LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 11-14-2012, 10:43 AM   #1
chubbypama
LQ Newbie
 
Registered: Aug 2012
Posts: 8

Rep: Reputation: Disabled
Exclamation attempting to use php/ssh2 to connect to a cisco switch


Hi there. I'm trying to connect to a cisco switch...
I'm just new to ssh and to networking in general... and so I'll apologize in advance for any remedial questions.
I initially tried to just re-use some code I've written using phpseclib... but I've discovered that this switch is not configured the same way as other switches and therefore my current code is bombing.

When you manually (via a terminal window) try to run the following command:

Quote:
ssh username@ipaddress
the switch still prompts me for the username again... and then the password. once supplied, I am able to log in using the username/password method. It just doesn't work programmatically.

Before I ramble on, here's some info about our set up:
1. we are not using keys
2. we are using a RADIUS server to authenticate username/passwords
3. this switch is not running cisco's IOS. Its more of a small business grade switch.

After talking with some of our networking guys, it sounds like what's possibly happening is the following:
- the system is trying to find a key (and therefore ignoring the username embedded in the initial ssh connect command)
- when it fails, then it prompts for a username
- then a password.

Since phpseclib is failing, i decided to write some really basic php code to see if i could somehow connect a different way. I wrote the following php code:
PHP Code:
Try{

  
$connection ssh2_connect('10.113.123.45'22);
  
var_dump($connection);
  echo 
"attemp ssh2 authorization....<br>";

 echo 
ssh2_auth_password($connection'myusername''mypassword');
  exit;
  
$stream ssh2_exec($connection'show bonjour');
  
$errorStream ssh2_fetch_stream($streamSSH2_STREAM_STDERR);

  
// Enable blocking for both streams
  
stream_set_blocking($errorStreamtrue);
  
stream_set_blocking($streamtrue);

  
// Whichever of the two below commands is listed first will receive its appropriate output.  The second command receives nothing
  
echo "Output: " stream_get_contents($stream);
  echo 
"Error: " stream_get_contents($errorStream);

  
// Close the streams       
  
fclose($errorStream);
  
fclose($stream);  
}
catch (
Exception $ex)
{
  echo 
'doing a var dump:';
  
var_dump($connection);

It dies with the following error message:

Quote:
resource(2) of type (SSH2 Session) attemp ssh2 authorization....

Warning: ssh2_auth_password() [function.ssh2-auth-password]: Authentication failed for myusername using password in /var/www/test/customssh.php on line 10

So then i tried something even more basic - that is, to query the switch to see what types of authentication types are supported. This is the code:

PHP Code:
<?php
$connection 
ssh2_connect('10.113.123.45'22);

$auth_methods ssh2_auth_none($connection'user');

var_dump($auth_methods);
if (
in_array('password'$auth_methods)) {
  echo 
"Server supports password based authentication\n";
}
?>
It too dies, but with the following message:

Quote:
bool(true)
Warning: in_array() expects parameter 2 to be array, boolean given in /var/www/test/sshauthenticationmethod.php on line 7
According to the PHP manual, this method should fail... and return a list of authentication methods. But it's not failing....

My questions are as follows.
I've been operating on the assumption that eventhough this switch is "different", i should still be able to connect programmatically using a username / password combo because I can do it manually.
Is this assumption correct?
If not, can you tell me another way to accomplish this?
What exactly does it mean when the ssh2_auth_none returns a true? The php manual just says it should fail. Does this mean that the switch is configured to just be wide open? Because that isn't the case...

Thanks for reading...

Thanks.

Last edited by chubbypama; 11-14-2012 at 10:50 AM.
 
Old 11-15-2012, 04:11 AM   #2
Guttorm
Senior Member
 
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,449

Rep: Reputation: 446Reputation: 446Reputation: 446Reputation: 446Reputation: 446
Hi

About the last code snippet, I think you are mistaken about the return value of ssh2_auth_none. As I understand it, the ssh protocol has an authentication method called "none". This is of course very insecure, and should be disabled. What the function does, is try it. So usually, this function will fail, and the ssh2_auth_none function will return a list of the authentication methods the server accepts.

But in your case, the function returns true. That means your server supports authentication method none. So it looks like anyone can connect to the switch, and maybe it does the authentication later?

Maybe try something like this:


PHP Code:
$connection ssh2_connect('10.113.123.45'22);
$auth_methods ssh2_auth_none($connection'user');
$stdio_stream ssh2_shell($connection);
fwrite($stdio_stream,$username."\n");
sleep(1);
fwrite($stdio_stream,$password."\n");
sleep(1);
echo 
"Output: " stream_get_contents($stdio_stream); 
 
Old 11-15-2012, 08:23 AM   #3
chubbypama
LQ Newbie
 
Registered: Aug 2012
Posts: 8

Original Poster
Rep: Reputation: Disabled
Woo hoo!!

Quote:
Originally Posted by Guttorm View Post
Hi

About the last code snippet, I think you are mistaken about the return value of ssh2_auth_none. As I understand it, the ssh protocol has an authentication method called "none". This is of course very insecure, and should be disabled. What the function does, is try it. So usually, this function will fail, and the ssh2_auth_none function will return a list of the authentication methods the server accepts.

But in your case, the function returns true. That means your server supports authentication method none. So it looks like anyone can connect to the switch, and maybe it does the authentication later?

Maybe try something like this:


PHP Code:
$connection ssh2_connect('10.113.123.45'22);
$auth_methods ssh2_auth_none($connection'user');
$stdio_stream ssh2_shell($connection);
fwrite($stdio_stream,$username."\n");
sleep(1);
fwrite($stdio_stream,$password."\n");
sleep(1);
echo 
"Output: " stream_get_contents($stdio_stream); 

That worked!! It looks like it connected!!!
my output looks like the following:

Quote:
Output: myusername User Name:Password:************ SwitchName#
So i were to use this approach, may I just ask another question? what's the proper way to disconnect?
Thank you!!
 
Old 11-15-2012, 09:43 AM   #4
Guttorm
Senior Member
 
Registered: Dec 2003
Location: Trondheim, Norway
Distribution: Debian and Ubuntu
Posts: 1,449

Rep: Reputation: 446Reputation: 446Reputation: 446Reputation: 446Reputation: 446
Good it worked.

I think the proper way to disconnect would be to send some command the server closes the connection. It looks like some kind of shell so maybe it's "exit"?

PHP Code:
fwrite($stdio_stream,"exit\n"); 
But I don't think it matters much. When the PHP script terminates it will close all connections anyway.
 
1 members found this post helpful.
Old 11-15-2012, 09:57 AM   #5
chubbypama
LQ Newbie
 
Registered: Aug 2012
Posts: 8

Original Poster
Rep: Reputation: Disabled
Thank you!

Quote:
Originally Posted by Guttorm View Post
Good it worked.

I think the proper way to disconnect would be to send some command the server closes the connection. It looks like some kind of shell so maybe it's "exit"?

PHP Code:
fwrite($stdio_stream,"exit\n"); 
But I don't think it matters much. When the PHP script terminates it will close all connections anyway.
Thank you!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Unable to connect with other server using SSH2 in php phpdev Linux - Server 15 12-10-2013 08:39 PM
ok network problem with the cisco e3200 router and cisco se2800 switch to ps3 linux/unix87 Linux - Hardware 0 03-07-2012 06:04 PM
Connect using SSH2 ?? bianchi77 Linux - Networking 7 05-23-2010 11:32 PM
OpenSSH switch to ssh2 xaphalanx Linux - Enterprise 5 12-22-2005 09:49 PM
ssh2 client cannot connect errors. jclark00001 Linux - Networking 1 02-26-2003 01:05 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 10:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration