PageRenderTime 54ms CodeModel.GetById 24ms RepoModel.GetById 0ms app.codeStats 0ms

/lib/Phpseclib/Net/SSH2.php

https://bitbucket.org/appstrakt/lib_php_phpseclib
PHP | 2142 lines | 1143 code | 270 blank | 729 comment | 163 complexity | 0c1201376b7672a10d6569adefef1482 MD5 | raw file
    

  1. <?php
    2. 

  2. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
    3. 

  3. 

  4. /**
    5. 

  5.  * Pure-PHP implementation of SSHv2.
    6. 

  6.  *
    7. 

  7.  * PHP versions 4 and 5
    8. 

  8.  *
    9. 

  9.  * Here are some examples of how to use this library:
    10. 

  10.  * <code>
    11. 

  11.  * <?php
    12. 

  12.  *    include('Net/SSH2.php');
    13. 

  13.  *
    14. 

  14.  *    $ssh = new SSH2('www.domain.tld');
    15. 

  15.  *    if (!$ssh->login('username', 'password')) {
    16. 

  16.  *        exit('Login Failed');
    17. 

  17.  *    }
    18. 

  18.  *
    19. 

  19.  *    echo $ssh->exec('pwd');
    20. 

  20.  *    echo $ssh->exec('ls -la');
    21. 

  21.  * ?>
    22. 

  22.  * </code>
    23. 

  23.  *
    24. 

  24.  * <code>
    25. 

  25.  * <?php
    26. 

  26.  *    include('Crypt/RSA.php');
    27. 

  27.  *    include('Net/SSH2.php');
    28. 

  28.  *
    29. 

  29.  *    $key = new Crypt_RSA();
    30. 

  30.  *    //$key->setPassword('whatever');
    31. 

  31.  *    $key->loadKey(file_get_contents('privatekey'));
    32. 

  32.  *
    33. 

  33.  *    $ssh = new SSH2('www.domain.tld');
    34. 

  34.  *    if (!$ssh->login('username', $key)) {
    35. 

  35.  *        exit('Login Failed');
    36. 

  36.  *    }
    37. 

  37.  *
    38. 

  38.  *    echo $ssh->exec('pwd');
    39. 

  39.  *    echo $ssh->exec('ls -la');
    40. 

  40.  * ?>
    41. 

  41.  * </code>
    42. 

  42.  *
    43. 

  43.  * LICENSE: This library is free software; you can redistribute it and/or
    44. 

  44.  * modify it under the terms of the GNU Lesser General Public
    45. 

  45.  * License as published by the Free Software Foundation; either
    46. 

  46.  * version 2.1 of the License, or (at your option) any later version.
    47. 

  47.  *
    48. 

  48.  * This library is distributed in the hope that it will be useful,
    49. 

  49.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    50. 

  50.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    51. 

  51.  * Lesser General Public License for more details.
    52. 

  52.  *
    53. 

  53.  * You should have received a copy of the GNU Lesser General Public
    54. 

  54.  * License along with this library; if not, write to the Free Software
    55. 

  55.  * Foundation, Inc., 59 Temple Place, Suite 330, Boston,
    56. 

  56.  * MA  02111-1307  USA
    57. 

  57.  *
    58. 

  58.  * @category   Net
    59. 

  59.  * @package    SSH2
    60. 

  60.  * @author     Jim Wigginton <terrafrost@php.net>
    61. 

  61.  * @copyright  MMVII Jim Wigginton
    62. 

  62.  * @license    http://www.gnu.org/licenses/lgpl.txt
    63. 

  63.  * @version    $Id: SSH2.php 81 2010-05-19 21:56:16Z admin $
    64. 

  64.  * @link       http://phpseclib.sourceforge.net
    65. 

  65.  */
    66. 

  66. 

  67. namespace Phpseclib\Net;
    68. 

  68. 

  69. /**
    70. 

  70.  * Include Math_BigInteger
    71. 

  71.  *
    72. 

  72.  * Used to do Diffie-Hellman key exchange and DSA/RSA signature verification.
    73. 

  73.  */
    74. 

  74. use Phpseclib\Math\BigInteger;
    75. 

  75. 

  76. /**
    77. 

  77.  * Include Crypt_Random
    78. 

  78.  */
    79. 

  79. use Phpseclib\Crypt\Random;
    80. 

  80. 

  81. /**
    82. 

  82.  * Include Crypt_Hash
    83. 

  83.  */
    84. 

  84. use Phpseclib\Crypt\Hash;
    85. 

  85. 

  86. /**
    87. 

  87.  * Include Crypt_TripleDES
    88. 

  88.  */
    89. 

  89. use Phpseclib\Crypt\TripleDES;
    90. 

  90. 

  91. /**
    92. 

  92.  * Include Crypt_RC4
    93. 

  93.  */
    94. 

  94. use Phpseclib\Crypt\RC4;
    95. 

  95. 

  96. /**
    97. 

  97.  * Include Crypt_AES
    98. 

  98.  */
    99. 

  99. use Phpseclib\Crypt\AES;
    100. 

  100. 

  101. /**#@+
    102. 

  102.  * Execution Bitmap Masks
    103. 

  103.  *
    104. 

  104.  * @see SSH2::bitmap
    105. 

  105.  * @access private
    106. 

  106.  */
    107. 

  107. //define('NET_SSH2_MASK_CONSTRUCTOR', 0x00000001);
    108. 

  108. //define('NET_SSH2_MASK_LOGIN',       0x00000002);
    109. 

  109. /**#@-*/
    110. 

  110. 

  111. /**#@+
    112. 

  112.  * @access public
    113. 

  113.  * @see SSH2::getLog()
    114. 

  114.  */
    115. 

  115. /**
    116. 

  116.  * Returns the message numbers
    117. 

  117.  */
    118. 

  118. //define('NET_SSH2_LOG_SIMPLE',  1);
    119. 

  119. /**
    120. 

  120.  * Returns the message content
    121. 

  121.  */
    122. 

  122. //define('NET_SSH2_LOG_COMPLEX', 2);
    123. 

  123. /**#@-*/
    124. 

  124. 

  125. /**
    126. 

  126.  * Pure-PHP implementation of SSHv2.
    127. 

  127.  *
    128. 

  128.  * @author  Jim Wigginton <terrafrost@php.net>
    129. 

  129.  * @version 0.1.0
    130. 

  130.  * @access  public
    131. 

  131.  * @package SSH2
    132. 

  132.  */
    133. 

  133. class SSH2 {
    134. 

  134. 

  135.     /**
    136. 

  136.      * The SSH identifier
    137. 

  137.      *
    138. 

  138.      * @var String
    139. 

  139.      * @access private
    140. 

  140.      */
    141. 

  141.     var $identifier = 'SSH-2.0-phpseclib_0.1';
    142. 

  142. 

  143.     /**
    144. 

  144.      * The Socket Object
    145. 

  145.      *
    146. 

  146.      * @var Object
    147. 

  147.      * @access private
    148. 

  148.      */
    149. 

  149.     var $fsock;
    150. 

  150. 

  151.     /**
    152. 

  152.      * Execution Bitmap
    153. 

  153.      *
    154. 

  154.      * The bits that are set reprsent functions that have been called already.  This is used to determine
    155. 

  155.      * if a requisite function has been successfully executed.  If not, an error should be thrown.
    156. 

  156.      *
    157. 

  157.      * @var Integer
    158. 

  158.      * @access private
    159. 

  159.      */
    160. 

  160.     var $bitmap = 0;
    161. 

  161. 

  162.     /**
    163. 

  163.      * Debug Info
    164. 

  164.      *
    165. 

  165.      * @see SSH2::getDebugInfo()
    166. 

  166.      * @var String
    167. 

  167.      * @access private
    168. 

  168.      */
    169. 

  169.     var $debug_info = '';
    170. 

  170. 

  171.     /**
    172. 

  172.      * Server Identifier
    173. 

  173.      *
    174. 

  174.      * @see SSH2::getServerIdentification()
    175. 

  175.      * @var String
    176. 

  176.      * @access private
    177. 

  177.      */
    178. 

  178.     var $server_identifier = '';
    179. 

  179. 

  180.     /**
    181. 

  181.      * Key Exchange Algorithms
    182. 

  182.      *
    183. 

  183.      * @see SSH2::getKexAlgorithims()
    184. 

  184.      * @var Array
    185. 

  185.      * @access private
    186. 

  186.      */
    187. 

  187.     var $kex_algorithms;
    188. 

  188. 

  189.     /**
    190. 

  190.      * Server Host Key Algorithms
    191. 

  191.      *
    192. 

  192.      * @see SSH2::getServerHostKeyAlgorithms()
    193. 

  193.      * @var Array
    194. 

  194.      * @access private
    195. 

  195.      */
    196. 

  196.     var $server_host_key_algorithms;
    197. 

  197. 

  198.     /**
    199. 

  199.      * Encryption Algorithms: Client to Server
    200. 

  200.      *
    201. 

  201.      * @see SSH2::getEncryptionAlgorithmsClient2Server()
    202. 

  202.      * @var Array
    203. 

  203.      * @access private
    204. 

  204.      */
    205. 

  205.     var $encryption_algorithms_client_to_server;
    206. 

  206. 

  207.     /**
    208. 

  208.      * Encryption Algorithms: Server to Client
    209. 

  209.      *
    210. 

  210.      * @see SSH2::getEncryptionAlgorithmsServer2Client()
    211. 

  211.      * @var Array
    212. 

  212.      * @access private
    213. 

  213.      */
    214. 

  214.     var $encryption_algorithms_server_to_client;
    215. 

  215. 

  216.     /**
    217. 

  217.      * MAC Algorithms: Client to Server
    218. 

  218.      *
    219. 

  219.      * @see SSH2::getMACAlgorithmsClient2Server()
    220. 

  220.      * @var Array
    221. 

  221.      * @access private
    222. 

  222.      */
    223. 

  223.     var $mac_algorithms_client_to_server;
    224. 

  224. 

  225.     /**
    226. 

  226.      * MAC Algorithms: Server to Client
    227. 

  227.      *
    228. 

  228.      * @see SSH2::getMACAlgorithmsServer2Client()
    229. 

  229.      * @var Array
    230. 

  230.      * @access private
    231. 

  231.      */
    232. 

  232.     var $mac_algorithms_server_to_client;
    233. 

  233. 

  234.     /**
    235. 

  235.      * Compression Algorithms: Client to Server
    236. 

  236.      *
    237. 

  237.      * @see SSH2::getCompressionAlgorithmsClient2Server()
    238. 

  238.      * @var Array
    239. 

  239.      * @access private
    240. 

  240.      */
    241. 

  241.     var $compression_algorithms_client_to_server;
    242. 

  242. 

  243.     /**
    244. 

  244.      * Compression Algorithms: Server to Client
    245. 

  245.      *
    246. 

  246.      * @see SSH2::getCompressionAlgorithmsServer2Client()
    247. 

  247.      * @var Array
    248. 

  248.      * @access private
    249. 

  249.      */
    250. 

  250.     var $compression_algorithms_server_to_client;
    251. 

  251. 

  252.     /**
    253. 

  253.      * Languages: Server to Client
    254. 

  254.      *
    255. 

  255.      * @see SSH2::getLanguagesServer2Client()
    256. 

  256.      * @var Array
    257. 

  257.      * @access private
    258. 

  258.      */
    259. 

  259.     var $languages_server_to_client;
    260. 

  260. 

  261.     /**
    262. 

  262.      * Languages: Client to Server
    263. 

  263.      *
    264. 

  264.      * @see SSH2::getLanguagesClient2Server()
    265. 

  265.      * @var Array
    266. 

  266.      * @access private
    267. 

  267.      */
    268. 

  268.     var $languages_client_to_server;
    269. 

  269. 

  270.     /**
    271. 

  271.      * Block Size for Server to Client Encryption
    272. 

  272.      *
    273. 

  273.      * "Note that the length of the concatenation of 'packet_length',
    274. 

  274.      *  'padding_length', 'payload', and 'random padding' MUST be a multiple
    275. 

  275.      *  of the cipher block size or 8, whichever is larger.  This constraint
    276. 

  276.      *  MUST be enforced, even when using stream ciphers."
    277. 

  277.      *
    278. 

  278.      *  -- http://tools.ietf.org/html/rfc4253#section-6
    279. 

  279.      *
    280. 

  280.      * @see SSH2::SSH2()
    281. 

  281.      * @see SSH2::_send_binary_packet()
    282. 

  282.      * @var Integer
    283. 

  283.      * @access private
    284. 

  284.      */
    285. 

  285.     var $encrypt_block_size = 8;
    286. 

  286. 

  287.     /**
    288. 

  288.      * Block Size for Client to Server Encryption
    289. 

  289.      *
    290. 

  290.      * @see SSH2::SSH2()
    291. 

  291.      * @see SSH2::_get_binary_packet()
    292. 

  292.      * @var Integer
    293. 

  293.      * @access private
    294. 

  294.      */
    295. 

  295.     var $decrypt_block_size = 8;
    296. 

  296. 

  297.     /**
    298. 

  298.      * Server to Client Encryption Object
    299. 

  299.      *
    300. 

  300.      * @see SSH2::_get_binary_packet()
    301. 

  301.      * @var Object
    302. 

  302.      * @access private
    303. 

  303.      */
    304. 

  304.     var $decrypt = false;
    305. 

  305. 

  306.     /**
    307. 

  307.      * Client to Server Encryption Object
    308. 

  308.      *
    309. 

  309.      * @see SSH2::_send_binary_packet()
    310. 

  310.      * @var Object
    311. 

  311.      * @access private
    312. 

  312.      */
    313. 

  313.     var $encrypt = false;
    314. 

  314. 

  315.     /**
    316. 

  316.      * Client to Server HMAC Object
    317. 

  317.      *
    318. 

  318.      * @see SSH2::_send_binary_packet()
    319. 

  319.      * @var Object
    320. 

  320.      * @access private
    321. 

  321.      */
    322. 

  322.     var $hmac_create = false;
    323. 

  323. 

  324.     /**
    325. 

  325.      * Server to Client HMAC Object
    326. 

  326.      *
    327. 

  327.      * @see SSH2::_get_binary_packet()
    328. 

  328.      * @var Object
    329. 

  329.      * @access private
    330. 

  330.      */
    331. 

  331.     var $hmac_check = false;
    332. 

  332. 

  333.     /**
    334. 

  334.      * Size of server to client HMAC
    335. 

  335.      *
    336. 

  336.      * We need to know how big the HMAC will be for the server to client direction so that we know how many bytes to read.
    337. 

  337.      * For the client to server side, the HMAC object will make the HMAC as long as it needs to be.  All we need to do is
    338. 

  338.      * append it.
    339. 

  339.      *
    340. 

  340.      * @see SSH2::_get_binary_packet()
    341. 

  341.      * @var Integer
    342. 

  342.      * @access private
    343. 

  343.      */
    344. 

  344.     var $hmac_size = false;
    345. 

  345. 

  346.     /**
    347. 

  347.      * Server Public Host Key
    348. 

  348.      *
    349. 

  349.      * @see SSH2::getServerPublicHostKey()
    350. 

  350.      * @var String
    351. 

  351.      * @access private
    352. 

  352.      */
    353. 

  353.     var $server_public_host_key;
    354. 

  354. 

  355.     /**
    356. 

  356.      * Session identifer
    357. 

  357.      *
    358. 

  358.      * "The exchange hash H from the first key exchange is additionally
    359. 

  359.      *  used as the session identifier, which is a unique identifier for
    360. 

  360.      *  this connection."
    361. 

  361.      *
    362. 

  362.      *  -- http://tools.ietf.org/html/rfc4253#section-7.2
    363. 

  363.      *
    364. 

  364.      * @see SSH2::_key_exchange()
    365. 

  365.      * @var String
    366. 

  366.      * @access private
    367. 

  367.      */
    368. 

  368.     var $session_id = false;
    369. 

  369. 

  370.     /**
    371. 

  371.      * Message Numbers
    372. 

  372.      *
    373. 

  373.      * @see SSH2::SSH2()
    374. 

  374.      * @var Array
    375. 

  375.      * @access private
    376. 

  376.      */
    377. 

  377.     var $message_numbers = array();
    378. 

  378. 

  379.     /**
    380. 

  380.      * Disconnection Message 'reason codes' defined in RFC4253
    381. 

  381.      *
    382. 

  382.      * @see SSH2::SSH2()
    383. 

  383.      * @var Array
    384. 

  384.      * @access private
    385. 

  385.      */
    386. 

  386.     var $disconnect_reasons = array();
    387. 

  387. 

  388.     /**
    389. 

  389.      * SSH_MSG_CHANNEL_OPEN_FAILURE 'reason codes', defined in RFC4254
    390. 

  390.      *
    391. 

  391.      * @see SSH2::SSH2()
    392. 

  392.      * @var Array
    393. 

  393.      * @access private
    394. 

  394.      */
    395. 

  395.     var $channel_open_failure_reasons = array();
    396. 

  396. 

  397.     /**
    398. 

  398.      * Terminal Modes
    399. 

  399.      *
    400. 

  400.      * @link http://tools.ietf.org/html/rfc4254#section-8
    401. 

  401.      * @see SSH2::SSH2()
    402. 

  402.      * @var Array
    403. 

  403.      * @access private
    404. 

  404.      */
    405. 

  405.     var $terminal_modes = array();
    406. 

  406. 

  407.     /**
    408. 

  408.      * SSH_MSG_CHANNEL_EXTENDED_DATA's data_type_codes
    409. 

  409.      *
    410. 

  410.      * @link http://tools.ietf.org/html/rfc4254#section-5.2
    411. 

  411.      * @see SSH2::SSH2()
    412. 

  412.      * @var Array
    413. 

  413.      * @access private
    414. 

  414.      */
    415. 

  415.     var $channel_extended_data_type_codes = array();
    416. 

  416. 

  417.     /**
    418. 

  418.      * Send Sequence Number
    419. 

  419.      *
    420. 

  420.      * See 'Section 6.4.  Data Integrity' of rfc4253 for more info.
    421. 

  421.      *
    422. 

  422.      * @see SSH2::_send_binary_packet()
    423. 

  423.      * @var Integer
    424. 

  424.      * @access private
    425. 

  425.      */
    426. 

  426.     var $send_seq_no = 0;
    427. 

  427. 

  428.     /**
    429. 

  429.      * Get Sequence Number
    430. 

  430.      *
    431. 

  431.      * See 'Section 6.4.  Data Integrity' of rfc4253 for more info.
    432. 

  432.      *
    433. 

  433.      * @see SSH2::_get_binary_packet()
    434. 

  434.      * @var Integer
    435. 

  435.      * @access private
    436. 

  436.      */
    437. 

  437.     var $get_seq_no = 0;
    438. 

  438. 

  439.     /**
    440. 

  440.      * The Client Channel
    441. 

  441.      *
    442. 

  442.      * SSH2::exec() uses 0, although since SSH2::exec() doesn't send NET_SSH2_CHANNEL_DATA packets,
    443. 

  443.      * SSH2::_send_channel_packet() isn't actually called by any function in Net/SSH2.php.  Classes that
    444. 

  444.      * extend SSH2, however, might call that function, hence it's existence.
    445. 

  445.      *
    446. 

  446.      * @var Integer
    447. 

  447.      * @see SSH2::_send_channel_packet
    448. 

  448.      * @access private
    449. 

  449.      */
    450. 

  450.     var $client_channel = 1;
    451. 

  451. 

  452.     /**
    453. 

  453.      * Server Channels
    454. 

  454.      *
    455. 

  455.      * Maps client channels to server channels
    456. 

  456.      *
    457. 

  457.      * @see SSH2::_get_channel_packet()
    458. 

  458.      * @see SSH2::exec()
    459. 

  459.      * @var Array
    460. 

  460.      * @access private
    461. 

  461.      */
    462. 

  462.     var $server_channels = array();
    463. 

  463. 

  464.     /**
    465. 

  465.      * Packet Size
    466. 

  466.      *
    467. 

  467.      * Maximum packet size
    468. 

  468.      *
    469. 

  469.      * @see SSH2::_send_channel_packet()
    470. 

  470.      * @see SSH2::exec()
    471. 

  471.      * @var Integer
    472. 

  472.      * @access private
    473. 

  473.      */
    474. 

  474.     var $packet_size_client_to_server = 0;
    475. 

  475. 

  476.     /**
    477. 

  477.      * Message Number Log
    478. 

  478.      *
    479. 

  479.      * @see SSH2::getLog()
    480. 

  480.      * @var Array
    481. 

  481.      * @access private
    482. 

  482.      */
    483. 

  483.     var $message_number_log = array();
    484. 

  484. 

  485.     /**
    486. 

  486.      * Message Log
    487. 

  487.      *
    488. 

  488.      * @see SSH2::getLog()
    489. 

  489.      * @var Array
    490. 

  490.      * @access private
    491. 

  491.      */
    492. 

  492.     var $message_log = array();
    493. 

  493. 

  494.     /**
    495. 

  495.      * Default Constructor.
    496. 

  496.      *
    497. 

  497.      * Connects to an SSHv2 server
    498. 

  498.      *
    499. 

  499.      * @param String $host
    500. 

  500.      * @param optional Integer $port
    501. 

  501.      * @param optional Integer $timeout
    502. 

  502.      * @return SSH2
    503. 

  503.      * @access public
    504. 

  504.      */
    505. 

  505.     function __construct($host, $port = 22, $timeout = 10)
    506. 

  506.     {
    507. 

  507.         define('NET_SSH2_MASK_CONSTRUCTOR', 0x00000001);
    508. 

  508.         define('NET_SSH2_MASK_LOGIN',       0x00000002);
    509. 

  509.         define('NET_SSH2_LOG_SIMPLE',  1);
    510. 

  510.         define('NET_SSH2_LOG_COMPLEX', 2);
    511. 

  511. 

  512. 

  513.         $this->message_numbers = array(
    514. 

  514.             1 => 'NET_SSH2_MSG_DISCONNECT',
    515. 

  515.             2 => 'NET_SSH2_MSG_IGNORE',
    516. 

  516.             3 => 'NET_SSH2_MSG_UNIMPLEMENTED',
    517. 

  517.             4 => 'NET_SSH2_MSG_DEBUG',
    518. 

  518.             5 => 'NET_SSH2_MSG_SERVICE_REQUEST',
    519. 

  519.             6 => 'NET_SSH2_MSG_SERVICE_ACCEPT',
    520. 

  520.             20 => 'NET_SSH2_MSG_KEXINIT',
    521. 

  521.             21 => 'NET_SSH2_MSG_NEWKEYS',
    522. 

  522.             30 => 'NET_SSH2_MSG_KEXDH_INIT',
    523. 

  523.             31 => 'NET_SSH2_MSG_KEXDH_REPLY',
    524. 

  524.             50 => 'NET_SSH2_MSG_USERAUTH_REQUEST',
    525. 

  525.             51 => 'NET_SSH2_MSG_USERAUTH_FAILURE',
    526. 

  526.             52 => 'NET_SSH2_MSG_USERAUTH_SUCCESS',
    527. 

  527.             53 => 'NET_SSH2_MSG_USERAUTH_BANNER',
    528. 

  528. 

  529.             80 => 'NET_SSH2_MSG_GLOBAL_REQUEST',
    530. 

  530.             81 => 'NET_SSH2_MSG_REQUEST_SUCCESS',
    531. 

  531.             82 => 'NET_SSH2_MSG_REQUEST_FAILURE',
    532. 

  532.             90 => 'NET_SSH2_MSG_CHANNEL_OPEN',
    533. 

  533.             91 => 'NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION',
    534. 

  534.             92 => 'NET_SSH2_MSG_CHANNEL_OPEN_FAILURE',
    535. 

  535.             93 => 'NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST',
    536. 

  536.             94 => 'NET_SSH2_MSG_CHANNEL_DATA',
    537. 

  537.             95 => 'NET_SSH2_MSG_CHANNEL_EXTENDED_DATA',
    538. 

  538.             96 => 'NET_SSH2_MSG_CHANNEL_EOF',
    539. 

  539.             97 => 'NET_SSH2_MSG_CHANNEL_CLOSE',
    540. 

  540.             98 => 'NET_SSH2_MSG_CHANNEL_REQUEST',
    541. 

  541.             99 => 'NET_SSH2_MSG_CHANNEL_SUCCESS',
    542. 

  542.             100 => 'NET_SSH2_MSG_CHANNEL_FAILURE'
    543. 

  543.         );
    544. 

  544.         $this->disconnect_reasons = array(
    545. 

  545.             1 => 'NET_SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT',
    546. 

  546.             2 => 'NET_SSH2_DISCONNECT_PROTOCOL_ERROR',
    547. 

  547.             3 => 'NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED',
    548. 

  548.             4 => 'NET_SSH2_DISCONNECT_RESERVED',
    549. 

  549.             5 => 'NET_SSH2_DISCONNECT_MAC_ERROR',
    550. 

  550.             6 => 'NET_SSH2_DISCONNECT_COMPRESSION_ERROR',
    551. 

  551.             7 => 'NET_SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE',
    552. 

  552.             8 => 'NET_SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED',
    553. 

  553.             9 => 'NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE',
    554. 

  554.             10 => 'NET_SSH2_DISCONNECT_CONNECTION_LOST',
    555. 

  555.             11 => 'NET_SSH2_DISCONNECT_BY_APPLICATION',
    556. 

  556.             12 => 'NET_SSH2_DISCONNECT_TOO_MANY_CONNECTIONS',
    557. 

  557.             13 => 'NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER',
    558. 

  558.             14 => 'NET_SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE',
    559. 

  559.             15 => 'NET_SSH2_DISCONNECT_ILLEGAL_USER_NAME'
    560. 

  560.         );
    561. 

  561.         $this->channel_open_failure_reasons = array(
    562. 

  562.             1 => 'NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED'
    563. 

  563.         );
    564. 

  564.         $this->terminal_modes = array(
    565. 

  565.             0 => 'NET_SSH2_TTY_OP_END'
    566. 

  566.         );
    567. 

  567.         $this->channel_extended_data_type_codes = array(
    568. 

  568.             1 => 'NET_SSH2_EXTENDED_DATA_STDERR'
    569. 

  569.         );
    570. 

  570. 

  571.         $this->_define_array(
    572. 

  572.             $this->message_numbers,
    573. 

  573.             $this->disconnect_reasons,
    574. 

  574.             $this->channel_open_failure_reasons,
    575. 

  575.             $this->terminal_modes,
    576. 

  576.             $this->channel_extended_data_type_codes,
    577. 

  577.             array(60 => 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ'),
    578. 

  578.             array(60 => 'NET_SSH2_MSG_USERAUTH_PK_OK')
    579. 

  579.         );
    580. 

  580. 

  581. //var_dump('before fsockopen');
    582. 

  582. 

  583.         $this->fsock = fsockopen($host, $port, $errno, $errstr, $timeout);
    584. 

  584. //var_dump($this->fsock, $host, $port, $errno, $errstr, $timeout); 
    585. 

  585.         if (!$this->fsock) {
    586. 

  586.             user_error(rtrim("Cannot connect to $host. Error $errno. $errstr"), E_USER_NOTICE);
    587. 

  587.             return;
    588. 

  588.         }
    589. 

  589. 

  590. 

  591.         /* According to the SSH2 specs,
    592. 

    593. 

  593.           "The server MAY send other lines of data before sending the version
    594. 

  594.            string.  Each line SHOULD be terminated by a Carriage Return and Line
    595. 

  595.            Feed.  Such lines MUST NOT begin with "SSH-", and SHOULD be encoded
    596. 

  596.            in ISO-10646 UTF-8 [RFC3629] (language is not specified).  Clients
    597. 

  597.            MUST be able to process such lines." */
    598. 

  598.         $temp = '';
    599. 

  599.         while (!feof($this->fsock) && !preg_match('#^SSH-(\d\.\d+)#', $temp, $matches)) {
    600. 

  600.             if (substr($temp, -2) == "\r\n") {
    601. 

  601.                 $this->debug_info.= $temp;
    602. 

  602.                 $temp = '';
    603. 

  603.             }
    604. 

  604.             $temp.= fgets($this->fsock, 255);
    605. 

  605.         }
    606. 

  606. 

  607.         if (defined('NET_SSH2_LOGGING')) {
    608. 

  608.             $this->message_number_log[] = '<-';
    609. 

  609.             $this->message_log[] = $temp;
    610. 

  610.             $this->message_number_log[] = '->';
    611. 

  611.             $this->message_log[] = $this->identifier . "\r\n";
    612. 

  612.         }
    613. 

  613. 

  614.         $this->server_identifier = trim($temp);
    615. 

  615.         $this->debug_info = utf8_decode($this->debug_info);
    616. 

  616. 

  617.         if ($matches[1] != '1.99' && $matches[1] != '2.0') {
    618. 

  618.             user_error("Cannot connect to SSH $matches[1] servers", E_USER_NOTICE);
    619. 

  619.             return;
    620. 

  620.         }
    621. 

  621. 

  622.         fputs($this->fsock, $this->identifier . "\r\n");
    623. 

  623. 

  624.         $response = $this->_get_binary_packet();
    625. 

  625.         if ($response === false) {
    626. 

  626.             user_error('Connection closed by server', E_USER_NOTICE);
    627. 

  627.             return;
    628. 

  628.         }
    629. 

  629. 

  630.         if (ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
    631. 

  631.             user_error('Expected SSH_MSG_KEXINIT', E_USER_NOTICE);
    632. 

  632.             return;
    633. 

  633.         }
    634. 

  634. 

  635.         if (!$this->_key_exchange($response)) {
    636. 

  636.             return;
    637. 

  637.         }
    638. 

  638. 

  639.         $this->bitmap = NET_SSH2_MASK_CONSTRUCTOR;
    640. 

  640.     }
    641. 

  641. 

  642.     /**
    643. 

  643.      * Key Exchange
    644. 

  644.      *
    645. 

  645.      * @param String $kexinit_payload_server
    646. 

  646.      * @access private
    647. 

  647.      */
    648. 

  648.     function _key_exchange($kexinit_payload_server)
    649. 

  649.     {
    650. 

  650.         static $kex_algorithms = array(
    651. 

  651.             'diffie-hellman-group1-sha1', // REQUIRED
    652. 

  652.             'diffie-hellman-group14-sha1' // REQUIRED
    653. 

  653.         );
    654. 

  654. 

  655.         static $server_host_key_algorithms = array(
    656. 

  656.             'ssh-rsa', // RECOMMENDED  sign   Raw RSA Key
    657. 

  657.             'ssh-dss'  // REQUIRED     sign   Raw DSS Key
    658. 

  658.         );
    659. 

  659. 

  660.         static $encryption_algorithms = array(
    661. 

  661.             'arcfour',    // OPTIONAL          the ARCFOUR stream cipher with a 128-bit key
    662. 

  662.             'aes128-cbc', // RECOMMENDED       AES with a 128-bit key
    663. 

  663.             'aes192-cbc', // OPTIONAL          AES with a 192-bit key
    664. 

  664.             'aes256-cbc', // OPTIONAL          AES in CBC mode, with a 256-bit key
    665. 

  665.             '3des-cbc',   // REQUIRED          three-key 3DES in CBC mode
    666. 

  666.             'none'        // OPTIONAL          no encryption; NOT RECOMMENDED
    667. 

  667.         );
    668. 

  668. 

  669.         static $mac_algorithms = array(
    670. 

  670.             'hmac-sha1-96', // RECOMMENDED     first 96 bits of HMAC-SHA1 (digest length = 12, key length = 20)
    671. 

  671.             'hmac-sha1',    // REQUIRED        HMAC-SHA1 (digest length = key length = 20)
    672. 

  672.             'hmac-md5-96',  // OPTIONAL        first 96 bits of HMAC-MD5 (digest length = 12, key length = 16)
    673. 

  673.             'hmac-md5',     // OPTIONAL        HMAC-MD5 (digest length = key length = 16)
    674. 

  674.             'none'          // OPTIONAL        no MAC; NOT RECOMMENDED
    675. 

  675.         );
    676. 

  676. 

  677.         static $compression_algorithms = array(
    678. 

  678.             'none'   // REQUIRED        no compression
    679. 

  679.             //'zlib' // OPTIONAL        ZLIB (LZ77) compression
    680. 

  680.         );
    681. 

  681. 

  682.         static $str_kex_algorithms, $str_server_host_key_algorithms,
    683. 

  683.                $encryption_algorithms_server_to_client, $mac_algorithms_server_to_client, $compression_algorithms_server_to_client,
    684. 

  684.                $encryption_algorithms_client_to_server, $mac_algorithms_client_to_server, $compression_algorithms_client_to_server;
    685. 

  685. 

  686.         if (empty($str_kex_algorithms)) {
    687. 

  687.             $str_kex_algorithms = implode(',', $kex_algorithms);
    688. 

  688.             $str_server_host_key_algorithms = implode(',', $server_host_key_algorithms);
    689. 

  689.             $encryption_algorithms_server_to_client = $encryption_algorithms_client_to_server = implode(',', $encryption_algorithms);
    690. 

  690.             $mac_algorithms_server_to_client = $mac_algorithms_client_to_server = implode(',', $mac_algorithms);
    691. 

  691.             $compression_algorithms_server_to_client = $compression_algorithms_client_to_server = implode(',', $compression_algorithms);
    692. 

  692.         }
    693. 

  693. 

  694.         $client_cookie = '';
    695. 

  695.         for ($i = 0; $i < 16; $i++) {
    696. 

  696.             $client_cookie.= chr(self::crypt_random(0, 255));
    697. 

  697.         }
    698. 

  698. 

  699.         $response = $kexinit_payload_server;
    700. 

  700.         $this->_string_shift($response, 1); // skip past the message number (it should be SSH_MSG_KEXINIT)
    701. 

  701.         $server_cookie = $this->_string_shift($response, 16);
    702. 

  702. 

  703.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    704. 

  704.         $this->kex_algorithms = explode(',', $this->_string_shift($response, $temp['length']));
    705. 

  705. 

  706.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    707. 

  707.         $this->server_host_key_algorithms = explode(',', $this->_string_shift($response, $temp['length']));
    708. 

  708. 

  709.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    710. 

  710.         $this->encryption_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    711. 

  711. 

  712.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    713. 

  713.         $this->encryption_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    714. 

  714. 

  715.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    716. 

  716.         $this->mac_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    717. 

  717. 

  718.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    719. 

  719.         $this->mac_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    720. 

  720. 

  721.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    722. 

  722.         $this->compression_algorithms_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    723. 

  723. 

  724.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    725. 

  725.         $this->compression_algorithms_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    726. 

  726. 

  727.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    728. 

  728.         $this->languages_client_to_server = explode(',', $this->_string_shift($response, $temp['length']));
    729. 

  729. 

  730.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    731. 

  731.         $this->languages_server_to_client = explode(',', $this->_string_shift($response, $temp['length']));
    732. 

  732. 

  733.         extract(unpack('Cfirst_kex_packet_follows', $this->_string_shift($response, 1)));
    734. 

  734.         $first_kex_packet_follows = $first_kex_packet_follows != 0;
    735. 

  735. 

  736.         // the sending of SSH2_MSG_KEXINIT could go in one of two places.  this is the second place.
    737. 

  737.         $kexinit_payload_client = pack('Ca*Na*Na*Na*Na*Na*Na*Na*Na*Na*Na*CN',
    738. 

  738.             NET_SSH2_MSG_KEXINIT, $client_cookie, strlen($str_kex_algorithms), $str_kex_algorithms,
    739. 

  739.             strlen($str_server_host_key_algorithms), $str_server_host_key_algorithms, strlen($encryption_algorithms_client_to_server),
    740. 

  740.             $encryption_algorithms_client_to_server, strlen($encryption_algorithms_server_to_client), $encryption_algorithms_server_to_client,
    741. 

  741.             strlen($mac_algorithms_client_to_server), $mac_algorithms_client_to_server, strlen($mac_algorithms_server_to_client),
    742. 

  742.             $mac_algorithms_server_to_client, strlen($compression_algorithms_client_to_server), $compression_algorithms_client_to_server,
    743. 

  743.             strlen($compression_algorithms_server_to_client), $compression_algorithms_server_to_client, 0, '', 0, '',
    744. 

  744.             0, 0
    745. 

  745.         );
    746. 

  746. 

  747.         if (!$this->_send_binary_packet($kexinit_payload_client)) {
    748. 

  748.             return false;
    749. 

  749.         }
    750. 

  750.         // here ends the second place.
    751. 

  751. 

  752.         // we need to decide upon the symmetric encryption algorithms before we do the diffie-hellman key exchange
    753. 

  753.         for ($i = 0; $i < count($encryption_algorithms) && !in_array($encryption_algorithms[$i], $this->encryption_algorithms_server_to_client); $i++);
    754. 

  754.         if ($i == count($encryption_algorithms)) {
    755. 

  755.             user_error('No compatible server to client encryption algorithms found', E_USER_NOTICE);
    756. 

  756.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    757. 

  757.         }
    758. 

  758. 

  759.         // we don't initialize any crypto-objects, yet - we do that, later. for now, we need the lengths to make the
    760. 

  760.         // diffie-hellman key exchange as fast as possible
    761. 

  761.         $decrypt = $encryption_algorithms[$i];
    762. 

  762.         switch ($decrypt) {
    763. 

  763.             case '3des-cbc':
    764. 

  764.                 $decryptKeyLength = 24; // eg. 192 / 8
    765. 

  765.                 break;
    766. 

  766.             case 'aes256-cbc':
    767. 

  767.                 $decryptKeyLength = 32; // eg. 256 / 8
    768. 

  768.                 break;
    769. 

  769.             case 'aes192-cbc':
    770. 

  770.                 $decryptKeyLength = 24; // eg. 192 / 8
    771. 

  771.                 break;
    772. 

  772.             case 'aes128-cbc':
    773. 

  773.                 $decryptKeyLength = 16; // eg. 128 / 8
    774. 

  774.                 break;
    775. 

  775.             case 'arcfour':
    776. 

  776.                 $decryptKeyLength = 16; // eg. 128 / 8
    777. 

  777.                 break;
    778. 

  778.             case 'none';
    779. 

  779.                 $decryptKeyLength = 0;
    780. 

  780.         }
    781. 

  781. 

  782.         for ($i = 0; $i < count($encryption_algorithms) && !in_array($encryption_algorithms[$i], $this->encryption_algorithms_client_to_server); $i++);
    783. 

  783.         if ($i == count($encryption_algorithms)) {
    784. 

  784.             user_error('No compatible client to server encryption algorithms found', E_USER_NOTICE);
    785. 

  785.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    786. 

  786.         }
    787. 

  787. 

  788.         $encrypt = $encryption_algorithms[$i];
    789. 

  789.         switch ($encrypt) {
    790. 

  790.             case '3des-cbc':
    791. 

  791.                 $encryptKeyLength = 24;
    792. 

  792.                 break;
    793. 

  793.             case 'aes256-cbc':
    794. 

  794.                 $encryptKeyLength = 32;
    795. 

  795.                 break;
    796. 

  796.             case 'aes192-cbc':
    797. 

  797.                 $encryptKeyLength = 24;
    798. 

  798.                 break;
    799. 

  799.             case 'aes128-cbc':
    800. 

  800.                 $encryptKeyLength = 16;
    801. 

  801.                 break;
    802. 

  802.             case 'arcfour':
    803. 

  803.                 $encryptKeyLength = 16;
    804. 

  804.                 break;
    805. 

  805.             case 'none';
    806. 

  806.                 $encryptKeyLength = 0;
    807. 

  807.         }
    808. 

  808. 

  809.         $keyLength = $decryptKeyLength > $encryptKeyLength ? $decryptKeyLength : $encryptKeyLength;
    810. 

  810. 

  811.         // through diffie-hellman key exchange a symmetric key is obtained
    812. 

  812.         for ($i = 0; $i < count($kex_algorithms) && !in_array($kex_algorithms[$i], $this->kex_algorithms); $i++);
    813. 

  813.         if ($i == count($kex_algorithms)) {
    814. 

  814.             user_error('No compatible key exchange algorithms found', E_USER_NOTICE);
    815. 

  815.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    816. 

  816.         }
    817. 

  817. 

  818.         switch ($kex_algorithms[$i]) {
    819. 

  819.             // see http://tools.ietf.org/html/rfc2409#section-6.2 and 
    820. 

  820.             // http://tools.ietf.org/html/rfc2412, appendex E
    821. 

  821.             case 'diffie-hellman-group1-sha1':
    822. 

  822.                 $p = pack('H256', 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . 
    823. 

  823.                                   '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . 
    824. 

  824.                                   '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . 
    825. 

  825.                                   'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF');
    826. 

  826.                 $keyLength = $keyLength < 160 ? $keyLength : 160;
    827. 

  827.                 $hash = 'sha1';
    828. 

  828.                 break;
    829. 

  829.             // see http://tools.ietf.org/html/rfc3526#section-3
    830. 

  830.             case 'diffie-hellman-group14-sha1':
    831. 

  831.                 $p = pack('H512', 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74' . 
    832. 

  832.                                   '020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F1437' . 
    833. 

  833.                                   '4FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' . 
    834. 

  834.                                   'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF05' . 
    835. 

  835.                                   '98DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB' . 
    836. 

  836.                                   '9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' . 
    837. 

  837.                                   'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF695581718' . 
    838. 

  838.                                   '3995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF');
    839. 

  839.                 $keyLength = $keyLength < 160 ? $keyLength : 160;
    840. 

  840.                 $hash = 'sha1';
    841. 

  841.         }
    842. 

  842. 

  843.         $p = new BigInteger($p, 256);
    844. 

  844.         //$q = $p->bitwise_rightShift(1);
    845. 

  845. 

  846.         /* To increase the speed of the key exchange, both client and server may
    847. 

  847.            reduce the size of their private exponents.  It should be at least
    848. 

  848.            twice as long as the key material that is generated from the shared
    849. 

  849.            secret.  For more details, see the paper by van Oorschot and Wiener
    850. 

  850.            [VAN-OORSCHOT].
    851. 

    852. 

  852.            -- http://tools.ietf.org/html/rfc4419#section-6.2 */
    853. 

  853.         $q = new BigInteger(1);
    854. 

  854.         $q = $q->bitwise_leftShift(2 * $keyLength);
    855. 

  855.         $q = $q->subtract(new BigInteger(1));
    856. 

  856. 

  857.         $g = new BigInteger(2);
    858. 

  858.         $x = new BigInteger();
    859. 

  859.         $x->setRandomGenerator(function($a, $b) {
    860. 

  860.             return SSH2::crypt_random($a, $b);
    861. 

  861.         });
    862. 

  862.         $x = $x->random(new BigInteger(1), $q);
    863. 

  863.         $e = $g->modPow($x, $p);
    864. 

  864. 

  865.         $eBytes = $e->toBytes(true);
    866. 

  866.         $data = pack('CNa*', NET_SSH2_MSG_KEXDH_INIT, strlen($eBytes), $eBytes);
    867. 

  867. 

  868.         if (!$this->_send_binary_packet($data)) {
    869. 

  869.             user_error('Connection closed by server', E_USER_NOTICE);
    870. 

  870.             return false;
    871. 

  871.         }
    872. 

  872. 

  873.         $response = $this->_get_binary_packet();
    874. 

  874.         if ($response === false) {
    875. 

  875.             user_error('Connection closed by server', E_USER_NOTICE);
    876. 

  876.             return false;
    877. 

  877.         }
    878. 

  878.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    879. 

  879. 

  880.         if ($type != NET_SSH2_MSG_KEXDH_REPLY) {
    881. 

  881.             user_error('Expected SSH_MSG_KEXDH_REPLY', E_USER_NOTICE);
    882. 

  882.             return false;
    883. 

  883.         }
    884. 

  884. 

  885.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    886. 

  886.         $this->server_public_host_key = $server_public_host_key = $this->_string_shift($response, $temp['length']);
    887. 

  887. 

  888.         $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    889. 

  889.         $public_key_format = $this->_string_shift($server_public_host_key, $temp['length']);
    890. 

  890. 

  891.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    892. 

  892.         $fBytes = $this->_string_shift($response, $temp['length']);
    893. 

  893.         $f = new BigInteger($fBytes, -256);
    894. 

  894. 

  895.         $temp = unpack('Nlength', $this->_string_shift($response, 4));
    896. 

  896.         $signature = $this->_string_shift($response, $temp['length']);
    897. 

  897. 

  898.         $temp = unpack('Nlength', $this->_string_shift($signature, 4));
    899. 

  899.         $signature_format = $this->_string_shift($signature, $temp['length']);
    900. 

  900. 

  901.         $key = $f->modPow($x, $p);
    902. 

  902.         $keyBytes = $key->toBytes(true);
    903. 

  903. 

  904.         $source = pack('Na*Na*Na*Na*Na*Na*Na*Na*',
    905. 

  905.             strlen($this->identifier), $this->identifier, strlen($this->server_identifier), $this->server_identifier,
    906. 

  906.             strlen($kexinit_payload_client), $kexinit_payload_client, strlen($kexinit_payload_server),
    907. 

  907.             $kexinit_payload_server, strlen($this->server_public_host_key), $this->server_public_host_key, strlen($eBytes),
    908. 

  908.             $eBytes, strlen($fBytes), $fBytes, strlen($keyBytes), $keyBytes
    909. 

  909.         );
    910. 

  910. 

  911.         $source = pack('H*', $hash($source));
    912. 

  912. 

  913.         if ($this->session_id === false) {
    914. 

  914.             $this->session_id = $source;
    915. 

  915.         }
    916. 

  916. 

  917.         // if you the server's assymetric key matches the one you have on file, then you should be able to decrypt the
    918. 

  918.         // "signature" and get something that should equal the "exchange hash", as defined in the SSH-2 specs.
    919. 

  919.         // here, we just check to see if the "signature" is good.  you can verify whether or not the assymetric key is good,
    920. 

  920.         // later, with the getServerHostKeyAlgorithm() function
    921. 

  921.         for ($i = 0; $i < count($server_host_key_algorithms) && !in_array($server_host_key_algorithms[$i], $this->server_host_key_algorithms); $i++);
    922. 

  922.         if ($i == count($server_host_key_algorithms)) {
    923. 

  923.             user_error('No compatible server host key algorithms found', E_USER_NOTICE);
    924. 

  924.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    925. 

  925.         }
    926. 

  926. 

  927.         if ($public_key_format != $server_host_key_algorithms[$i] || $signature_format != $server_host_key_algorithms[$i]) {
    928. 

  928.             user_error('Sever Host Key Algorithm Mismatch', E_USER_NOTICE);
    929. 

  929.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    930. 

  930.         }
    931. 

  931. 

  932.         switch ($server_host_key_algorithms[$i]) {
    933. 

  933.             case 'ssh-dss':
    934. 

  934.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    935. 

  935.                 $p = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    936. 

  936. 

  937.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    938. 

  938.                 $q = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    939. 

  939. 

  940.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    941. 

  941.                 $g = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    942. 

  942. 

  943.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    944. 

  944.                 $y = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    945. 

  945. 

  946.                 /* The value for 'dss_signature_blob' is encoded as a string containing
    947. 

  947.                    r, followed by s (which are 160-bit integers, without lengths or
    948. 

  948.                    padding, unsigned, and in network byte order). */
    949. 

  949.                 $temp = unpack('Nlength', $this->_string_shift($signature, 4));
    950. 

  950.                 if ($temp['length'] != 40) {
    951. 

  951.                     user_error('Invalid signature', E_USER_NOTICE);
    952. 

  952.                     return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    953. 

  953.                 }
    954. 

  954. 

  955.                 $r = new BigInteger($this->_string_shift($signature, 20), 256);
    956. 

  956.                 $s = new BigInteger($this->_string_shift($signature, 20), 256);
    957. 

  957. 

  958.                 if ($r->compare($q) >= 0 || $s->compare($q) >= 0) {
    959. 

  959.                     user_error('Invalid signature', E_USER_NOTICE);
    960. 

  960.                     return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    961. 

  961.                 }
    962. 

  962. 

  963.                 $w = $s->modInverse($q);
    964. 

  964. 

  965.                 $u1 = $w->multiply(new BigInteger(sha1($source), 16));
    966. 

  966.                 list(, $u1) = $u1->divide($q);
    967. 

  967. 

  968.                 $u2 = $w->multiply($r);
    969. 

  969.                 list(, $u2) = $u2->divide($q);
    970. 

  970. 

  971.                 $g = $g->modPow($u1, $p);
    972. 

  972.                 $y = $y->modPow($u2, $p);
    973. 

  973. 

  974.                 $v = $g->multiply($y);
    975. 

  975.                 list(, $v) = $v->divide($p);
    976. 

  976.                 list(, $v) = $v->divide($q);
    977. 

  977. 

  978.                 if (!$v->equals($r)) {
    979. 

  979.                     user_error('Invalid signature', E_USER_NOTICE);
    980. 

  980.                     return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
    981. 

  981.                 }
    982. 

  982. 

  983.                 break;
    984. 

  984.             case 'ssh-rsa':
    985. 

  985.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    986. 

  986.                 $e = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    987. 

  987. 

  988.                 $temp = unpack('Nlength', $this->_string_shift($server_public_host_key, 4));
    989. 

  989.                 $n = new BigInteger($this->_string_shift($server_public_host_key, $temp['length']), -256);
    990. 

  990.                 $nLength = $temp['length'];
    991. 

  991. 

  992.                 /*
    993. 

  993.                 $temp = unpack('Nlength', $this->_string_shift($signature, 4));
    994. 

  994.                 $signature = $this->_string_shift($signature, $temp['length']);
    995. 

    996. 

  996.                 if (!class_exists('Crypt_RSA')) {
    997. 

  997.                     require_once('Crypt/RSA.php');
    998. 

  998.                 }
    999. 

    1000. 

  1000.                 $rsa = new Crypt_RSA();
    1001. 

  1001.                 $rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
    1002. 

  1002.                 $rsa->loadKey(array('e' => $e, 'n' => $n), CRYPT_RSA_PUBLIC_FORMAT_RAW);
    1003. 

  1003.                 if (!$rsa->verify($source, $signature)) {
    1004. 

  1004.                     user_error('Bad server signature', E_USER_NOTICE);
    1005. 

  1005.                     return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
    1006. 

  1006.                 }
    1007. 

  1007.                 */
    1008. 

  1008. 

  1009.                 $temp = unpack('Nlength', $this->_string_shift($signature, 4));
    1010. 

  1010.                 $s = new BigInteger($this->_string_shift($signature, $temp['length']), 256);
    1011. 

  1011. 

  1012.                 // validate an RSA signature per "8.2 RSASSA-PKCS1-v1_5", "5.2.2 RSAVP1", and "9.1 EMSA-PSS" in the
    1013. 

  1013.                 // following URL:
    1014. 

  1014.                 // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
    1015. 

  1015. 

  1016.                 // also, see SSHRSA.c (rsa2_verifysig) in PuTTy's source.
    1017. 

  1017. 

  1018.                 if ($s->compare(new BigInteger()) < 0 || $s->compare($n->subtract(new BigInteger(1))) > 0) {
    1019. 

  1019.                     user_error('Invalid signature', E_USER_NOTICE);
    1020. 

  1020.                     return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1021. 

  1021.                 }
    1022. 

  1022. 

  1023.                 $s = $s->modPow($e, $n);
    1024. 

  1024.                 $s = $s->toBytes();
    1025. 

  1025. 

  1026.                 $h = pack('N4H*', 0x00302130, 0x0906052B, 0x0E03021A, 0x05000414, sha1($source));
    1027. 

  1027.                 $h = chr(0x01) . str_repeat(chr(0xFF), $nLength - 3 - strlen($h)) . $h;
    1028. 

  1028. 

  1029.                 if ($s != $h) {
    1030. 

  1030.                     user_error('Bad server signature', E_USER_NOTICE);
    1031. 

  1031.                     return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
    1032. 

  1032.                 }
    1033. 

  1033.         }
    1034. 

  1034. 

  1035.         $packet = pack('C',
    1036. 

  1036.             NET_SSH2_MSG_NEWKEYS
    1037. 

  1037.         );
    1038. 

  1038. 

  1039.         if (!$this->_send_binary_packet($packet)) {
    1040. 

  1040.             return false;
    1041. 

  1041.         }
    1042. 

  1042. 

  1043.         $response = $this->_get_binary_packet();
    1044. 

  1044. 

  1045.         if ($response === false) {
    1046. 

  1046.             user_error('Connection closed by server', E_USER_NOTICE);
    1047. 

  1047.             return false;
    1048. 

  1048.         }
    1049. 

  1049. 

  1050.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1051. 

  1051. 

  1052.         if ($type != NET_SSH2_MSG_NEWKEYS) {
    1053. 

  1053.             user_error('Expected SSH_MSG_NEWKEYS', E_USER_NOTICE);
    1054. 

  1054.             return false;
    1055. 

  1055.         }
    1056. 

  1056. 

  1057.         switch ($encrypt) {
    1058. 

  1058.             case '3des-cbc':
    1059. 

  1059.                 $this->encrypt = new TripleDES();
    1060. 

  1060.                 // $this->encrypt_block_size = 64 / 8 == the default
    1061. 

  1061.                 break;
    1062. 

  1062.             case 'aes256-cbc':
    1063. 

  1063.                 $this->encrypt = new AES();
    1064. 

  1064.                 $this->encrypt_block_size = 16; // eg. 128 / 8
    1065. 

  1065.                 break;
    1066. 

  1066.             case 'aes192-cbc':
    1067. 

  1067.                 $this->encrypt = new AES();
    1068. 

  1068.                 $this->encrypt_block_size = 16;
    1069. 

  1069.                 break;
    1070. 

  1070.             case 'aes128-cbc':
    1071. 

  1071.                 $this->encrypt = new AES();
    1072. 

  1072.                 $this->encrypt_block_size = 16;
    1073. 

  1073.                 break;
    1074. 

  1074.             case 'arcfour':
    1075. 

  1075.                 $this->encrypt = new RC4();
    1076. 

  1076.                 break;
    1077. 

  1077.             case 'none';
    1078. 

  1078.                 //$this->encrypt = new Crypt_Null();
    1079. 

  1079.         }
    1080. 

  1080. 

  1081.         switch ($decrypt) {
    1082. 

  1082.             case '3des-cbc':
    1083. 

  1083.                 $this->decrypt = new TripleDES();
    1084. 

  1084.                 break;
    1085. 

  1085.             case 'aes256-cbc':
    1086. 

  1086.                 $this->decrypt = new AES();
    1087. 

  1087.                 $this->decrypt_block_size = 16;
    1088. 

  1088.                 break;
    1089. 

  1089.             case 'aes192-cbc':
    1090. 

  1090.                 $this->decrypt = new AES();
    1091. 

  1091.                 $this->decrypt_block_size = 16;
    1092. 

  1092.                 break;
    1093. 

  1093.             case 'aes128-cbc':
    1094. 

  1094.                 $this->decrypt = new AES();
    1095. 

  1095.                 $this->decrypt_block_size = 16;
    1096. 

  1096.                 break;
    1097. 

  1097.             case 'arcfour':
    1098. 

  1098.                 $this->decrypt = new RC4();
    1099. 

  1099.                 break;
    1100. 

  1100.             case 'none';
    1101. 

  1101.                 //$this->decrypt = new Crypt_Null();
    1102. 

  1102.         }
    1103. 

  1103. 

  1104.         $keyBytes = pack('Na*', strlen($keyBytes), $keyBytes);
    1105. 

  1105. 

  1106.         if ($this->encrypt) {
    1107. 

  1107.             $this->encrypt->enableContinuousBuffer();
    1108. 

  1108.             $this->encrypt->disablePadding();
    1109. 

  1109. 

  1110.             $iv = pack('H*', $hash($keyBytes . $source . 'A' . $this->session_id));
    1111. 

  1111.             while ($this->encrypt_block_size > strlen($iv)) {
    1112. 

  1112.                 $iv.= pack('H*', $hash($keyBytes . $source . $iv));
    1113. 

  1113.             }
    1114. 

  1114.             $this->encrypt->setIV(substr($iv, 0, $this->encrypt_block_size));
    1115. 

  1115. 

  1116.             $key = pack('H*', $hash($keyBytes . $source . 'C' . $this->session_id));
    1117. 

  1117.             while ($encryptKeyLength > strlen($key)) {
    1118. 

  1118.                 $key.= pack('H*', $hash($keyBytes . $source . $key));
    1119. 

  1119.             }
    1120. 

  1120.             $this->encrypt->setKey(substr($key, 0, $encryptKeyLength));
    1121. 

  1121.         }
    1122. 

  1122. 

  1123.         if ($this->decrypt) {
    1124. 

  1124.             $this->decrypt->enableContinuousBuffer();
    1125. 

  1125.             $this->decrypt->disablePadding();
    1126. 

  1126. 

  1127.             $iv = pack('H*', $hash($keyBytes . $source . 'B' . $this->session_id));
    1128. 

  1128.             while ($this->decrypt_block_size > strlen($iv)) {
    1129. 

  1129.                 $iv.= pack('H*', $hash($keyBytes . $source . $iv));
    1130. 

  1130.             }
    1131. 

  1131.             $this->decrypt->setIV(substr($iv, 0, $this->decrypt_block_size));
    1132. 

  1132. 

  1133.             $key = pack('H*', $hash($keyBytes . $source . 'D' . $this->session_id));
    1134. 

  1134.             while ($decryptKeyLength > strlen($key)) {
    1135. 

  1135.                 $key.= pack('H*', $hash($keyBytes . $source . $key));
    1136. 

  1136.             }
    1137. 

  1137.             $this->decrypt->setKey(substr($key, 0, $decryptKeyLength));
    1138. 

  1138.         }
    1139. 

  1139. 

  1140.         for ($i = 0; $i < count($mac_algorithms) && !in_array($mac_algorithms[$i], $this->mac_algorithms_client_to_server); $i++);
    1141. 

  1141.         if ($i == count($mac_algorithms)) {
    1142. 

  1142.             user_error('No compatible client to server message authentication algorithms found', E_USER_NOTICE);
    1143. 

  1143.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1144. 

  1144.         }
    1145. 

  1145. 

  1146.         $createKeyLength = 0; // ie. $mac_algorithms[$i] == 'none'
    1147. 

  1147.         switch ($mac_algorithms[$i]) {
    1148. 

  1148.             case 'hmac-sha1':
    1149. 

  1149.                 $this->hmac_create = new Hash('sha1');
    1150. 

  1150.                 $createKeyLength = 20;
    1151. 

  1151.                 break;
    1152. 

  1152.             case 'hmac-sha1-96':
    1153. 

  1153.                 $this->hmac_create = new Hash('sha1-96');
    1154. 

  1154.                 $createKeyLength = 20;
    1155. 

  1155.                 break;
    1156. 

  1156.             case 'hmac-md5':
    1157. 

  1157.                 $this->hmac_create = new Hash('md5');
    1158. 

  1158.                 $createKeyLength = 16;
    1159. 

  1159.                 break;
    1160. 

  1160.             case 'hmac-md5-96':
    1161. 

  1161.                 $this->hmac_create = new Hash('md5-96');
    1162. 

  1162.                 $createKeyLength = 16;
    1163. 

  1163.         }
    1164. 

  1164. 

  1165.         for ($i = 0; $i < count($mac_algorithms) && !in_array($mac_algorithms[$i], $this->mac_algorithms_server_to_client); $i++);
    1166. 

  1166.         if ($i == count($mac_algorithms)) {
    1167. 

  1167.             user_error('No compatible server to client message authentication algorithms found', E_USER_NOTICE);
    1168. 

  1168.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1169. 

  1169.         }
    1170. 

  1170. 

  1171.         $checkKeyLength = 0;
    1172. 

  1172.         $this->hmac_size = 0;
    1173. 

  1173.         switch ($mac_algorithms[$i]) {
    1174. 

  1174.             case 'hmac-sha1':
    1175. 

  1175.                 $this->hmac_check = new Hash('sha1');
    1176. 

  1176.                 $checkKeyLength = 20;
    1177. 

  1177.                 $this->hmac_size = 20;
    1178. 

  1178.                 break;
    1179. 

  1179.             case 'hmac-sha1-96':
    1180. 

  1180.                 $this->hmac_check = new Hash('sha1-96');
    1181. 

  1181.                 $checkKeyLength = 20;
    1182. 

  1182.                 $this->hmac_size = 12;
    1183. 

  1183.                 break;
    1184. 

  1184.             case 'hmac-md5':
    1185. 

  1185.                 $this->hmac_check = new Hash('md5');
    1186. 

  1186.                 $checkKeyLength = 16;
    1187. 

  1187.                 $this->hmac_size = 16;
    1188. 

  1188.                 break;
    1189. 

  1189.             case 'hmac-md5-96':
    1190. 

  1190.                 $this->hmac_check = new Hash('md5-96');
    1191. 

  1191.                 $checkKeyLength = 16;
    1192. 

  1192.                 $this->hmac_size = 12;
    1193. 

  1193.         }
    1194. 

  1194. 

  1195.         $key = pack('H*', $hash($keyBytes . $source . 'E' . $this->session_id));
    1196. 

  1196.         while ($createKeyLength > strlen($key)) {
    1197. 

  1197.             $key.= pack('H*', $hash($keyBytes . $source . $key));
    1198. 

  1198.         }
    1199. 

  1199.         $this->hmac_create->setKey(substr($key, 0, $createKeyLength));
    1200. 

  1200. 

  1201.         $key = pack('H*', $hash($keyBytes . $source . 'F' . $this->session_id));
    1202. 

  1202.         while ($checkKeyLength > strlen($key)) {
    1203. 

  1203.             $key.= pack('H*', $hash($keyBytes . $source . $key));
    1204. 

  1204.         }
    1205. 

  1205.         $this->hmac_check->setKey(substr($key, 0, $checkKeyLength));
    1206. 

  1206. 

  1207.         for ($i = 0; $i < count($compression_algorithms) && !in_array($compression_algorithms[$i], $this->compression_algorithms_server_to_client); $i++);
    1208. 

  1208.         if ($i == count($compression_algorithms)) {
    1209. 

  1209.             user_error('No compatible server to client compression algorithms found', E_USER_NOTICE);
    1210. 

  1210.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1211. 

  1211.         }
    1212. 

  1212.         $this->decompress = $compression_algorithms[$i] == 'zlib';
    1213. 

  1213. 

  1214.         for ($i = 0; $i < count($compression_algorithms) && !in_array($compression_algorithms[$i], $this->compression_algorithms_client_to_server); $i++);
    1215. 

  1215.         if ($i == count($compression_algorithms)) {
    1216. 

  1216.             user_error('No compatible client to server compression algorithms found', E_USER_NOTICE);
    1217. 

  1217.             return $this->_disconnect(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
    1218. 

  1218.         }
    1219. 

  1219.         $this->compress = $compression_algorithms[$i] == 'zlib';
    1220. 

  1220. 

  1221.         return true;
    1222. 

  1222.     }
    1223. 

  1223. 

  1224.     /**
    1225. 

  1225.      * Login
    1226. 

  1226.      *
    1227. 

  1227.      * @param String $username
    1228. 

  1228.      * @param optional String $password
    1229. 

  1229.      * @return Boolean
    1230. 

  1230.      * @access public
    1231. 

  1231.      * @internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis}
    1232. 

  1232.      *           by sending dummy SSH_MSG_IGNORE messages.
    1233. 

  1233.      */
    1234. 

  1234.     function login($username, $password = '')
    1235. 

  1235.     {
    1236. 

  1236.         if (!($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR)) {
    1237. 

  1237. //var_dump('1233');
    1238. 

  1238.             return false;
    1239. 

  1239.         }
    1240. 

  1240. 

  1241.         $packet = pack('CNa*',
    1242. 

  1242.             NET_SSH2_MSG_SERVICE_REQUEST, strlen('ssh-userauth'), 'ssh-userauth'
    1243. 

  1243.         );
    1244. 

  1244. 

  1245.         if (!$this->_send_binary_packet($packet)) {
    1246. 

  1246. //var_dump('1243');
    1247. 

  1247.             return false;
    1248. 

  1248.         }
    1249. 

  1249. //var_dump('1245');
    1250. 

  1250. 

  1251.         $response = $this->_get_binary_packet();
    1252. 

  1252.         if ($response === false) {
    1253. 

  1253.             user_error('Connection closed by server', E_USER_NOTICE);
    1254. 

  1254.             return false;
    1255. 

  1255.         }
    1256. 

  1256. 

  1257.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1258. 

  1258. 

  1259.         if ($type != NET_SSH2_MSG_SERVICE_ACCEPT) {
    1260. 

  1260.             user_error('Expected SSH_MSG_SERVICE_ACCEPT', E_USER_NOTICE);
    1261. 

  1261.             return false;
    1262. 

  1262.         }
    1263. 

  1263. 

  1264.         // although PHP5's get_class() preserves the case, PHP4's does not
    1265. 

  1265.         
    1266. 

  1266.         if (strtolower(get_class($password)) == 'phpseclib\crypt\rsa') {
    1267. 

  1267.             return $this->_privatekey_login($username, $password);
    1268. 

  1268.         }
    1269. 

  1269.         
    1270. 

  1270.         $utf8_password = utf8_encode($password);
    1271. 

  1271.         $packet = pack('CNa*Na*Na*CNa*',
    1272. 

  1272.             NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection',
    1273. 

  1273.             strlen('password'), 'password', 0, strlen($utf8_password), $utf8_password
    1274. 

  1274.         );
    1275. 

  1275. 

  1276.         if (!$this->_send_binary_packet($packet)) {
    1277. 

  1277.             return false;
    1278. 

  1278.         }
    1279. 

  1279. 

  1280.         // remove the username and password from the last logged packet
    1281. 

  1281.         if (defined('NET_SSH2_LOGGING')) {
    1282. 

  1282.             $packet = pack('CNa*Na*Na*CNa*',
    1283. 

  1283.                 NET_SSH2_MSG_USERAUTH_REQUEST, strlen('username'), 'username', strlen('ssh-connection'), 'ssh-connection',
    1284. 

  1284.                 strlen('password'), 'password', 0, strlen('password'), 'password'
    1285. 

  1285.             );
    1286. 

  1286.             $this->message_log[count($this->message_log) - 1] = $packet;
    1287. 

  1287.         }
    1288. 

  1288. 

  1289.         $response = $this->_get_binary_packet();
    1290. 

  1290.         if ($response === false) {
    1291. 

  1291.             user_error('Connection closed by server', E_USER_NOTICE);
    1292. 

  1292.             return false;
    1293. 

  1293.         }
    1294. 

  1294. 

  1295.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1296. 

  1296. 

  1297.         switch ($type) {
    1298. 

  1298.             case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed
    1299. 

  1299.                 if (defined('NET_SSH2_LOGGING')) {
    1300. 

  1300.                     $this->message_number_log[count($this->message_number_log) - 1] = 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ';
    1301. 

  1301.                 }
    1302. 

  1302.                 extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1303. 

  1303.                 $this->debug_info.= "\r\n\r\nSSH_MSG_USERAUTH_PASSWD_CHANGEREQ:\r\n" . utf8_decode($this->_string_shift($response, $length));
    1304. 

  1304.                 return $this->_disconnect(NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
    1305. 

  1305.             case NET_SSH2_MSG_USERAUTH_FAILURE:
    1306. 

  1306.                 // either the login is bad or the server employees multi-factor authentication
    1307. 

  1307.                 return false;
    1308. 

  1308.             case NET_SSH2_MSG_USERAUTH_SUCCESS:
    1309. 

  1309.                 $this->bitmap |= NET_SSH2_MASK_LOGIN;
    1310. 

  1310.                 return true;
    1311. 

  1311.         }
    1312. 

  1312. 

  1313.         return false;
    1314. 

  1314.     }
    1315. 

  1315. 

  1316.     /**
    1317. 

  1317.      * Login with an RSA private key
    1318. 

  1318.      *
    1319. 

  1319.      * @param String $username
    1320. 

  1320.      * @param Crypt_RSA $password
    1321. 

  1321.      * @return Boolean
    1322. 

  1322.      * @access private
    1323. 

  1323.      * @internal It might be worthwhile, at some point, to protect against {@link http://tools.ietf.org/html/rfc4251#section-9.3.9 traffic analysis}
    1324. 

  1324.      *           by sending dummy SSH_MSG_IGNORE messages.
    1325. 

  1325.      */
    1326. 

  1326.     function _privatekey_login($username, $privatekey)
    1327. 

  1327.     {
    1328. 

  1328.         // see http://tools.ietf.org/html/rfc4253#page-15
    1329. 

  1329.         $publickey = $privatekey->getPublicKey(CRYPT_RSA_PUBLIC_FORMAT_RAW);
    1330. 

  1330.         $publickey = array(
    1331. 

  1331.             'e' => $publickey['e']->toBytes(true),
    1332. 

  1332.             'n' => $publickey['n']->toBytes(true)
    1333. 

  1333.         );
    1334. 

  1334.         $publickey = pack('Na*Na*Na*',
    1335. 

  1335.             strlen('ssh-rsa'), 'ssh-rsa', strlen($publickey['e']), $publickey['e'], strlen($publickey['n']), $publickey['n']
    1336. 

  1336.         );
    1337. 

  1337. 

  1338.         $part1 = pack('CNa*Na*Na*',
    1339. 

  1339.             NET_SSH2_MSG_USERAUTH_REQUEST, strlen($username), $username, strlen('ssh-connection'), 'ssh-connection',
    1340. 

  1340.             strlen('publickey'), 'publickey'
    1341. 

  1341.         );
    1342. 

  1342.         $part2 = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($publickey), $publickey);
    1343. 

  1343. 

  1344.         $packet = $part1 . chr(0) . $part2;
    1345. 

  1345. 

  1346.         if (!$this->_send_binary_packet($packet)) {
    1347. 

  1347.             return false;
    1348. 

  1348.         }
    1349. 

  1349. 

  1350.         $response = $this->_get_binary_packet();
    1351. 

  1351.         if ($response === false) {
    1352. 

  1352.             user_error('Connection closed by server', E_USER_NOTICE);
    1353. 

  1353.             return false;
    1354. 

  1354.         }
    1355. 

  1355. 

  1356.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1357. 

  1357. 

  1358.         switch ($type) {
    1359. 

  1359.             case NET_SSH2_MSG_USERAUTH_FAILURE:
    1360. 

  1360.                 extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1361. 

  1361.                 $this->debug_info.= "\r\n\r\nSSH_MSG_USERAUTH_FAILURE:\r\n" . $this->_string_shift($response, $length);
    1362. 

  1362.                 return $this->_disconnect(NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
    1363. 

  1363.             case NET_SSH2_MSG_USERAUTH_PK_OK:
    1364. 

  1364.                 // we'll just take it on faith that the public key blob and the public key algorithm name are as
    1365. 

  1365.                 // they should be
    1366. 

  1366.                 if (defined('NET_SSH2_LOGGING')) {
    1367. 

  1367.                     $this->message_number_log[count($this->message_number_log) - 1] = 'NET_SSH2_MSG_USERAUTH_PK_OK';
    1368. 

  1368.                 }
    1369. 

  1369.         }
    1370. 

  1370. 

  1371.         $packet = $part1 . chr(1) . $part2;
    1372. 

  1372.         $privatekey->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
    1373. 

  1373.         $signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet));
    1374. 

  1374.         $signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature);
    1375. 

  1375.         $packet.= pack('Na*', strlen($signature), $signature);
    1376. 

  1376. 

  1377.         if (!$this->_send_binary_packet($packet)) {
    1378. 

  1378.             return false;
    1379. 

  1379.         }
    1380. 

  1380. 

  1381.         $response = $this->_get_binary_packet();
    1382. 

  1382.         if ($response === false) {
    1383. 

  1383.             user_error('Connection closed by server', E_USER_NOTICE);
    1384. 

  1384.             return false;
    1385. 

  1385.         }
    1386. 

  1386. 

  1387.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1388. 

  1388. 

  1389.         switch ($type) {
    1390. 

  1390.             case NET_SSH2_MSG_USERAUTH_FAILURE:
    1391. 

  1391.                 // either the login is bad or the server employees multi-factor authentication
    1392. 

  1392.                 return false;
    1393. 

  1393.             case NET_SSH2_MSG_USERAUTH_SUCCESS:
    1394. 

  1394.                 $this->bitmap |= NET_SSH2_MASK_LOGIN;
    1395. 

  1395.                 return true;
    1396. 

  1396.         }
    1397. 

  1397. 

  1398.         return false;
    1399. 

  1399.     }
    1400. 

  1400. 

  1401.     /**
    1402. 

  1402.      * Execute Command
    1403. 

  1403.      *
    1404. 

  1404.      * @param String $command
    1405. 

  1405.      * @return String
    1406. 

  1406.      * @access public
    1407. 

  1407.      */
    1408. 

  1408.     function exec($command)
    1409. 

  1409.     {
    1410. 

  1410.         if (!($this->bitmap & NET_SSH2_MASK_LOGIN)) {
    1411. 

  1411.             return false;
    1412. 

  1412.         }
    1413. 

  1413. 

  1414.         // RFC4254 refers not to client and server channels but rather to sender and recipient channels.  we don't refer
    1415. 

  1415.         // to them in that way because RFC4254 toggles the meaning. the client sends a SSH_MSG_CHANNEL_OPEN message with
    1416. 

  1416.         // a sender channel and the server sends a SSH_MSG_CHANNEL_OPEN_CONFIRMATION in response, with a sender and a
    1417. 

  1417.         // recepient channel.  at first glance, you might conclude that SSH_MSG_CHANNEL_OPEN_CONFIRMATION's sender channel
    1418. 

  1418.         // would be the same thing as SSH_MSG_CHANNEL_OPEN's sender channel, but it's not, per this snipet:
    1419. 

  1419.         //     The 'recipient channel' is the channel number given in the original
    1420. 

  1420.         //     open request, and 'sender channel' is the channel number allocated by
    1421. 

  1421.         //     the other side.
    1422. 

  1422.         $client_channel = 0; // PuTTy uses 0x100
    1423. 

  1423.         // RFC4254 defines the (client) window size as "bytes the other party can send before it must wait for the window to
    1424. 

  1424.         // be adjusted".  0x7FFFFFFF is, at 4GB, the max size.  technically, it should probably be decremented, but, 
    1425. 

  1425.         // honestly, if you're transfering more than 4GB, you probably shouldn't be using phpseclib, anyway.
    1426. 

  1426.         // see http://tools.ietf.org/html/rfc4254#section-5.2 for more info
    1427. 

  1427.         $window_size = 0x7FFFFFFF;
    1428. 

  1428.         // 0x8000 is the maximum max packet size, per http://tools.ietf.org/html/rfc4253#section-6.1, although since PuTTy
    1429. 

  1429.         // uses 0x4000, that's what will be used here, as well.
    1430. 

  1430.         $packet_size = 0x4000;
    1431. 

  1431. 

  1432.         $packet = pack('CNa*N3',
    1433. 

  1433.             NET_SSH2_MSG_CHANNEL_OPEN, strlen('session'), 'session', $client_channel, $window_size, $packet_size);
    1434. 

  1434. 

  1435.         if (!$this->_send_binary_packet($packet)) {
    1436. 

  1436.             return false;
    1437. 

  1437.         }
    1438. 

  1438. 

  1439.         $response = $this->_get_binary_packet();
    1440. 

  1440.         if ($response === false) {
    1441. 

  1441.             user_error('Connection closed by server', E_USER_NOTICE);
    1442. 

  1442.             return false;
    1443. 

  1443.         }
    1444. 

  1444. 

  1445.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1446. 

  1446. 

  1447.         switch ($type) {
    1448. 

  1448.             case NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION:
    1449. 

  1449.                 $this->_string_shift($response, 4); // skip over client channel
    1450. 

  1450.                 extract(unpack('Nserver_channel', $this->_string_shift($response, 4)));
    1451. 

  1451.                 $this->server_channels[$client_channel] = $server_channel;
    1452. 

  1452.                 $this->_string_shift($response, 4); // skip over (server) window size
    1453. 

  1453.                 $temp = unpack('Npacket_size_client_to_server', $this->_string_shift($response, 4));
    1454. 

  1454.                 $this->packet_size_client_to_server = $temp['packet_size_client_to_server'];
    1455. 

  1455.                 break;
    1456. 

  1456.             case NET_SSH2_MSG_CHANNEL_OPEN_FAILURE:
    1457. 

  1457.                 user_error('Unable to open channel', E_USER_NOTICE);
    1458. 

  1458.                 return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1459. 

  1459.         }
    1460. 

  1460. 

  1461.         $terminal_modes = pack('C', NET_SSH2_TTY_OP_END);
    1462. 

  1462.         $packet = pack('CNNa*CNa*N5a*',
    1463. 

  1463.             NET_SSH2_MSG_CHANNEL_REQUEST, $server_channel, strlen('pty-req'), 'pty-req', 1, strlen('vt100'), 'vt100',
    1464. 

  1464.             80, 24, 0, 0, strlen($terminal_modes), $terminal_modes);
    1465. 

  1465. 

  1466.         if (!$this->_send_binary_packet($packet)) {
    1467. 

  1467.             return false;
    1468. 

  1468.         }
    1469. 

  1469. 

  1470.         $response = $this->_get_binary_packet();
    1471. 

  1471.         if ($response === false) {
    1472. 

  1472.             user_error('Connection closed by server', E_USER_NOTICE);
    1473. 

  1473.             return false;
    1474. 

  1474.         }
    1475. 

  1475. 

  1476.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1477. 

  1477. 

  1478.         switch ($type) {
    1479. 

  1479.             case NET_SSH2_MSG_CHANNEL_SUCCESS:
    1480. 

  1480.                 break;
    1481. 

  1481.             case NET_SSH2_MSG_CHANNEL_FAILURE:
    1482. 

  1482.             default:
    1483. 

  1483.                 user_error('Unable to request pseudo-terminal', E_USER_NOTICE);
    1484. 

  1484.                 return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1485. 

  1485.         }
    1486. 

  1486. 

  1487.         // although, in theory, the size of SSH_MSG_CHANNEL_REQUEST could exceed the maximum packet size established by
    1488. 

  1488.         // SSH_MSG_CHANNEL_OPEN_CONFIRMATION, RFC4254#section-5.1 states that the "maximum packet size" refers to the 
    1489. 

  1489.         // "maximum size of an individual data packet". ie. SSH_MSG_CHANNEL_DATA.  RFC4254#section-5.2 corroborates.
    1490. 

  1490.         $packet = pack('CNNa*CNa*',
    1491. 

  1491.             NET_SSH2_MSG_CHANNEL_REQUEST, $server_channel, strlen('exec'), 'exec', 1, strlen($command), $command);
    1492. 

  1492.         if (!$this->_send_binary_packet($packet)) {
    1493. 

  1493.             return false;
    1494. 

  1494.         }
    1495. 

  1495. 

  1496.         $response = $this->_get_binary_packet();
    1497. 

  1497.         if ($response === false) {
    1498. 

  1498.             user_error('Connection closed by server', E_USER_NOTICE);
    1499. 

  1499.             return false;
    1500. 

  1500.         }
    1501. 

  1501. 

  1502.         extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1503. 

  1503. 

  1504.         switch ($type) {
    1505. 

  1505.             case NET_SSH2_MSG_CHANNEL_SUCCESS:
    1506. 

  1506.                 break;
    1507. 

  1507.             case NET_SSH2_MSG_CHANNEL_FAILURE:
    1508. 

  1508.             default:
    1509. 

  1509.                 user_error('Unable to start execution of command', E_USER_NOTICE);
    1510. 

  1510.                 return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1511. 

  1511.         }
    1512. 

  1512. 

  1513.         $output = '';
    1514. 

  1514.         while (true) {
    1515. 

  1515.             $temp = $this->_get_channel_packet();
    1516. 

  1516.             switch (true) {
    1517. 

  1517.                 case $temp === true:
    1518. 

  1518.                     return $output;
    1519. 

  1519.                 case $temp === false:
    1520. 

  1520.                     return false;
    1521. 

  1521.                 default:
    1522. 

  1522.                     $output.= $temp;
    1523. 

  1523.             }
    1524. 

  1524.         }
    1525. 

  1525.     }
    1526. 

  1526. 

  1527.     /**
    1528. 

  1528.      * Disconnect
    1529. 

  1529.      *
    1530. 

  1530.      * @access public
    1531. 

  1531.      */
    1532. 

  1532.     function disconnect()
    1533. 

  1533.     {
    1534. 

  1534.         $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1535. 

  1535.     }
    1536. 

  1536. 

  1537.     /**
    1538. 

  1538.      * Destructor.
    1539. 

  1539.      *
    1540. 

  1540.      * Will be called, automatically, if you're supporting just PHP5.  If you're supporting PHP4, you'll need to call
    1541. 

  1541.      * disconnect().
    1542. 

  1542.      *
    1543. 

  1543.      * @access public
    1544. 

  1544.      */
    1545. 

  1545.     function __destruct()
    1546. 

  1546.     {
    1547. 

  1547.         $this->disconnect();
    1548. 

  1548.     }
    1549. 

  1549. 

  1550.     /**
    1551. 

  1551.      * Gets Binary Packets
    1552. 

  1552.      *
    1553. 

  1553.      * See '6. Binary Packet Protocol' of rfc4253 for more info.
    1554. 

  1554.      *
    1555. 

  1555.      * @see SSH2::_send_binary_packet()
    1556. 

  1556.      * @return String
    1557. 

  1557.      * @access private
    1558. 

  1558.      */
    1559. 

  1559.     function _get_binary_packet()
    1560. 

  1560.     {
    1561. 

  1561.         if (feof($this->fsock)) {
    1562. 

  1562.             user_error('Connection closed prematurely', E_USER_NOTICE);
    1563. 

  1563.             return false;
    1564. 

  1564.         }
    1565. 

  1565. 

  1566.         $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
    1567. 

  1567.         $raw = fread($this->fsock, $this->decrypt_block_size);
    1568. 

  1568.         $stop = strtok(microtime(), ' ') + strtok('');
    1569. 

  1569. 

  1570.         if ($this->decrypt !== false) {
    1571. 

  1571.             $raw = $this->decrypt->decrypt($raw);
    1572. 

  1572.         }
    1573. 

  1573. 

  1574.         extract(unpack('Npacket_length/Cpadding_length', $this->_string_shift($raw, 5)));
    1575. 

  1575. 

  1576.         $remaining_length = $packet_length + 4 - $this->decrypt_block_size;
    1577. 

  1577.         $buffer = '';
    1578. 

  1578.         while ($remaining_length > 0) {
    1579. 

  1579.             $temp = fread($this->fsock, $remaining_length);
    1580. 

  1580.             $buffer.= $temp;
    1581. 

  1581.             $remaining_length-= strlen($temp);
    1582. 

  1582.         }
    1583. 

  1583.         if (!empty($buffer)) {
    1584. 

  1584.             $raw.= $this->decrypt !== false ? $this->decrypt->decrypt($buffer) : $buffer;
    1585. 

  1585.             $buffer = $temp = '';
    1586. 

  1586.         }
    1587. 

  1587. 

  1588.         $payload = $this->_string_shift($raw, $packet_length - $padding_length - 1);
    1589. 

  1589.         $padding = $this->_string_shift($raw, $padding_length); // should leave $raw empty
    1590. 

  1590. 

  1591.         if ($this->hmac_check !== false) {
    1592. 

  1592.             $hmac = fread($this->fsock, $this->hmac_size);
    1593. 

  1593.             if ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) {
    1594. 

  1594.                 user_error('Invalid HMAC', E_USER_NOTICE);
    1595. 

  1595.                 return false;
    1596. 

  1596.             }
    1597. 

  1597.         }
    1598. 

  1598. 

  1599.         //if ($this->decompress) {
    1600. 

  1600.         //    $payload = gzinflate(substr($payload, 2));
    1601. 

  1601.         //}
    1602. 

  1602. 

  1603.         $this->get_seq_no++;
    1604. 

  1604. 

  1605.         if (defined('NET_SSH2_LOGGING')) {
    1606. 

  1606.             $temp = isset($this->message_numbers[ord($payload[0])]) ? $this->message_numbers[ord($payload[0])] : 'UNKNOWN';
    1607. 

  1607.             $this->message_number_log[] = '<- ' . $temp .
    1608. 

  1608.                                           ' (' . round($stop - $start, 4) . 's)';
    1609. 

  1609.             $this->message_log[] = $payload;
    1610. 

  1610.         }
    1611. 

  1611. 

  1612.         return $this->_filter($payload);
    1613. 

  1613.     }
    1614. 

  1614. 

  1615.     /**
    1616. 

  1616.      * Filter Binary Packets
    1617. 

  1617.      *
    1618. 

  1618.      * Because some binary packets need to be ignored...
    1619. 

  1619.      *
    1620. 

  1620.      * @see SSH2::_get_binary_packet()
    1621. 

  1621.      * @return String
    1622. 

  1622.      * @access private
    1623. 

  1623.      */
    1624. 

  1624.     function _filter($payload)
    1625. 

  1625.     {
    1626. 

  1626.         switch (ord($payload[0])) {
    1627. 

  1627.             case NET_SSH2_MSG_DISCONNECT:
    1628. 

  1628.                 $this->_string_shift($payload, 1);
    1629. 

  1629.                 extract(unpack('Nreason_code/Nlength', $this->_string_shift($payload, 8)));
    1630. 

  1630.                 $this->debug_info.= "\r\n\r\nSSH_MSG_DISCONNECT:\r\n" . $this->disconnect_reasons[$reason_code] . "\r\n" . utf8_decode($this->_string_shift($payload, $length));
    1631. 

  1631.                 $this->bitmask = 0;
    1632. 

  1632.                 return false;
    1633. 

  1633.             case NET_SSH2_MSG_IGNORE:
    1634. 

  1634.                 $payload = $this->_get_binary_packet();
    1635. 

  1635.                 break;
    1636. 

  1636.             case NET_SSH2_MSG_DEBUG:
    1637. 

  1637.                 $this->_string_shift($payload, 2);
    1638. 

  1638.                 extract(unpack('Nlength', $this->_string_shift($payload, 4)));
    1639. 

  1639.                 $this->debug_info.= "\r\n\r\nSSH_MSG_DEBUG:\r\n" . utf8_decode($this->_string_shift($payload, $length));
    1640. 

  1640.                 $payload = $this->_get_binary_packet();
    1641. 

  1641.                 break;
    1642. 

  1642.             case NET_SSH2_MSG_UNIMPLEMENTED:
    1643. 

  1643.                 return false;
    1644. 

  1644.             case NET_SSH2_MSG_KEXINIT:
    1645. 

  1645.                 if ($this->session_id !== false) {
    1646. 

  1646.                     if (!$this->_key_exchange($payload)) {
    1647. 

  1647.                         $this->bitmask = 0;
    1648. 

  1648.                         return false;
    1649. 

  1649.                     }
    1650. 

  1650.                     $payload = $this->_get_binary_packet();
    1651. 

  1651.                 }
    1652. 

  1652.         }
    1653. 

  1653. 

  1654.         // see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in
    1655. 

  1655.         if (($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR) && !($this->bitmap & NET_SSH2_MASK_LOGIN) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
    1656. 

  1656.             $this->_string_shift($payload, 1);
    1657. 

  1657.             extract(unpack('Nlength', $this->_string_shift($payload, 4)));
    1658. 

  1658.             $this->debug_info.= "\r\n\r\nSSH_MSG_USERAUTH_BANNER:\r\n" . utf8_decode($this->_string_shift($payload, $length));
    1659. 

  1659.             $payload = $this->_get_binary_packet();
    1660. 

  1660.         }
    1661. 

  1661. 

  1662.         // only called when we've already logged in
    1663. 

  1663.         if (($this->bitmap & NET_SSH2_MASK_CONSTRUCTOR) && ($this->bitmap & NET_SSH2_MASK_LOGIN)) {
    1664. 

  1664.             switch (ord($payload[0])) {
    1665. 

  1665.                 case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4
    1666. 

  1666.                     $this->_string_shift($payload, 1);
    1667. 

  1667.                     extract(unpack('Nlength', $this->_string_shift($payload)));
    1668. 

  1668.                     $this->debug_info.= "\r\n\r\nSSH_MSG_GLOBAL_REQUEST:\r\n" . utf8_decode($this->_string_shift($payload, $length));
    1669. 

  1669. 

  1670.                     if (!$this->_send_binary_packet(pack('C', NET_SSH2_MSG_REQUEST_FAILURE))) {
    1671. 

  1671.                         return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1672. 

  1672.                     }
    1673. 

  1673. 

  1674.                     $payload = $this->_get_binary_packet();
    1675. 

  1675.                     break;
    1676. 

  1676.                 case NET_SSH2_MSG_CHANNEL_OPEN: // see http://tools.ietf.org/html/rfc4254#section-5.1
    1677. 

  1677.                     $this->_string_shift($payload, 1);
    1678. 

  1678.                     extract(unpack('N', $this->_string_shift($payload, 4)));
    1679. 

  1679.                     $this->debug_info.= "\r\n\r\nSSH_MSG_CHANNEL_OPEN:\r\n" . utf8_decode($this->_string_shift($payload, $length));
    1680. 

  1680. 

  1681.                     $this->_string_shift($payload, 4); // skip over client channel
    1682. 

  1682.                     extract(unpack('Nserver_channel', $this->_string_shift($payload, 4)));
    1683. 

  1683. 

  1684.                     $packet = pack('CN3a*Na*',
    1685. 

  1685.                         NET_SSH2_MSG_REQUEST_FAILURE, $server_channel, NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED, 0, '', 0, '');
    1686. 

  1686. 

  1687.                     if (!$this->_send_binary_packet($packet)) {
    1688. 

  1688.                         return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1689. 

  1689.                     }
    1690. 

  1690. 

  1691.                     $payload = $this->_get_binary_packet();
    1692. 

  1692.                     break;
    1693. 

  1693.                 case NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST:
    1694. 

  1694.                     $payload = $this->_get_binary_packet();
    1695. 

  1695.             }
    1696. 

  1696.         }
    1697. 

  1697. 

  1698.         return $payload;
    1699. 

  1699.     }
    1700. 

  1700. 

  1701.     /**
    1702. 

  1702.      * Gets channel data
    1703. 

  1703.      *
    1704. 

  1704.      * Returns the data as a string if it's available and false if not.
    1705. 

  1705.      *
    1706. 

  1706.      * @return Mixed
    1707. 

  1707.      * @access private
    1708. 

  1708.      */
    1709. 

  1709.     function _get_channel_packet()
    1710. 

  1710.     {
    1711. 

  1711.         while (true) {
    1712. 

  1712.             $response = $this->_get_binary_packet();
    1713. 

  1713.             if ($response === false) {
    1714. 

  1714.                 user_error('Connection closed by server', E_USER_NOTICE);
    1715. 

  1715.                 return false;
    1716. 

  1716.             }
    1717. 

  1717. 

  1718.             extract(unpack('Ctype', $this->_string_shift($response, 1)));
    1719. 

  1719. 

  1720.             switch ($type) {
    1721. 

  1721.                 case NET_SSH2_MSG_CHANNEL_DATA:
    1722. 

  1722.                     $this->_string_shift($response, 4); // skip over client channel
    1723. 

  1723.                     extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1724. 

  1724.                     return $this->_string_shift($response, $length);
    1725. 

  1725.                 case NET_SSH2_MSG_CHANNEL_EXTENDED_DATA:
    1726. 

  1726.                     $this->_string_shift($response, 4); // skip over client channel
    1727. 

  1727.                     extract(unpack('Ndata_type_code/Nlength', $this->_string_shift($response, 8)));
    1728. 

  1728.                     $data = $this->_string_shift($response, $length);
    1729. 

  1729.                     switch ($data_type_code) {
    1730. 

  1730.                         case NET_SSH2_EXTENDED_DATA_STDERR:
    1731. 

  1731.                             $this->debug_info.= "\r\n\r\nSSH_MSG_CHANNEL_EXTENDED_DATA (SSH_EXTENDED_DATA_STDERR):\r\n" . $data;
    1732. 

  1732.                     }
    1733. 

  1733.                     break;
    1734. 

  1734.                 case NET_SSH2_MSG_CHANNEL_REQUEST:
    1735. 

  1735.                     $this->_string_shift($response, 4); // skip over client channel
    1736. 

  1736.                     extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1737. 

  1737.                     $value = $this->_string_shift($response, $length);
    1738. 

  1738.                     switch ($value) {
    1739. 

  1739.                         case 'exit-signal':
    1740. 

  1740.                             $this->_string_shift($response, 1);
    1741. 

  1741.                             extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1742. 

  1742.                             $this->debug_info.= "\r\n\r\nSSH_MSG_CHANNEL_REQUEST (exit-signal):\r\nSIG" . $this->_string_shift($response, $length);
    1743. 

  1743.                             $this->_string_shift($response, 1);
    1744. 

  1744.                             extract(unpack('Nlength', $this->_string_shift($response, 4)));
    1745. 

  1745.                             $this->debug_info.= "\r\n" . $this->_string_shift($response, $length);
    1746. 

  1746.                         case 'exit-status':
    1747. 

  1747.                         default:
    1748. 

  1748.                             // "Some systems may not implement signals, in which case they SHOULD ignore this message."
    1749. 

  1749.                             //  -- http://tools.ietf.org/html/rfc4254#section-6.9
    1750. 

  1750.                             //break 2;
    1751. 

  1751.                             break;
    1752. 

  1752.                     }
    1753. 

  1753.                     break;
    1754. 

  1754.                 case NET_SSH2_MSG_CHANNEL_CLOSE:
    1755. 

  1755.                     extract(unpack('Nclient_channel', $this->_string_shift($response, 4)));
    1756. 

  1756.                     $this->_send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$client_channel]));
    1757. 

  1757.                     return true;
    1758. 

  1758.                 case NET_SSH2_MSG_CHANNEL_EOF:
    1759. 

  1759.                     break;
    1760. 

  1760.                 default:
    1761. 

  1761.                     user_error('Error reading channel data', E_USER_NOTICE);
    1762. 

  1762.                     return $this->_disconnect(NET_SSH2_DISCONNECT_BY_APPLICATION);
    1763. 

  1763.             }
    1764. 

  1764.         }
    1765. 

  1765.     }
    1766. 

  1766. 

  1767.     /**
    1768. 

  1768.      * Sends Binary Packets
    1769. 

  1769.      *
    1770. 

  1770.      * See '6. Binary Packet Protocol' of rfc4253 for more info.
    1771. 

  1771.      *
    1772. 

  1772.      * @param String $data
    1773. 

  1773.      * @see SSH2::_get_binary_packet()
    1774. 

  1774.      * @return Boolean
    1775. 

  1775.      * @access private
    1776. 

  1776.      */
    1777. 

  1777.     function _send_binary_packet($data)
    1778. 

  1778.     {
    1779. 

  1779.         if (feof($this->fsock)) {
    1780. 

  1780.             user_error('Connection closed prematurely', E_USER_NOTICE);
    1781. 

  1781.             return false;
    1782. 

  1782.         }
    1783. 

  1783. 

  1784.         //if ($this->compress) {
    1785. 

  1785.         //    // the -4 removes the checksum:
    1786. 

  1786.         //    // http://php.net/function.gzcompress#57710
    1787. 

  1787.         //    $data = substr(gzcompress($data), 0, -4);
    1788. 

  1788.         //}
    1789. 

  1789. 

  1790.         // 4 (packet length) + 1 (padding length) + 4 (minimal padding amount) == 9
    1791. 

  1791.         $packet_length = strlen($data) + 9;
    1792. 

  1792.         // round up to the nearest $this->encrypt_block_size
    1793. 

  1793.         $packet_length+= (($this->encrypt_block_size - 1) * $packet_length) % $this->encrypt_block_size;
    1794. 

  1794.         // subtracting strlen($data) is obvious - subtracting 5 is necessary because of packet_length and padding_length
    1795. 

  1795.         $padding_length = $packet_length - strlen($data) - 5;
    1796. 

  1796. 

  1797.         $padding = '';
    1798. 

  1798.         for ($i = 0; $i < $padding_length; $i++) {
    1799. 

  1799.             $padding.= chr(self::crypt_random(0, 255));
    1800. 

  1800.         }
    1801. 

  1801. 

  1802.         // we subtract 4 from packet_length because the packet_length field isn't supposed to include itself
    1803. 

  1803.         $packet = pack('NCa*', $packet_length - 4, $padding_length, $data . $padding);
    1804. 

  1804. 

  1805.         $hmac = $this->hmac_create !== false ? $this->hmac_create->hash(pack('Na*', $this->send_seq_no, $packet)) : '';
    1806. 

  1806.         $this->send_seq_no++;
    1807. 

  1807. 

  1808.         if ($this->encrypt !== false) {
    1809. 

  1809.             $packet = $this->encrypt->encrypt($packet);
    1810. 

  1810.         }
    1811. 

  1811. 

  1812.         $packet.= $hmac;
    1813. 

  1813. 

  1814.         $start = strtok(microtime(), ' ') + strtok(''); // http://php.net/microtime#61838
    1815. 

  1815.         $result = strlen($packet) == fputs($this->fsock, $packet);
    1816. 

  1816.         $stop = strtok(microtime(), ' ') + strtok('');
    1817. 

  1817. 

  1818.         if (defined('NET_SSH2_LOGGING')) {
    1819. 

  1819.             $temp = isset($this->message_numbers[ord($data[0])]) ? $this->message_numbers[ord($data[0])] : 'UNKNOWN';
    1820. 

  1820.             $this->message_number_log[] = '-> ' . $temp .
    1821. 

  1821.                                           ' (' . round($stop - $start, 4) . 's)';
    1822. 

  1822.             $this->message_log[] = $data;
    1823. 

  1823.         }
    1824. 

  1824. 

  1825.         return $result;
    1826. 

  1826.     }
    1827. 

  1827. 

  1828.     /**
    1829. 

  1829.      * Sends channel data
    1830. 

  1830.      *
    1831. 

  1831.      * Spans multiple SSH_MSG_CHANNEL_DATAs if appropriate
    1832. 

  1832.      *
    1833. 

  1833.      * @return Boolean
    1834. 

  1834.      * @access private
    1835. 

  1835.      */
    1836. 

  1836.     function _send_channel_packet($data)
    1837. 

  1837.     {
    1838. 

  1838.         while (strlen($data) > $this->packet_size_client_to_server) {
    1839. 

  1839.             $packet = pack('CN2a*',
    1840. 

  1840.                 NET_SSH2_MSG_CHANNEL_DATA,
    1841. 

  1841.                 $this->server_channels[$this->client_channel],
    1842. 

  1842.                 $this->packet_size_client_to_server,
    1843. 

  1843.                 $this->_string_shift($data, $this->packet_size_client_to_server)
    1844. 

  1844.             );
    1845. 

  1845.             
    1846. 

  1846.             if (!$this->_send_binary_packet($packet)) {
    1847. 

  1847.                 return false;
    1848. 

  1848.             }
    1849. 

  1849.         }
    1850. 

  1850.         return $this->_send_binary_packet(pack('CN2a*',
    1851. 

  1851.             NET_SSH2_MSG_CHANNEL_DATA,
    1852. 

  1852.             $this->server_channels[$this->client_channel],
    1853. 

  1853.             strlen($data),
    1854. 

  1854.             $data));
    1855. 

  1855.     }
    1856. 

  1856. 

  1857.     /**
    1858. 

  1858.      * Disconnect
    1859. 

  1859.      *
    1860. 

  1860.      * @param Integer $reason
    1861. 

  1861.      * @return Boolean
    1862. 

  1862.      * @access private
    1863. 

  1863.      */
    1864. 

  1864.     function _disconnect($reason)
    1865. 

  1865.     {
    1866. 

  1866.         if ($this->bitmap) {
    1867. 

  1867.             $data = pack('CNNa*Na*', NET_SSH2_MSG_DISCONNECT, $reason, 0, '', 0, '');
    1868. 

  1868.             $this->_send_binary_packet($data);
    1869. 

  1869.             $this->bitmap = 0;
    1870. 

  1870.             fclose($this->fsock);
    1871. 

  1871.             return false;
    1872. 

  1872.         }
    1873. 

  1873.     }
    1874. 

  1874. 

  1875.     /**
    1876. 

  1876.      * String Shift
    1877. 

  1877.      *
    1878. 

  1878.      * Inspired by array_shift
    1879. 

  1879.      *
    1880. 

  1880.      * @param String $string
    1881. 

  1881.      * @param optional Integer $index
    1882. 

  1882.      * @return String
    1883. 

  1883.      * @access private
    1884. 

  1884.      */
    1885. 

  1885.     function _string_shift(&$string, $index = 1)
    1886. 

  1886.     {
    1887. 

  1887.         $substr = substr($string, 0, $index);
    1888. 

  1888.         $string = substr($string, $index);
    1889. 

  1889.         return $substr;
    1890. 

  1890.     }
    1891. 

  1891. 

  1892.     /**
    1893. 

  1893.      * Define Array
    1894. 

  1894.      *
    1895. 

  1895.      * Takes any number of arrays whose indices are integers and whose values are strings and defines a bunch of
    1896. 

  1896.      * named constants from it, using the value as the name of the constant and the index as the value of the constant.
    1897. 

  1897.      * If any of the constants that would be defined already exists, none of the constants will be defined.
    1898. 

  1898.      *
    1899. 

  1899.      * @param Array $array
    1900. 

  1900.      * @access private
    1901. 

  1901.      */
    1902. 

  1902.     function _define_array()
    1903. 

  1903.     {
    1904. 

  1904.         $args = func_get_args();
    1905. 

  1905.         foreach ($args as $arg) {
    1906. 

  1906.             foreach ($arg as $key=>$value) {
    1907. 

  1907.                 /*if (!isset($this->defined[$value])) {
    1908. 

  1908.                     $this->defined[$value] = $key;
    1909. 

  1909.                 }
    1910. 

  1910.                 else {
    1911. 

  1911.                     break 2;
    1912. 

  1912.                 }*/
    1913. 

  1913. 

  1914.                 if (!defined($value)) {
    1915. 

  1915.                     define($value, $key);
    1916. 

  1916.                 } else {
    1917. 

  1917.                     break 2;
    1918. 

  1918.                 }
    1919. 

  1919.             }
    1920. 

  1920.         }
    1921. 

  1921.     }
    1922. 

  1922. 

  1923.     private $defined = array();
    1924. 

  1924. 

  1925.     /**
    1926. 

  1926.      * Returns a log of the packets that have been sent and received.
    1927. 

  1927.      *
    1928. 

  1928.      * $type can be either NET_SSH2_LOG_SIMPLE or NET_SSH2_LOG_COMPLEX.  Enable by defining NET_SSH2_LOGGING.
    1929. 

  1929.      *
    1930. 

  1930.      * @param Integer $type
    1931. 

  1931.      * @access public
    1932. 

  1932.      * @return String or Array
    1933. 

  1933.      */
    1934. 

  1934.     function getLog($type = NET_SSH2_LOG_COMPLEX)
    1935. 

  1935.     {
    1936. 

  1936.         if ($type == NET_SSH2_LOG_SIMPLE) {
    1937. 

  1937.             return $this->message_number_log;
    1938. 

  1938.         }
    1939. 

  1939. 

  1940.         static $boundary = ':', $long_width = 65, $short_width = 15;
    1941. 

  1941. 

  1942.         $output = '';
    1943. 

  1943.         for ($i = 0; $i < count($this->message_log); $i++) {
    1944. 

  1944.             $output.= $this->message_number_log[$i] . "\r\n";
    1945. 

  1945.             $current_log = $this->message_log[$i];
    1946. 

  1946.             do {
    1947. 

  1947.                 $fragment = $this->_string_shift($current_log, $short_width);
    1948. 

  1948.                 $hex = substr(
    1949. 

  1949.                            preg_replace(
    1950. 

  1950.                                '#(.)#es',
    1951. 

  1951.                                '"' . $boundary . '" . str_pad(dechex(ord(substr("\\1", -1))), 2, "0", STR_PAD_LEFT)',
    1952. 

  1952.                                $fragment),
    1953. 

  1953.                            strlen($boundary)
    1954. 

  1954.                        );
    1955. 

  1955.                 // replace non ASCII printable characters with dots
    1956. 

  1956.                 // http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters
    1957. 

  1957.                 $raw = preg_replace('#[^\x20-\x7E]#', '.', $fragment);
    1958. 

  1958.                 $output.= str_pad($hex, $long_width - $short_width, ' ') . $raw . "\r\n";
    1959. 

  1959.             } while (!empty($current_log));
    1960. 

  1960.             $output.= "\r\n";
    1961. 

  1961.         }
    1962. 

  1962. 

  1963.         return $output;
    1964. 

  1964.     }
    1965. 

  1965. 

  1966.     /**
    1967. 

  1967.      * Returns Debug Information
    1968. 

  1968.      *
    1969. 

  1969.      * If any debug information is sent by the server, this function can be used to access it.
    1970. 

  1970.      *
    1971. 

  1971.      * @return String
    1972. 

  1972.      * @access public
    1973. 

  1973.      */
    1974. 

  1974.     function getDebugInfo()
    1975. 

  1975.     {
    1976. 

  1976.         return $this->debug_info;
    1977. 

  1977.     }
    1978. 

  1978. 

  1979.     /**
    1980. 

  1980.      * Return the server identification.
    1981. 

  1981.      *
    1982. 

  1982.      * @return String
    1983. 

  1983.      * @access public
    1984. 

  1984.      */
    1985. 

  1985.     function getServerIdentification()
    1986. 

  1986.     {
    1987. 

  1987.         return $this->server_identifier;
    1988. 

  1988.     }
    1989. 

  1989. 

  1990.     /**
    1991. 

  1991.      * Return a list of the key exchange algorithms the server supports.
    1992. 

  1992.      *
    1993. 

  1993.      * @return Array
    1994. 

  1994.      * @access public
    1995. 

  1995.      */
    1996. 

  1996.     function getKexAlgorithms()
    1997. 

  1997.     {
    1998. 

  1998.         return $this->kex_algorithms;
    1999. 

  1999.     }
    2000. 

  2000. 

  2001.     /**
    2002. 

  2002.      * Return a list of the host key (public key) algorithms the server supports.
    2003. 

  2003.      *
    2004. 

  2004.      * @return Array
    2005. 

  2005.      * @access public
    2006. 

  2006.      */
    2007. 

  2007.     function getServerHostKeyAlgorithms()
    2008. 

  2008.     {
    2009. 

  2009.         return $this->server_host_key_algorithms;
    2010. 

  2010.     }
    2011. 

  2011. 

  2012.     /**
    2013. 

  2013.      * Return a list of the (symmetric key) encryption algorithms the server supports, when receiving stuff from the client.
    2014. 

  2014.      *
    2015. 

  2015.      * @return Array
    2016. 

  2016.      * @access public
    2017. 

  2017.      */
    2018. 

  2018.     function getEncryptionAlgorithmsClient2Server()
    2019. 

  2019.     {
    2020. 

  2020.         return $this->encryption_algorithms_client_to_server;
    2021. 

  2021.     }
    2022. 

  2022. 

  2023.     /**
    2024. 

  2024.      * Return a list of the (symmetric key) encryption algorithms the server supports, when sending stuff to the client.
    2025. 

  2025.      *
    2026. 

  2026.      * @return Array
    2027. 

  2027.      * @access public
    2028. 

  2028.      */
    2029. 

  2029.     function getEncryptionAlgorithmsServer2Client()
    2030. 

  2030.     {
    2031. 

  2031.         return $this->encryption_algorithms_server_to_client;
    2032. 

  2032.     }
    2033. 

  2033. 

  2034.     /**
    2035. 

  2035.      * Return a list of the MAC algorithms the server supports, when receiving stuff from the client.
    2036. 

  2036.      *
    2037. 

  2037.      * @return Array
    2038. 

  2038.      * @access public
    2039. 

  2039.      */
    2040. 

  2040.     function getMACAlgorithmsClient2Server()
    2041. 

  2041.     {
    2042. 

  2042.         return $this->mac_algorithms_client_to_server;
    2043. 

  2043.     }
    2044. 

  2044. 

  2045.     /**
    2046. 

  2046.      * Return a list of the MAC algorithms the server supports, when sending stuff to the client.
    2047. 

  2047.      *
    2048. 

  2048.      * @return Array
    2049. 

  2049.      * @access public
    2050. 

  2050.      */
    2051. 

  2051.     function getMACAlgorithmsServer2Client()
    2052. 

  2052.     {
    2053. 

  2053.         return $this->mac_algorithms_server_to_client;
    2054. 

  2054.     }
    2055. 

  2055. 

  2056.     /**
    2057. 

  2057.      * Return a list of the compression algorithms the server supports, when receiving stuff from the client.
    2058. 

  2058.      *
    2059. 

  2059.      * @return Array
    2060. 

  2060.      * @access public
    2061. 

  2061.      */
    2062. 

  2062.     function getCompressionAlgorithmsClient2Server()
    2063. 

  2063.     {
    2064. 

  2064.         return $this->compression_algorithms_client_to_server;
    2065. 

  2065.     }
    2066. 

  2066. 

  2067.     /**
    2068. 

  2068.      * Return a list of the compression algorithms the server supports, when sending stuff to the client.
    2069. 

  2069.      *
    2070. 

  2070.      * @return Array
    2071. 

  2071.      * @access public
    2072. 

  2072.      */
    2073. 

  2073.     function getCompressionAlgorithmsServer2Client()
    2074. 

  2074.     {
    2075. 

  2075.         return $this->compression_algorithms_server_to_client;
    2076. 

  2076.     }
    2077. 

  2077. 

  2078.     /**
    2079. 

  2079.      * Return a list of the languages the server supports, when sending stuff to the client.
    2080. 

  2080.      *
    2081. 

  2081.      * @return Array
    2082. 

  2082.      * @access public
    2083. 

  2083.      */
    2084. 

  2084.     function getLanguagesServer2Client()
    2085. 

  2085.     {
    2086. 

  2086.         return $this->languages_server_to_client;
    2087. 

  2087.     }
    2088. 

  2088. 

  2089.     /**
    2090. 

  2090.      * Return a list of the languages the server supports, when receiving stuff from the client.
    2091. 

  2091.      *
    2092. 

  2092.      * @return Array
    2093. 

  2093.      * @access public
    2094. 

  2094.      */
    2095. 

  2095.     function getLanguagesClient2Server()
    2096. 

  2096.     {
    2097. 

  2097.         return $this->languages_client_to_server;
    2098. 

  2098.     }
    2099. 

  2099. 

  2100.     /**
    2101. 

  2101.      * Returns the server public host key.
    2102. 

  2102.      *
    2103. 

  2103.      * Caching this the first time you connect to a server and checking the result on subsequent connections
    2104. 

  2104.      * is recommended.
    2105. 

  2105.      *
    2106. 

  2106.      * @return Array
    2107. 

  2107.      * @access public
    2108. 

  2108.      */
    2109. 

  2109.     function getServerPublicHostKey()
    2110. 

  2110.     {
    2111. 

  2111.         return $this->server_public_host_key;
    2112. 

  2112.     }
    2113. 

  2113. 

  2114. 

  2115. 

  2116.     static function crypt_random($min = 0, $max = 0x7FFFFFFF, $randomness_path = '/dev/urandom')
    2117. 

  2117.     {
    2118. 

  2118.         static $seeded = false;
    2119. 

  2119. 

  2120.         if (!$seeded) {
    2121. 

  2121.             $seeded = true;
    2122. 

  2122. 

  2123.             try {
    2124. 

  2124.                 if (file_exists($randomness_path)) {
    2125. 

  2125.                     $fp = fopen($randomness_path, 'r');
    2126. 

  2126.                     $temp = unpack('Nint', fread($fp, 4));
    2127. 

  2127.                     mt_srand($temp['int']);
    2128. 

  2128.                     fclose($fp);
    2129. 

  2129.                 } else {
    2130. 

  2130.                     list($sec, $usec) = explode(' ', microtime());
    2131. 

  2131.                     mt_srand((float) $sec + ((float) $usec * 100000));
    2132. 

  2132.                 }
    2133. 

  2133.             }
    2134. 

  2134.             catch (\Exception $e) {
    2135. 

  2135.                 list($sec, $usec) = explode(' ', microtime());
    2136. 

  2136.                 mt_srand((float) $sec + ((float) $usec * 100000));
    2137. 

  2137.             }
    2138. 

  2138.         }
    2139. 

  2139. 

  2140.         return mt_rand($min, $max);
    2141. 

  2141.     }
    2142. 

  2142. }
    2143.