Hi there. I'm trying to connect to a cisco switch...
I'm just new to ssh and to networking in general... and so I'll apologize in advance for any remedial questions.
I initially tried to just re-use some code I've written using phpseclib... but I've discovered that this switch is not configured the same way as other switches and therefore my current code is bombing.
When you manually (via a terminal window) try to run the following command:
the switch still prompts me for the username again... and then the password. once supplied, I am able to log in using the username/password method. It just doesn't work programmatically.
Before I ramble on, here's some info about our set up:
1. we are not using keys
2. we are using a RADIUS server to authenticate username/passwords
3. this switch is not running cisco's IOS. Its more of a small business grade switch.
After talking with some of our networking guys, it sounds like what's possibly happening is the following:
- the system is trying to find a key (and therefore ignoring the username embedded in the initial ssh connect command)
- when it fails, then it prompts for a username
- then a password.
Since phpseclib is failing, i decided to write some really basic php code to see if i could somehow connect a different way. I wrote the following php code:
PHP Code:
Try{
$connection = ssh2_connect('10.113.123.45', 22);
var_dump($connection);
echo "attemp ssh2 authorization....<br>";
echo ssh2_auth_password($connection, 'myusername', 'mypassword');
exit;
$stream = ssh2_exec($connection, 'show bonjour');
$errorStream = ssh2_fetch_stream($stream, SSH2_STREAM_STDERR);
// Enable blocking for both streams
stream_set_blocking($errorStream, true);
stream_set_blocking($stream, true);
// Whichever of the two below commands is listed first will receive its appropriate output. The second command receives nothing
echo "Output: " . stream_get_contents($stream);
echo "Error: " . stream_get_contents($errorStream);
// Close the streams
fclose($errorStream);
fclose($stream);
}
catch (Exception $ex)
{
echo 'doing a var dump:';
var_dump($connection);
}
It dies with the following error message:
Quote:
resource(2) of type (SSH2 Session) attemp ssh2 authorization....
Warning: ssh2_auth_password() [function.ssh2-auth-password]: Authentication failed for myusername using password in /var/www/test/customssh.php on line 10
|
So then i tried something even more basic - that is, to query the switch to see what types of authentication types are supported. This is the code:
PHP Code:
<?php
$connection = ssh2_connect('10.113.123.45', 22);
$auth_methods = ssh2_auth_none($connection, 'user');
var_dump($auth_methods);
if (in_array('password', $auth_methods)) {
echo "Server supports password based authentication\n";
}
?>
It too dies, but with the following message:
Quote:
bool(true)
Warning: in_array() expects parameter 2 to be array, boolean given in /var/www/test/sshauthenticationmethod.php on line 7
|
According to the PHP manual, this method should fail... and return a list of authentication methods. But it's not failing....
My questions are as follows.
I've been operating on the assumption that eventhough this switch is "different", i should still be able to connect programmatically using a username / password combo because I can do it manually.
Is this assumption correct?
If not, can you tell me another way to accomplish this?
What exactly does it mean when the ssh2_auth_none returns a true? The php manual just says it should fail. Does this mean that the switch is configured to just be wide open? Because that isn't the case...
Thanks for reading...
Thanks.