我正在尝试通过代理通过rsa私钥auth连接到sftp。
use phpseclib\Net\SFTP;
use phpseclib\Crypt\RSA;
$proxyHost = 'proxy-host';
$proxyPort = 1080;
$fsock = fsockopen($proxyHost, $proxyPort);
$host = 'sftp.hostname.com';
$login = 'sftp_login';
$privatekey = file_get_contents('sftp_private.ppk');
$password = new RSA();
$password->loadKey($privatekey);
$request = "CONNECT $host:22 HTTP/1.0\r\nContent-Length: 0\r\n\r\n";
if(fputs($fsock, $request) != strlen($request)) {
exit("premature termination");
}
while ($line = fgets($fsock, 1024)) {
if ($line == "\r\n") {
break;
}
//echo $line;
}
$sftp = new SFTP($fsock);
if (!$sftp->login($login, $password)) {
exit('Login Failed');
}
我得到“登录失败”出口。
谢谢
报价https://github.com/phpseclib/phpseclib/issues/1460:
端口1080通常用于SOCKS5代理-而非HTTP代理。
假设您使用的是SOCKS5代理,那么应该是这样的工作:
// SSH connection info $port = 22; $address = 'localhost'; // SOCKS5 connection info $fsock = fsockopen('127.0.0.1', 1080, $errno, $errstr, 1); if (!$fsock) { throw new \Exception($errstr); } $port = pack('n', $port); $address = chr(strlen($address)) . $address; $request = "\5\1\0"; if (fwrite($fsock, $request) != strlen($request)) { throw new \Exception('Premature termination'); } $response = fread($fsock, 2); if ($response != "\5\0") { throw new \Exception('Unsupported protocol or unsupported method'); } $request = "\5\1\0\3$address$port"; if (fwrite($fsock, $request) != strlen($request)) { throw new \Exception('Premature termination'); } $response = fread($fsock, strlen($address) + 6); if (substr($response, 0, 2) != "\5\0") { echo bin2hex($response) . "\n"; throw new \Exception("Unsupported protocol or connection refused"); } $ssh = new SSH2($fsock); $ssh->login('username', 'password'); echo $ssh->exec('ls -latr');也就是说,SOCKS5比本样本多得多代码当前可以容纳。真的,好事是SOCKS5类。
希望它会帮助别人。