Phpseclib or ssh2 pecl extension
My post from yesterday: https://stackoverflow.com/questions/14296006/phpseclib-sftp-port-number
So yesterday I started learning SSH / SFTP with php. I searched a bunch of forum posts and assumed I needed to download phpseclib.
Being relatively new to php, thus since php5 I was not aware of the previous php4 usage for __constructor hence the above question / post.
The answers were conflicting, and a little off topic to the original Q, however, posed me to a question that I think needs to be answered before proceeding:
Which is better to use, the ssh2 pecl extension OR phpseclib ?
This question: phpseclib vs libssh2 is the same, but I feel a little outdated now, as asked on Nov 5 10 at 17:37
source to share
I am talking phpseclib. Personally, I think you are getting better phpseclib support and that the API is better, but there are less subjective reasons too:
More portable.
I tried to install libssh2-php on Ubuntu 12.04 and "sudo apt-get install libssh2-php" didn't work for me. And even if it did, it probably wouldn't have made the latest version. So I had to compile libssh2 and the PECL extension, which is always a hassle and not something many administrators want to do.
And even if you're ready to compile stuff, tell me that your hard drive is failing and you need to rebuild the server. If you want to compile libssh2, you will probably compile other stuff as well. This means that you cannot just launch another box - you have to remember all the changes you made to your old box and reapply them. What if you don't remember them? Or what if one of them hasn't been updated to work with the latest version of the other?
phpseclib, on the other hand, requires nothing but PHP. It will use mcrypt, gmp, bcmath, or openssl if available, but if not, you're fine. And it doesn't even require PHP5, although it certainly supports it.
Better support for public keys.
How do you do it with libssh2:
<?php
$ssh = ssh2_connect('domain.tld');
ssh2_auth_pubkey_file($ssh, 'username', '/home/ubuntu/pubkey', '/home/ubuntu/privkey'/*, 'password'*/);
$stream = ssh2_exec($ssh, 'ls -la');
echo stream_get_contents($stream);
Both must be in the correct format. If you haven't used ssh-keygen to generate your keys, good luck converting them.
With phpseclib:
<?php
include('Net/SSH2.php');
include('Crypt/RSA.php');
$rsa = new Crypt_RSA();
$rsa->loadKey('...');
$ssh = new Net_SSH2('domain.tld');
$ssh->login('username', $rsa);
//$ssh->setPassword('password');
echo $ssh->exec('ls -la');
Ignoring the API, there are a couple of clear ways for now, phpseclib comes out at the top:
- phpseclib takes strings, not file paths. If you want to make a file, you can do file_get_contents.
- phpseclib does not require a public key. Most private key formats have a public key embedded in them. And if they don't ... phpseclib supports that too.
- phpseclib can accept almost any standardized format, from PKCS # 1 formatted keys, to PuTTY keys, to XML signing keys.
Interactive shell.
Try sudo on the remote system.
With phpseclib: http://phpseclib.sourceforge.net/ssh/examples.html#password,sudo ,
With libssh2? I have no idea. My best guess (doesn't work):
<?php
$ssh = ssh2_connect('domain.tld');
ssh2_auth_password($ssh, 'username', 'password');
$shell = ssh2_shell($ssh);
echo fread($shell, 1024*1024);
fwrite($shell, "sudo ls -la\n");
$output = fread($shell, 1024*1024);
echo $output;
if (preg_match('#[pP]assword[^:]*:#', $output)) {
fwrite($shell, "password\n");
}
echo fread($shell, 1024*1024);
I can't get the top to work with libssh2, but it works fine with phpseclib:
http://phpseclib.sourceforge.net/ssh/examples.html#password,top ,
Diagnosing problems
Why didn't they work from above or from above? On phpseclib you can get the logs:
http://phpseclib.sourceforge.net/ssh/examples.html#password,oneoff,logging ,
They look like this:
http://phpseclib.sourceforge.net/ssh/log.txt
You can also do print_r($ssh->getErrors())
or echo $ssh->getLastError()
.
Changing directories
I don't see any cd or chdir functions in http://php.net/ssh2 . phpseclib however has it -Net_SFTP::chdir(...)
Speed
libssh2:
<?php
$ssh = ssh2_connect('domain.tld');
ssh2_auth_password($ssh, 'username', 'password');
$start = microtime(true);
$sftp = ssh2_sftp($ssh);
$fp = fopen('ssh2.sftp://'.$sftp.'/home/username/1mb', 'w');
fwrite($fp, str_repeat('a', 1024 * 1024));
$elapsed = microtime(true) - $start;
echo "took $elapsed seconds";
25.71 seconds.
phpseclib:
<?php
include('Net/SFTP.php');
$sftp = new Net_SFTP('domain.tld');
$sftp->login('username', 'password');
$start = microtime(true);
$sftp->put('1mb', str_repeat('a', 1024*1024));
$elapsed = microtime(true) - $start;
echo "took $elapsed seconds";
11.70 seconds.
So phpseclib is more than twice as fast.