我正试图通过代理使用rsa私钥auth连接到sftp。
use phpseclibNetSFTP;
use phpseclibCryptRSA;
$proxyHost = 'proxy-host';
$proxyPort = 1080;
$fsock = fsockopen($proxyHost, $proxyPort);
$host = 'sftp.hostname.com';
$login = 'sftp_login';
$privatekey = file_get_contents('sftp_private.ppk');
$password = new RSA();
$password->loadKey($privatekey);
$request = "CONNECT $host:22 HTTP/1.0rnContent-Length: 0rnrn";
if(fputs($fsock, $request) != strlen($request)) {
exit("premature termination");
}
while ($line = fgets($fsock, 1024)) {
if ($line == "rn") {
break;
}
//echo $line;
}
$sftp = new SFTP($fsock);
if (!$sftp->login($login, $password)) {
exit('Login Failed');
}
我得到"登录失败"退出。
感谢
报价https://github.com/phpseclib/phpseclib/issues/1460:
端口1080通常用于SOCKS5代理,而不是HTTP代理。
假设你使用的是SOCKS5代理,那么应该是这样的工作:
// SSH connection info $port = 22; $address = 'localhost'; // SOCKS5 connection info $fsock = fsockopen('127.0.0.1', 1080, $errno, $errstr, 1); if (!$fsock) { throw new Exception($errstr); } $port = pack('n', $port); $address = chr(strlen($address)) . $address; $request = "51 "; if (fwrite($fsock, $request) != strlen($request)) { throw new Exception('Premature termination'); } $response = fread($fsock, 2); if ($response != "5 ") { throw new Exception('Unsupported protocol or unsupported method'); } $request = "51 3$address$port"; if (fwrite($fsock, $request) != strlen($request)) { throw new Exception('Premature termination'); } $response = fread($fsock, strlen($address) + 6); if (substr($response, 0, 2) != "5 ") { echo bin2hex($response) . "n"; throw new Exception("Unsupported protocol or connection refused"); } $ssh = new SSH2($fsock); $ssh->login('username', 'password'); echo $ssh->exec('ls -latr');
也就是说,SOCKS5比这个样本有更多的铃铛和口哨代码当前可容纳。真的,最好是一个完整的SOCKS5级。
希望它能帮助其他人。