使用 phpseclib ssh2 exec() 函数时如何设置标志?
我正在使用 phpseclib 并且需要创建几个 php 函数,使某人能够以编程方式 ssh 进入他们的服务器并更改 root 密码,还可以更改可能忘记密码的用户的密码(因此必须以 root 身份登录)。
我尝试使用 libssh2,但发现它有点不好用。我现在正在寻找 phpseclib ,它看起来更强大。但是,当我尝试像这样使用 'su' 命令时:
echo $ssh->exec('su');
我得到回复:
su: must be run from a terminal
当我尝试使用 sudo 时:
echo $ssh->exec('sudo passwd root');
我收到错误:
sudo: no tty present and no askpass program specified
无论如何,事实证明 su 被禁用以进行直接 ssh 访问,但是在有了看看这篇文章,事实证明您可以使用以下命令来完成此操作:
ssh -t -t -l 'username' 'host' 'su -'
无论如何,当从我的笔记本电脑(运行 ubuntu)进入终端时,这最终对我有用,然后我输入了我的密码,然后是 root 密码以完成。
引用上面链接的网站:
当给出 -t 时,Ssh 命令(使用 -t)远程 sshd 建立到工作进程的“伪终端”管道。
。只要 ssh 的标准输入是终端,就会执行此操作。
。但如果 ssh 的标准输入是非终端,ssh 不会指示 sshd 建立
伪终端,除非给出两个 -t:回显密码| ssh -t -t -l 用户名远程主机
。因此,使用 -t -t (来自 ssh)sshd 为客户端进程设置一个伪终端。
。客户端,无论是“tty”还是“su”,都无法判断它已连接到虚构的>终端:
回声虚拟str | ssh -t -t -l 用户名 host.com -c ''tty'
回显密码| ssh -t -t -l 用户名 host.com -c 'su -'
所以答案就有了。如果您通过交互式客户端 ssh(例如 OpenBSD 中的 ssh)在 Linux 机器上“su root”,请使用 double -t。
所以,它实际上是从终端工作的,正如我上面所说的,使用:
ssh -t -t -l 'username' 'host' 'su -'
但我真的希望能够使用 phpseclib 执行这个命令。唯一的问题是我不知道如何将任何标志放入 exec() 函数中。具体来说,我需要放入 -t 标志(两次)。
我找了好久却找不到任何东西。非常感谢对此的一些帮助。也对这篇文章的长度感到抱歉。 :)
干杯
乔
I'm using phpseclib and need to make a couple of php functions that enable someone to programmatically ssh into their server and change the root password and also change the password of a user that may have forgotten their password (so have to be logged in as root).
I tried using libssh2, but found it a bit nasty to use. I'm now looking at phpseclib which seems more robust. But when I tried to use the 'su' command like so:
echo $ssh->exec('su');
I get the reply:
su: must be run from a terminal
and when I try to use sudo:
echo $ssh->exec('sudo passwd root');
I get the error:
sudo: no tty present and no askpass program specified
Anyway, it turns out that su is disabled for direct ssh access, but after having a look at this article, it turns out you can do it with the following command:
ssh -t -t -l 'username' 'host' 'su -'
That's what finally worked for me anyway when entering into a terminal from my laptop (running ubuntu), and then I entered my password and then the root password to finish off.
Quoting from the site linked to above:
Ssh commands (using -t) the remote sshd to establish a 'pseudo-terminal' pipe to the worker process when -t is given.
. ssh does this as long as its stdin is a terminal.
. But if ssh's stdin is a non-terminal, ssh won't direct sshd to establish a
pseudo-terminal unless TWO -t's are given:echo password | ssh -t -t -l username remote_host
. So with -t -t (from ssh) sshd sets up a pseudo-terminal to the client process.
. The client, whether it be 'tty' or 'su' cannot tell it is connected to a ficticious >terminal:
echo dummystr | ssh -t -t -l username host.com -c ''tty'
echo password | ssh -t -t -l username host.com -c 'su -'
So there is the answer. Use double -t if you are 'su root'ing' on a linux box through an >interactive client ssh like the one from OpenBSD.
So, it actually worked from the terminal as I said above using:
ssh -t -t -l 'username' 'host' 'su -'
but I really want to be able to execute this command using phpseclib. Only thing is I don't know how to put in any flags into the exec() function. Specifically, I need to put in the -t flags (twice).
I've looked for ages and can't find anything. Be really grateful for some help on this. Sorry about the length of this post as well. :)
Cheers
Joe
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果 sudo passwd root 需要 tty,请尝试 phpseclib 中的 read() / write()。例如。
实际上,我只是从您的其他帖子中复制/粘贴: php ssh2_exec 未执行'su' 命令
看起来您在那里得到了一些帮助,然后停止了跟进?有人建议您需要在命令中添加新行。你尝试过吗?他们还建议在 phpseclib 支持论坛上发帖。对我来说似乎是一个很好的建议......
If sudo passwd root requires a tty try read() / write() in phpseclib. eg.
Actually, I'm just copy / pasting from your other post: php ssh2_exec not executing 'su' command
Looks like you were getting some help there and then stopped following up? Someone suggested you need to add new lines to your commands. Did you try that? They also suggested posting on the phpseclib support forums. Seems like a good bit of advice to me...
调用来启用伪终端
您可以在登录后但在执行之前 。这将防止它抱怨丢失的 tty。
You can enable the pseudoterminal by calling
after you login, but before the exec. This will prevent it from complaining about the missing tty.
我暂时研究了 phpseclib 的
Net_SSH2。看起来它使用套接字连接到服务器。所以没有办法传入-t两次。这不是ssh调用。既然您在问题中提到了 libssh2,就有一个支持它的 PEAR 包装器,可能会让事情变得更容易,代码目前仅在 SVN 中。 PEAR 包装器也称为 Net_SSH2,但与 phpseclib 的 Net_SSH2 不同(令人困惑)。
在此处查看代码:
要下载它,请使用以下命令进行 svn 签出:
小示例:
这有帮助吗?
I looked into phpseclib's
Net_SSH2for the time being. It looks like it uses sockets to connect to the server. So there's no way to pass in-ttwice. It's not ansshcall.Since you mentioned libssh2 in your question, there's a PEAR wrapper which supports it, might make things easier, the code is only in SVN currently. The PEAR wrapper is called
Net_SSH2as well, but is different from phpseclib'sNet_SSH2(confusing).Check out the code here:
To download it, do an svn checkout out with:
Small example:
Would that help?