using phpseclib with net_ssh how to su to root using $ssh->exec

Asked 11/2, 2013 at 18:36 Answered 20/2, 2013 at 12:30

php ssh command-line-interface phpseclib

So i need to execute one command but it will only run if i su to root (or sudo ) but I can't seem to figure out how to send the command to su to root

(i can log in and execute other commands with loginuser fine)

http://phpseclib.sourceforge.net/ssh/examples.html

My code as follows

<?php
include('Net/SSH2.php');

$ssh = new Net_SSH2('255.255.255.255',22);
if (!$ssh->login('loginuser', 'fakepassword')) {
    exit('Login Failed');
}

echo $ssh->read('[prompt]');
echo $ssh->write("su\n");
echo $ssh->read('Password:');
echo $ssh->write("rootfakepassword");
echo $ssh->read('[prompt]');
echo $ssh->exec('cc get_wireless_status');
?>

I've also tried using the exec command to do roughly the same thing with no luck

any suggestions?

current revision of the code (doesnt work)

<?php
    include('Net/SSH2.php');

    $ssh = new Net_SSH2('255.255.99.74',22);
    if (!$ssh->login('loginuser', 'password')) {
        exit('Login Failed');
    }

    echo $ssh->read('loginuser@intranet:/home/login >');
    $ssh->write("su\n");
    echo $ssh->read('Password:');
    $ssh->write("rootpassword\n");
    echo $ssh->read('intranet:/home/login #');
    $ssh->write("cc get_wireless_status\n");
    echo $ssh->read('[prompt]');
?>

putty text of log in

login as: loginuser
[email protected]'s password:
Last login: Thu Feb 14 13:57:16 2013 from infong1045.lxa.perfora.net


Sophos UTM
(C) Copyrights by Astaro and by others 2000-2012.
For more copyright information look at /doc/astaro-license.txt
or http://www.astaro.com/doc/astaro-license.txt

NOTE: Any modifications done by root will void your support.
      Please use WebAdmin for any configuration changes.

loginuser@intranet:/home/login > su
Password:
intranet:/home/login #

response from code on newest version

Last login: Thu Feb 14 14:00:00 2013 from 10.10.10.194 Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > Last login: Tue Feb 19 11:09:18 2013 from infong1045.lxa.perfora.net Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > su Password: intranet:/home/login # Last login: Tue Feb 19 11:09:23 2013 from infong1045.lxa.perfora.net Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > cc get_wireless_status -bash: /usr/local/bin/confd-client.plx: Permission denied loginuser@intranet:/home/login >

Cronyism answered 11/2, 2013 at 18:36 Comment(7)

Do you get errors? Or is it hanging while waiting for the password? – Irbm 11/2, 2013 at 18:38

Sorry it hangs for quiet some time and it will error out after 2-3 min but I didn't copy the error but itwas something like such and such timed out. – Cronyism 11/2, 2013 at 19:48

'error out' Do you have an error message? – Irbm 11/2, 2013 at 19:58

I gett this message:Gateway Time-out The gateway did not receive a timely response from the upstream server or application. When i check the ssh log on the router i see it has connected and logged inas "loginuser" – Cronyism 12/2, 2013 at 3:45

Hmmm. Thats a HTTP error message. Do you execute the script from command line or from a web page? – Irbm 12/2, 2013 at 9:54

website...... I think the session is just timing out. If i do the same thing thing with echo $ssh->exec('pwd'); echo $ssh->exec('ls -la'); It displays the correct text – Cronyism 12/2, 2013 at 16:48

Is this for an Astaro Security Gateway? – Moisture 14/2, 2013 at 2:18

This should work:

<?php
    include('Net/SSH2.php');

    $ssh = new Net_SSH2('www.domain.tld');
    if (!$ssh->login('username', 'password')) {
        exit('Login Failed');
    }

    echo $ssh->read('username@username:~$');
    $ssh->write("su\n");
    echo $ssh->read('Password:');
    $ssh->write("password\n");
    echo $ssh->read('username@username:~#');
    $ssh->write("cc get_wireless_status\n");
    echo $ssh->read('[prompt]');
?>

Plessor answered 13/2, 2013 at 3:19 Comment(10)

Your answer is better than mine - I didn't notice that the op was using exec for the last command. Nice catch! – Blessed 13/2, 2013 at 13:55

thanks for your answer but it appears to do the same thing waiting on the server – Cronyism 13/2, 2013 at 21:42

do i need to match the read line to match the acutal username? loginuser@intranet:/home/login > loginuser@intranet:/home/login > su Password: intranet:/home/login # – Cronyism 13/2, 2013 at 23:47

Yes. It needs to match the prompt exactly. See phpseclib.sourceforge.net/ssh/examples.html#password,timeout, – Blessed 14/2, 2013 at 3:27

ill test, Do i really need to read the prompt? or can i bypass that alltogether? – Cronyism 14/2, 2013 at 18:52

I modified the read sections to match but still nothing Maybe im missing something but i posted the output from putty in the original post – Cronyism 14/2, 2013 at 19:3

So where is it halting? Is it halting after the first read(), the second() or the third? – Blessed 14/2, 2013 at 19:53

It's also possible, incidentally, that there are ANSI escape codes in the prompt that you're just not seeing. Like maybe the prompt isn't the standard gray text for example. To see if that's the case I'd need to take a look at your SSH logs, which can be gotten thusly: phpseclib.sourceforge.net/ssh/examples.html#logging (in particular, make note of the define() and the $ssh->getLog()) – Blessed 14/2, 2013 at 20:59

I have no way to know where its haulting – Cronyism 15/2, 2013 at 2:27

Put an exit ('whatever'); after the first write(). If it's hanging after that it'll display. If it's hanging before that it won't. Then move the exit down (or up) line by line until you find out where it /is/ hanging. – Blessed 15/2, 2013 at 2:45

<?php
    include('Net/SSH2.php');

    $ssh = new Net_SSH2('www.domain.tld');
    if (!$ssh->login('username', 'password')) {
        exit('Login Failed');
    }

    $ssh->setTimeout(5);
    echo $ssh->read('username@username:~$');
    $ssh->write("su\n");
    echo $ssh->read('Password:');
    $ssh->write("password\n");
    echo $ssh->read('username@username:~#');
    $ssh->write("cc get_wireless_status\n");
    echo $ssh->read('[prompt]');
?>

I modified your code snippet to include a setTimeout(). So if one call to read() is failing that call will timeout and echo out the data that it's gotten up to that point.

Locular answered 15/2, 2013 at 3:6 Comment(1)

screen output is pasted at the bottom of my main question above (thanks so much i feel like were getting closer) – Cronyism 19/2, 2013 at 16:15

You probably need to do echo $ssh->write("rootfakepassword\n");

ie. note the \n.

When you're running the command in putty or whatever you have to hit enter. This fact would need to be reflected in what you're sending to the server via phpseclib as well.

Blessed answered 12/2, 2013 at 19:38 Comment(0)

Su is not the way to go here. Instead, use sudo, while adding yourself to the /etc/sudoers file with a NOPASSWD flag, and then simply issuing sudo commands. You can find out how to do this here.

Alternatively, you can use expect inside your phpseclib script in order to spawn a root shell (this is not recommended, and is a pretty dirty trick):

echo $ssh->exec('expect -c \'log_user 0; set timeout -1; spawn /bin/su; expect "Password:"; send "rootpassword\r"; expect "\r\n"; send "/usr/bin/id\r\n"; log_user 1; expect "uid=0"\'');

On the machine I am trying this on, I get the following output:

/usr/bin/id

root@machine:/home/user# /usr/bin/id uid=0(root) gid=0(root) groups=0(root)

Again, this method is dirty and has a lot of unwanted output, which you could trim I guess, if you read a bit of expect documentation. Sorry for not providing you with a cleaner solution, but I am afraid this is as good as it can get.

Material answered 20/2, 2013 at 12:30 Comment(1)

this is on a work router, i don't want to alter the os in anyway – Cronyism 22/2, 2013 at 9:45

Recommended topics

Hot tags