class Net_SSH1 (View source)

Pure-PHP implementation of SSHv1.

Properties

string $identifier The SSH identifier
object $fsock The Socket Object
object $crypto The cryptography object
int $bitmap Execution Bitmap
string $server_key_public_exponent The Server Key Public Exponent
string $server_key_public_modulus The Server Key Public Modulus
string $host_key_public_exponent The Host Key Public Exponent
string $host_key_public_modulus The Host Key Public Modulus
array $supported_ciphers Supported Ciphers
array $supported_authentications Supported Authentications
string $server_identification Server Identification
array $protocol_flags Protocol Flags
array $protocol_flag_log Protocol Flag Log
array $message_log Message Log
resource $realtime_log_file Real-time log file pointer
int $realtime_log_size Real-time log file size
bool $realtime_log_wrap Real-time log file wrap boolean
array $interactiveBuffer Interactive Buffer
$timeout Timeout
$curTimeout Current Timeout
$log_boundary Log Boundary
$log_long_width Log Long Width
$log_short_width Log Short Width
string $host Hostname
int $port Port Number
int $connectionTimeout Timeout for initial connection
int $cipher Default cipher

Methods

__construct(string $host, int $port = 22, int $timeout = 10, int $cipher = NET_SSH1_CIPHER_3DES)

Default Constructor.

Net_SSH1(string $host, int $port = 22, int $timeout = 10, int $cipher = NET_SSH1_CIPHER_3DES)

PHP4 compatible Default Constructor.

bool
_connect()

Connect to an SSHv1 server

bool
login(string $username, string $password = '')

Login

setTimeout(mixed $timeout)

Set Timeout

mixed
exec(string $cmd, bool $block = true)

Executes a command on a non-interactive shell, returns the output, and quits.

bool
_initShell()

Creates an interactive shell

bool
write(string $cmd)

Inputs a command into an interactive shell.

bool
read(string $expect, int $mode = NET_SSH1_READ_SIMPLE)

Returns the output of an interactive shell when there's a match for $expect

bool
interactiveWrite(string $cmd)

Inputs a command into an interactive shell.

string
interactiveRead()

Returns the output of an interactive shell when no more output is available.

disconnect()

Disconnect

__destruct()

Destructor.

_disconnect(string $msg = 'Client Quit')

Disconnect

array
_get_binary_packet()

Gets Binary Packets

bool
_send_binary_packet(string $data)

Sends Binary Packets

int
_crc(string $data)

Cyclic Redundancy Check (CRC)

string
_string_shift(string $string, int $index = 1)

String Shift

_rsa_crypt(Math_BigInteger $m, array $key)

RSA Encrypt

_define_array()

Define Array

array|false|string
getLog()

Returns a log of the packets that have been sent and received.

string
_format_log(array $message_log, array $message_number_log)

Formats a log for printing

string
_format_log_helper(array $matches)

Helper function for _format_log

string
getServerKeyPublicExponent(bool $raw_output = false)

Return the server key public exponent

string
getServerKeyPublicModulus(bool $raw_output = false)

Return the server key public modulus

string
getHostKeyPublicExponent(bool $raw_output = false)

Return the host key public exponent

string
getHostKeyPublicModulus(bool $raw_output = false)

Return the host key public modulus

array
getSupportedCiphers(bool $raw_output = false)

Return a list of ciphers supported by SSH1 server.

array
getSupportedAuthentications(bool $raw_output = false)

Return a list of authentications supported by SSH1 server.

string
getServerIdentification()

Return the server identification.

_append_log(int $protocol_flags, string $message)

Logs data packets

Details

Net_SSH1 __construct(string $host, int $port = 22, int $timeout = 10, int $cipher = NET_SSH1_CIPHER_3DES)

Default Constructor.

Connects to an SSHv1 server

Parameters

string $host
int $port
int $timeout
int $cipher

Return Value

Net_SSH1

Net_SSH1(string $host, int $port = 22, int $timeout = 10, int $cipher = NET_SSH1_CIPHER_3DES)

PHP4 compatible Default Constructor.

Parameters

string $host
int $port
int $timeout
int $cipher

See also

\self::__construct()

bool _connect()

Connect to an SSHv1 server

Return Value

bool

bool login(string $username, string $password = '')

Login

Parameters

string $username
string $password

Return Value

bool

setTimeout(mixed $timeout)

Set Timeout

$ssh->exec('ping 127.0.0.1'); on a Linux host will never return and will run indefinitely. setTimeout() makes it so it'll timeout. Setting $timeout to false or 0 will mean there is no timeout.

Parameters

mixed $timeout

mixed exec(string $cmd, bool $block = true)

Executes a command on a non-interactive shell, returns the output, and quits.

An SSH1 server will close the connection after a command has been executed on a non-interactive shell. SSH2 servers don't, however, this isn't an SSH2 client. The way this works, on the server, is by initiating a shell with the -s option, as discussed in the following links:

{@link http://www.faqs.org/docs/bashman/bashref_65.html http://www.faqs.org/docs/bashman/bashref_65.html} {@link http://www.faqs.org/docs/bashman/bashref_62.html http://www.faqs.org/docs/bashman/bashref_62.html}

To execute further commands, a new Net_SSH1 object will need to be created.

Returns false on failure and the output, otherwise.

Parameters

string $cmd
bool $block

Return Value

mixed

See also

\self::interactiveRead()
\self::interactiveWrite()

bool _initShell()

Creates an interactive shell

Return Value

bool

See also

\self::interactiveRead()
\self::interactiveWrite()

bool write(string $cmd)

Inputs a command into an interactive shell.

Parameters

string $cmd

Return Value

bool

See also

\self::interactiveWrite()

bool read(string $expect, int $mode = NET_SSH1_READ_SIMPLE)

Returns the output of an interactive shell when there's a match for $expect

$expect can take the form of a string literal or, if $mode == NET_SSH1_READ_REGEX, a regular expression.

Parameters

string $expect
int $mode

Return Value

bool

See also

\self::write()

bool interactiveWrite(string $cmd)

Inputs a command into an interactive shell.

Parameters

string $cmd

Return Value

bool

See also

\self::interactiveRead()

string interactiveRead()

Returns the output of an interactive shell when no more output is available.

Requires PHP 4.3.0 or later due to the use of the stream_select() function. If you see stuff like "^[[00m", you're seeing ANSI escape codes. According to {@link http://support.microsoft.com/kb/101875 How to Enable ANSI.SYS in a Command Window}, "Windows NT does not support ANSI escape sequences in Win32 Console applications", so if you're a Windows user, there's not going to be much recourse.

Return Value

string

See also

\self::interactiveRead()

disconnect()

Disconnect

__destruct()

Destructor.

Will be called, automatically, if you're supporting just PHP5. If you're supporting PHP4, you'll need to call disconnect().

_disconnect(string $msg = 'Client Quit')

Disconnect

Parameters

string $msg

array _get_binary_packet()

Gets Binary Packets

See 'The Binary Packet Protocol' of protocol-1.5.txt for more info.

Also, this function could be improved upon by adding detection for the following exploit: http://www.securiteam.com/securitynews/5LP042K3FY.html

Return Value

array

See also

\self::_send_binary_packet()

bool _send_binary_packet(string $data)

Sends Binary Packets

Returns true on success, false on failure.

Parameters

string $data

Return Value

bool

See also

\self::_get_binary_packet()

int _crc(string $data)

Cyclic Redundancy Check (CRC)

PHP's crc32 function is implemented slightly differently than the one that SSH v1 uses, so we've reimplemented it. A more detailed discussion of the differences can be found after $crc_lookup_table's initialization.

Parameters

string $data

Return Value

int

See also

\self::_get_binary_packet()
\self::_send_binary_packet()

string _string_shift(string $string, int $index = 1)

String Shift

Inspired by array_shift

Parameters

string $string
int $index

Return Value

string

Math_BigInteger _rsa_crypt(Math_BigInteger $m, array $key)

RSA Encrypt

Returns mod(pow($m, $e), $n), where $n should be the product of two (large) primes $p and $q and where $e should be a number with the property that gcd($e, ($p - 1) * ($q - 1)) == 1. Could just make anything that calls this call modexp, instead, but I think this makes things clearer, maybe...

Parameters

Math_BigInteger $m
array $key

Return Value

Math_BigInteger

See also

\self::Net_SSH1()

_define_array()

Define Array

Takes any number of arrays whose indices are integers and whose values are strings and defines a bunch of named constants from it, using the value as the name of the constant and the index as the value of the constant. If any of the constants that would be defined already exists, none of the constants will be defined.

array|false|string getLog()

Returns a log of the packets that have been sent and received.

Returns a string if NET_SSH1_LOGGING == NET_SSH1_LOG_COMPLEX, an array if NET_SSH1_LOGGING == NET_SSH1_LOG_SIMPLE and false if !defined('NET_SSH1_LOGGING')

Return Value

array|false|string

string _format_log(array $message_log, array $message_number_log)

Formats a log for printing

Parameters

array $message_log
array $message_number_log

Return Value

string

string _format_log_helper(array $matches)

Helper function for _format_log

For use with preg_replace_callback()

Parameters

array $matches

Return Value

string

string getServerKeyPublicExponent(bool $raw_output = false)

Return the server key public exponent

Returns, by default, the base-10 representation. If $raw_output is set to true, returns, instead, the raw bytes. This behavior is similar to PHP's md5() function.

Parameters

bool $raw_output

Return Value

string

string getServerKeyPublicModulus(bool $raw_output = false)

Return the server key public modulus

Returns, by default, the base-10 representation. If $raw_output is set to true, returns, instead, the raw bytes. This behavior is similar to PHP's md5() function.

Parameters

bool $raw_output

Return Value

string

string getHostKeyPublicExponent(bool $raw_output = false)

Return the host key public exponent

Returns, by default, the base-10 representation. If $raw_output is set to true, returns, instead, the raw bytes. This behavior is similar to PHP's md5() function.

Parameters

bool $raw_output

Return Value

string

string getHostKeyPublicModulus(bool $raw_output = false)

Return the host key public modulus

Returns, by default, the base-10 representation. If $raw_output is set to true, returns, instead, the raw bytes. This behavior is similar to PHP's md5() function.

Parameters

bool $raw_output

Return Value

string

array getSupportedCiphers(bool $raw_output = false)

Return a list of ciphers supported by SSH1 server.

Just because a cipher is supported by an SSH1 server doesn't mean it's supported by this library. If $raw_output is set to true, returns, instead, an array of constants. ie. instead of array('Triple-DES in CBC mode'), you'll get array(NET_SSH1_CIPHER_3DES).

Parameters

bool $raw_output

Return Value

array

array getSupportedAuthentications(bool $raw_output = false)

Return a list of authentications supported by SSH1 server.

Just because a cipher is supported by an SSH1 server doesn't mean it's supported by this library. If $raw_output is set to true, returns, instead, an array of constants. ie. instead of array('password authentication'), you'll get array(NET_SSH1_AUTH_PASSWORD).

Parameters

bool $raw_output

Return Value

array

string getServerIdentification()

Return the server identification.

Return Value

string

_append_log(int $protocol_flags, string $message)

Logs data packets

Makes sure that only the last 1MB worth of packets will be logged

Parameters

int $protocol_flags
string $message