Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do i set flags when using phpseclib ssh2 exec() function?

Tags:

php

ssh

phpseclib

I'm using phpseclib and need to make a couple of php functions that enable someone to programmatically ssh into their server and change the root password and also change the password of a user that may have forgotten their password (so have to be logged in as root).

I tried using libssh2, but found it a bit nasty to use. I'm now looking at phpseclib which seems more robust. But when I tried to use the 'su' command like so:

echo $ssh->exec('su');

I get the reply:

su: must be run from a terminal

and when I try to use sudo:

echo $ssh->exec('sudo passwd root');

I get the error:

sudo: no tty present and no askpass program specified

Anyway, it turns out that su is disabled for direct ssh access, but after having a look at this article, it turns out you can do it with the following command:

ssh -t -t -l 'username' 'host' 'su -'

That's what finally worked for me anyway when entering into a terminal from my laptop (running ubuntu), and then I entered my password and then the root password to finish off.

Quoting from the site linked to above:

Ssh commands (using -t) the remote sshd to establish a 'pseudo-terminal' pipe to the worker process when -t is given.

. ssh does this as long as its stdin is a terminal.

. But if ssh's stdin is a non-terminal, ssh won't direct sshd to establish a
pseudo-terminal unless TWO -t's are given:

echo password | ssh -t -t -l username remote_host

. So with -t -t (from ssh) sshd sets up a pseudo-terminal to the client process.

. The client, whether it be 'tty' or 'su' cannot tell it is connected to a ficticious >terminal:

echo dummystr | ssh -t -t -l username host.com -c ''tty'

echo password | ssh -t -t -l username host.com -c 'su -'

So there is the answer. Use double -t if you are 'su root'ing' on a linux box through an >interactive client ssh like the one from OpenBSD.

So, it actually worked from the terminal as I said above using:

ssh -t -t -l 'username' 'host' 'su -'

but I really want to be able to execute this command using phpseclib. Only thing is I don't know how to put in any flags into the exec() function. Specifically, I need to put in the -t flags (twice).

I've looked for ages and can't find anything. Be really grateful for some help on this. Sorry about the length of this post as well. :)

Cheers

Joe

like image 758
Joe Avatar asked Jul 14 '26 09:07

Joe


2 Answers

If sudo passwd root requires a tty try read() / write() in phpseclib. eg.

<?php
include('Net/SSH2.php');

$ssh = new Net_SSH2('localhost', 22);
$ssh->login('username', 'password');

$ssh->read('[prompt]');
$ssh->write("sudo passwd root\n");
$ssh->read('Password:');
$ssh->write("Password\n");
echo $ssh->read('[prompt]');
?>

Actually, I'm just copy / pasting from your other post: php ssh2_exec not executing 'su' command

Looks like you were getting some help there and then stopped following up? Someone suggested you need to add new lines to your commands. Did you try that? They also suggested posting on the phpseclib support forums. Seems like a good bit of advice to me...

like image 121
rhinestone Avatar answered Jul 15 '26 23:07

rhinestone


You can enable the pseudoterminal by calling

$ssh->enablePTY();

after you login, but before the exec. This will prevent it from complaining about the missing tty.

like image 35
Benubird Avatar answered Jul 15 '26 23:07

Benubird



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!