phpsshsftpphpseclibpublic-key-exchange

Unable to open SFTP Connection via phpseclib

I am trying to open a sftp connection via latest phpseclib version.

I can successfully connect via Filezilla, where i was prompted to accept the servers fingerprint on first connection attempt too.

Here is the log prouced by:

        define('NET_SSH2_LOGGING', 2);

        define('NET_SFTP_LOGGING', NET_SFTP_LOG_COMPLEX);

            $errorLog = $sftp->getLog();
            $sFtpErrorLog = $sftp->getSFTPLog();

            Mage::log(print_r($errorLog, true), null, "ssh2.log");
            Mage::log(print_r($sFtpErrorLog, true), null, "sftp.log");

They both produce the same output:

<-
00000000  53:53:48:2d:32:2e:30:2d:52:65:62:65:78:53:53:48  SSH-2.0-RebexSSH
00000010  5f:31:2e:30:2e:32:2e:32:37:30:36:39:0d:0a        _1.0.2.27069..

->
00000000  53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69  SSH-2.0-phpsecli
00000010  62:5f:31:2e:30:20:28:6f:70:65:6e:73:73:6c:2c:20  b_1.0 (openssl,
00000020  62:63:6d:61:74:68:29:0d:0a                       bcmath)..

-> NET_SSH2_MSG_KEXINIT (since last: 0.1058, network: 0.0002s)
00000000  fc:6a:43:b8:2b:e7:ba:bf:e2:78:55:4c:38:3e:39:fd  .jC.+....xUL8>9.
00000010  00:00:00:7e:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ...~diffie-hellm
00000020  61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:2c:64  an-group1-sha1,d
00000030  69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72  iffie-hellman-gr
00000040  6f:75:70:31:34:2d:73:68:61:31:2c:64:69:66:66:69  oup14-sha1,diffi
00000050  65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:2d  e-hellman-group-
00000060  65:78:63:68:61:6e:67:65:2d:73:68:61:31:2c:64:69  exchange-sha1,di
00000070  66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f  ffie-hellman-gro
00000080  75:70:2d:65:78:63:68:61:6e:67:65:2d:73:68:61:32  up-exchange-sha2
00000090  35:36:00:00:00:0f:73:73:68:2d:72:73:61:2c:73:73  56....ssh-rsa,ss
000000a0  68:2d:64:73:73:00:00:00:00:00:00:00:00:00:00:00  h-dss...........
000000b0  39:68:6d:61:63:2d:73:68:61:32:2d:32:35:36:2c:68  9hmac-sha2-256,h
000000c0  6d:61:63:2d:73:68:61:31:2d:39:36:2c:68:6d:61:63  mac-sha1-96,hmac
000000d0  2d:73:68:61:31:2c:68:6d:61:63:2d:6d:64:35:2d:39  -sha1,hmac-md5-9
000000e0  36:2c:68:6d:61:63:2d:6d:64:35:00:00:00:39:68:6d  6,hmac-md5...9hm
000000f0  61:63:2d:73:68:61:32:2d:32:35:36:2c:68:6d:61:63  ac-sha2-256,hmac
00000100  2d:73:68:61:31:2d:39:36:2c:68:6d:61:63:2d:73:68  -sha1-96,hmac-sh
00000110  61:31:2c:68:6d:61:63:2d:6d:64:35:2d:39:36:2c:68  a1,hmac-md5-96,h
00000120  6d:61:63:2d:6d:64:35:00:00:00:04:6e:6f:6e:65:00  mac-md5....none.
00000130  00:00:04:6e:6f:6e:65:00:00:00:00:00:00:00:00:00  ...none.........
00000140  00:00:00:00                                      ....

<- NET_SSH2_MSG_KEXINIT (since last: 0.0006, network: 0.0002s)
00000000  a0:67:43:5a:e0:d8:e7:0f:26:a1:87:68:58:8a:46:3f  .gCZ....&..hX.F?
00000010  00:00:00:7e:64:69:66:66:69:65:2d:68:65:6c:6c:6d  ...~diffie-hellm
00000020  61:6e:2d:67:72:6f:75:70:2d:65:78:63:68:61:6e:67  an-group-exchang
00000030  65:2d:73:68:61:32:35:36:2c:64:69:66:66:69:65:2d  e-sha256,diffie-
00000040  68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:2d:65:78  hellman-group-ex
00000050  63:68:61:6e:67:65:2d:73:68:61:31:2c:64:69:66:66  change-sha1,diff
00000060  69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70  ie-hellman-group
00000070  31:34:2d:73:68:61:31:2c:64:69:66:66:69:65:2d:68  14-sha1,diffie-h
00000080  65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:2d:73:68  ellman-group1-sh
00000090  61:31:00:00:00:26:73:73:68:2d:72:73:61:2c:73:73  a1...&ssh-rsa,ss
000000a0  68:2d:72:73:61:2d:73:68:61:32:35:36:40:73:73:68  h-rsa-sha256@ssh
000000b0  2e:63:6f:6d:2c:73:73:68:2d:64:73:73:00:00:00:e9  .com,ssh-dss....
000000c0  61:65:73:32:35:36:2d:63:74:72:2c:61:65:73:31:39  aes256-ctr,aes19
000000d0  32:2d:63:74:72:2c:61:65:73:31:32:38:2d:63:74:72  2-ctr,aes128-ctr
000000e0  2c:33:64:65:73:2d:63:74:72:2c:74:77:6f:66:69:73  ,3des-ctr,twofis
000000f0  68:32:35:36:2d:63:74:72:2c:74:77:6f:66:69:73:68  h256-ctr,twofish
00000100  31:39:32:2d:63:74:72:2c:74:77:6f:66:69:73:68:31  192-ctr,twofish1
00000110  32:38:2d:63:74:72:2c:62:6c:6f:77:66:69:73:68:2d  28-ctr,blowfish-
00000120  63:74:72:2c:61:65:73:32:35:36:2d:63:62:63:2c:61  ctr,aes256-cbc,a
00000130  65:73:31:39:32:2d:63:62:63:2c:61:65:73:31:32:38  es192-cbc,aes128
00000140  2d:63:62:63:2c:33:64:65:73:2d:63:62:63:2c:74:77  -cbc,3des-cbc,tw
00000150  6f:66:69:73:68:32:35:36:2d:63:62:63:2c:74:77:6f  ofish256-cbc,two
00000160  66:69:73:68:31:39:32:2d:63:62:63:2c:74:77:6f:66  fish192-cbc,twof
00000170  69:73:68:31:32:38:2d:63:62:63:2c:74:77:6f:66:69  ish128-cbc,twofi
00000180  73:68:2d:63:62:63:2c:62:6c:6f:77:66:69:73:68:2d  sh-cbc,blowfish-
00000190  63:62:63:2c:61:72:63:66:6f:75:72:32:35:36:2c:61  cbc,arcfour256,a
000001a0  72:63:66:6f:75:72:31:32:38:00:00:00:e9:61:65:73  rcfour128....aes
000001b0  32:35:36:2d:63:74:72:2c:61:65:73:31:39:32:2d:63  256-ctr,aes192-c
000001c0  74:72:2c:61:65:73:31:32:38:2d:63:74:72:2c:33:64  tr,aes128-ctr,3d
000001d0  65:73:2d:63:74:72:2c:74:77:6f:66:69:73:68:32:35  es-ctr,twofish25
000001e0  36:2d:63:74:72:2c:74:77:6f:66:69:73:68:31:39:32  6-ctr,twofish192
000001f0  2d:63:74:72:2c:74:77:6f:66:69:73:68:31:32:38:2d  -ctr,twofish128-
00000200  63:74:72:2c:62:6c:6f:77:66:69:73:68:2d:63:74:72  ctr,blowfish-ctr
00000210  2c:61:65:73:32:35:36:2d:63:62:63:2c:61:65:73:31  ,aes256-cbc,aes1
00000220  39:32:2d:63:62:63:2c:61:65:73:31:32:38:2d:63:62  92-cbc,aes128-cb
00000230  63:2c:33:64:65:73:2d:63:62:63:2c:74:77:6f:66:69  c,3des-cbc,twofi
00000240  73:68:32:35:36:2d:63:62:63:2c:74:77:6f:66:69:73  sh256-cbc,twofis
00000250  68:31:39:32:2d:63:62:63:2c:74:77:6f:66:69:73:68  h192-cbc,twofish
00000260  31:32:38:2d:63:62:63:2c:74:77:6f:66:69:73:68:2d  128-cbc,twofish-
00000270  63:62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:62:63  cbc,blowfish-cbc
00000280  2c:61:72:63:66:6f:75:72:32:35:36:2c:61:72:63:66  ,arcfour256,arcf
00000290  6f:75:72:31:32:38:00:00:00:2e:68:6d:61:63:2d:73  our128....hmac-s
000002a0  68:61:31:2c:68:6d:61:63:2d:6d:64:35:2c:68:6d:61  ha1,hmac-md5,hma
000002b0  63:2d:73:68:61:32:2d:32:35:36:2c:68:6d:61:63:2d  c-sha2-256,hmac-
000002c0  73:68:61:32:2d:35:31:32:00:00:00:2e:68:6d:61:63  sha2-512....hmac
000002d0  2d:73:68:61:31:2c:68:6d:61:63:2d:6d:64:35:2c:68  -sha1,hmac-md5,h
000002e0  6d:61:63:2d:73:68:61:32:2d:32:35:36:2c:68:6d:61  mac-sha2-256,hma
000002f0  63:2d:73:68:61:32:2d:35:31:32:00:00:00:04:6e:6f  c-sha2-512....no
00000300  6e:65:00:00:00:04:6e:6f:6e:65:00:00:00:00:00:00  ne....none......
00000310  00:00:00:00:00:00:00                             .......

But that's it. It just fails after these init messages. From what i can see / understand they both use key exchange algorithms each end should understand like diffie-hellman-group-exchange-256

So what's the problem, why does it not send the NET_SSH2_MSG_KEXDH_INIT message?

Solution

  • Hannes Geist is on the money. Because you're using phpseclib 1.0 you need to set the include_path. You can do so in php.ini, apache.conf or like this, in PHP, itself:

    set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');

    The reason I think that's the issue: the NET_SSH2_MSG_KEXDH_INIT that phpseclib is sending out doesn't have any symmetric key algorithms in it. phpseclib 1.0 generates the list of supported symmetric key algorithms by seeing which of them it can load. In this case it can't load any of them so it doesn't send any over. The server sees that the client doesn't support any of the algorithms that it supports and thus the connection is never made.