phpseclib sftp connect with private key and password

问题

Is there anyway to connect the sftp with both private key and ftp password by using phpseclib or any other method.

回答1:

It's kinda rare that SFTP servers use both password and publickey authentication. My guess would be that what you most likely have is a password protected private key. If so you can login thusly:

<?php
include('Net/SFTP.php');
include('Crypt/RSA.php');

$sftp = new Net_SFTP('www.domain.tld');
$key = new Crypt_RSA();
$key->setPassword('whatever');
$key->loadKey(file_get_contents('privatekey'));
if (!$sftp->login('username', $key)) {
    exit('Login Failed');
}

print_r($sftp->nlist());
?>

If indeed your server truly is doing both the following should work:

<?php
include('Net/SFTP.php');
include('Crypt/RSA.php');

$sftp = new Net_SFTP('www.domain.tld');
$key = new Crypt_RSA();
$key->setPassword('whatever');
$key->loadKey(file_get_contents('privatekey'));
if (!$sftp->login('username', $key) && !$sftp->login('username', 'password')) {
    exit('Login Failed');
}

print_r($sftp->nlist());
?>

回答2:

I would say just try password auth by itself.

Here's what's happening per the logs.

phpseclib sends a SSH_MSG_SERVICE_REQUEST to the server, effectively saying "hey - i wanna auth - that okay?"

The server responds with a SSH_MSG_SERVICE_ACCEPT, effectively saying "sure - send me what you got!"

phpseclib then sends a SSH_MSG_USERAUTH_REQUEST with the public key corresponding to your private key, effectively saying "ok - let's auth with my private key - to make sure you're gonna accept it... is this public key in your white list?"

The server then responds with a NET_SSH2_MSG_USERAUTH_PK_OK message, effectively saying, "yah - we're okay with the key - please sign the server identifier with it now".

phpseclib does this and then the server is like "never mind! i just remembered - the only type of auth i do is password based auth!"

phpseclib goes "meh" lol and then sends another SSH_MSG_SERVICE_REQUEST, asking to auth, again, and the server is like "what!? why are you asking to auth!?"

Seems like phpseclib perhaps ought not be sending that second SSH_MSG_SERVICE_REQUEST message - that it ought to go direct to a SSH_MSG_USERAUTH_REQUEST - but alas it does currently not do this. I'll try to update the codebase to do just that and will submit a pull request to the author.

Thanks!

来源：https://stackoverflow.com/questions/15796682/phpseclib-sftp-connect-with-private-key-and-password