KenHorse Posted June 30, 2023 Share Posted June 30, 2023 (edited) I've been using the following script snippet to connect to a remote server in order to run lm-sensors on the remote server and it's worked fine (I've changed the IP and password for this post of course) $connection = ssh2_connect('xxx.xxx.xxx.x', 22); ssh2_auth_password($connection, 'root', 'xxxxxx'); if($output = ssh2_exec($connection, 'sensors')) { stream_set_blocking($output, true); $x = stream_get_contents($output); } This script runs on a Debian 10 machine and the remote server USED to also be Debian 10 but it was recently upgraded to Debian 12 (Bookworm) and now the script reports the following errors: PHP Warning: ssh2_connect(): Error starting up SSH connection(-5): Unable to exchange encryption keys in /var/www/html/get_temp.php on line 3 PHP Warning: ssh2_connect(): Unable to connect to xxx.xxx.xxx.x in /var/www/html/get_temp.php on line 3 PHP Warning: ssh2_auth_password() expects parameter 1 to be resource, bool given in /var/www/html/get_temp.php on line 4 PHP Warning: ssh2_exec() expects parameter 1 to be resource, bool given in /var/www/html/get_temp.php on line 6 I can connect using ssh from the command line (ssh @ xxx.xxx.xxx.x) and that works fine. I'm not a total newbie to Linux but I'm no expert either so any help would be appreciated Edited June 30, 2023 by KenHorse Quote Link to comment Share on other sites More sharing options...
gw1500se Posted June 30, 2023 Share Posted June 30, 2023 Look for an error in the httpd logs. This error in PHP, I think, is generic. Quote Link to comment Share on other sites More sharing options...
KenHorse Posted June 30, 2023 Author Share Posted June 30, 2023 (edited) These errors are from running the script from the command line Edited June 30, 2023 by KenHorse Quote Link to comment Share on other sites More sharing options...
kicken Posted June 30, 2023 Share Posted June 30, 2023 You probably need to update your php and/or openssl and/or libssh versions. The error is likely because your client does not support any crypto algorithms that the server does so the encrypted channel cannot be established. Quote Link to comment Share on other sites More sharing options...
gizmola Posted July 2, 2023 Share Posted July 2, 2023 It would be helpful if you provided the version of libssh on the client server running php, as well as the php version. Likely this issue is that you have libssh2, and the message is telling you that the key exchange doesn't work. This is because libssh2 upon which the php routines were built, used diffie-hellman-group1-sha1, and the version of openssh no longer will accept that exchange, hence the error. To understand why this all came about, you can read about the Logjam exploit which attacked the SHA1 key exchange, as well as recommended configuration changes to a variety of commonly used services. While openssh was not specifically vulnerable to logjam, given its focus on openssl, there was still a concern that the key exchange had a weakness, so support for diffie-hellman-group1-sha1 was removed from openssh. This page has more specifics. So at this point, you should be able to remedy the problem with an upgrade of libssh2 to a more modern version (version >= 1.7) which supports newer key exchange methods. One alternative to the reliance on the php extension would be to modify your code to use phpseclib instead, which supports modern servers. Quote Link to comment Share on other sites More sharing options...
KenHorse Posted July 2, 2023 Author Share Posted July 2, 2023 I found the fix On the Debian 12 server, I added the following to /etc/ssh/sshd_config HostKeyAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa As this server is on a private LAN, security isn't an issue Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.