using phpseclib to connect to cisco switch

Get help with using the PHP Secure Communications Library.

Moderator: Nuxius

Forum rules
The purpose of this forum is to provide support for phpseclib, a pure PHP SSH / SFTP / RSA library.

Posts by new users are held in a moderation queue and are not publicly visible until the post is approved.

using phpseclib to connect to cisco switch

Postby chubbypama » Wed Oct 03, 2012 7:17 pm

Hi there. I'm trying to connect to a cisco switch using the phpseclib library. It's a cisco SF302-08P.
But the login fails. Here's my source code:

Code: Select all
<?php
echo "CONNECTING TO MY TEST CISCO SWITCH<BR>";
echo "===================================<BR>";
set_include_path(get_include_path() . PATH_SEPARATOR . '/var/www/phpseclib');
 
include('/var/www/phpseclib/Net/SSH2.php');
define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX); //add near include lines

$cisco = new Net_SSH2('10.10.10.10');
if (!$cisco->login('username', 'password')) {
    exit('Login Failed');
}

echo $cisco->write('help');
echo $cisco->read('/([0-9A-Z\-])*(#)(\s*)/i', NET_SSH2_READ_REGEX); 
echo $cisco->data;
echo $cisco->disconnect();
echo $cisco->getLog();
?>


The log in never works.
What i've noticed with this type of switch, which is different from let's say HPs is that when you manually log in, even if you specify the user name in the initial ssh command, it still prompts you for a username, and then password.

So for example, if at a command prompt you were to type:

"ssh username@10.10.10.10"


the system will prompt you for a username again. Then a password. Then it logs you on.

Can phpseclib be used to connect to devices like this?

Thanks.
chubbypama
Traveler
 
Posts: 27
Joined: Thu Jul 19, 2012 6:54 pm

Re: using phpseclib to connect to cisco switch

Postby TerraFrost » Thu Oct 04, 2012 12:28 pm

If you could provide a copy of the logs that'd be great. Thanks!
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: using phpseclib to connect to cisco switch

Postby chubbypama » Thu Oct 04, 2012 1:05 pm

TerraFrost wrote:If you could provide a copy of the logs that'd be great. Thanks!


I'm having a hard time getting the logs to print. I've modified my code to look like the following:

Code: Select all
echo "CONNECTING TO MY TEST CISCO SWITCH<BR>";
echo "===================================<BR>";
set_include_path(get_include_path() . PATH_SEPARATOR . '/var/www/phpseclib');
include('/var/www/phpseclib/Net/SSH2.php');
define('NET_SSH2_LOGGING', true);

$cisco = new Net_SSH2('10.10.10.10');
if (!$cisco->login('username', 'password')) {
$log = $cisco->getLog(NET_SSH2_LOG_COMPLEX);
    exit('Login Failed');
   
}
foreach ($log as $logitem)  {
echo $logitem.'<br>';
}


But that doesn't give me anything. I've also tried:

Code: Select all
echo "CONNECTING TO MY TEST CISCO SWITCH<BR>";
echo "===================================<BR>";
set_include_path(get_include_path() . PATH_SEPARATOR . '/var/www/phpseclib');
include('/var/www/phpseclib/Net/SSH2.php');
define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);

$cisco = new Net_SSH2('10.10.10.10');
if (!$cisco->login('username', 'password')) {
   $log = $cisco->getLog();
    exit('Login Failed');

}

foreach ($log as $logitem)  {
echo $logitem.'<br>';
}
chubbypama
Traveler
 
Posts: 27
Joined: Thu Jul 19, 2012 6:54 pm

Re: using phpseclib to connect to cisco switch

Postby chubbypama » Thu Oct 04, 2012 1:28 pm

Hi Terrafrost,
I got the logging to work. Changed my code to look like:

Code: Select all
set_include_path(get_include_path() . PATH_SEPARATOR . '/var/www/phpseclib');
include('Net/SSH2.php');
define('NET_SSH2_LOGGING', true); //turn on logging.

$ssh = new Net_SSH2('10.10.10.10'); //starting the ssh connection to localhost
if (!$ssh->login('username', 'password')) { //if you can't log on...
   echo('Login Failed');
   echo 'Error message is: <br>';
   $log = $ssh->getLog(NET_SSH2_LOG_COMPLEX);
   foreach ($log as $logitem)  {
   echo $logitem.'<br>';
   } 

Here's the output:

Login FailedError message is:
<-
->
<- NET_SSH2_MSG_KEXINIT (0.0115s)
-> NET_SSH2_MSG_KEXINIT (0s)
-> NET_SSH2_MSG_KEXDH_INIT (0s)
<- NET_SSH2_MSG_KEXDH_REPLY (0.7921s)
-> NET_SSH2_MSG_NEWKEYS (0s)
<- NET_SSH2_MSG_NEWKEYS (0s)
-> NET_SSH2_MSG_SERVICE_REQUEST (0s)
<- NET_SSH2_MSG_SERVICE_ACCEPT (0.5124s)
-> NET_SSH2_MSG_USERAUTH_REQUEST (0s)
<- NET_SSH2_MSG_USERAUTH_FAILURE (0.0086s)
Attempting command:
}
chubbypama
Traveler
 
Posts: 27
Joined: Thu Jul 19, 2012 6:54 pm

Re: using phpseclib to connect to cisco switch

Postby TerraFrost » Fri Oct 05, 2012 5:35 am

It's possible to get much more detailed logs. From your code snippet:

Code: Select all
set_include_path(get_include_path() . PATH_SEPARATOR . '/var/www/phpseclib');
include('Net/SSH2.php');
define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX); //turn on logging.

$ssh = new Net_SSH2('10.10.10.10'); //starting the ssh connection to localhost
if (!$ssh->login('username', 'password')) { //if you can't log on...
   echo('Login Failed');
   echo 'Error message is: <br>';
   $log = $ssh->getLog();

If that gives you a lot of Errors or Notices try upgrading to the latest Git version.

Thanks!
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: using phpseclib to connect to cisco switch

Postby chubbypama » Fri Oct 05, 2012 1:11 pm

Here's the dump:

(I just did print_r() on it)

<- 00000000 53:53:48:2d:32:2e:30:2d:4f:70:65:6e:53:53:48:5f SSH-2.0-OpenSSH_ 00000010 33:2e:34:70:31:2e:52:4c:0d:0a 3.4p1.RL.. -> 00000000 53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69 SSH-2.0-phpsecli 00000010 62:5f:30:2e:33:20:28:6d:63:72:79:70:74:2c:20:62 b_0.3 (mcrypt, b 00000020 63:6d:61:74:68:29:0d:0a cmath).. <- NET_SSH2_MSG_KEXINIT (0.0115s) 00000000 53:2e:de:d0:c3:c1:7b:df:e4:0f:ae:82:4b:1e:82:d3 S.....{.....K... 00000010 00:00:00:3d:64:69:66:66:69:65:2d:68:65:6c:6c:6d ...=diffie-hellm 00000020 61:6e:2d:67:72:6f:75:70:2d:65:78:63:68:61:6e:67 an-group-exchang 00000030 65:2d:73:68:61:31:2c:64:69:66:66:69:65:2d:68:65 e-sha1,diffie-he 00000040 6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:2d:73:68:61 llman-group1-sha 00000050 31:00:00:00:0f:73:73:68:2d:72:73:61:2c:73:73:68 1....ssh-rsa,ssh 00000060 2d:64:73:73:00:00:00:31:61:65:73:31:32:38:2d:63 -dss...1aes128-c 00000070 62:63:2c:33:64:65:73:2d:63:62:63:2c:61:72:63:66 bc,3des-cbc,arcf 00000080 6f:75:72:2c:61:65:73:31:39:32:2d:63:62:63:2c:61 our,aes192-cbc,a 00000090 65:73:32:35:36:2d:63:62:63:00:00:00:31:61:65:73 es256-cbc...1aes 000000a0 31:32:38:2d:63:62:63:2c:33:64:65:73:2d:63:62:63 128-cbc,3des-cbc 000000b0 2c:61:72:63:66:6f:75:72:2c:61:65:73:31:39:32:2d ,arcfour,aes192- 000000c0 63:62:63:2c:61:65:73:32:35:36:2d:63:62:63:00:00 cbc,aes256-cbc.. 000000d0 00:12:68:6d:61:63:2d:73:68:61:31:2c:68:6d:61:63 ..hmac-sha1,hmac 000000e0 2d:6d:64:35:00:00:00:12:68:6d:61:63:2d:73:68:61 -md5....hmac-sha 000000f0 31:2c:68:6d:61:63:2d:6d:64:35:00:00:00:04:6e:6f 1,hmac-md5....no 00000100 6e:65:00:00:00:04:6e:6f:6e:65:00:00:00:00:00:00 ne....none...... 00000110 00:00:00:00:00:00:00 ....... -> NET_SSH2_MSG_KEXINIT (0s) 00000000 84:46:15:c3:a3:9c:ba:61:5e:10:8c:08:27:22:94:ee .F.....a^...'".. 00000010 00:00:00:36:64:69:66:66:69:65:2d:68:65:6c:6c:6d ...6diffie-hellm 00000020 61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:2c:64 an-group1-sha1,d 00000030 69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72 iffie-hellman-gr 00000040 6f:75:70:31:34:2d:73:68:61:31:00:00:00:0f:73:73 oup14-sha1....ss 00000050 68:2d:72:73:61:2c:73:73:68:2d:64:73:73:00:00:00 h-rsa,ssh-dss... 00000060 76:61:72:63:66:6f:75:72:32:35:36:2c:61:72:63:66 varcfour256,arcf 00000070 6f:75:72:31:32:38:2c:61:72:63:66:6f:75:72:2c:61 our128,arcfour,a 00000080 65:73:31:32:38:2d:63:62:63:2c:61:65:73:31:39:32 es128-cbc,aes192 00000090 2d:63:62:63:2c:61:65:73:32:35:36:2d:63:62:63:2c -cbc,aes256-cbc, 000000a0 61:65:73:31:32:38:2d:63:74:72:2c:61:65:73:31:39 aes128-ctr,aes19 000000b0 32:2d:63:74:72:2c:61:65:73:32:35:36:2d:63:74:72 2-ctr,aes256-ctr 000000c0 2c:33:64:65:73:2d:63:74:72:2c:33:64:65:73:2d:63 ,3des-ctr,3des-c 000000d0 62:63:2c:6e:6f:6e:65:00:00:00:76:61:72:63:66:6f bc,none...varcfo 000000e0 75:72:32:35:36:2c:61:72:63:66:6f:75:72:31:32:38 ur256,arcfour128 000000f0 2c:61:72:63:66:6f:75:72:2c:61:65:73:31:32:38:2d ,arcfour,aes128- 00000100 63:62:63:2c:61:65:73:31:39:32:2d:63:62:63:2c:61 cbc,aes192-cbc,a 00000110 65:73:32:35:36:2d:63:62:63:2c:61:65:73:31:32:38 es256-cbc,aes128 00000120 2d:63:74:72:2c:61:65:73:31:39:32:2d:63:74:72:2c -ctr,aes192-ctr, 00000130 61:65:73:32:35:36:2d:63:74:72:2c:33:64:65:73:2d aes256-ctr,3des- 00000140 63:74:72:2c:33:64:65:73:2d:63:62:63:2c:6e:6f:6e ctr,3des-cbc,non 00000150 65:00:00:00:30:68:6d:61:63:2d:73:68:61:31:2d:39 e...0hmac-sha1-9 00000160 36:2c:68:6d:61:63:2d:73:68:61:31:2c:68:6d:61:63 6,hmac-sha1,hmac 00000170 2d:6d:64:35:2d:39:36:2c:68:6d:61:63:2d:6d:64:35 -md5-96,hmac-md5 00000180 2c:6e:6f:6e:65:00:00:00:30:68:6d:61:63:2d:73:68 ,none...0hmac-sh 00000190 61:31:2d:39:36:2c:68:6d:61:63:2d:73:68:61:31:2c a1-96,hmac-sha1, 000001a0 68:6d:61:63:2d:6d:64:35:2d:39:36:2c:68:6d:61:63 hmac-md5-96,hmac 000001b0 2d:6d:64:35:2c:6e:6f:6e:65:00:00:00:04:6e:6f:6e -md5,none....non 000001c0 65:00:00:00:04:6e:6f:6e:65:00:00:00:00:00:00:00 e....none....... 000001d0 00:00:00:00:00:00 ...... -> NET_SSH2_MSG_KEXDH_INIT (0s) 00000000 00:00:00:80:46:5e:c1:ee:92:7b:52:b7:19:c5:9a:51 ....F^...{R....Q 00000010 ea:30:97:43:6a:66:0c:c9:24:d4:9f:db:d3:5e:b2:1c .0.Cjf..$....^.. 00000020 b7:1f:89:91:1c:ed:51:de:a2:d7:66:00:e8:a3:1d:ef ......Q...f..... 00000030 b6:60:36:ba:da:7f:6b:d3:47:1b:e5:a8:a9:97:fc:6b .`6...k.G......k 00000040 a6:62:73:8b:31:7d:d9:a1:0a:c5:24:1f:53:ba:2b:1f .bs.1}....$.S.+. 00000050 1b:19:ac:06:b2:0a:26:55:93:f7:42:64:da:d9:3a:6a ......&U..Bd..:j 00000060 6d:78:01:26:46:a4:78:98:de:16:09:93:27:90:bc:47 mx.&F.x.....'..G 00000070 98:ee:be:97:4b:fb:5f:45:19:9d:41:29:e4:54:66:67 ....K._E..A).Tfg 00000080 f8:cc:90:bc .... <- NET_SSH2_MSG_KEXDH_REPLY (0.8022s) 00000000 00:00:00:95:00:00:00:07:73:73:68:2d:72:73:61:00 ........ssh-rsa. 00000010 00:00:01:23:00:00:00:81:00:b9:87:cf:b3:5a:37:13 ...#.........Z7. 00000020 81:c2:55:46:e6:ff:16:1a:02:53:9a:6b:f5:56:a3:52 ..UF.....S.k.V.R 00000030 09:5f:ec:db:e7:83:88:91:62:3c:5c:a1:56:5a:87:ce ._......b.\.VZ.. 00000040 8e:66:4f:44:50:b2:65:35:e6:3d:f7:04:e5:42:ad:bf .fODP.e5.=...B.. 00000050 dd:fe:53:db:c5:ba:c5:63:60:23:49:bb:9f:8f:e0:1d ..S....c`#I..... 00000060 f0:45:b5:22:94:7f:1f:e3:3c:47:6f:99:dc:3a:95:5a .E.".....Go..:.Z 00000070 1e:4b:85:d0:a5:aa:92:4b:1e:8b:ef:49:98:af:10:70 .K.....K...I...p 00000080 e9:93:14:a8:d6:e2:c2:cd:4b:ee:67:2d:a6:65:a8:80 ........K.g-.e.. 00000090 9d:00:fb:53:c4:ae:f6:77:03:00:00:00:80:4b:06:d1 ...S...w.....K.. 000000a0 49:93:f7:49:9e:08:a0:d1:0a:5e:5e:a7:b3:3d:67:0e I..I.....^^..=g. 000000b0 37:3f:ee:47:75:a0:e8:fc:10:6d:10:7d:2f:d5:06:9e 7?.Gu....m.}/... 000000c0 64:0d:7b:1f:33:1f:ee:4f:55:bb:c2:44:15:87:ea:04 d.{.3..OU..D.... 000000d0 e9:10:e7:d4:c2:2c:40:08:e2:da:12:04:fa:b0:14:21 .....,@........! 000000e0 2d:9a:ad:04:a2:76:23:b2:64:64:d0:11:3d:d4:4b:03 -....v#.dd..=.K. 000000f0 30:26:85:cd:ff:72:22:33:aa:13:e4:9e:73:87:f3:56 0&...r"3....s..V 00000100 51:d5:2b:bb:27:c6:01:7b:08:49:d9:06:78:9e:c2:04 Q.+.'..{.I..x... 00000110 c6:51:b3:ba:2d:50:9e:24:7b:8f:38:e2:59:00:00:00 .Q..-P.${.8.Y... 00000120 8f:00:00:00:07:73:73:68:2d:72:73:61:00:00:00:80 .....ssh-rsa.... 00000130 6c:bf:58:bd:12:d9:05:dd:99:4b:a7:5e:79:32:49:5b l.X......K.^y2I[ 00000140 09:27:dc:84:1f:e0:66:d0:95:78:d4:f5:f3:d7:73:d7 .'....f..x....s. 00000150 76:18:f7:36:b4:b5:e0:43:97:b6:02:a1:9b:70:b1:5c v..6...C.....p.\ 00000160 4d:42:6d:9b:f7:67:aa:5d:0d:db:3e:cf:c2:61:6a:ce MBm..g.]..>..aj. 00000170 d2:4e:8d:58:c2:c4:03:e8:57:a5:ed:44:91:f1:e9:21 .N.X....W..D...! 00000180 e8:57:4b:01:68:32:d0:93:2d:a0:7d:ba:f0:68:41:6f .WK.h2..-.}..hAo 00000190 8b:f4:3b:5d:cb:09:f1:26:e8:70:4c:2c:56:7b:f3:d8 ..;]...&.pL,V{.. 000001a0 fb:3d:f8:d7:fe:8f:78:f7:88:90:fe:ac:62:82:ad:8a .=....x.....b... -> NET_SSH2_MSG_NEWKEYS (0s) <- NET_SSH2_MSG_NEWKEYS (0s) -> NET_SSH2_MSG_SERVICE_REQUEST (0s) 00000000 00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68 ....ssh-userauth <- NET_SSH2_MSG_SERVICE_ACCEPT (0.5142s) 00000000 00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68 ....ssh-userauth -> NET_SSH2_MSG_USERAUTH_REQUEST (0s) 00000000 32:00:00:00:08:75:73:65:72:6e:61:6d:65:00:00:00 2....username... 00000010 0e:73:73:68:2d:63:6f:6e:6e:65:63:74:69:6f:6e:00 .ssh-connection. 00000020 00:00:08:70:61:73:73:77:6f:72:64:00:00:00:00:08 ...password..... 00000030 70:61:73:73:77:6f:72:64 password <- NET_SSH2_MSG_USERAUTH_FAILURE (0.0063s) 00000000 00:00:00:09:70:75:62:6c:69:63:6b:65:79:00 ....publickey.
chubbypama
Traveler
 
Posts: 27
Joined: Thu Jul 19, 2012 6:54 pm

Re: using phpseclib to connect to cisco switch

Postby TerraFrost » Fri Oct 05, 2012 3:01 pm

Code: Select all
-> NET_SSH2_MSG_SERVICE_REQUEST (0s)
00000000  00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68  ....ssh-userauth

<- NET_SSH2_MSG_SERVICE_ACCEPT (0.5142s)
00000000  00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68  ....ssh-userauth

-> NET_SSH2_MSG_USERAUTH_REQUEST (0s)
00000000  32:00:00:00:08:75:73:65:72:6e:61:6d:65:00:00:00  2....username...
00000010  0e:73:73:68:2d:63:6f:6e:6e:65:63:74:69:6f:6e:00  .ssh-connection.
00000020  00:00:08:70:61:73:73:77:6f:72:64:00:00:00:00:08  ...password.....
00000030  70:61:73:73:77:6f:72:64                          password

<- NET_SSH2_MSG_USERAUTH_FAILURE (0.0063s)
00000000  00:00:00:09:70:75:62:6c:69:63:6b:65:79:00        ....publickey.


Looks like it only supports publickey authentication.

the system will prompt you for a username again. Then a password. Then it logs you on.

OpenSSH CLI is probably ignoring the username part, if it's prompting you for the username, and the password is probably the password for the private key.

If you go to /home/username/.ssh/id_rsa your private key should be there. It's also possible ssh-agent is giving OpenSSH the password but I can't help you get the password from that if that's what you're using.
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: using phpseclib to connect to cisco switch

Postby chubbypama » Mon Oct 29, 2012 3:45 pm

hm... I'm a little confused because we are actually not using keys.
I can log on "manually" via a terminal window using a radius username / password combo.

??
Sorry for any remedial questions. just a newbie into the networking world... including ssh.
thanks.
chubbypama
Traveler
 
Posts: 27
Joined: Thu Jul 19, 2012 6:54 pm

Re: using phpseclib to connect to cisco switch

Postby TerraFrost » Mon Oct 29, 2012 10:34 pm

See my previous post:
If you go to /home/username/.ssh/id_rsa your private key should be there. It's also possible ssh-agent is giving OpenSSH the password but I can't help you get the password from that if that's what you're using.

Who knows... maybe the password you're providing is to the RADIUS server itself and that server gives the SSH CLI client the publickey. If that's the case maybe playing around with the following PHP Radius implementation might help:

http://www.phpclasses.org/package/4326- ... erver.html

Did you check the directory and to see if ssh-agent was running?
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: using phpseclib to connect to cisco switch

Postby chubbypama » Mon Nov 12, 2012 3:28 pm

TerraFrost wrote:See my previous post:
If you go to /home/username/.ssh/id_rsa your private key should be there. It's also possible ssh-agent is giving OpenSSH the password but I can't help you get the password from that if that's what you're using.

Who knows... maybe the password you're providing is to the RADIUS server itself and that server gives the SSH CLI client the publickey. If that's the case maybe playing around with the following PHP Radius implementation might help:

http://www.phpclasses.org/package/4326- ... erver.html

Did you check the directory and to see if ssh-agent was running?


Hey Terrafrost. Thanks for the response. So here's the information I've cobbled together. As I mentioned before, we are not using key based authentication for this particular switch. So i did check the folder /home/username/.ssh/id_rsa and that file doesn't exist. Other tidbits that might help:
- this switch is not running IOS.
- it seems that when I try to connect manually via a terminal window, in the backend, it checks the same folder you are talking about. When it doesn't find the keys file, it then assumes we are doing username / password authentication and therefore, presents me with a second prompt for a username. once supplied, it prompts for password... and then its able to connect.
What i'm wondering is if we cannot change anything on the server side of the switch to prevent the check for publickey, is there a way to change the code so that I send the username twice?
meaning, can i change the code so that it ignores the first error about publickey... and then it just sends the username and password a second time?

Thanks.
chubbypama
Traveler
 
Posts: 27
Joined: Thu Jul 19, 2012 6:54 pm

Re: using phpseclib to connect to cisco switch

Postby TerraFrost » Tue Nov 13, 2012 5:15 pm

chubbypama wrote:Hey Terrafrost. Thanks for the response. So here's the information I've cobbled together. As I mentioned before, we are not using key based authentication for this particular switch. So i did check the folder /home/username/.ssh/id_rsa and that file doesn't exist. Other tidbits that might help:
- this switch is not running IOS.
- it seems that when I try to connect manually via a terminal window, in the backend, it checks the same folder you are talking about. When it doesn't find the keys file, it then assumes we are doing username / password authentication and therefore, presents me with a second prompt for a username. once supplied, it prompts for password... and then its able to connect.

It's possible it's using ssh-agent, too, like I said. There's an open pull request for phpseclib that adds support for ssh-agent to phpseclib:

https://github.com/kea/phpseclib/commit ... 76b7f45687

You could try that.

What i'm wondering is if we cannot change anything on the server side of the switch to prevent the check for publickey, is there a way to change the code so that I send the username twice?
meaning, can i change the code so that it ignores the first error about publickey... and then it just sends the username and password a second time?

You could just call $ssh->login() twice. ie.

$ssh->login('username', 'password');
$ssh->login('username', 'password');

That said, I've never seen an SSH server that behaves differently for one login attempt than it does for another. I suppose it's possible yours could but I'd be very surprised..
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: using phpseclib to connect to cisco switch

Postby TerraFrost » Fri Nov 16, 2012 8:47 am

I've been following your stackoverflow and linuxquestions posts and, for reference, here's the linuxquestions post:

http://www.linuxquestions.org/questions ... 175437135/

If that's how your server is behaving... would you mind doing some testing for me if I gave you some code? I'd like to make that work with phpseclib.

Alternatively, what's the name of the router you're using? Maybe I could buy it myself off of eBay for cheap and add support to that kind of method myself.

Thanks!!
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am

Re: using phpseclib to connect to cisco switch

Postby dustant » Fri Jul 26, 2013 6:14 pm

Terrafrost,

I'm having the same type of issues as the original poster, but I can get it to work on an occasional basis by using $ssh->write and manually writing the username and password. Sometimes it will work, other times I get the error "Raw mode will not be supported" or just a straight failure without the raw mode not supported. I would like to get this working consistently.

See log below (username/password were removed):

Code: Select all
<-
00000000  53:53:48:2d:32:2e:30:2d:4f:70:65:6e:53:53:48:5f  SSH-2.0-OpenSSH_
00000010  34:2e:30:0a                                      4.0.




->
00000000  53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69  SSH-2.0-phpsecli
00000010  62:5f:30:2e:33:20:28:67:6d:70:29:0d:0a           b_0.3 (gmp)..



<- NET_SSH2_MSG_KEXINIT (since last: 3.6711, network: 0.0008s)
00000000  14:b0:d7:d8:a5:5b:e4:38:3e:e7:f3:f8:c1:5a:00:ab  .....[.8>....Z..
00000010  12:00:00:00:59:64:69:66:66:69:65:2d:68:65:6c:6c  ....Ydiffie-hell
00000020  6d:61:6e:2d:67:72:6f:75:70:2d:65:78:63:68:61:6e  man-group-exchan
00000030  67:65:2d:73:68:61:31:2c:64:69:66:66:69:65:2d:68  ge-sha1,diffie-h
00000040  65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:34:2d:73  ellman-group14-s
00000050  68:61:31:2c:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ha1,diffie-hellm
00000060  61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:00:00  an-group1-sha1..
00000070  00:0f:73:73:68:2d:72:73:61:2c:73:73:68:2d:64:73  ..ssh-rsa,ssh-ds
00000080  73:00:00:00:87:61:65:73:31:32:38:2d:63:62:63:2c  s....aes128-cbc,
00000090  33:64:65:73:2d:63:62:63:2c:62:6c:6f:77:66:69:73  3des-cbc,blowfis
000000a0  68:2d:63:62:63:2c:63:61:73:74:31:32:38:2d:63:62  h-cbc,cast128-cb
000000b0  63:2c:61:72:63:66:6f:75:72:2c:61:65:73:31:39:32  c,arcfour,aes192
000000c0  2d:63:62:63:2c:61:65:73:32:35:36:2d:63:62:63:2c  -cbc,aes256-cbc,
000000d0  72:69:6a:6e:64:61:65:6c:2d:63:62:63:40:6c:79:73  rijndael-cbc@lys
000000e0  61:74:6f:72:2e:6c:69:75:2e:73:65:2c:61:65:73:31  ator.liu.se,aes1
000000f0  32:38:2d:63:74:72:2c:61:65:73:31:39:32:2d:63:74  28-ctr,aes192-ct
00000100  72:2c:61:65:73:32:35:36:2d:63:74:72:00:00:00:87  r,aes256-ctr....
00000110  61:65:73:31:32:38:2d:63:62:63:2c:33:64:65:73:2d  aes128-cbc,3des-
00000120  63:62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:62:63  cbc,blowfish-cbc
00000130  2c:63:61:73:74:31:32:38:2d:63:62:63:2c:61:72:63  ,cast128-cbc,arc
00000140  66:6f:75:72:2c:61:65:73:31:39:32:2d:63:62:63:2c  four,aes192-cbc,
00000150  61:65:73:32:35:36:2d:63:62:63:2c:72:69:6a:6e:64  aes256-cbc,rijnd
00000160  61:65:6c:2d:63:62:63:40:6c:79:73:61:74:6f:72:2e  ael-cbc@lysator.
00000170  6c:69:75:2e:73:65:2c:61:65:73:31:32:38:2d:63:74  liu.se,aes128-ct
00000180  72:2c:61:65:73:31:39:32:2d:63:74:72:2c:61:65:73  r,aes192-ctr,aes
00000190  32:35:36:2d:63:74:72:00:00:00:55:68:6d:61:63:2d  256-ctr...Uhmac-
000001a0  6d:64:35:2c:68:6d:61:63:2d:73:68:61:31:2c:68:6d  md5,hmac-sha1,hm
000001b0  61:63:2d:72:69:70:65:6d:64:31:36:30:2c:68:6d:61  ac-ripemd160,hma
000001c0  63:2d:72:69:70:65:6d:64:31:36:30:40:6f:70:65:6e  c-ripemd160@open
000001d0  73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68:61  ssh.com,hmac-sha
000001e0  31:2d:39:36:2c:68:6d:61:63:2d:6d:64:35:2d:39:36  1-96,hmac-md5-96
000001f0  00:00:00:55:68:6d:61:63:2d:6d:64:35:2c:68:6d:61  ...Uhmac-md5,hma
00000200  63:2d:73:68:61:31:2c:68:6d:61:63:2d:72:69:70:65  c-sha1,hmac-ripe
00000210  6d:64:31:36:30:2c:68:6d:61:63:2d:72:69:70:65:6d  md160,hmac-ripem
00000220  64:31:36:30:40:6f:70:65:6e:73:73:68:2e:63:6f:6d  d160@openssh.com
00000230  2c:68:6d:61:63:2d:73:68:61:31:2d:39:36:2c:68:6d  ,hmac-sha1-96,hm
00000240  61:63:2d:6d:64:35:2d:39:36:00:00:00:09:6e:6f:6e  ac-md5-96....non
00000250  65:2c:7a:6c:69:62:00:00:00:09:6e:6f:6e:65:2c:7a  e,zlib....none,z
00000260  6c:69:62:00:00:00:00:00:00:00:00:00:00:00:00:00  lib.............



-> NET_SSH2_MSG_KEXINIT (since last: 0.0063, network: 0s)
00000000  14:1c:81:80:3d:50:a0:42:3c:a0:79:eb:1b:41:20:0b  ....=P.B..y..A .
00000010  bd:00:00:00:36:64:69:66:66:69:65:2d:68:65:6c:6c  ....6diffie-hell
00000020  6d:61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:2c  man-group1-sha1,
00000030  64:69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67  diffie-hellman-g
00000040  72:6f:75:70:31:34:2d:73:68:61:31:00:00:00:0f:73  roup14-sha1....s
00000050  73:68:2d:72:73:61:2c:73:73:68:2d:64:73:73:00:00  sh-rsa,ssh-dss..
00000060  00:f6:61:72:63:66:6f:75:72:32:35:36:2c:61:72:63  ..arcfour256,arc
00000070  66:6f:75:72:31:32:38:2c:61:72:63:66:6f:75:72:2c  four128,arcfour,
00000080  61:65:73:31:32:38:2d:63:74:72:2c:61:65:73:31:39  aes128-ctr,aes19
00000090  32:2d:63:74:72:2c:61:65:73:32:35:36:2d:63:74:72  2-ctr,aes256-ctr
000000a0  2c:62:6c:6f:77:66:69:73:68:2d:63:74:72:2c:74:77  ,blowfish-ctr,tw
000000b0  6f:66:69:73:68:31:32:38:2d:63:74:72:2c:74:77:6f  ofish128-ctr,two
000000c0  66:69:73:68:31:39:32:2d:63:74:72:2c:74:77:6f:66  fish192-ctr,twof
000000d0  69:73:68:32:35:36:2d:63:74:72:2c:61:65:73:31:32  ish256-ctr,aes12
000000e0  38:2d:63:62:63:2c:61:65:73:31:39:32:2d:63:62:63  8-cbc,aes192-cbc
000000f0  2c:61:65:73:32:35:36:2d:63:62:63:2c:62:6c:6f:77  ,aes256-cbc,blow
00000100  66:69:73:68:2d:63:62:63:2c:74:77:6f:66:69:73:68  fish-cbc,twofish
00000110  31:32:38:2d:63:62:63:2c:74:77:6f:66:69:73:68:31  128-cbc,twofish1
00000120  39:32:2d:63:62:63:2c:74:77:6f:66:69:73:68:32:35  92-cbc,twofish25
00000130  36:2d:63:62:63:2c:74:77:6f:66:69:73:68:2d:63:62  6-cbc,twofish-cb
00000140  63:2c:33:64:65:73:2d:63:74:72:2c:33:64:65:73:2d  c,3des-ctr,3des-
00000150  63:62:63:2c:6e:6f:6e:65:00:00:00:f6:61:72:63:66  cbc,none....arcf
00000160  6f:75:72:32:35:36:2c:61:72:63:66:6f:75:72:31:32  our256,arcfour12
00000170  38:2c:61:72:63:66:6f:75:72:2c:61:65:73:31:32:38  8,arcfour,aes128
00000180  2d:63:74:72:2c:61:65:73:31:39:32:2d:63:74:72:2c  -ctr,aes192-ctr,
00000190  61:65:73:32:35:36:2d:63:74:72:2c:62:6c:6f:77:66  aes256-ctr,blowf
000001a0  69:73:68:2d:63:74:72:2c:74:77:6f:66:69:73:68:31  ish-ctr,twofish1
000001b0  32:38:2d:63:74:72:2c:74:77:6f:66:69:73:68:31:39  28-ctr,twofish19
000001c0  32:2d:63:74:72:2c:74:77:6f:66:69:73:68:32:35:36  2-ctr,twofish256
000001d0  2d:63:74:72:2c:61:65:73:31:32:38:2d:63:62:63:2c  -ctr,aes128-cbc,
000001e0  61:65:73:31:39:32:2d:63:62:63:2c:61:65:73:32:35  aes192-cbc,aes25
000001f0  36:2d:63:62:63:2c:62:6c:6f:77:66:69:73:68:2d:63  6-cbc,blowfish-c
00000200  62:63:2c:74:77:6f:66:69:73:68:31:32:38:2d:63:62  bc,twofish128-cb
00000210  63:2c:74:77:6f:66:69:73:68:31:39:32:2d:63:62:63  c,twofish192-cbc
00000220  2c:74:77:6f:66:69:73:68:32:35:36:2d:63:62:63:2c  ,twofish256-cbc,
00000230  74:77:6f:66:69:73:68:2d:63:62:63:2c:33:64:65:73  twofish-cbc,3des
00000240  2d:63:74:72:2c:33:64:65:73:2d:63:62:63:2c:6e:6f  -ctr,3des-cbc,no
00000250  6e:65:00:00:00:30:68:6d:61:63:2d:73:68:61:31:2d  ne...0hmac-sha1-
00000260  39:36:2c:68:6d:61:63:2d:73:68:61:31:2c:68:6d:61  96,hmac-sha1,hma
00000270  63:2d:6d:64:35:2d:39:36:2c:68:6d:61:63:2d:6d:64  c-md5-96,hmac-md
00000280  35:2c:6e:6f:6e:65:00:00:00:30:68:6d:61:63:2d:73  5,none...0hmac-s
00000290  68:61:31:2d:39:36:2c:68:6d:61:63:2d:73:68:61:31  ha1-96,hmac-sha1
000002a0  2c:68:6d:61:63:2d:6d:64:35:2d:39:36:2c:68:6d:61  ,hmac-md5-96,hma
000002b0  63:2d:6d:64:35:2c:6e:6f:6e:65:00:00:00:04:6e:6f  c-md5,none....no
000002c0  6e:65:00:00:00:04:6e:6f:6e:65:00:00:00:00:00:00  ne....none......
000002d0  00:00:00:00:00:00:00                             .......



-> NET_SSH2_MSG_KEXDH_INIT (since last: 0.0069, network: 0s)
00000000  1e:00:00:00:80:13:8c:c2:d5:89:9e:0b:8f:4b:98:fd  .............K..
00000010  11:93:34:a1:e1:e6:42:84:f4:9a:96:18:85:cb:94:ae  ..4...B.........
00000020  d7:8f:9f:dd:93:d6:78:8e:01:ad:f3:91:f3:93:57:96  ......x.......W.
00000030  9c:53:33:01:a0:78:f7:f8:ca:5e:97:4c:6b:20:72:c4  .S3..x...^.Lk r.
00000040  a0:cc:10:97:a1:66:b5:8f:fd:7e:7a:d8:83:cd:53:ce  .....f...~z...S.
00000050  07:a5:ad:30:7a:9a:a5:80:cc:47:ff:c7:a1:68:11:4e  ...0z....G...h.N
00000060  0e:73:23:e3:87:b8:e1:12:43:9f:f1:5c:ba:af:3d:e6  .s#.....C..\..=.
00000070  8c:ab:e7:37:e6:8a:3b:61:43:2d:dd:c5:8e:05:c8:61  ...7..;aC-.....a
00000080  d3:c3:89:33:a6                                   ...3.



<- NET_SSH2_MSG_KEXDH_REPLY (since last: 0.0693, network: 0.0681s)
00000000  1f:00:00:00:95:00:00:00:07:73:73:68:2d:72:73:61  .........ssh-rsa
00000010  00:00:00:01:23:00:00:00:81:00:cc:cd:d7:2d:71:2c  ....#........-q,
00000020  68:ea:75:c4:f4:13:88:63:d8:8f:aa:d5:8d:37:29:28  h.u....c.....7)(
00000030  a5:f4:d4:df:02:40:9c:25:fa:04:7c:63:f9:f2:8f:88  .....@.%..|c....
00000040  80:c3:0f:f9:34:6b:29:0f:b4:5d:65:f5:d8:f2:48:16  ....4k)..]e...H.
00000050  f8:40:3f:50:37:ec:c7:d5:85:69:2e:39:14:49:8a:3f  .@?P7....i.9.I.?
00000060  08:ec:dd:1b:e5:f7:9d:4e:17:1a:d0:c8:36:a3:50:2b  .......N....6.P+
00000070  de:c9:44:51:80:fc:e4:af:58:1d:f2:3f:0e:75:94:d9  ..DQ....X..?.u..
00000080  1c:a9:c8:ca:bf:c5:89:98:43:b6:46:93:a2:64:ae:57  ........C.F..d.W
00000090  c0:ea:4e:c9:94:de:df:06:e9:21:00:00:00:80:0f:c1  ..N......!......
000000a0  bf:b4:3f:2b:8b:86:64:3d:96:af:3b:7a:ed:ae:3d:2d  ..?+..d=..;z..=-
000000b0  88:70:c2:6e:56:68:98:bf:06:fc:33:f1:e8:93:57:16  .p.nVh....3...W.
000000c0  de:f8:31:33:22:e8:13:a0:8f:ed:2b:76:fe:9e:c0:26  ..13".....+v...&
000000d0  d5:95:83:8e:65:a1:6f:54:b3:49:19:68:9b:d8:08:07  ....e.oT.I.h....
000000e0  39:5b:18:fc:83:a9:85:7f:14:13:b8:c3:2f:ca:66:d2  9[........../.f.
000000f0  49:62:80:5c:61:df:db:92:16:26:82:22:f3:85:bb:4f  Ib.\a....&."...O
00000100  ce:3a:f4:62:6e:9e:72:b6:0d:3a:10:64:47:e8:9e:56  .:.bn.r..:.dG..V
00000110  57:be:de:e3:07:d3:b7:f8:b0:c9:ee:dd:52:33:00:00  W...........R3..
00000120  00:8f:00:00:00:07:73:73:68:2d:72:73:61:00:00:00  ......ssh-rsa...
00000130  80:62:7d:eb:e8:f7:18:0e:7d:d7:a9:be:cb:09:bb:94  .b}.....}.......
00000140  6c:90:16:a3:5b:fd:12:4f:70:67:01:ba:95:56:25:8f  l...[..Opg...V%.
00000150  db:ab:49:d0:b4:8b:34:e3:d8:d3:3f:63:ef:a2:c7:29  ..I...4...?c...)
00000160  63:99:65:09:37:1b:6b:2e:42:e3:32:7e:8e:be:53:af  c.e.7.k.B.2~..S.
00000170  56:dc:e2:15:a7:50:73:88:85:cc:11:b6:a2:96:61:72  V....Ps.......ar
00000180  54:c2:fa:8e:89:38:6b:82:af:de:15:8a:37:6d:78:e0  T....8k.....7mx.
00000190  ee:b3:80:b3:29:09:d1:46:f2:e6:1e:81:3d:4c:9a:8f  ....)..F....=L..
000001a0  bc:ba:70:10:58:c8:01:66:38:16:9d:77:34:d4:80:d3  ..p.X..f8..w4...
000001b0  67                                               g



-> NET_SSH2_MSG_NEWKEYS (since last: 0.0041, network: 0s)
00000000  15                                               .



<- NET_SSH2_MSG_NEWKEYS (since last: 0.0001, network: 0s)
00000000  15                                               .



-> NET_SSH2_MSG_SERVICE_REQUEST (since last: 0.0014, network: 0s)
00000000  05:00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74  .....ssh-useraut
00000010  68                                               h



<- NET_SSH2_MSG_SERVICE_ACCEPT (since last: 0.0378, network: 0.0374s)
00000000  06:00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74  .....ssh-useraut
00000010  68                                               h



-> NET_SSH2_MSG_USERAUTH_REQUEST (since last: 0.0005, network: 0s)
00000000  32:00:00:00:10:69:61:6d:65:72:73:5c:73:2d:77:6c  2....<username
00000010  61:6e:6d:61:63:00:00:00:0e:73:73:68:2d:63:6f:6e  here>....ssh-con
00000020  6e:65:63:74:69:6f:6e:00:00:00:08:70:61:73:73:77  nection....passw
00000030  6f:72:64:00:00:00:00:0f:49:24:54:37:38:48:3d:6c  ord.....<password
00000040  24:49:7b:75:33:49:79                             here>



<- NET_SSH2_MSG_USERAUTH_SUCCESS (since last: 0.0008, network: 0.0001s)
00000000  34                                               4

-> NET_SSH2_MSG_CHANNEL_OPEN (since last: 0.0002, network: 0s)
00000000  5a:00:00:00:07:73:65:73:73:69:6f:6e:00:00:00:01  Z....session....
00000010  7f:ff:ff:ff:00:00:40:00                          ......@.



<- NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION (since last: 0.0009, network: 0.0006s)
00000000  5b:00:00:00:01:00:00:00:00:00:00:00:00:00:00:80  [...............
00000010  00                                               .



-> NET_SSH2_MSG_CHANNEL_REQUEST (since last: 0.0004, network: 0s)
00000000  62:00:00:00:00:00:00:00:07:70:74:79:2d:72:65:71  b........pty-req
00000010  01:00:00:00:05:76:74:31:30:30:00:00:00:50:00:00  .....vt100...P..
00000020  00:18:00:00:00:00:00:00:00:00:00:00:00:01:00     ...............



<- NET_SSH2_MSG_CHANNEL_SUCCESS (since last: 0.002, network: 0.0015s)
00000000  63:00:00:00:01                                   c....



-> NET_SSH2_MSG_CHANNEL_REQUEST (since last: 0.0002, network: 0s)
00000000  62:00:00:00:00:00:00:00:05:73:68:65:6c:6c:01     b........shell.



<- NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST (since last: 0.0025, network: 0.0023s)
00000000  5d:00:00:00:01:00:02:00:00                       ]........



<- NET_SSH2_MSG_CHANNEL_SUCCESS (since last: 0.0002, network: 0s)
00000000  63:00:00:00:01                                   c....



-> NET_SSH2_MSG_CHANNEL_DATA (since last: 0.0002, network: 0s)
00000000  5e:00:00:00:00:00:00:00:11:69:61:6d:65:72:73:5c  ^........<username
00000010  73:2d:77:6c:61:6e:6d:61:63:0a                    here>.



<- NET_SSH2_MSG_CHANNEL_DATA (since last: 0.0011, network: 0s)
00000000  5e:00:00:00:01:00:00:00:12:69:61:6d:65:72:73:5c  ^........<username
00000010  73:2d:77:6c:61:6e:6d:61:63:0d:0a                 here>..



<- NET_SSH2_MSG_CHANNEL_DATA (since last: 0.0027, network: 0.0001s)
00000000  5e:00:00:00:01:00:00:00:76:0d:0a:0d:0a:28:43:69  ^.......v....(Ci
00000010  73:63:6f:20:43:6f:6e:74:72:6f:6c:6c:65:72:29:20  sco Controller)
00000020  0d:0a:55:73:65:72:3a:20:69:61:6d:65:72:73:5c:73  ..User: <username
00000030  2d:77:6c:61:6e:6d:61:63:0d:0a:50:61:73:73:77:6f  here>..Passwo
00000040  72:64:3a:52:61:77:20:6d:6f:64:65:20:77:69:6c:6c  rd:Raw mode will
00000050  20:6e:6f:74:20:62:65:20:73:75:70:70:6f:72:74:65   not be supporte
00000060  64:2c:20:43:6c:6f:73:69:6e:67:20:63:6f:6e:6e:65  d, Closing conne
00000070  63:74:69:6f:6e:2e:0a:0d:0a:55:73:65:72:3a:20     ction....User:


Any help would be greatly appreciated.
dustant
Traveler
 
Posts: 1
Joined: Fri Jul 26, 2013 5:48 pm

Re: using phpseclib to connect to cisco switch

Postby TerraFrost » Sun Aug 04, 2013 2:27 am

I apologize for not responding sooner... busy at work and didn't see your post meh.

Anyway...

chubby and I corresponded via email some after he made this post. This is what we did to get it working for him:

Code: Select all
<?php
include('Net/SSH2.php');

$ssh = new Net_SSH2('10.113.123.45');
$ssh->login('user');
$ssh->read('User Name:');
$ssh->write("user\n");
$ssh->setTimeout(1);
echo $ssh->read();
?>

ie. you're not providing a password to the login() function.

Let me know if that helps!
TerraFrost
Legendary Guard
 
Posts: 12357
Joined: Wed Dec 04, 2002 6:37 am


Return to phpseclib support

Who is online

Users browsing this forum: No registered users and 1 guest

cron