Documentation

SSH2
in package

Pure-PHP implementation of SSHv2.

Tags
author

Jim Wigginton terrafrost@php.net

access

public

Table of Contents

Constants

CHANNEL_AGENT_FORWARD  = 4
CHANNEL_EXEC  = 1
CHANNEL_KEEP_ALIVE  = 5
CHANNEL_SHELL  = 2
CHANNEL_SUBSYSTEM  = 3
LOG_COMPLEX  = 2
Returns the message content
LOG_MAX_SIZE  = 1048576
Make sure that the log never gets larger than this
LOG_REALTIME  = 3
Outputs the content real-time
LOG_REALTIME_FILE  = 4
Dumps the content real-time to a file
LOG_SIMPLE  = 1
Returns the message numbers
MASK_CONNECTED  = 0x2
MASK_CONSTRUCTOR  = 0x1
MASK_LOGIN  = 0x8
MASK_LOGIN_REQ  = 0x4
MASK_SHELL  = 0x10
MASK_WINDOW_ADJUST  = 0x20
READ_NEXT  = 3
Returns whenever a data packet is received.
READ_REGEX  = 2
Returns when a string matching the regular expression $expect is found
READ_SIMPLE  = 1
Returns when a string matching $expect exactly is found

Properties

$fsock  : object
The Socket Object
$auth  : array<string|int, mixed>
Authentication Credentials
$bitmap  : int
Execution Bitmap
$channel_status  : array<string|int, mixed>
Channel Status
$curTimeout  : mixed
Current Timeout
$preferred_signature_format  : string|false
Preferred Signature Format
$server_channels  : array<string|int, mixed>
Server Channels
$timeout  : mixed
Timeout
$window_size  : int
The Window Size
$window_size_server_to_client  : array<string|int, mixed>
Window size, server to client
$agent  : Agent
A System_SSH_Agent for use in the SSH2 Agent Forwarding scenario
$auth_methods_to_continue  : array<string|int, mixed>|null
The authentication methods that may productively continue authentication.
$bad_key_size_fix  : bool
Some versions of OpenSSH incorrectly calculate the key size
$banner_message  : string
Banner Message
$binary_packet_buffer  : string|false
Binary Packet Buffer
$channel_buffers  : array<string|int, mixed>
Channel Buffers
$channel_extended_data_type_codes  : array<string|int, mixed>
SSH_MSG_CHANNEL_EXTENDED_DATA's data_type_codes
$channel_open_failure_reasons  : array<string|int, mixed>
SSH_MSG_CHANNEL_OPEN_FAILURE 'reason codes', defined in RFC4254
$compression_algorithms_client_to_server  : array<string|int, mixed>|false
Compression Algorithms: Client to Server
$compression_algorithms_server_to_client  : array<string|int, mixed>|false
Compression Algorithms: Server to Client
$connections  : array<string|int, SSH2>
Connection storage to replicates ssh2 extension functionality: {@link http://php.net/manual/en/wrappers.ssh2.php#refsect1-wrappers.ssh2-examples}
$crypto_engine  : int
Crypto Engine
$decrypt  : object
Server to Client Encryption Object
$decrypt_block_size  : int
Block Size for Client to Server Encryption
$disconnect_reasons  : array<string|int, mixed>
Disconnection Message 'reason codes' defined in RFC4253
$encrypt  : object
Client to Server Encryption Object
$encrypt_block_size  : int
Block Size for Server to Client Encryption
$encryption_algorithms_client_to_server  : array<string|int, mixed>|false
Encryption Algorithms: Client to Server
$encryption_algorithms_server_to_client  : array<string|int, mixed>|false
Encryption Algorithms: Server to Client
$errors  : array<string|int, mixed>
Error information
$exchange_hash  : string
Exchange hash
$exit_status  : int
Exit status returned from ssh if any
$get_seq_no  : int
Get Sequence Number
$hmac_check  : object
Server to Client HMAC Object
$hmac_create  : object
Client to Server HMAC Object
$hmac_size  : int
Size of server to client HMAC
$host  : string
Hostname
$identifier  : string
The SSH identifier
$in_request_pty_exec  : bool
Flag set while exec() is running when using enablePTY()
$in_subsystem  : bool
Flag set after startSubsystem() is called
$interactiveBuffer  : array<string|int, mixed>
Interactive Buffer
$is_timeout  : bool
Did read() timeout or return normally?
$keepAlive  : mixed
Keep Alive Interval
$kex_algorithm  : string|false
Key Exchange Algorithm
$kex_algorithms  : array<string|int, mixed>|false
Key Exchange Algorithms
$kex_dh_group_size_max  : int
Maximum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
$kex_dh_group_size_min  : int
Minimum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
$kex_dh_group_size_preferred  : int
Preferred Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
$keyboard_requests_responses  : array<string|int, mixed>
Keyboard Interactive Request / Responses
$languages_client_to_server  : array<string|int, mixed>|false
Languages: Client to Server
$languages_server_to_client  : array<string|int, mixed>|false
Languages: Server to Client
$last_interactive_response  : string
The Last Interactive Response
$last_packet  : int
Time of first network activity
$lengthDecrypt  : object
Server to Client Length Encryption Object
$lengthEncrypt  : object
Client to Server Length Encryption Object
$log_boundary  : string
Log Boundary
$log_long_width  : int
Log Long Width
$log_short_width  : int
Log Short Width
$log_size  : int
Current log size
$mac_algorithms_client_to_server  : array<string|int, mixed>|false
MAC Algorithms: Client to Server
$mac_algorithms_server_to_client  : array<string|int, mixed>|false
MAC Algorithms: Server to Client
$message_log  : array<string|int, mixed>
Message Log
$message_number_log  : array<string|int, mixed>
Message Number Log
$message_numbers  : array<string|int, mixed>
Message Numbers
$packet_size_client_to_server  : array<string|int, mixed>
Packet Size
$port  : int
Port Number
$preferred  : array<string|int, mixed>
Preferred Algorithms
$quiet_mode  : mixed
Flag to suppress stderr from output
$realtime_log_file  : resource
Real-time log file pointer
$realtime_log_size  : int
Real-time log file size
$realtime_log_wrap  : mixed
Real-time log file wrap boolean
$request_pty  : bool
Flag to request a PTY when using exec()
$retry_connect  : bool
Should we try to re-connect to re-establish keys?
$send_id_string_first  : bool
Send the identification string first?
$send_kex_first  : bool
Send the key exchange initiation packet first?
$send_seq_no  : int
Send Sequence Number
$server_host_key_algorithms  : array<string|int, mixed>|false
Server Host Key Algorithms
$server_identifier  : array<string|int, mixed>|false
Server Identifier
$server_public_host_key  : string
Server Public Host Key
$session_id  : string
Session identifier
$signature  : string
Server signature
$signature_format  : string
Server signature format
$signature_validated  : bool
Has the signature been validated?
$stdErrorLog  : string
Contents of stdError
$term  : string
Terminal
$terminal_modes  : array<string|int, mixed>
Terminal Modes
$window_resize  : int
What we resize the window to
$window_size_client_to_server  : array<string|int, mixed>
Window size, client to server
$windowColumns  : int
Number of columns for terminal window size
$windowRows  : int
Number of columns for terminal window size

Methods

__construct()  : SSH2|void
Default Constructor.
__destruct()  : mixed
Destructor.
__toString()  : string
To String Magic Method
disablePTY()  : mixed
Disable request-pty when using exec()
disableQuietMode()  : mixed
Disable Quiet Mode
disconnect()  : mixed
Disconnect
enablePTY()  : mixed
Enable request-pty when using exec()
enableQuietMode()  : mixed
Enable Quiet Mode
exec()  : string
Execute Command
getAlgorithmsNegotiated()  : array<string|int, mixed>
Return list of negotiated algorithms
getAuthMethodsToContinue()  : array<string|int, mixed>|null
Return the list of authentication methods that may productively continue authentication.
getBannerMessage()  : string
Returns the banner message.
getConnectionByResourceId()  : bool|SSH2
Return existing connection
getConnections()  : array<string|int, SSH2>
Return all excising connections
getErrors()  : array<string|int, string>
Returns all errors
getExitStatus()  : false|int
Returns the exit status of an SSH command or false.
getLastError()  : string
Returns the last error
getLog()  : array<string|int, mixed>|false|string
Returns a log of the packets that have been sent and received.
getResourceId()  : string
Get Resource ID
getServerAlgorithms()  : array<string|int, mixed>
Returns a list of algorithms the server supports
getServerIdentification()  : string
Return the server identification.
getServerPublicHostKey()  : mixed
Returns the server public host key.
getStdError()  : mixed
Get the output from stdError
getSupportedCompressionAlgorithms()  : array<string|int, mixed>
Returns a list of compression algorithms that phpseclib supports
getSupportedEncryptionAlgorithms()  : array<string|int, mixed>
Returns a list of symmetric key algorithms that phpseclib supports
getSupportedHostKeyAlgorithms()  : array<string|int, mixed>
Returns a list of host key algorithms that phpseclib supports
getSupportedKEXAlgorithms()  : array<string|int, mixed>
Returns a list of KEX algorithms that phpseclib supports
getSupportedMACAlgorithms()  : array<string|int, mixed>
Returns a list of MAC algorithms that phpseclib supports
getWindowColumns()  : int
Returns the number of columns for the terminal window size.
getWindowRows()  : int
Returns the number of rows for the terminal window size.
isAuthenticated()  : bool
Have you successfully been logged in?
isConnected()  : bool
Is the connection still active?
isPTYEnabled()  : bool
Returns whether request-pty is enabled or not
isQuietModeEnabled()  : bool
Returns whether Quiet Mode is enabled or not
isTimeout()  : mixed
Is timeout?
login()  : bool
Login
ping()  : bool
Pings a server connection, or tries to reconnect if the connection has gone down
read()  : string|bool|null
Returns the output of an interactive shell
requestAgentForwarding()  : bool
Request agent forwarding of remote server
reset()  : mixed
Closes a channel
sendIdentificationStringFirst()  : mixed
Send Identification String First
sendIdentificationStringLast()  : mixed
Send Identification String Last
sendKEXINITFirst()  : mixed
Send SSH_MSG_KEXINIT First
sendKEXINITLast()  : mixed
Send SSH_MSG_KEXINIT Last
setCryptoEngine()  : mixed
Set Crypto Engine Mode
setKeepAlive()  : mixed
Set Keep Alive
setPreferredAlgorithms()  : mixed
Accepts an associative array with up to four parameters as described at <https://www.php.net/manual/en/function.ssh2-connect.php>
setTerminal()  : mixed
Allows you to set the terminal
setTimeout()  : mixed
Set Timeout
setWindowColumns()  : mixed
Sets the number of columns for the terminal window size.
setWindowRows()  : mixed
Sets the number of rows for the terminal window size.
setWindowSize()  : mixed
Sets the number of columns and rows for the terminal window size.
startSubsystem()  : bool
Start a subsystem.
stopSubsystem()  : bool
Stops a subsystem.
write()  : bool
Inputs a command into an interactive shell.
define_array()  : mixed
Define Array
disconnect_helper()  : bool
Disconnect
format_log()  : string
Formats a log for printing
get_channel_packet()  : mixed
Gets channel data
reset_connection()  : mixed
Resets a connection for re-use
send_binary_packet()  : bool
Sends Binary Packets
send_channel_packet()  : bool
Sends channel data
sublogin()  : bool
Login Helper
append_log()  : mixed
Logs data packets
array_intersect_first()  : mixed
Returns the first value of the intersection of two arrays or false if the intersection is empty. The order is defined by the first parameter.
bad_algorithm_candidate()  : mixed
close_channel()  : bool
Closes and flushes a channel
connect()  : mixed
Connect to an SSHv2 server
encryption_algorithm_to_crypt_instance()  : mixed
Maps an encryption algorithm name to an instance of a subclass of \phpseclib3\Crypt\Common\SymmetricKey.
encryption_algorithm_to_key_size()  : int|null
Maps an encryption algorithm name to the number of key bytes.
filter()  : string
Filter Binary Packets
generate_identifier()  : string
Generates the SSH identifier
get_binary_packet()  : string
Gets Binary Packets
get_interactive_channel()  : int
Return the channel to be used with read() / write()
get_open_channel()  : int
Return an available open channel
initShell()  : bool
Creates an interactive shell
key_exchange()  : bool
Key Exchange
keyboard_interactive_login()  : bool
Login via keyboard-interactive authentication
keyboard_interactive_process()  : bool
Handle the keyboard-interactive requests / responses.
login_helper()  : bool
Login Helper
mac_algorithm_to_hash_instance()  : mixed
Maps an encryption algorithm name to an instance of a subclass of \phpseclib3\Crypt\Hash.
on_channel_open()  : mixed
Helper function for agent->on_channel_open()
privatekey_login()  : bool
Login with an RSA private key
read_remaining_bytes()  : string
Read Remaining Bytes
reconnect()  : bool
In situ reconnect method
ssh_agent_login()  : bool
Login with an ssh-agent provided key
updateLogHistory()  : mixed

Constants

CHANNEL_AGENT_FORWARD

public mixed CHANNEL_AGENT_FORWARD = 4

CHANNEL_EXEC

public mixed CHANNEL_EXEC = 1

CHANNEL_KEEP_ALIVE

public mixed CHANNEL_KEEP_ALIVE = 5

CHANNEL_SHELL

public mixed CHANNEL_SHELL = 2

CHANNEL_SUBSYSTEM

public mixed CHANNEL_SUBSYSTEM = 3

LOG_COMPLEX

Returns the message content

public mixed LOG_COMPLEX = 2
Tags
access

public

see
SSH2::getLog()

LOG_MAX_SIZE

Make sure that the log never gets larger than this

public mixed LOG_MAX_SIZE = 1048576
Tags
access

public

see
SSH2::getLog()

LOG_REALTIME

Outputs the content real-time

public mixed LOG_REALTIME = 3
Tags
access

public

see
SSH2::getLog()

LOG_REALTIME_FILE

Dumps the content real-time to a file

public mixed LOG_REALTIME_FILE = 4
Tags
access

public

see
SSH2::getLog()

LOG_SIMPLE

Returns the message numbers

public mixed LOG_SIMPLE = 1
Tags
access

public

see
SSH2::getLog()

MASK_CONNECTED

public mixed MASK_CONNECTED = 0x2

MASK_CONSTRUCTOR

public mixed MASK_CONSTRUCTOR = 0x1

MASK_LOGIN

public mixed MASK_LOGIN = 0x8

MASK_LOGIN_REQ

public mixed MASK_LOGIN_REQ = 0x4

MASK_SHELL

public mixed MASK_SHELL = 0x10

MASK_WINDOW_ADJUST

public mixed MASK_WINDOW_ADJUST = 0x20

READ_NEXT

Returns whenever a data packet is received.

public mixed READ_NEXT = 3

Some data packets may only contain a single character so it may be necessary to call read() multiple times when using this option

Tags
access

public

see
SSH2::read()

READ_REGEX

Returns when a string matching the regular expression $expect is found

public mixed READ_REGEX = 2
Tags
access

public

see
SSH2::read()

READ_SIMPLE

Returns when a string matching $expect exactly is found

public mixed READ_SIMPLE = 1
Tags
access

public

see
SSH2::read()

Properties

$fsock

The Socket Object

public object $fsock
Tags
access

private

$auth

Authentication Credentials

protected array<string|int, mixed> $auth = []
Tags
access

private

$bitmap

Execution Bitmap

protected int $bitmap = 0

The bits that are set represent functions that have been called already. This is used to determine if a requisite function has been successfully executed. If not, an error should be thrown.

Tags
access

private

$channel_status

Channel Status

protected array<string|int, mixed> $channel_status = []

Contains the type of the last sent message

Tags
see
self::get_channel_packet()
access

private

$curTimeout

Current Timeout

protected mixed $curTimeout
Tags
see
self::get_channel_packet()
access

private

$preferred_signature_format

Preferred Signature Format

protected string|false $preferred_signature_format = false
Tags
access

private

$server_channels

Server Channels

protected array<string|int, mixed> $server_channels = []

Maps client channels to server channels

Tags
see
self::get_channel_packet()
see
self::exec()
access

private

$timeout

Timeout

protected mixed $timeout
Tags
see
self::setTimeout()
access

private

$window_size

The Window Size

protected int $window_size = 0x7fffffff

Bytes the other party can send before it must wait for the window to be adjusted (0x7FFFFFFF = 2GB)

Tags
see
self::send_channel_packet()
see
self::exec()
access

private

$window_size_server_to_client

Window size, server to client

protected array<string|int, mixed> $window_size_server_to_client = []

Window size indexed by channel

Tags
see
self::send_channel_packet()
access

private

$agent

A System_SSH_Agent for use in the SSH2 Agent Forwarding scenario

private Agent $agent
Tags
access

private

$bad_key_size_fix

Some versions of OpenSSH incorrectly calculate the key size

private bool $bad_key_size_fix = false
Tags
access

private

$banner_message

Banner Message

private string $banner_message = ''

Quoting from the RFC, "in some jurisdictions, sending a warning message before authentication may be relevant for getting legal protection."

Tags
see
self::_filter()
see
self::getBannerMessage()
access

private

$binary_packet_buffer

Binary Packet Buffer

private string|false $binary_packet_buffer = false
Tags
access

private

$channel_buffers

Channel Buffers

private array<string|int, mixed> $channel_buffers = []

If a client requests a packet from one channel but receives two packets from another those packets should be placed in a buffer

Tags
see
self::get_channel_packet()
see
self::exec()
access

private

$channel_open_failure_reasons

SSH_MSG_CHANNEL_OPEN_FAILURE 'reason codes', defined in RFC4254

private array<string|int, mixed> $channel_open_failure_reasons = []
Tags
see
self::__construct()
access

private

$compression_algorithms_client_to_server

Compression Algorithms: Client to Server

private array<string|int, mixed>|false $compression_algorithms_client_to_server = false
Tags
see
self::getCompressionAlgorithmsClient2Server()
access

private

$compression_algorithms_server_to_client

Compression Algorithms: Server to Client

private array<string|int, mixed>|false $compression_algorithms_server_to_client = false
Tags
see
self::getCompressionAlgorithmsServer2Client()
access

private

$connections

Connection storage to replicates ssh2 extension functionality: {@link http://php.net/manual/en/wrappers.ssh2.php#refsect1-wrappers.ssh2-examples}

private static array<string|int, SSH2> $connections

$crypto_engine

Crypto Engine

private static int $crypto_engine = false
Tags
see
self::setCryptoEngine()
see
self::_key_exchange()
access

private

$decrypt

Server to Client Encryption Object

private object $decrypt = false
Tags
see
self::_get_binary_packet()
access

private

$decrypt_block_size

Block Size for Client to Server Encryption

private int $decrypt_block_size = 8
Tags
see
self::__construct()
see
self::_get_binary_packet()
access

private

$disconnect_reasons

Disconnection Message 'reason codes' defined in RFC4253

private array<string|int, mixed> $disconnect_reasons = []
Tags
see
self::__construct()
access

private

$encrypt

Client to Server Encryption Object

private object $encrypt = false
Tags
see
self::_send_binary_packet()
access

private

$encrypt_block_size

Block Size for Server to Client Encryption

private int $encrypt_block_size = 8

"Note that the length of the concatenation of 'packet_length', 'padding_length', 'payload', and 'random padding' MUST be a multiple of the cipher block size or 8, whichever is larger. This constraint MUST be enforced, even when using stream ciphers."

-- http://tools.ietf.org/html/rfc4253#section-6

Tags
see
self::__construct()
see
self::_send_binary_packet()
access

private

$encryption_algorithms_client_to_server

Encryption Algorithms: Client to Server

private array<string|int, mixed>|false $encryption_algorithms_client_to_server = false
Tags
see
self::getEncryptionAlgorithmsClient2Server()
access

private

$encryption_algorithms_server_to_client

Encryption Algorithms: Server to Client

private array<string|int, mixed>|false $encryption_algorithms_server_to_client = false
Tags
see
self::getEncryptionAlgorithmsServer2Client()
access

private

$errors

Error information

private array<string|int, mixed> $errors = []
Tags
see
self::getErrors()
see
self::getLastError()
access

private

$exchange_hash

Exchange hash

private string $exchange_hash = false

The current exchange hash

Tags
see
self::_key_exchange()
access

private

$exit_status

Exit status returned from ssh if any

private int $exit_status
Tags
access

private

$get_seq_no

Get Sequence Number

private int $get_seq_no = 0

See 'Section 6.4. Data Integrity' of rfc4253 for more info.

Tags
see
self::_get_binary_packet()
access

private

$hmac_check

Server to Client HMAC Object

private object $hmac_check = false
Tags
see
self::_get_binary_packet()
access

private

$hmac_create

Client to Server HMAC Object

private object $hmac_create = false
Tags
see
self::_send_binary_packet()
access

private

$hmac_size

Size of server to client HMAC

private int $hmac_size = false

We need to know how big the HMAC will be for the server to client direction so that we know how many bytes to read. For the client to server side, the HMAC object will make the HMAC as long as it needs to be. All we need to do is append it.

Tags
see
self::_get_binary_packet()
access

private

$host

Hostname

private string $host
Tags
see
self::__construct()
see
self::_connect()
access

private

$identifier

The SSH identifier

private string $identifier
Tags
access

private

$in_request_pty_exec

Flag set while exec() is running when using enablePTY()

private bool $in_request_pty_exec = false
Tags
access

private

$in_subsystem

Flag set after startSubsystem() is called

private bool $in_subsystem
Tags
access

private

$interactiveBuffer

Interactive Buffer

private array<string|int, mixed> $interactiveBuffer = ''
Tags
see
self::read()
access

private

$is_timeout

Did read() timeout or return normally?

private bool $is_timeout = false
Tags
see
self::isTimeout()
access

private

$keepAlive

Keep Alive Interval

private mixed $keepAlive
Tags
see
self::setKeepAlive()
access

private

$kex_algorithm

Key Exchange Algorithm

private string|false $kex_algorithm = false
Tags
see
self::getMethodsNegotiated()
access

private

$kex_algorithms

Key Exchange Algorithms

private array<string|int, mixed>|false $kex_algorithms = false
Tags
see
self::getKexAlgorithims()
access

private

$kex_dh_group_size_max

Maximum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods

private int $kex_dh_group_size_max = 4096
Tags
see
self::_key_exchange()
access

private

$kex_dh_group_size_min

Minimum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods

private int $kex_dh_group_size_min = 1536
Tags
see
self::_key_exchange()
access

private

$kex_dh_group_size_preferred

Preferred Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods

private int $kex_dh_group_size_preferred = 2048
Tags
see
self::_key_exchange()
access

private

$keyboard_requests_responses

Keyboard Interactive Request / Responses

private array<string|int, mixed> $keyboard_requests_responses = []
Tags
see
self::_keyboard_interactive_process()
access

private

$languages_client_to_server

Languages: Client to Server

private array<string|int, mixed>|false $languages_client_to_server = false
Tags
see
self::getLanguagesClient2Server()
access

private

$languages_server_to_client

Languages: Server to Client

private array<string|int, mixed>|false $languages_server_to_client = false
Tags
see
self::getLanguagesServer2Client()
access

private

$last_interactive_response

The Last Interactive Response

private string $last_interactive_response = ''
Tags
see
self::_keyboard_interactive_process()
access

private

$last_packet

Time of first network activity

private int $last_packet
Tags
access

private

$lengthDecrypt

Server to Client Length Encryption Object

private object $lengthDecrypt = false
Tags
see
self::_get_binary_packet()
access

private

$lengthEncrypt

Client to Server Length Encryption Object

private object $lengthEncrypt = false
Tags
see
self::_send_binary_packet()
access

private

$log_boundary

Log Boundary

private string $log_boundary = ':'
Tags
see
self::_format_log()
access

private

$log_long_width

Log Long Width

private int $log_long_width = 65
Tags
see
self::_format_log()
access

private

$log_short_width

Log Short Width

private int $log_short_width = 16
Tags
see
self::_format_log()
access

private

$log_size

Current log size

private int $log_size

Should never exceed self::LOG_MAX_SIZE

Tags
see
self::_send_binary_packet()
see
self::_get_binary_packet()
access

private

$mac_algorithms_client_to_server

MAC Algorithms: Client to Server

private array<string|int, mixed>|false $mac_algorithms_client_to_server = false
Tags
see
self::getMACAlgorithmsClient2Server()
access

private

$mac_algorithms_server_to_client

MAC Algorithms: Server to Client

private array<string|int, mixed>|false $mac_algorithms_server_to_client = false
Tags
see
self::getMACAlgorithmsServer2Client()
access

private

$message_log

Message Log

private array<string|int, mixed> $message_log = []
Tags
see
self::getLog()
access

private

$message_number_log

Message Number Log

private array<string|int, mixed> $message_number_log = []
Tags
see
self::getLog()
access

private

$message_numbers

Message Numbers

private array<string|int, mixed> $message_numbers = []
Tags
see
self::__construct()
access

private

$packet_size_client_to_server

Packet Size

private array<string|int, mixed> $packet_size_client_to_server = []

Maximum packet size indexed by channel

Tags
see
self::send_channel_packet()
access

private

$port

Port Number

private int $port
Tags
see
self::__construct()
see
self::_connect()
access

private

$preferred

Preferred Algorithms

private array<string|int, mixed> $preferred = []
Tags
see
self::setPreferredAlgorithms()
access

private

$quiet_mode

Flag to suppress stderr from output

private mixed $quiet_mode = false
Tags
see
self::enableQuietMode()
access

private

$realtime_log_file

Real-time log file pointer

private resource $realtime_log_file
Tags
see
self::_append_log()
access

private

$realtime_log_size

Real-time log file size

private int $realtime_log_size
Tags
see
self::_append_log()
access

private

$realtime_log_wrap

Real-time log file wrap boolean

private mixed $realtime_log_wrap
Tags
see
self::_append_log()
access

private

$request_pty

Flag to request a PTY when using exec()

private bool $request_pty = false
Tags
see
self::enablePTY()
access

private

$retry_connect

Should we try to re-connect to re-establish keys?

private bool $retry_connect = false
Tags
access

private

$send_id_string_first

Send the identification string first?

private bool $send_id_string_first = true
Tags
access

private

$send_kex_first

Send the key exchange initiation packet first?

private bool $send_kex_first = true
Tags
access

private

$send_seq_no

Send Sequence Number

private int $send_seq_no = 0

See 'Section 6.4. Data Integrity' of rfc4253 for more info.

Tags
see
self::_send_binary_packet()
access

private

$server_host_key_algorithms

Server Host Key Algorithms

private array<string|int, mixed>|false $server_host_key_algorithms = false
Tags
see
self::getServerHostKeyAlgorithms()
access

private

$server_identifier

Server Identifier

private array<string|int, mixed>|false $server_identifier = false
Tags
see
self::getServerIdentification()
access

private

$server_public_host_key

Server Public Host Key

private string $server_public_host_key
Tags
see
self::getServerPublicHostKey()
access

private

$session_id

Session identifier

private string $session_id = false

"The exchange hash H from the first key exchange is additionally used as the session identifier, which is a unique identifier for this connection."

-- http://tools.ietf.org/html/rfc4253#section-7.2

Tags
see
self::_key_exchange()
access

private

$signature

Server signature

private string $signature = ''

Verified against $this->session_id

Tags
see
self::getServerPublicHostKey()
access

private

$signature_format

Server signature format

private string $signature_format = ''

ssh-rsa or ssh-dss.

Tags
see
self::getServerPublicHostKey()
access

private

$signature_validated

Has the signature been validated?

private bool $signature_validated = false
Tags
see
self::getServerPublicHostKey()
access

private

$stdErrorLog

Contents of stdError

private string $stdErrorLog
Tags
access

private

$term

Terminal

private string $term = 'vt100'
Tags
access

private

$window_resize

What we resize the window to

private int $window_resize = 0x40000000

When PuTTY resizes the window it doesn't add an additional 0x7FFFFFFF bytes - it adds 0x40000000 bytes. Some SFTP clients (GoAnywhere) don't support adding 0x7FFFFFFF to the window size after the fact so we'll just do what PuTTY does

Tags
see
self::_send_channel_packet()
see
self::exec()
access

private

$window_size_client_to_server

Window size, client to server

private array<string|int, mixed> $window_size_client_to_server = []

Window size indexed by channel

Tags
see
self::get_channel_packet()
access

private

$windowColumns

Number of columns for terminal window size

private int $windowColumns = 80
Tags
see
self::getWindowColumns()
see
self::setWindowColumns()
see
self::setWindowSize()
access

private

$windowRows

Number of columns for terminal window size

private int $windowRows = 24
Tags
see
self::getWindowRows()
see
self::setWindowRows()
see
self::setWindowSize()
access

private

Methods

__construct()

Default Constructor.

public __construct(mixed $host[, int $port = 22 ][, int $timeout = 10 ]) : SSH2|void

$host can either be a string, representing the host, or a stream resource.

Parameters
$host : mixed
$port : int = 22
$timeout : int = 10
Tags
see
self::login()
access

public

Return values
SSH2|void

__destruct()

Destructor.

public __destruct() : mixed

Will be called, automatically, if you're supporting just PHP5. If you're supporting PHP4, you'll need to call disconnect().

Tags
access

public

__toString()

To String Magic Method

public __toString() : string
Tags
access

public

Return values
string

disablePTY()

Disable request-pty when using exec()

public disablePTY() : mixed
Tags
access

public

disableQuietMode()

Disable Quiet Mode

public disableQuietMode() : mixed

Show stderr in output

Tags
access

public

disconnect()

Disconnect

public disconnect() : mixed
Tags
access

public

enablePTY()

Enable request-pty when using exec()

public enablePTY() : mixed
Tags
access

public

enableQuietMode()

Enable Quiet Mode

public enableQuietMode() : mixed

Suppress stderr from output

Tags
access

public

exec()

Execute Command

public exec(string $command[, callable $callback = null ]) : string

If $callback is set to false then \phpseclib3\Net\SSH2::get_channel_packet(self::CHANNEL_EXEC) will need to be called manually. In all likelihood, this is not a feature you want to be taking advantage of.

Parameters
$command : string
$callback : callable = null
Tags
throws
RuntimeException

on connection error

access

public

Return values
string

getAlgorithmsNegotiated()

Return list of negotiated algorithms

public getAlgorithmsNegotiated() : array<string|int, mixed>

Uses the same format as https://www.php.net/ssh2-methods-negotiated

Tags
access

public

Return values
array<string|int, mixed>

getAuthMethodsToContinue()

Return the list of authentication methods that may productively continue authentication.

public getAuthMethodsToContinue() : array<string|int, mixed>|null
Tags
see
https://tools.ietf.org/html/rfc4252#section-5.1
Return values
array<string|int, mixed>|null

getBannerMessage()

Returns the banner message.

public getBannerMessage() : string

Quoting from the RFC, "in some jurisdictions, sending a warning message before authentication may be relevant for getting legal protection."

Tags
access

public

Return values
string

getConnectionByResourceId()

Return existing connection

public static getConnectionByResourceId(string $id) : bool|SSH2
Parameters
$id : string
Return values
bool|SSH2

will return false if no such connection

getConnections()

Return all excising connections

public static getConnections() : array<string|int, SSH2>
Return values
array<string|int, SSH2>

getErrors()

Returns all errors

public getErrors() : array<string|int, string>
Tags
access

public

Return values
array<string|int, string>

getExitStatus()

Returns the exit status of an SSH command or false.

public getExitStatus() : false|int
Tags
access

public

Return values
false|int

getLastError()

Returns the last error

public getLastError() : string
Tags
access

public

Return values
string

getLog()

Returns a log of the packets that have been sent and received.

public getLog() : array<string|int, mixed>|false|string

Returns a string if NET_SSH2_LOGGING == self::LOG_COMPLEX, an array if NET_SSH2_LOGGING == self::LOG_SIMPLE and false if !defined('NET_SSH2_LOGGING')

Tags
access

public

Return values
array<string|int, mixed>|false|string

getResourceId()

Get Resource ID

public getResourceId() : string

We use } because that symbols should not be in URL according to RFC. It will safe us from any conflicts, because otherwise regexp will match all alphanumeric domains.

Return values
string

getServerAlgorithms()

Returns a list of algorithms the server supports

public getServerAlgorithms() : array<string|int, mixed>
Tags
access

public

Return values
array<string|int, mixed>

getServerIdentification()

Return the server identification.

public getServerIdentification() : string
Tags
access

public

Return values
string

getServerPublicHostKey()

Returns the server public host key.

public getServerPublicHostKey() : mixed

Caching this the first time you connect to a server and checking the result on subsequent connections is recommended. Returns false if the server signature is not signed correctly with the public host key.

Tags
throws
RuntimeException

on badly formatted keys

throws
NoSupportedAlgorithmsException

when the key isn't in a supported format

access

public

getStdError()

Get the output from stdError

public getStdError() : mixed
Tags
access

public

getSupportedCompressionAlgorithms()

Returns a list of compression algorithms that phpseclib supports

public static getSupportedCompressionAlgorithms() : array<string|int, mixed>
Tags
access

public

Return values
array<string|int, mixed>

getSupportedEncryptionAlgorithms()

Returns a list of symmetric key algorithms that phpseclib supports

public static getSupportedEncryptionAlgorithms() : array<string|int, mixed>
Tags
access

public

Return values
array<string|int, mixed>

getSupportedHostKeyAlgorithms()

Returns a list of host key algorithms that phpseclib supports

public static getSupportedHostKeyAlgorithms() : array<string|int, mixed>
Tags
access

public

Return values
array<string|int, mixed>

getSupportedKEXAlgorithms()

Returns a list of KEX algorithms that phpseclib supports

public static getSupportedKEXAlgorithms() : array<string|int, mixed>
Tags
access

public

Return values
array<string|int, mixed>

getSupportedMACAlgorithms()

Returns a list of MAC algorithms that phpseclib supports

public static getSupportedMACAlgorithms() : array<string|int, mixed>
Tags
access

public

Return values
array<string|int, mixed>

getWindowColumns()

Returns the number of columns for the terminal window size.

public getWindowColumns() : int
Tags
access

public

Return values
int

getWindowRows()

Returns the number of rows for the terminal window size.

public getWindowRows() : int
Tags
access

public

Return values
int

isAuthenticated()

Have you successfully been logged in?

public isAuthenticated() : bool
Tags
access

public

Return values
bool

isConnected()

Is the connection still active?

public isConnected() : bool
Tags
access

public

Return values
bool

isPTYEnabled()

Returns whether request-pty is enabled or not

public isPTYEnabled() : bool
Tags
see
self::enablePTY()
see
self::disablePTY()
access

public

Return values
bool

isQuietModeEnabled()

Returns whether Quiet Mode is enabled or not

public isQuietModeEnabled() : bool
Tags
see
self::enableQuietMode()
see
self::disableQuietMode()
access

public

Return values
bool

isTimeout()

Is timeout?

public isTimeout() : mixed

Did exec() or read() return because they timed out or because they encountered the end?

Tags
access

public

login()

Login

public login(string $username, string|AsymmetricKey|array<string|int, array<string|int, mixed>>|Agent|null ...$args) : bool

The $password parameter can be a plaintext password, a \phpseclib3\Crypt\RSA|EC|DSA object, a \phpseclib3\System\SSH\Agent object or an array

Parameters
$username : string
$args : string|AsymmetricKey|array<string|int, array<string|int, mixed>>|Agent|null
Tags
see
self::_login()
access

public

Return values
bool

ping()

Pings a server connection, or tries to reconnect if the connection has gone down

public ping() : bool

Inspired by http://php.net/manual/en/mysqli.ping.php

Return values
bool

read()

Returns the output of an interactive shell

public read([string $expect = '' ][, int $mode = self::READ_SIMPLE ]) : string|bool|null

Returns when there's a match for $expect, which can take the form of a string literal or, if $mode == self::READ_REGEX, a regular expression.

Parameters
$expect : string = ''
$mode : int = self::READ_SIMPLE
Tags
see
self::write()
throws
RuntimeException

on connection error

access

public

Return values
string|bool|null

requestAgentForwarding()

Request agent forwarding of remote server

public requestAgentForwarding() : bool
Tags
access

public

Return values
bool

reset()

Closes a channel

public reset() : mixed

If read() timed out you might want to just close the channel and have it auto-restart on the next read() call

Tags
access

public

sendIdentificationStringFirst()

Send Identification String First

public sendIdentificationStringFirst() : mixed

https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established, both sides MUST send an identification string". It does not say which side sends it first. In theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy

Tags
access

public

sendIdentificationStringLast()

Send Identification String Last

public sendIdentificationStringLast() : mixed

https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established, both sides MUST send an identification string". It does not say which side sends it first. In theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy

Tags
access

public

sendKEXINITFirst()

Send SSH_MSG_KEXINIT First

public sendKEXINITFirst() : mixed

https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy

Tags
access

public

sendKEXINITLast()

Send SSH_MSG_KEXINIT Last

public sendKEXINITLast() : mixed

https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy

Tags
access

public

setCryptoEngine()

Set Crypto Engine Mode

public static setCryptoEngine(int $engine) : mixed

Possible $engine values: OpenSSL, mcrypt, Eval, PHP

Parameters
$engine : int
Tags
access

public

setKeepAlive()

Set Keep Alive

public setKeepAlive(int $interval) : mixed

Sends an SSH2_MSG_IGNORE message every x seconds, if x is a positive non-zero number.

Parameters
$interval : int
Tags
access

public

setPreferredAlgorithms()

Accepts an associative array with up to four parameters as described at <https://www.php.net/manual/en/function.ssh2-connect.php>

public setPreferredAlgorithms(array<string|int, mixed> $methods) : mixed
Parameters
$methods : array<string|int, mixed>
Tags
access

public

setTerminal()

Allows you to set the terminal

public setTerminal(string $term) : mixed
Parameters
$term : string
Tags
access

public

setTimeout()

Set Timeout

public setTimeout(mixed $timeout) : mixed

$ssh->exec('ping 127.0.0.1'); on a Linux host will never return and will run indefinitely. setTimeout() makes it so it'll timeout. Setting $timeout to false or 0 will mean there is no timeout.

Parameters
$timeout : mixed
Tags
access

public

setWindowColumns()

Sets the number of columns for the terminal window size.

public setWindowColumns(int $value) : mixed
Parameters
$value : int
Tags
access

public

setWindowRows()

Sets the number of rows for the terminal window size.

public setWindowRows(int $value) : mixed
Parameters
$value : int
Tags
access

public

setWindowSize()

Sets the number of columns and rows for the terminal window size.

public setWindowSize([int $columns = 80 ][, int $rows = 24 ]) : mixed
Parameters
$columns : int = 80
$rows : int = 24
Tags
access

public

startSubsystem()

Start a subsystem.

public startSubsystem(string $subsystem) : bool

Right now only one subsystem at a time is supported. To support multiple subsystem's stopSubsystem() could accept a string that contained the name of the subsystem, but at that point, only one subsystem of each type could be opened. To support multiple subsystem's of the same name maybe it'd be best if startSubsystem() generated a new channel id and returns that and then that that was passed into stopSubsystem() but that'll be saved for a future date and implemented if there's sufficient demand for such a feature.

Parameters
$subsystem : string
Tags
see
self::stopSubsystem()
access

public

Return values
bool

stopSubsystem()

Stops a subsystem.

public stopSubsystem() : bool
Tags
see
self::startSubsystem()
access

public

Return values
bool

write()

Inputs a command into an interactive shell.

public write(string $cmd) : bool
Parameters
$cmd : string
Tags
see
self::read()
throws
RuntimeException

on connection error

access

public

Return values
bool

define_array()

Define Array

protected define_array(array<string|int, mixed> ...$args) : mixed

Takes any number of arrays whose indices are integers and whose values are strings and defines a bunch of named constants from it, using the value as the name of the constant and the index as the value of the constant. If any of the constants that would be defined already exists, none of the constants will be defined.

Parameters
$args : array<string|int, mixed>
Tags
access

protected

disconnect_helper()

Disconnect

protected disconnect_helper(int $reason) : bool
Parameters
$reason : int
Tags
access

protected

Return values
bool

format_log()

Formats a log for printing

protected format_log(array<string|int, mixed> $message_log, array<string|int, mixed> $message_number_log) : string
Parameters
$message_log : array<string|int, mixed>
$message_number_log : array<string|int, mixed>
Tags
access

private

Return values
string

get_channel_packet()

Gets channel data

protected get_channel_packet(int $client_channel[, bool $skip_extended = false ]) : mixed

Returns the data as a string. bool(true) is returned if:

  • the server closes the channel
  • if the connection times out
  • if the channel status is CHANNEL_OPEN and the response was CHANNEL_OPEN_CONFIRMATION
  • if the channel status is CHANNEL_REQUEST and the response was CHANNEL_SUCCESS

bool(false) is returned if:

  • if the channel status is CHANNEL_REQUEST and the response was CHANNEL_FAILURE
Parameters
$client_channel : int
$skip_extended : bool = false
Tags
throws
RuntimeException

on connection error

access

private

reset_connection()

Resets a connection for re-use

protected reset_connection(int $reason) : mixed
Parameters
$reason : int
Tags
access

private

send_binary_packet()

Sends Binary Packets

protected send_binary_packet(string $data[, string $logged = null ]) : bool

See '6. Binary Packet Protocol' of rfc4253 for more info.

Parameters
$data : string
$logged : string = null
Tags
see
self::_get_binary_packet()
access

private

Return values
bool

send_channel_packet()

Sends channel data

protected send_channel_packet(int $client_channel, string $data) : bool

Spans multiple SSH_MSG_CHANNEL_DATAs if appropriate

Parameters
$client_channel : int
$data : string
Tags
access

private

Return values
bool

sublogin()

Login Helper

protected sublogin(string $username, array<string|int, string> ...$args) : bool
Parameters
$username : string
$args : array<string|int, string>
Tags
see
self::_login_helper()
access

private

Return values
bool

append_log()

Logs data packets

private append_log(string $message_number, string $message) : mixed

Makes sure that only the last 1MB worth of packets will be logged

Parameters
$message_number : string
$message : string
Tags
access

private

array_intersect_first()

Returns the first value of the intersection of two arrays or false if the intersection is empty. The order is defined by the first parameter.

private static array_intersect_first(array<string|int, mixed> $array1, array<string|int, mixed> $array2) : mixed
Parameters
$array1 : array<string|int, mixed>
$array2 : array<string|int, mixed>
Tags
access

private

Return values
mixed

False if intersection is empty, else intersected value.

bad_algorithm_candidate()

private static bad_algorithm_candidate(mixed $algorithm) : mixed
Parameters
$algorithm : mixed

close_channel()

Closes and flushes a channel

private close_channel(int $client_channel[, bool $want_reply = false ]) : bool

\phpseclib3\Net\SSH2 doesn't properly close most channels. For exec() channels are normally closed by the server and for SFTP channels are presumably closed when the client disconnects. This functions is intended for SCP more than anything.

Parameters
$client_channel : int
$want_reply : bool = false
Tags
access

private

Return values
bool

connect()

Connect to an SSHv2 server

private connect() : mixed
Tags
throws
UnexpectedValueException

on receipt of unexpected packets

throws
RuntimeException

on other errors

access

private

encryption_algorithm_to_crypt_instance()

Maps an encryption algorithm name to an instance of a subclass of \phpseclib3\Crypt\Common\SymmetricKey.

private static encryption_algorithm_to_crypt_instance(string $algorithm) : mixed
Parameters
$algorithm : string

Name of the encryption algorithm

Tags
access

private

Return values
mixed

Instance of \phpseclib3\Crypt\Common\SymmetricKey or null for unknown

encryption_algorithm_to_key_size()

Maps an encryption algorithm name to the number of key bytes.

private encryption_algorithm_to_key_size(string $algorithm) : int|null
Parameters
$algorithm : string

Name of the encryption algorithm

Tags
access

private

Return values
int|null

Number of bytes as an integer or null for unknown

filter()

Filter Binary Packets

private filter(string $payload, bool $skip_channel_filter) : string

Because some binary packets need to be ignored...

Parameters
$payload : string
$skip_channel_filter : bool
Tags
see
self::_get_binary_packet()
access

private

Return values
string

generate_identifier()

Generates the SSH identifier

private generate_identifier() : string

You should overwrite this method in your own class if you want to use another identifier

Tags
access

protected

Return values
string

get_binary_packet()

Gets Binary Packets

private get_binary_packet([bool $skip_channel_filter = false ]) : string

See '6. Binary Packet Protocol' of rfc4253 for more info.

Parameters
$skip_channel_filter : bool = false
Tags
see
self::_send_binary_packet()
access

private

Return values
string

get_interactive_channel()

Return the channel to be used with read() / write()

private get_interactive_channel() : int
Tags
see
self::read()
see
self::write()
access

public

Return values
int

get_open_channel()

Return an available open channel

private get_open_channel() : int
Tags
access

public

Return values
int

initShell()

Creates an interactive shell

private initShell() : bool
Tags
see
self::read()
see
self::write()
throws
UnexpectedValueException

on receipt of unexpected packets

throws
RuntimeException

on other errors

access

private

Return values
bool

key_exchange()

Key Exchange

private key_exchange([string|bool $kexinit_payload_server = false ]) : bool
Parameters
$kexinit_payload_server : string|bool = false

optional

Tags
throws
UnexpectedValueException

on receipt of unexpected packets

throws
RuntimeException

on other errors

throws
NoSupportedAlgorithmsException

when none of the algorithms phpseclib has loaded are compatible

access

private

Return values
bool

keyboard_interactive_login()

Login via keyboard-interactive authentication

private keyboard_interactive_login(string $username, string $password) : bool

See RFC4256 for details. This is not a full-featured keyboard-interactive authenticator.

Parameters
$username : string
$password : string
Tags
access

private

Return values
bool

keyboard_interactive_process()

Handle the keyboard-interactive requests / responses.

private keyboard_interactive_process(array<string|int, mixed> ...$responses) : bool
Parameters
$responses : array<string|int, mixed>
Tags
throws
RuntimeException

on connection error

access

private

Return values
bool

login_helper()

Login Helper

private login_helper(string $username[, mixed $password = null ], string|AsymmetricKey|array<string|int, array<string|int, mixed>>|Agent|null ...$args) : bool
Parameters
$username : string
$password : mixed = null
$args : string|AsymmetricKey|array<string|int, array<string|int, mixed>>|Agent|null
Tags
throws
UnexpectedValueException

on receipt of unexpected packets

throws
RuntimeException

on other errors

access

private

Return values
bool

mac_algorithm_to_hash_instance()

Maps an encryption algorithm name to an instance of a subclass of \phpseclib3\Crypt\Hash.

private static mac_algorithm_to_hash_instance(string $algorithm) : mixed
Parameters
$algorithm : string

Name of the encryption algorithm

Tags
access

private

Return values
mixed

Instance of \phpseclib3\Crypt\Hash or null for unknown

on_channel_open()

Helper function for agent->on_channel_open()

private on_channel_open() : mixed

Used when channels are created to inform agent of said channel opening. Must be called after channel open confirmation received

Tags
access

private

privatekey_login()

Login with an RSA private key

private privatekey_login(string $username, PrivateKey $privatekey) : bool
Parameters
$username : string
$privatekey : PrivateKey
Tags
throws
RuntimeException

on connection error

access

private

Return values
bool

read_remaining_bytes()

Read Remaining Bytes

private read_remaining_bytes(int $remaining_length) : string
Parameters
$remaining_length : int
Tags
see
self::get_binary_packet()
access

private

Return values
string

reconnect()

In situ reconnect method

private reconnect() : bool
Return values
bool

ssh_agent_login()

Login with an ssh-agent provided key

private ssh_agent_login(string $username, Agent $agent) : bool
Parameters
$username : string
$agent : Agent
Tags
access

private

Return values
bool

updateLogHistory()

private updateLogHistory(mixed $old, mixed $new) : mixed
Parameters
$old : mixed
$new : mixed

        
On this page

Search results