Keyboard-Interactive User Authentication (password method)

Get help with using the PHP Secure Communications Library.

Moderator: Nuxius

Forum rules
The purpose of this forum is to provide support for phpseclib, a pure PHP SSH / SFTP / RSA library.

Posts by new users are held in a moderation queue and are not publicly visible until the post is approved.

Keyboard-Interactive User Authentication (password method)

Postby j31 » Tue Aug 10, 2010 2:51 pm

Good day!

First of all, thanks for your work!
My issue is the following: I cannot login at the ssh-server because keyboard-interactive user authentication is used, so I always have NET_SSH2_MSG_USERAUTH_FAILURE error. But in principle the only thing that server wants is the password, which could be provided.
How could this be implemented using your library? Could you please give some suggestions?

Thanks again.
j31
Traveler
 
Posts: 5
Joined: Tue Aug 10, 2010 2:31 pm

Re: Keyboard-Interactive User Authentication (password metho

Postby TerraFrost » Fri Aug 13, 2010 3:17 pm

I'll try to look into that at some point. I'm leaving for a 1.5 week long vacation next week, though, so if I don't manage to get it done before I leave then you might wind up waiting a while. Regardless, it is now on my list of things to do :)
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: Keyboard-Interactive User Authentication (password metho

Postby TerraFrost » Sat Aug 28, 2010 5:27 pm

Limited keyboard-interactive authentication support has now been implemented:

http://phpseclib.cvs.sourceforge.net/vi ... xt%2Fplain
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: Keyboard-Interactive User Authentication (password metho

Postby j31 » Tue Sep 07, 2010 2:36 pm

Dear Jim,

still cannot connect to server with password keyboard-interactive user authentication. I use the test script as given in manual, section 5.1.8. "Debugging SSH-2". Sometimes my test script just dies with fatal errors like this "Allowed memory size of 201326592 bytes exhausted (tried to allocate 950654646 bytes) in /var/www/Net/SSH2.php on line 1695". In some cases it even falls in endless loop with warnings "fread() [<a href='function.fread'>function.fread</a>]: Length parameter must be greater than 0 in /srv/www/htdocs/test/Net/SSH2.php on line 1695" until maximum execution time will be exceeded.
And sometimes it "successfully" produces such an output:
Code: Select all
<-
00000000  53:53:48:2d:31:2e:39:39:2d:4f:70:65:6e:53:53:48  SSH-1.99-OpenSSH
00000010  5f:34:2e:32:0a                                   _4.2.

->
00000000  53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69  SSH-2.0-phpsecli
00000010  62:5f:30:2e:32:20:28:62:63:6d:61:74:68:29:0d:0a  b_0.2 (bcmath)..

<- NET_SSH2_MSG_KEXINIT (0.0685s)
00000000  73:a0:09:d8:8b:09:56:94:bf:72:db:20:f4:53:46:be  s.....V..r. .SF.
00000010  00:00:00:59:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ...Ydiffie-hellm
00000020  61:6e:2d:67:72:6f:75:70:2d:65:78:63:68:61:6e:67  an-group-exchang
00000030  65:2d:73:68:61:31:2c:64:69:66:66:69:65:2d:68:65  e-sha1,diffie-he
00000040  6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:34:2d:73:68  llman-group14-sh
00000050  61:31:2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d:61  a1,diffie-hellma
00000060  6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:00:00:00  n-group1-sha1...
00000070  0f:73:73:68:2d:72:73:61:2c:73:73:68:2d:64:73:73  .ssh-rsa,ssh-dss
00000080  00:00:00:9d:61:65:73:31:32:38:2d:63:62:63:2c:33  ....aes128-cbc,3
00000090  64:65:73:2d:63:62:63:2c:62:6c:6f:77:66:69:73:68  des-cbc,blowfish
000000a0  2d:63:62:63:2c:63:61:73:74:31:32:38:2d:63:62:63  -cbc,cast128-cbc
000000b0  2c:61:72:63:66:6f:75:72:31:32:38:2c:61:72:63:66  ,arcfour128,arcf
000000c0  6f:75:72:32:35:36:2c:61:72:63:66:6f:75:72:2c:61  our256,arcfour,a
000000d0  65:73:31:39:32:2d:63:62:63:2c:61:65:73:32:35:36  es192-cbc,aes256
000000e0  2d:63:62:63:2c:72:69:6a:6e:64:61:65:6c:2d:63:62  -cbc,rijndael-cb
000000f0  63:40:6c:79:73:61:74:6f:72:2e:6c:69:75:2e:73:65  c@lysator.liu.se
00000100  2c:61:65:73:31:32:38:2d:63:74:72:2c:61:65:73:31  ,aes128-ctr,aes1
00000110  39:32:2d:63:74:72:2c:61:65:73:32:35:36:2d:63:74  92-ctr,aes256-ct
00000120  72:00:00:00:9d:61:65:73:31:32:38:2d:63:62:63:2c  r....aes128-cbc,
00000130  33:64:65:73:2d:63:62:63:2c:62:6c:6f:77:66:69:73  3des-cbc,blowfis
00000140  68:2d:63:62:63:2c:63:61:73:74:31:32:38:2d:63:62  h-cbc,cast128-cb
00000150  63:2c:61:72:63:66:6f:75:72:31:32:38:2c:61:72:63  c,arcfour128,arc
00000160  66:6f:75:72:32:35:36:2c:61:72:63:66:6f:75:72:2c  four256,arcfour,
00000170  61:65:73:31:39:32:2d:63:62:63:2c:61:65:73:32:35  aes192-cbc,aes25
00000180  36:2d:63:62:63:2c:72:69:6a:6e:64:61:65:6c:2d:63  6-cbc,rijndael-c
00000190  62:63:40:6c:79:73:61:74:6f:72:2e:6c:69:75:2e:73  bc@lysator.liu.s
000001a0  65:2c:61:65:73:31:32:38:2d:63:74:72:2c:61:65:73  e,aes128-ctr,aes
000001b0  31:39:32:2d:63:74:72:2c:61:65:73:32:35:36:2d:63  192-ctr,aes256-c
000001c0  74:72:00:00:00:55:68:6d:61:63:2d:6d:64:35:2c:68  tr...Uhmac-md5,h
000001d0  6d:61:63:2d:73:68:61:31:2c:68:6d:61:63:2d:72:69  mac-sha1,hmac-ri
000001e0  70:65:6d:64:31:36:30:2c:68:6d:61:63:2d:72:69:70  pemd160,hmac-rip
000001f0  65:6d:64:31:36:30:40:6f:70:65:6e:73:73:68:2e:63  emd160@openssh.c
00000200  6f:6d:2c:68:6d:61:63:2d:73:68:61:31:2d:39:36:2c  om,hmac-sha1-96,
00000210  68:6d:61:63:2d:6d:64:35:2d:39:36:00:00:00:55:68  hmac-md5-96...Uh
00000220  6d:61:63:2d:6d:64:35:2c:68:6d:61:63:2d:73:68:61  mac-md5,hmac-sha
00000230  31:2c:68:6d:61:63:2d:72:69:70:65:6d:64:31:36:30  1,hmac-ripemd160
00000240  2c:68:6d:61:63:2d:72:69:70:65:6d:64:31:36:30:40  ,hmac-ripemd160@
00000250  6f:70:65:6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63  openssh.com,hmac
00000260  2d:73:68:61:31:2d:39:36:2c:68:6d:61:63:2d:6d:64  -sha1-96,hmac-md
00000270  35:2d:39:36:00:00:00:15:6e:6f:6e:65:2c:7a:6c:69  5-96....none,zli
00000280  62:40:6f:70:65:6e:73:73:68:2e:63:6f:6d:00:00:00  b@openssh.com...
00000290  15:6e:6f:6e:65:2c:7a:6c:69:62:40:6f:70:65:6e:73  .none,zlib@opens
000002a0  73:68:2e:63:6f:6d:00:00:00:00:00:00:00:00:00:00  sh.com..........
000002b0  00:00:00                                         ...

-> NET_SSH2_MSG_KEXINIT (0s)
00000000  05:6b:4f:94:46:dd:2b:17:af:a1:2d:df:0e:43:37:b5  .kO.F.+...-..C7.
00000010  00:00:00:36:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ...6diffie-hellm
00000020  61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:2c:64  an-group1-sha1,d
00000030  69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72  iffie-hellman-gr
00000040  6f:75:70:31:34:2d:73:68:61:31:00:00:00:0f:73:73  oup14-sha1....ss
00000050  68:2d:72:73:61:2c:73:73:68:2d:64:73:73:00:00:00  h-rsa,ssh-dss...
00000060  76:61:72:63:66:6f:75:72:32:35:36:2c:61:72:63:66  varcfour256,arcf
00000070  6f:75:72:31:32:38:2c:61:72:63:66:6f:75:72:2c:61  our128,arcfour,a
00000080  65:73:31:32:38:2d:63:62:63:2c:61:65:73:31:39:32  es128-cbc,aes192
00000090  2d:63:62:63:2c:61:65:73:32:35:36:2d:63:62:63:2c  -cbc,aes256-cbc,
000000a0  61:65:73:31:32:38:2d:63:74:72:2c:61:65:73:31:39  aes128-ctr,aes19
000000b0  32:2d:63:74:72:2c:61:65:73:32:35:36:2d:63:74:72  2-ctr,aes256-ctr
000000c0  2c:33:64:65:73:2d:63:74:72:2c:33:64:65:73:2d:63  ,3des-ctr,3des-c
000000d0  62:63:2c:6e:6f:6e:65:00:00:00:76:61:72:63:66:6f  bc,none...varcfo
000000e0  75:72:32:35:36:2c:61:72:63:66:6f:75:72:31:32:38  ur256,arcfour128
000000f0  2c:61:72:63:66:6f:75:72:2c:61:65:73:31:32:38:2d  ,arcfour,aes128-
00000100  63:62:63:2c:61:65:73:31:39:32:2d:63:62:63:2c:61  cbc,aes192-cbc,a
00000110  65:73:32:35:36:2d:63:62:63:2c:61:65:73:31:32:38  es256-cbc,aes128
00000120  2d:63:74:72:2c:61:65:73:31:39:32:2d:63:74:72:2c  -ctr,aes192-ctr,
00000130  61:65:73:32:35:36:2d:63:74:72:2c:33:64:65:73:2d  aes256-ctr,3des-
00000140  63:74:72:2c:33:64:65:73:2d:63:62:63:2c:6e:6f:6e  ctr,3des-cbc,non
00000150  65:00:00:00:30:68:6d:61:63:2d:73:68:61:31:2d:39  e...0hmac-sha1-9
00000160  36:2c:68:6d:61:63:2d:73:68:61:31:2c:68:6d:61:63  6,hmac-sha1,hmac
00000170  2d:6d:64:35:2d:39:36:2c:68:6d:61:63:2d:6d:64:35  -md5-96,hmac-md5
00000180  2c:6e:6f:6e:65:00:00:00:30:68:6d:61:63:2d:73:68  ,none...0hmac-sh
00000190  61:31:2d:39:36:2c:68:6d:61:63:2d:73:68:61:31:2c  a1-96,hmac-sha1,
000001a0  68:6d:61:63:2d:6d:64:35:2d:39:36:2c:68:6d:61:63  hmac-md5-96,hmac
000001b0  2d:6d:64:35:2c:6e:6f:6e:65:00:00:00:04:6e:6f:6e  -md5,none....non
000001c0  65:00:00:00:04:6e:6f:6e:65:00:00:00:00:00:00:00  e....none.......
000001d0  00:00:00:00:00:00                                ......

-> NET_SSH2_MSG_KEXDH_INIT (0s)
00000000  00:00:00:80:4b:d5:8f:33:d5:a0:73:a5:87:26:84:3f  ....K..3..s..&.?
00000010  5f:f0:0c:0c:dd:44:29:e1:43:0f:4b:6d:eb:ab:73:0d  _....D).C.Km..s.
00000020  f6:27:08:93:0f:ad:cc:8e:cd:82:be:21:ad:e2:a2:03  .'.........!....
00000030  81:80:02:61:3c:71:5c:fc:4e:81:d4:74:c8:33:92:ca  ...a.q\.N..t.3..
00000040  b0:42:4b:2b:e3:62:ea:66:e5:80:dd:32:d1:6d:f6:56  .BK+.b.f...2.m.V
00000050  b2:ae:b1:07:61:54:ce:6e:2a:d6:88:a4:90:07:8a:80  ....aT.n*.......
00000060  99:bb:51:d4:a0:8a:a3:36:cc:d5:97:32:09:84:47:71  ..Q....6...2..Gq
00000070  82:13:4c:d9:fa:49:e9:f3:a8:5c:6e:63:33:0a:3a:c7  ..L..I...\nc3.:.
00000080  d6:ba:90:32                                      ...2

<- NET_SSH2_MSG_KEXDH_REPLY (0.1443s)
00000000  00:00:00:95:00:00:00:07:73:73:68:2d:72:73:61:00  ........ssh-rsa.
00000010  00:00:01:23:00:00:00:81:00:ba:49:0a:0f:7d:16:57  ...#......I..}.W
00000020  dc:52:d0:65:6a:80:14:f6:6c:ff:06:5e:59:54:fc:1f  .R.ej...l..^YT..
00000030  c4:6f:09:e6:28:68:15:03:77:9b:1b:63:82:e3:cc:19  .o..(h..w..c....
00000040  f9:9f:37:75:8d:2a:83:3c:82:63:69:40:56:66:51:0e  ..7u.*...ci@VfQ.
00000050  1d:77:62:01:e0:f6:ae:f6:c7:e8:47:9d:83:ff:8a:d8  .wb.......G.....
00000060  92:51:57:1f:21:e2:fb:c8:03:a1:12:35:b8:64:bb:c1  .QW.!......5.d..
00000070  0c:cb:d8:09:5b:95:a4:d6:67:e5:b8:3e:d9:a0:d8:d1  ....[...g..>....
00000080  34:a2:b0:b7:83:d4:44:ec:d0:60:40:48:d9:76:f6:07  4.....D..`@H.v..
00000090  1a:4b:bf:b8:89:78:86:54:53:00:00:00:81:00:c6:f9  .K...x.TS.......
000000a0  85:bf:c8:34:ac:d8:18:2b:5f:e8:f4:b7:cf:f3:db:7d  ...4...+_......}
000000b0  c0:c1:2f:a6:c4:a5:30:2c:9a:12:64:25:b3:7c:95:08  ../...0,..d%.|..
000000c0  d7:94:98:53:ae:c0:49:f3:84:ae:87:8f:1a:88:18:33  ...S..I........3
000000d0  ad:83:79:6b:d9:8f:0c:0b:33:92:1d:7e:f0:77:4f:b6  ..yk....3..~.wO.
000000e0  e4:42:c7:d5:ac:d3:12:a8:97:83:0d:0d:a8:cf:3c:af  .B..............
000000f0  28:fb:57:2b:2d:ba:16:06:a3:91:a6:fd:9e:b9:eb:97  (.W+-...........
00000100  51:64:b7:f9:04:03:53:4d:35:58:8c:06:03:bc:8e:3a  Qd....SM5X.....:
00000110  f3:f1:99:fa:78:8c:bd:f6:8d:86:c9:7f:06:78:00:00  ....x........x..
00000120  00:8f:00:00:00:07:73:73:68:2d:72:73:61:00:00:00  ......ssh-rsa...
00000130  80:0e:8f:43:9f:0c:2f:03:5c:8f:8b:5a:63:99:35:e8  ...C../.\..Zc.5.
00000140  1e:6f:c8:c8:af:16:b3:09:26:e7:22:19:2e:58:f6:82  .o......&."..X..
00000150  8d:a8:0d:97:31:11:32:eb:7f:83:d4:0a:29:4c:4e:fe  ....1.2.....)LN.
00000160  e7:6b:34:fb:a5:fd:ed:56:b4:36:8a:48:30:85:e7:f2  .k4....V.6.H0...
00000170  74:65:29:85:66:a8:38:36:0c:62:f0:ca:c7:bb:3e:99  te).f.86.b....>.
00000180  70:43:ab:ea:9f:6e:4a:4e:04:a4:f0:d2:09:f5:ad:53  pC...nJN.......S
00000190  f5:12:4e:2d:fd:36:c8:77:36:46:25:9c:3d:be:1a:75  ..N-.6.w6F%.=..u
000001a0  e0:44:13:0e:7a:9f:f4:42:93:95:9b:b7:46:30:b5:1b  .D..z..B....F0..
000001b0  49                                               I

-> NET_SSH2_MSG_NEWKEYS (0.0001s)                                               

<- NET_SSH2_MSG_NEWKEYS (0s)         
Notice:  Invalid HMAC in /var/www/Net/SSH2.php on line 1710
Notice:  Connection closed by server in /var/www/Net/SSH2.php on line 1312
Login Failed
j31
Traveler
 
Posts: 5
Joined: Tue Aug 10, 2010 2:31 pm

Re: Keyboard-Interactive User Authentication (password metho

Postby TerraFrost » Tue Sep 07, 2010 4:16 pm

You're getting that error phpseclib has had a chance to even try keyboard-interactive authentication. It probably has to do with this change [1]. To quote from the comments:

Code: Select all
     * Portable OpenSSH 4.4 and earlier use faulty key sizes for aes256-ctr, aes192-ctr and arcfour256.
     * These algorithms could be removed from $encryption_algorithms in Net_SSH2::_key_exchange() but we'll
     * adjust the key sizes instead to confirm that the version detection technique we're using is correct.
     * If it isn't correct than we'll get decryption / encryption errors.  We wouldn't get any errors, in
     * contrast, if the algorithms were simply removed, and would never know if the version detection
     * technique we were using was correct.

So I guess the version detection doesn't work. I guess it shouldn't surprise me - PuTTY requires you manually reconfigure the client to connect to buggy servers so it's not without precedent for phpseclib to require manual configuration as well.

Anyway, per this, try revision 1.49:

http://phpseclib.cvs.sourceforge.net/vi ... xt%2Fplain
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: Keyboard-Interactive User Authentication (password metho

Postby j31 » Tue Sep 07, 2010 9:07 pm

Thanks, now seems to connect well. The only issue is that exec() method doesn't work, it always returns FALSE here:
Code: Select all
        if (!($this->bitmap & NET_SSH2_MASK_LOGIN)) {
            return false;
        }
j31
Traveler
 
Posts: 5
Joined: Tue Aug 10, 2010 2:31 pm

Re: Keyboard-Interactive User Authentication (password metho

Postby TerraFrost » Tue Sep 07, 2010 9:33 pm

That's an easy fix. I'll do it when I get home from work - thanks for the heads-up!
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: Keyboard-Interactive User Authentication (password metho

Postby TerraFrost » Wed Sep 08, 2010 1:46 pm

So I wound up not doing this last night - Tropical Storm Hermine knocked out the power last night, which kinda prevented me from doing much of anything. Today I'm probably going to a friends place after work so maybe I'll get this done on Thursday. Sorry for the delay :(
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: Keyboard-Interactive User Authentication (password metho

Postby TerraFrost » Sun Sep 12, 2010 10:13 pm

Sorry for the delay - I kinda got sidetracked with some stuff.

Anyway, the fix has been committed:

http://phpseclib.cvs.sourceforge.net/vi ... ision=1.52

Thanks for the feedback!
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: Keyboard-Interactive User Authentication (password metho

Postby j31 » Fri Sep 17, 2010 3:22 pm

Dear Jim,

tested at several servers,
all works perfectly.

Thank You again for Your work!
j31
Traveler
 
Posts: 5
Joined: Tue Aug 10, 2010 2:31 pm


Return to phpseclib support

Who is online

Users browsing this forum: No registered users and 1 guest