0

I need to access a Linux machine from Windows 7 via PHP.

For that I created simple bat (MyScript.bat) script containing plink.

c:\wamp\www\abc\plink.exe user1@192.168.70.128 -pw l1c -C "df -h">11.txt

When I am executing the bat script, it's working fine, i.e. the output is written in file 11.txt

But when I am accessing it from PHP, the 11.txt is created without data

echo exec('MyScript.bat');

Moreover, in browser, the script commands are displayed as text. I even tried to use print_r for the display.

"c:\wamp\www\abc\plink.exe user1@192.168.70.128 -pw l1c -C "df -h">11.txt
illright
  • 3,586
  • 2
  • 24
  • 43
Salman Raza
  • 15
  • 7

1 Answers1

0

Do not launch external tool for SSH.

PHP has native support for SSH.

Or use phpseclib:

require __DIR__ . '/vendor/autoload.php';

use phpseclib\Net\SSH2;

$ssh = new SSH2($hostname);
if ($ssh->login($username, $password))
{
    echo $ssh->exec("df -h");
}

See http://phpseclib.sourceforge.net/ssh/2.0/examples.html

Anyway, if you want to use Plink, redirect also the standard error output to debug your problem:

plink.exe .. dir > 11.txt 2>&1

See Redirect Windows cmd stdout and stderr to a single file.

You are for sure missing the -hostkey switch to explicitly specify a fingerprint of the trusted hostkey.

Martin Prikryl
  • 147,050
  • 42
  • 335
  • 704
  • I tried to use use phpseclib, but it was given error message : "No compatible server to client encryption algorithms found" – Salman Raza Mar 28 '17 at 06:33
  • Yes I am not using -hotkey as my application required to login with passwords . – Salman Raza Mar 28 '17 at 06:34
  • Previously I was unable to use PHP native ssh2 in windows 7 due to compatibility issues, but now I am able to configured it and it is working fine. Although my problem is resolved but I am still interested to know why plink was not working with php. I'll try to redirect the standard error and let you know. Thanks a lot. – Salman Raza Mar 28 '17 at 06:43
  • The `-hostkey` has nothing to do with authentication. It's about verifying that you trust the server public key. You have to do that no matter what authentication you are using. – Martin Prikryl Mar 28 '17 at 07:43
  • phpseclib: What does `$ssh->getLog();` say? – Martin Prikryl Mar 28 '17 at 07:44
  • The server's host key is not cached in the registry. You have no guarantee that the server is the computer you think it is. The server's rsa2 key fingerprint is: ssh-rsa 2048 XX:16:54:a2:55:xx:62:f9:c9:bb:16:2e:cc:a3:e6:48 If you trust this host, enter "y" to add the key to PuTTY's cache and carry on connecting. If you want to carry on connecting just once, without adding the key to the cache, enter "n". If you do not trust this host, press Return to abandon the connection. Store key in cache? (y/n) Connection abandoned. – Salman Raza Mar 28 '17 at 07:55
  • As I said, you have to add `-hostkey=XX:16:54:a2:55:xx:62:f9:c9:bb:16:2e:cc:a3:e6:48`. – Martin Prikryl Mar 28 '17 at 07:56
  • Ok, So I have to add the fingerprint to -hostkey – Salman Raza Mar 28 '17 at 07:58
  • Yes. Of course, after you check that the fingerprint is correct. – Martin Prikryl Mar 28 '17 at 07:58
  • Could you please guide me how to add -hostkey, when I am accessing machine from command prompt: plink.exe then it is not asking for hostkey(as I already press yes on my first attempt) but while using it from php it is still given error – Salman Raza Mar 28 '17 at 08:06
  • I'm not sure what you want to guide though. Just add it to the command line in the batch file. - When you pressed "yes" on a command prompt (hopefully after you really verified the host key!), the key was cached in Windows registry of your local account. But your wamp runs using some system account, hence a different registry hive. – Martin Prikryl Mar 28 '17 at 08:10
  • It done. thanks so much, now I am able to access data from Linux machine via using plink from php. – Salman Raza Mar 28 '17 at 08:14
  • Basically I edited my script. I used echo to pipe "y" to plink.exe. (Reference https://deangrant.wordpress.com/2012/05/16/accept-server-host-key-when-automating-ssh-session-using-putty-plink/) – Salman Raza Mar 28 '17 at 08:21
  • No! No! No! Don't! You are loosing protection against [man-in-the-middle attacks](https://en.wikipedia.org/wiki/Man-in-the-middle_attack). What's so difficult about adding the `-hostkey` to your batch file? `"c:\wamp\www\abc\plink.exe user1@192.168.70.128 -pw l1c -C -hostkey XX:16:54:a2:55:xx:62:f9:c9:bb:16:2e:cc:a3:e6:48 "df -h">11.txt` (I was wrong previously with the equal sign). – Martin Prikryl Mar 28 '17 at 08:24
  • I am not adding the key to command line because my application will access multiple Linux machines from windows( around 30 to 40), It will be a in house application, so it will be difficult to add host key of each server, moreover if new server add then we also need to modify code again to hardcode key of new server. – Salman Raza Mar 28 '17 at 08:30
  • Then there's no point using SSH, as you won't be protected. You just pretend security. – Martin Prikryl Mar 28 '17 at 08:32
  • I understand, as I mentioned in my previous comments, I will use php native ssh, it will be secure. – Salman Raza Mar 28 '17 at 08:39
  • No. The fact that the PHP SSH library (contrary to Plink) does not enforce host key verification by default, does not mean that it's secure no to do it. You have to use `ssh2_fingerprint` to verify that you have connected where you intended. See https://secure.php.net/manual/en/function.ssh2-fingerprint.php – Martin Prikryl Mar 28 '17 at 08:56
  • Thats very helpful, thanks, I will definitely include mechanism to incorporate ssh2_fingerprint in my code. – Salman Raza Mar 28 '17 at 09:35