Pure-PHP implementation of SSHv1.

author Jim Wigginton
version 0.1.0
access public
package Net_SSH1

 Methods

Default Constructor.

Net_SSH1(String $host, \optional $port, \optional $timeout, \optional $cipher) : \Net_SSH1

Connects to an SSHv1 server

access public

Parameters

$host

String

$port

\optional

Integer $port

$timeout

\optional

Integer $timeout

$cipher

\optional

Integer $cipher

Returns

Destructor.

__destruct() 

Will be called, automatically, if you're supporting just PHP5. If you're supporting PHP4, you'll need to call disconnect().

access public

Cyclic Redundancy Check (CRC)

_crc(String $data) : Integer

PHP's crc32 function is implemented slightly differently than the one that SSH v1 uses, so we've reimplemented it. A more detailed discussion of the differences can be found after $crc_lookup_table's initialization.

see \global\Net_SSH1::_get_binary_packet()
see \global\Net_SSH1::_send_binary_packet()
access private

Parameters

$data

String

Returns

Integer

Define Array

_define_array() 

Takes any number of arrays whose indices are integers and whose values are strings and defines a bunch of named constants from it, using the value as the name of the constant and the index as the value of the constant. If any of the constants that would be defined already exists, none of the constants will be defined.

access private

Disconnect

_disconnect(String $msg) 

access private

Parameters

$msg

String

Formats a log for printing

_format_log(Array $message_log, Array $message_number_log) : String

access private

Parameters

$message_log

Array

$message_number_log

Array

Returns

String

Gets Binary Packets

_get_binary_packet() : Array

See 'The Binary Packet Protocol' of protocol-1.5.txt for more info.

Also, this function could be improved upon by adding detection for the following exploit: http://www.securiteam.com/securitynews/5LP042K3FY.html

see \global\Net_SSH1::_send_binary_packet()
access private

Returns

Array

Creates an interactive shell

_initShell() : Boolean

see \global\Net_SSH1::interactiveRead()
see \global\Net_SSH1::interactiveWrite()
access private

Returns

Boolean

RSA Encrypt

_rsa_crypt(\Math_BigInteger $m, Array $key) : \Math_BigInteger

Returns mod(pow($m, $e), $n), where $n should be the product of two (large) primes $p and $q and where $e should be a number with the property that gcd($e, ($p - 1) * ($q - 1)) == 1. Could just make anything that calls this call modexp, instead, but I think this makes things clearer, maybe...

see \global\Net_SSH1::Net_SSH1()
access private

Parameters

$key

Array

Returns

Sends Binary Packets

_send_binary_packet(String $data) : Boolean

Returns true on success, false on failure.

see \global\Net_SSH1::_get_binary_packet()
access private

Parameters

$data

String

Returns

Boolean

String Shift

_string_shift(String $string, \optional $index) : String

Inspired by array_shift

access private

Parameters

$string

String

$index

\optional

Integer $index

Returns

String

Disconnect

disconnect() 

access public

Executes a command on a non-interactive shell, returns the output, and quits.

exec(String $cmd, $block) : mixed

An SSH1 server will close the connection after a command has been executed on a non-interactive shell. SSH2 servers don't, however, this isn't an SSH2 client. The way this works, on the server, is by initiating a shell with the -s option, as discussed in the following links:

http://www.faqs.org/docs/bashman/bashref_65.html http://www.faqs.org/docs/bashman/bashref_62.html

To execute further commands, a new Net_SSH1 object will need to be created.

Returns false on failure and the output, otherwise.

see \global\Net_SSH1::interactiveRead()
see \global\Net_SSH1::interactiveWrite()
access public

Parameters

$cmd

String

$block

Returns

mixed

Return the host key public exponent

getHostKeyPublicExponent(\optional $raw_output) : String

Returns, by default, the base-10 representation. If $raw_output is set to true, returns, instead, the raw bytes. This behavior is similar to PHP's md5() function.

access public

Parameters

$raw_output

\optional

Boolean $raw_output

Returns

String

Return the host key public modulus

getHostKeyPublicModulus(\optional $raw_output) : String

Returns, by default, the base-10 representation. If $raw_output is set to true, returns, instead, the raw bytes. This behavior is similar to PHP's md5() function.

access public

Parameters

$raw_output

\optional

Boolean $raw_output

Returns

String

Returns a log of the packets that have been sent and received.

getLog() : String

Returns a string if NET_SSH2_LOGGING == NET_SSH2_LOG_COMPLEX, an array if NET_SSH2_LOGGING == NET_SSH2_LOG_SIMPLE and false if !defined('NET_SSH2_LOGGING')

access public

Returns

Stringor Array

Return the server identification.

getServerIdentification() : String

access public

Returns

String

Return the server key public exponent

getServerKeyPublicExponent(\optional $raw_output) : String

Returns, by default, the base-10 representation. If $raw_output is set to true, returns, instead, the raw bytes. This behavior is similar to PHP's md5() function.

access public

Parameters

$raw_output

\optional

Boolean $raw_output

Returns

String

Return the server key public modulus

getServerKeyPublicModulus(\optional $raw_output) : String

Returns, by default, the base-10 representation. If $raw_output is set to true, returns, instead, the raw bytes. This behavior is similar to PHP's md5() function.

access public

Parameters

$raw_output

\optional

Boolean $raw_output

Returns

String

Return a list of authentications supported by SSH1 server.

getSupportedAuthentications(\optional $raw_output) : Array

Just because a cipher is supported by an SSH1 server doesn't mean it's supported by this library. If $raw_output is set to true, returns, instead, an array of constants. ie. instead of array('password authentication'), you'll get array(NET_SSH1_AUTH_PASSWORD).

access public

Parameters

$raw_output

\optional

Boolean $raw_output

Returns

Array

Return a list of ciphers supported by SSH1 server.

getSupportedCiphers(\optional $raw_output) : Array

Just because a cipher is supported by an SSH1 server doesn't mean it's supported by this library. If $raw_output is set to true, returns, instead, an array of constants. ie. instead of array('Triple-DES in CBC mode'), you'll get array(NET_SSH1_CIPHER_3DES).

access public

Parameters

$raw_output

\optional

Boolean $raw_output

Returns

Array

Returns the output of an interactive shell when no more output is available.

interactiveRead() : String

Requires PHP 4.3.0 or later due to the use of the stream_select() function. If you see stuff like "00m", you're seeing ANSI escape codes. According to How to Enable ANSI.SYS in a Command Window, "Windows NT does not support ANSI escape sequences in Win32 Console applications", so if you're a Windows user, there's not going to be much recourse.

see \global\Net_SSH1::interactiveRead()
access public

Returns

String

Inputs a command into an interactive shell.

interactiveWrite(String $cmd) : Boolean

see \global\Net_SSH1::interactiveRead()
access public

Parameters

$cmd

String

Returns

Boolean

Returns the output of an interactive shell when there's a match for $expect

read(String $expect, Integer $mode) : Boolean

$expect can take the form of a string literal or, if $mode == NET_SSH1_READ_REGEX, a regular expression.

see \global\Net_SSH1::write()
access public

Parameters

$expect

String

$mode

Integer

Returns

Boolean

Inputs a command into an interactive shell.

write(String $cmd) : Boolean

see \global\Net_SSH1::interactiveWrite()
access public

Parameters

$cmd

String

Returns

Boolean

 Properties

 

Execution Bitmap

$bitmap : Integer

The bits that are set represent functions that have been called already. This is used to determine if a requisite function has been successfully executed. If not, an error should be thrown.

access private
 

The cryptography object

$crypto : Object

access private
 

The Socket Object

$fsock : Object

access private
 

The Host Key Public Exponent

$host_key_public_exponent : String

Logged for debug purposes

see \global\Net_SSH1::getHostKeyPublicExponent()
access private
 

The Host Key Public Modulus

$host_key_public_modulus : String

Logged for debug purposes

see \global\Net_SSH1::getHostKeyPublicModulus()
access private
 

The SSH identifier

$identifier : String

access private
 

Interactive Buffer

$interactive_buffer : Array

see \global\Net_SSH1::read()
access private
 

Message Log

$message_log : Array

see \global\Net_SSH1::getLog()
access private
 

Protocol Flag Log

$protocol_flag_log : Array

see \global\Net_SSH1::getLog()
access private
 

Protocol Flags

$protocol_flags : Array

see \global\Net_SSH1::Net_SSH1()
access private
 

Server Identification

$server_identification : String

see \global\Net_SSH1::getServerIdentification()
access private
 

The Server Key Public Exponent

$server_key_public_exponent : String

Logged for debug purposes

see \global\Net_SSH1::getServerKeyPublicExponent()
access private
 

The Server Key Public Modulus

$server_key_public_modulus : String

Logged for debug purposes

see \global\Net_SSH1::getServerKeyPublicModulus()
access private
 

Supported Authentications

$supported_authentications : Array

Logged for debug purposes

see \global\Net_SSH1::getSupportedAuthentications()
access private
 

Supported Ciphers

$supported_ciphers : Array

Logged for debug purposes

see \global\Net_SSH1::getSupportedCiphers()
access private