ssh2_auth_pubkey_file()


add a note add a note User Contributed Notes
suri dot suribala dot com
24-Feb-2005 09:00
With Sara's help, I have the following SS2 class that is quite flexible. If anyone improves it, please feel free to let me know.

<?php

// ssh protocols
// note: once openShell method is used, cmdExec does not work

class ssh2 {

 
private $host = 'host';
 
private $user = 'user';
 
private $port = '22';
 
private $password = 'password';
 
private $con = null;
 
private $shell_type = 'xterm';
 
private $shell = null;
 
private $log = '';

  function
__construct($host='', $port=''  ) {

     if(
$host!='' ) $this->host  = $host;
     if(
$port!='' ) $this->port  = $port;

    
$this->con  = ssh2_connect($this->host, $this->port);
     if( !
$this->con ) {
      
$this->log .= "Connection failed !";
     }

  }

  function
authPassword( $user = '', $password = '' ) {

     if(
$user!='' ) $this->user  = $user;
     if(
$password!='' ) $this->password  = $password;

     if( !
ssh2_auth_password( $this->con, $this->user, $this->password ) ) {
      
$this->log .= "Authorization failed !";
     }

  }

  function
openShell( $shell_type = '' ) {

       if (
$shell_type != '' ) $this->shell_type = $shell_type;
  
$this->shell = ssh2_shell( $this->con$this->shell_type );
   if( !
$this->shell ) $this->log .= " Shell connection failed !";

  }

  function
writeShell( $command = '' ) {

  
fwrite($this->shell, $command."\n");

  }

  function
cmdExec( ) {

      
$argc = func_num_args();
      
$argv = func_get_args();

  
$cmd = '';
   for(
$i=0; $i<$argc ; $i++) {
       if(
$i != ($argc-1) ) {
        
$cmd .= $argv[$i]." && ";
       }else{
        
$cmd .= $argv[$i];
       }
   }
   echo
$cmd;

      
$stream = ssh2_exec( $this->con, $cmd );
  
stream_set_blocking( $stream, true );
   return
fread( $stream, 4096 );

  }

  function
getLog() {

     return
$this->log;

  }

}

?>