Jump to content

connect_ssh2


KenHorse

Recommended Posts

I've been using the following script snippet to connect to a remote server in order to run lm-sensors on the remote server and it's worked fine (I've changed the IP and password for this post of course)
 

$connection = ssh2_connect('xxx.xxx.xxx.x', 22); 
ssh2_auth_password($connection, 'root', 'xxxxxx');

if($output = ssh2_exec($connection, 'sensors')) { 
  stream_set_blocking($output, true); 
  $x = stream_get_contents($output); 
}


This script runs on a Debian 10 machine and the remote server USED to also be Debian 10 but it was recently upgraded to Debian 12 (Bookworm) and now the script reports the following errors:
 

PHP Warning: ssh2_connect(): Error starting up SSH connection(-5): Unable to exchange encryption keys in /var/www/html/get_temp.php on line 3 
PHP Warning: ssh2_connect(): Unable to connect to xxx.xxx.xxx.x in /var/www/html/get_temp.php on line 3 
PHP Warning: ssh2_auth_password() expects parameter 1 to be resource, bool given in /var/www/html/get_temp.php on line 4 
PHP Warning: ssh2_exec() expects parameter 1 to be resource, bool given in /var/www/html/get_temp.php on line 6


I can connect using ssh from the command line (ssh @ xxx.xxx.xxx.x) and that works fine.

I'm not a total newbie to Linux but I'm no expert either so any help would be appreciated

Edited by KenHorse
Link to comment
Share on other sites

You probably need to update your php and/or openssl and/or libssh versions.  The error is likely because your client does not support any crypto algorithms that the server does so the encrypted channel cannot be established.

Link to comment
Share on other sites

It would be helpful if you provided the version of libssh on the client server running php, as well as the php version.

Likely this issue is that you have libssh2, and the message is telling you that the key exchange doesn't work. 

This is because libssh2 upon which the php routines were built, used diffie-hellman-group1-sha1, and the version of openssh no longer will accept that exchange, hence the error.  To understand why this all came about, you can read about the Logjam exploit which attacked the SHA1 key exchange, as well as recommended configuration changes to a variety of commonly used services.  While openssh was not specifically vulnerable to logjam, given its focus on openssl, there was still a concern that the key exchange had a weakness, so support for diffie-hellman-group1-sha1 was removed from openssh.  This page has more specifics.

So at this point, you should be able to remedy the problem with an upgrade of libssh2 to a more modern version (version >= 1.7) which supports newer key exchange methods. 

One alternative to the reliance on the php extension would be to modify your code to use phpseclib instead, which supports modern servers.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.