WebSVN – oidplus – Diff – /trunk/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php



 *    $ssh->write("ls -la\n");
 *    echo $ssh->read('username@username:~$');
 * ?>
 * </code>
 *
 * @category  Net
 * @package   SSH2
 * @author    Jim Wigginton <terrafrost@php.net>
 * @copyright 2007 Jim Wigginton
 * @license   http://www.opensource.org/licenses/mit-license.html  MIT License
 * @link      http://phpseclib.sourceforge.net
 */

use phpseclib3\Crypt\Hash;
use phpseclib3\Crypt\Random;
use phpseclib3\Crypt\RC4;
use phpseclib3\Crypt\Rijndael;
use phpseclib3\Crypt\RSA;
use phpseclib3\Crypt\TripleDES; // Used to do Diffie-Hellman key exchange and DSA/RSA signature verification.
use phpseclib3\Crypt\Twofish;
use phpseclib3\Exception\ConnectionClosedException;
use phpseclib3\Exception\InsufficientSetupException;
use phpseclib3\Exception\NoSupportedAlgorithmsException;
use phpseclib3\Exception\UnableToConnectException;
use phpseclib3\Exception\UnsupportedAlgorithmException;
use phpseclib3\Exception\UnsupportedCurveException;
use phpseclib3\Math\BigInteger;
 
 
 
 
 
use phpseclib3\System\SSH\Agent;
 
/**
 * Pure-PHP implementation of SSHv2.
 *
 * @package SSH2
 * @author  Jim Wigginton <terrafrost@php.net>
 * @access  public
 */
class SSH2
{
    /**#@+
     * Compression Types
     *
     * @access private
     */
    /**
     * No compression
     */
    const NET_SSH2_COMPRESSION_NONE = 1;

     *     open request, and 'sender channel' is the channel number allocated by
     *     the other side.
     *
     * @see \phpseclib3\Net\SSH2::send_channel_packet()
     * @see \phpseclib3\Net\SSH2::get_channel_packet()
     * @access private
     */
    const CHANNEL_EXEC          = 1; // PuTTy uses 0x100
    const CHANNEL_SHELL         = 2;
    const CHANNEL_SUBSYSTEM     = 3;
    const CHANNEL_AGENT_FORWARD = 4;
    const CHANNEL_KEEP_ALIVE    = 5;
 
    /**
     * Returns the message numbers
     *
     * @access public
     * @see \phpseclib3\Net\SSH2::getLog()
     */
    const LOG_SIMPLE = 1;
    /**
     * Returns the message content
     *
     * @access public
     * @see \phpseclib3\Net\SSH2::getLog()
     */
    const LOG_COMPLEX = 2;
    /**
     * Outputs the content real-time
     *
     * @access public
     * @see \phpseclib3\Net\SSH2::getLog()
     */
    const LOG_REALTIME = 3;
    /**
     * Dumps the content real-time to a file
     *
     * @access public
     * @see \phpseclib3\Net\SSH2::getLog()
     */
    const LOG_REALTIME_FILE = 4;
    /**
     * Make sure that the log never gets larger than this
     *
     * @access public
     * @see \phpseclib3\Net\SSH2::getLog()
     */
    const LOG_MAX_SIZE = 1048576; // 1024 * 1024
 
    /**
     * Returns when a string matching $expect exactly is found
     *
     * @access public
     * @see \phpseclib3\Net\SSH2::read()
     */
    const READ_SIMPLE = 1;
    /**
     * Returns when a string matching the regular expression $expect is found
     *
     * @access public
     * @see \phpseclib3\Net\SSH2::read()
     */
    const READ_REGEX = 2;
    /**
     * Returns whenever a data packet is received.
     *
     * Some data packets may only contain a single character so it may be necessary
     * to call read() multiple times when using this option
     *
     * @access public
     * @see \phpseclib3\Net\SSH2::read()
     */
    const READ_NEXT = 3;
 
    /**
     * The SSH identifier
     *
     * @var string
     * @access private
     */
    private $identifier;
 
    /**
     * The Socket Object
     *
     * @var resource|closed-resource|null
     * @access private
     */
    public $fsock;
 
    /**
     * Execution Bitmap
     *
     * The bits that are set represent functions that have been called already.  This is used to determine
     * if a requisite function has been successfully executed.  If not, an error should be thrown.
     *
     * @var int
     * @access private
     */
    protected $bitmap = 0;
 
    /**
     * Error information
     *
     * @see self::getErrors()
     * @see self::getLastError()
     * @var array
     * @access private
     */
    private $errors = [];
 
    /**
     * Server Identifier
     *
     * @see self::getServerIdentification()
     * @var string|false
     * @access private
     */
    protected $server_identifier = false;
 
    /**
     * Key Exchange Algorithms
     *
     * @see self::getKexAlgorithims()
     * @var array|false
     * @access private
     */
    private $kex_algorithms = false;
 
    /**
     * Key Exchange Algorithm
     *
     * @see self::getMethodsNegotiated()
     * @var string|false
     * @access private
     */
    private $kex_algorithm = false;
 
    /**
     * Minimum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
     *
     * @see self::_key_exchange()
     * @var int
     * @access private
     */
    private $kex_dh_group_size_min = 1536;
 
    /**
     * Preferred Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
     *
     * @see self::_key_exchange()
     * @var int
     * @access private
     */
    private $kex_dh_group_size_preferred = 2048;
 
    /**
     * Maximum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
     *
     * @see self::_key_exchange()
     * @var int
     * @access private
     */
    private $kex_dh_group_size_max = 4096;
 
    /**
     * Server Host Key Algorithms
     *
     * @see self::getServerHostKeyAlgorithms()
     * @var array|false
     * @access private
     */
    private $server_host_key_algorithms = false;
 
    /**
     * Encryption Algorithms: Client to Server
     *
     * @see self::getEncryptionAlgorithmsClient2Server()
     * @var array|false
     * @access private
     */
    private $encryption_algorithms_client_to_server = false;
 
    /**
     * Encryption Algorithms: Server to Client
     *
     * @see self::getEncryptionAlgorithmsServer2Client()
     * @var array|false
     * @access private
     */
    private $encryption_algorithms_server_to_client = false;
 
    /**
     * MAC Algorithms: Client to Server
     *
     * @see self::getMACAlgorithmsClient2Server()
     * @var array|false
     * @access private
     */
    private $mac_algorithms_client_to_server = false;
 
    /**
     * MAC Algorithms: Server to Client
     *
     * @see self::getMACAlgorithmsServer2Client()
     * @var array|false
     * @access private
     */
    private $mac_algorithms_server_to_client = false;
 
    /**
     * Compression Algorithms: Client to Server
     *
     * @see self::getCompressionAlgorithmsClient2Server()
     * @var array|false
     * @access private
     */
    private $compression_algorithms_client_to_server = false;
 
    /**
     * Compression Algorithms: Server to Client
     *
     * @see self::getCompressionAlgorithmsServer2Client()
     * @var array|false
     * @access private
     */
    private $compression_algorithms_server_to_client = false;
 
    /**
     * Languages: Server to Client
     *
     * @see self::getLanguagesServer2Client()
     * @var array|false
     * @access private
     */
    private $languages_server_to_client = false;
 
    /**
     * Languages: Client to Server
     *
     * @see self::getLanguagesClient2Server()
     * @var array|false
     * @access private
     */
    private $languages_client_to_server = false;
 
    /**
     * Preferred Algorithms
     *
     * @see self::setPreferredAlgorithms()
     * @var array
     * @access private
     */
    private $preferred = [];
 
    /**
     * Block Size for Server to Client Encryption

     *  -- http://tools.ietf.org/html/rfc4253#section-6
     *
     * @see self::__construct()
     * @see self::_send_binary_packet()
     * @var int
     * @access private
     */
    private $encrypt_block_size = 8;
 
    /**
     * Block Size for Client to Server Encryption
     *
     * @see self::__construct()
     * @see self::_get_binary_packet()
     * @var int
     * @access private
     */
    private $decrypt_block_size = 8;
 
    /**
     * Server to Client Encryption Object
     *
     * @see self::_get_binary_packet()
     * @var SymmetricKey|false
     * @access private
     */
    private $decrypt = false;
 
    /**
     * Decryption Algorithm Name
     *
     * @var string|null
     * @access private
     */
    private $decryptName;
 
    /**
     * Decryption Invocation Counter
     *
     * Used by GCM
     *
     * @var string|null
     * @access private
     */
    private $decryptInvocationCounter;
 
    /**
     * Fixed Part of Nonce
     *
     * Used by GCM
     *
     * @var string|null
     * @access private
     */
    private $decryptFixedPart;
 
    /**
     * Server to Client Length Encryption Object
     *
     * @see self::_get_binary_packet()
     * @var object
     * @access private
     */
    private $lengthDecrypt = false;
 
    /**
     * Client to Server Encryption Object
     *
     * @see self::_send_binary_packet()
     * @var SymmetricKey|false
     * @access private
     */
    private $encrypt = false;
 
    /**
     * Encryption Algorithm Name
     *
     * @var string|null
     * @access private
     */
    private $encryptName;
 
    /**
     * Encryption Invocation Counter
     *
     * Used by GCM
     *
     * @var string|null
     * @access private
     */
    private $encryptInvocationCounter;
 
    /**
     * Fixed Part of Nonce
     *
     * Used by GCM
     *
     * @var string|null
     * @access private
     */
    private $encryptFixedPart;
 
    /**
     * Client to Server Length Encryption Object
     *
     * @see self::_send_binary_packet()
     * @var object
     * @access private
     */
    private $lengthEncrypt = false;
 
    /**
     * Client to Server HMAC Object
     *
     * @see self::_send_binary_packet()
     * @var object
     * @access private
     */
    private $hmac_create = false;
 
    /**
     * Client to Server HMAC Name
     *
     * @var string|false
     * @access private
     */
    private $hmac_create_name;
 
    /**
     * Client to Server ETM
     *
     * @var int|false
     * @access private
     */
    private $hmac_create_etm;
 
    /**
     * Server to Client HMAC Object
     *
     * @see self::_get_binary_packet()
     * @var object
     * @access private
     */
    private $hmac_check = false;
 
    /**
     * Server to Client HMAC Name
     *
     * @var string|false
     * @access private
     */
    private $hmac_check_name;
 
    /**
     * Server to Client ETM
     *
     * @var int|false
     * @access private
     */
    private $hmac_check_etm;
 
    /**
     * Size of server to client HMAC

     * For the client to server side, the HMAC object will make the HMAC as long as it needs to be.  All we need to do is
     * append it.
     *
     * @see self::_get_binary_packet()
     * @var int
     * @access private
     */
    private $hmac_size = false;
 
    /**
     * Server Public Host Key
     *
     * @see self::getServerPublicHostKey()
     * @var string
     * @access private
     */
    private $server_public_host_key;
 
    /**
     * Session identifier

     *
     *  -- http://tools.ietf.org/html/rfc4253#section-7.2
     *
     * @see self::_key_exchange()
     * @var string
     * @access private
     */
    private $session_id = false;
 
    /**
     * Exchange hash
     *
     * The current exchange hash
     *
     * @see self::_key_exchange()
     * @var string
     * @access private
     */
    private $exchange_hash = false;
 
    /**
     * Message Numbers
     *
     * @see self::__construct()
     * @var array
     * @access private
     */
    private $message_numbers = [];
 
    /**
     * Disconnection Message 'reason codes' defined in RFC4253
     *
     * @see self::__construct()
     * @var array
     * @access private
     */
    private $disconnect_reasons = [];
 
    /**
     * SSH_MSG_CHANNEL_OPEN_FAILURE 'reason codes', defined in RFC4254
     *
     * @see self::__construct()
     * @var array
     * @access private
     */
    private $channel_open_failure_reasons = [];
 
    /**
     * Terminal Modes
     *
     * @link http://tools.ietf.org/html/rfc4254#section-8
     * @see self::__construct()
     * @var array
     * @access private
     */
    private $terminal_modes = [];
 
    /**
     * SSH_MSG_CHANNEL_EXTENDED_DATA's data_type_codes
     *
     * @link http://tools.ietf.org/html/rfc4254#section-5.2
     * @see self::__construct()
     * @var array
     * @access private
     */
    private $channel_extended_data_type_codes = [];
 
    /**
     * Send Sequence Number
     *
     * See 'Section 6.4.  Data Integrity' of rfc4253 for more info.
     *
     * @see self::_send_binary_packet()
     * @var int
     * @access private
     */
    private $send_seq_no = 0;
 
    /**
     * Get Sequence Number
     *
     * See 'Section 6.4.  Data Integrity' of rfc4253 for more info.
     *
     * @see self::_get_binary_packet()
     * @var int
     * @access private
     */
    private $get_seq_no = 0;
 
    /**
     * Server Channels

     * Maps client channels to server channels
     *
     * @see self::get_channel_packet()
     * @see self::exec()
     * @var array
     * @access private
     */
    protected $server_channels = [];
 
    /**
     * Channel Buffers

     * be placed in a buffer
     *
     * @see self::get_channel_packet()
     * @see self::exec()
     * @var array
     * @access private
     */
    private $channel_buffers = [];
 
    /**
     * Channel Status
     *
     * Contains the type of the last sent message
     *
     * @see self::get_channel_packet()
     * @var array
     * @access private
     */
    protected $channel_status = [];
 
    /**
     * Packet Size
     *
     * Maximum packet size indexed by channel
     *
     * @see self::send_channel_packet()
     * @var array
     * @access private
     */
    private $packet_size_client_to_server = [];
 
    /**
     * Message Number Log
     *
     * @see self::getLog()
     * @var array
     * @access private
     */
    private $message_number_log = [];
 
    /**
     * Message Log
     *
     * @see self::getLog()
     * @var array
     * @access private
     */
    private $message_log = [];
 
    /**
     * The Window Size

     * Bytes the other party can send before it must wait for the window to be adjusted (0x7FFFFFFF = 2GB)
     *
     * @var int
     * @see self::send_channel_packet()
     * @see self::exec()
     * @access private
     */
    protected $window_size = 0x7FFFFFFF;
 
    /**
     * What we resize the window to

     * we'll just do what PuTTY does
     *
     * @var int
     * @see self::_send_channel_packet()
     * @see self::exec()
     * @access private
     */
    private $window_resize = 0x40000000;
 
    /**
     * Window size, server to client
     *
     * Window size indexed by channel
     *
     * @see self::send_channel_packet()
     * @var array
     * @access private
     */
    protected $window_size_server_to_client = [];
 
    /**
     * Window size, client to server
     *
     * Window size indexed by channel
     *
     * @see self::get_channel_packet()
     * @var array
     * @access private
     */
    private $window_size_client_to_server = [];
 
    /**
     * Server signature
     *
     * Verified against $this->session_id
     *
     * @see self::getServerPublicHostKey()
     * @var string
     * @access private
     */
    private $signature = '';
 
    /**
     * Server signature format
     *
     * ssh-rsa or ssh-dss.
     *
     * @see self::getServerPublicHostKey()
     * @var string
     * @access private
     */
    private $signature_format = '';
 
    /**
     * Interactive Buffer
     *
     * @see self::read()
     * @var string
     * @access private
     */
    private $interactiveBuffer = '';
 
    /**
     * Current log size

     * Should never exceed self::LOG_MAX_SIZE
     *
     * @see self::_send_binary_packet()
     * @see self::_get_binary_packet()
     * @var int
     * @access private
     */
    private $log_size;
 
    /**
     * Timeout
     *
     * @see self::setTimeout()
     * @access private
     */
    protected $timeout;
 
    /**
     * Current Timeout
     *
     * @see self::get_channel_packet()
     * @access private
     */
    protected $curTimeout;
 
    /**
     * Keep Alive Interval
     *
     * @see self::setKeepAlive()
     * @access private
     */
    private $keepAlive;
 
    /**
     * Real-time log file pointer
     *
     * @see self::_append_log()
     * @var resource|closed-resource
     * @access private
     */
    private $realtime_log_file;
 
    /**
     * Real-time log file size
     *
     * @see self::_append_log()
     * @var int
     * @access private
     */
    private $realtime_log_size;
 
    /**
     * Has the signature been validated?
     *
     * @see self::getServerPublicHostKey()
     * @var bool
     * @access private
     */
    private $signature_validated = false;
 
    /**
     * Real-time log file wrap boolean
     *
     * @see self::_append_log()
     * @access private
     */
    private $realtime_log_wrap;
 
    /**
     * Flag to suppress stderr from output
     *
     * @see self::enableQuietMode()
     * @access private
     */
    private $quiet_mode = false;
 
    /**
     * Time of first network activity
     *
     * @var float
     * @access private
     */
    private $last_packet;
 
    /**
     * Exit status returned from ssh if any
     *
     * @var int
     * @access private
     */
    private $exit_status;
 
    /**
     * Flag to request a PTY when using exec()
     *
     * @var bool
     * @see self::enablePTY()
     * @access private
     */
    private $request_pty = false;
 
    /**
     * Flag set while exec() is running when using enablePTY()
     *
     * @var bool
     * @access private
     */
    private $in_request_pty_exec = false;
 
    /**
     * Flag set after startSubsystem() is called
     *
     * @var bool
     * @access private
     */
    private $in_subsystem;
 
    /**
     * Contents of stdError
     *
     * @var string
     * @access private
     */
    private $stdErrorLog;
 
    /**
     * The Last Interactive Response
     *
     * @see self::_keyboard_interactive_process()
     * @var string
     * @access private
     */
    private $last_interactive_response = '';
 
    /**
     * Keyboard Interactive Request / Responses
     *
     * @see self::_keyboard_interactive_process()
     * @var array
     * @access private
     */
    private $keyboard_requests_responses = [];
 
    /**
     * Banner Message

     * authentication may be relevant for getting legal protection."
     *
     * @see self::_filter()
     * @see self::getBannerMessage()
     * @var string
     * @access private
     */
    private $banner_message = '';
 
    /**
     * Did read() timeout or return normally?
     *
     * @see self::isTimeout()
     * @var bool
     * @access private
     */
    private $is_timeout = false;
 
    /**
     * Log Boundary
     *
     * @see self::_format_log()
     * @var string
     * @access private
     */
    private $log_boundary = ':';
 
    /**
     * Log Long Width
     *
     * @see self::_format_log()
     * @var int
     * @access private
     */
    private $log_long_width = 65;
 
    /**
     * Log Short Width
     *
     * @see self::_format_log()
     * @var int
     * @access private
     */
    private $log_short_width = 16;
 
    /**
     * Hostname
     *
     * @see self::__construct()
     * @see self::_connect()
     * @var string
     * @access private
     */
    private $host;
 
    /**
     * Port Number
     *
     * @see self::__construct()
     * @see self::_connect()
     * @var int
     * @access private
     */
    private $port;
 
    /**
     * Number of columns for terminal window size
     *
     * @see self::getWindowColumns()
     * @see self::setWindowColumns()
     * @see self::setWindowSize()
     * @var int
     * @access private
     */
    private $windowColumns = 80;
 
    /**
     * Number of columns for terminal window size
     *
     * @see self::getWindowRows()
     * @see self::setWindowRows()
     * @see self::setWindowSize()
     * @var int
     * @access private
     */
    private $windowRows = 24;
 
    /**
     * Crypto Engine
     *
     * @see self::setCryptoEngine()
     * @see self::_key_exchange()
     * @var int
     * @access private
     */
    private static $crypto_engine = false;
 
    /**
     * A System_SSH_Agent for use in the SSH2 Agent Forwarding scenario
     *
     * @var Agent
     * @access private
     */
    private $agent;
 
    /**
     * Connection storage to replicates ssh2 extension functionality:

 
    /**
     * Send the identification string first?
     *
     * @var bool
     * @access private
     */
    private $send_id_string_first = true;
 
    /**
     * Send the key exchange initiation packet first?
     *
     * @var bool
     * @access private
     */
    private $send_kex_first = true;
 
    /**
     * Some versions of OpenSSH incorrectly calculate the key size
     *
     * @var bool
     * @access private
     */
    private $bad_key_size_fix = false;
 
    /**
     * Should we try to re-connect to re-establish keys?
     *
     * @var bool
     * @access private
     */
    private $retry_connect = false;
 
    /**
     * Binary Packet Buffer
     *
     * @var string|false
     * @access private
     */
    private $binary_packet_buffer = false;
 
    /**
     * Preferred Signature Format
     *
     * @var string|false
     * @access private
     */
    protected $preferred_signature_format = false;
 
    /**
     * Authentication Credentials
     *
     * @var array
     * @access private
     */
    protected $auth = [];
 
    /**
     * Terminal
     *
     * @var string
     * @access private
     */
    private $term = 'vt100';
 
    /**
     * The authentication methods that may productively continue authentication.
     *
     * @see https://tools.ietf.org/html/rfc4252#section-5.1
     * @var array|null
     * @access private
     */
    private $auth_methods_to_continue = null;
 
    /**
     * Compression method
     *
     * @var int
     * @access private
     */
    private $compress = self::NET_SSH2_COMPRESSION_NONE;
 
    /**
     * Decompression method
     *
     * @var int
     * @access private
     */
    private $decompress = self::NET_SSH2_COMPRESSION_NONE;
 
    /**
     * Compression context
     *
     * @var resource|false|null
     * @access private
     */
    private $compress_context;
 
    /**
     * Decompression context
     *
     * @var resource|object
     * @access private
     */
    private $decompress_context;
 
    /**
     * Regenerate Compression Context
     *
     * @var bool
     * @access private
     */
    private $regenerate_compression_context = false;
 
    /**
     * Regenerate Decompression Context
     *
     * @var bool
     * @access private
     */
    private $regenerate_decompression_context = false;
 
    /**
     * Smart multi-factor authentication flag
     *
     * @var bool
     * @access private
     */
    private $smartMFA = true;
 
    /**
     * Default Constructor.

     *
     * @param mixed $host
     * @param int $port
     * @param int $timeout
     * @see self::login()
     * @access public
     */
    public function __construct($host, $port = 22, $timeout = 10)
    {
        $this->message_numbers = [
            1 => 'NET_SSH2_MSG_DISCONNECT',
            2 => 'NET_SSH2_MSG_IGNORE',
            3 => 'NET_SSH2_MSG_UNIMPLEMENTED',
            4 => 'NET_SSH2_MSG_DEBUG',
            5 => 'NET_SSH2_MSG_SERVICE_REQUEST',
            6 => 'NET_SSH2_MSG_SERVICE_ACCEPT',
            20 => 'NET_SSH2_MSG_KEXINIT',
            21 => 'NET_SSH2_MSG_NEWKEYS',
            30 => 'NET_SSH2_MSG_KEXDH_INIT',
            31 => 'NET_SSH2_MSG_KEXDH_REPLY',
            50 => 'NET_SSH2_MSG_USERAUTH_REQUEST',
            51 => 'NET_SSH2_MSG_USERAUTH_FAILURE',
            52 => 'NET_SSH2_MSG_USERAUTH_SUCCESS',
            53 => 'NET_SSH2_MSG_USERAUTH_BANNER',
 
            80 => 'NET_SSH2_MSG_GLOBAL_REQUEST',
            81 => 'NET_SSH2_MSG_REQUEST_SUCCESS',
            82 => 'NET_SSH2_MSG_REQUEST_FAILURE',
            90 => 'NET_SSH2_MSG_CHANNEL_OPEN',
            91 => 'NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION',
            92 => 'NET_SSH2_MSG_CHANNEL_OPEN_FAILURE',
            93 => 'NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST',
            94 => 'NET_SSH2_MSG_CHANNEL_DATA',
            95 => 'NET_SSH2_MSG_CHANNEL_EXTENDED_DATA',
            96 => 'NET_SSH2_MSG_CHANNEL_EOF',
            97 => 'NET_SSH2_MSG_CHANNEL_CLOSE',
            98 => 'NET_SSH2_MSG_CHANNEL_REQUEST',
            99 => 'NET_SSH2_MSG_CHANNEL_SUCCESS',
            100 => 'NET_SSH2_MSG_CHANNEL_FAILURE'
        ];
        $this->disconnect_reasons = [
            1 => 'NET_SSH2_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT',
            2 => 'NET_SSH2_DISCONNECT_PROTOCOL_ERROR',
            3 => 'NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED',
            4 => 'NET_SSH2_DISCONNECT_RESERVED',
            5 => 'NET_SSH2_DISCONNECT_MAC_ERROR',
            6 => 'NET_SSH2_DISCONNECT_COMPRESSION_ERROR',
            7 => 'NET_SSH2_DISCONNECT_SERVICE_NOT_AVAILABLE',
            8 => 'NET_SSH2_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED',
            9 => 'NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE',
            10 => 'NET_SSH2_DISCONNECT_CONNECTION_LOST',
            11 => 'NET_SSH2_DISCONNECT_BY_APPLICATION',
            12 => 'NET_SSH2_DISCONNECT_TOO_MANY_CONNECTIONS',
            13 => 'NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER',
            14 => 'NET_SSH2_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE',
            15 => 'NET_SSH2_DISCONNECT_ILLEGAL_USER_NAME'
        ];
        $this->channel_open_failure_reasons = [
            1 => 'NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED'
        ];
        $this->terminal_modes = [
            0 => 'NET_SSH2_TTY_OP_END'
        ];
        $this->channel_extended_data_type_codes = [
            1 => 'NET_SSH2_EXTENDED_DATA_STDERR'
        ];
 
        $this->define_array(
            $this->message_numbers,
            $this->disconnect_reasons,
            $this->channel_open_failure_reasons,
            $this->terminal_modes,
            $this->channel_extended_data_type_codes,
            [60 => 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ'],
            [60 => 'NET_SSH2_MSG_USERAUTH_PK_OK'],
            [60 => 'NET_SSH2_MSG_USERAUTH_INFO_REQUEST',
                  61 => 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE'],
            // RFC 4419 - diffie-hellman-group-exchange-sha{1,256}
            [30 => 'NET_SSH2_MSG_KEXDH_GEX_REQUEST_OLD',
                  31 => 'NET_SSH2_MSG_KEXDH_GEX_GROUP',
                  32 => 'NET_SSH2_MSG_KEXDH_GEX_INIT',
                  33 => 'NET_SSH2_MSG_KEXDH_GEX_REPLY',
                  34 => 'NET_SSH2_MSG_KEXDH_GEX_REQUEST'],
            // RFC 5656 - Elliptic Curves (for curve25519-sha256@libssh.org)
            [30 => 'NET_SSH2_MSG_KEX_ECDH_INIT',
                  31 => 'NET_SSH2_MSG_KEX_ECDH_REPLY']
        );
 
        /**
         * Typehint is required due to a bug in Psalm: https://github.com/vimeo/psalm/issues/7508
         * @var \WeakReference<SSH2>|SSH2
         */
        self::$connections[$this->getResourceId()] = class_exists('WeakReference')

     *
     * Possible $engine values:
     * OpenSSL, mcrypt, Eval, PHP
     *
     * @param int $engine
     * @access public
     */
    public static function setCryptoEngine($engine)
    {
        self::$crypto_engine = $engine;
    }

     *
     * https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established,
     * both sides MUST send an identification string". It does not say which side sends it first. In
     * theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy
     *
     * @access public
     */
    public function sendIdentificationStringFirst()
    {
        $this->send_id_string_first = true;
    }

     *
     * https://tools.ietf.org/html/rfc4253#section-4.2 says "when the connection has been established,
     * both sides MUST send an identification string". It does not say which side sends it first. In
     * theory it shouldn't matter but it is a fact of life that some SSH servers are simply buggy
     *
     * @access public
     */
    public function sendIdentificationStringLast()
    {
        $this->send_id_string_first = false;
    }

     *
     * https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending
     * sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory
     * it shouldn't matter but it is a fact of life that some SSH servers are simply buggy
     *
     * @access public
     */
    public function sendKEXINITFirst()
    {
        $this->send_kex_first = true;
    }

     *
     * https://tools.ietf.org/html/rfc4253#section-7.1 says "key exchange begins by each sending
     * sending the [SSH_MSG_KEXINIT] packet". It does not say which side sends it first. In theory
     * it shouldn't matter but it is a fact of life that some SSH servers are simply buggy
     *
     * @access public
     */
    public function sendKEXINITLast()
    {
        $this->send_kex_first = false;
    }

    /**
     * Connect to an SSHv2 server
     *
     * @throws \UnexpectedValueException on receipt of unexpected packets
     * @throws \RuntimeException on other errors
     * @access private
     */
    private function connect()
    {
        if ($this->bitmap & self::MASK_CONSTRUCTOR) {
            return;

        }
 
        if (!$this->send_kex_first) {
            $response = $this->get_binary_packet();
 
            if (is_bool($response) || !strlen($response) || ord($response[0]) != NET_SSH2_MSG_KEXINIT) {
                $this->bitmap = 0;
                throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
            }
 
            $this->key_exchange($response);

    /**
     * Generates the SSH identifier
     *
     * You should overwrite this method in your own class if you want to use another identifier
     *
     * @access protected
     * @return string
     */
    private function generate_identifier()
    {
        $identifier = 'SSH-2.0-phpseclib_3.0';

     * @return bool
     * @param string|bool $kexinit_payload_server optional
     * @throws \UnexpectedValueException on receipt of unexpected packets
     * @throws \RuntimeException on other errors
     * @throws \phpseclib3\Exception\NoSupportedAlgorithmsException when none of the algorithms phpseclib has loaded are compatible
     * @access private
     */
    private function key_exchange($kexinit_payload_server = false)
    {
        $preferred = $this->preferred;
        $send_kex = true;

                }
        }
 
        $client_cookie = Random::string(16);
 
        $kexinit_payload_client = pack('Ca*', NET_SSH2_MSG_KEXINIT, $client_cookie);
        $kexinit_payload_client .= Strings::packSSH2(
            'L10bN',
            $kex_algorithms,
            $server_host_key_algorithms,
            $c2s_encryption_algorithms,

            $kexinit_payload_server = $this->get_binary_packet();
 
            if (
                is_bool($kexinit_payload_server)
                || !strlen($kexinit_payload_server)
                || ord($kexinit_payload_server[0]) != NET_SSH2_MSG_KEXINIT
            ) {
                $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
                throw new \UnexpectedValueException('Expected SSH_MSG_KEXINIT');
            }
 
            $send_kex = false;
        }

        // we don't initialize any crypto-objects, yet - we do that, later. for now, we need the lengths to make the
        // diffie-hellman key exchange as fast as possible
        $decrypt = self::array_intersect_first($s2c_encryption_algorithms, $this->encryption_algorithms_server_to_client);
        $decryptKeyLength = $this->encryption_algorithm_to_key_size($decrypt);
        if ($decryptKeyLength === null) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
            throw new NoSupportedAlgorithmsException('No compatible server to client encryption algorithms found');
        }
 
        $encrypt = self::array_intersect_first($c2s_encryption_algorithms, $this->encryption_algorithms_client_to_server);
        $encryptKeyLength = $this->encryption_algorithm_to_key_size($encrypt);
        if ($encryptKeyLength === null) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
            throw new NoSupportedAlgorithmsException('No compatible client to server encryption algorithms found');
        }
 
        // through diffie-hellman key exchange a symmetric key is obtained
        $this->kex_algorithm = self::array_intersect_first($kex_algorithms, $this->kex_algorithms);
        if ($this->kex_algorithm === false) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
            throw new NoSupportedAlgorithmsException('No compatible key exchange algorithms found');
        }
 
        $server_host_key_algorithm = self::array_intersect_first($server_host_key_algorithms, $this->server_host_key_algorithms);
        if ($server_host_key_algorithm === false) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
            throw new NoSupportedAlgorithmsException('No compatible server host key algorithms found');
        }
 
        $mac_algorithm_out = self::array_intersect_first($c2s_mac_algorithms, $this->mac_algorithms_client_to_server);
        if ($mac_algorithm_out === false) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
            throw new NoSupportedAlgorithmsException('No compatible client to server message authentication algorithms found');
        }
 
        $mac_algorithm_in = self::array_intersect_first($s2c_mac_algorithms, $this->mac_algorithms_server_to_client);
        if ($mac_algorithm_in === false) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
            throw new NoSupportedAlgorithmsException('No compatible server to client message authentication algorithms found');
        }
 
        $compression_map = [
            'none' => self::NET_SSH2_COMPRESSION_NONE,

            'zlib@openssh.com' => self::NET_SSH2_COMPRESSION_ZLIB_AT_OPENSSH
        ];
 
        $compression_algorithm_in = self::array_intersect_first($s2c_compression_algorithms, $this->compression_algorithms_server_to_client);
        if ($compression_algorithm_in === false) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
            throw new NoSupportedAlgorithmsException('No compatible server to client compression algorithms found');
        }
        $this->decompress = $compression_map[$compression_algorithm_in];
 
        $compression_algorithm_out = self::array_intersect_first($c2s_compression_algorithms, $this->compression_algorithms_client_to_server);
        if ($compression_algorithm_out === false) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
            throw new NoSupportedAlgorithmsException('No compatible client to server compression algorithms found');
        }
        $this->compress = $compression_map[$compression_algorithm_out];
 
        switch ($this->kex_algorithm) {

            $curve = strpos($this->kex_algorithm, 'curve25519-sha256') === 0 ?
                'Curve25519' :
                substr($this->kex_algorithm, 10);
            $ourPrivate = EC::createKey($curve);
            $ourPublicBytes = $ourPrivate->getPublicKey()->getEncodedCoordinates();
            $clientKexInitMessage = 'NET_SSH2_MSG_KEX_ECDH_INIT';
            $serverKexReplyMessage = 'NET_SSH2_MSG_KEX_ECDH_REPLY';
        } else {
            if (strpos($this->kex_algorithm, 'diffie-hellman-group-exchange') === 0) {
                $dh_group_sizes_packed = pack(
                    'NNN',
                    $this->kex_dh_group_size_min,
                    $this->kex_dh_group_size_preferred,
                    $this->kex_dh_group_size_max
                );
                $packet = pack(
                    'Ca*',
                    NET_SSH2_MSG_KEXDH_GEX_REQUEST,
                    $dh_group_sizes_packed
                );
                $this->send_binary_packet($packet);
                $this->updateLogHistory('UNKNOWN (34)', 'NET_SSH2_MSG_KEXDH_GEX_REQUEST');
 
                $response = $this->get_binary_packet();
 
                list($type, $primeBytes, $gBytes) = Strings::unpackSSH2('Css', $response);
                if ($type != NET_SSH2_MSG_KEXDH_GEX_GROUP) {
                    $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
                    throw new \UnexpectedValueException('Expected SSH_MSG_KEX_DH_GEX_GROUP');
                }
                $this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEXDH_GEX_GROUP');
                $prime = new BigInteger($primeBytes, -256);
                $g = new BigInteger($gBytes, -256);
 
                $exchange_hash_rfc4419 = $dh_group_sizes_packed . Strings::packSSH2(
                    'ss',
                    $primeBytes,
                    $gBytes
                );
 
                $params = DH::createParameters($prime, $g);
                $clientKexInitMessage = 'NET_SSH2_MSG_KEXDH_GEX_INIT';
                $serverKexReplyMessage = 'NET_SSH2_MSG_KEXDH_GEX_REPLY';
            } else {
                $params = DH::createParameters($this->kex_algorithm);
                $clientKexInitMessage = 'NET_SSH2_MSG_KEXDH_INIT';
                $serverKexReplyMessage = 'NET_SSH2_MSG_KEXDH_REPLY';
            }
 
            $keyLength = min($kexHash->getLengthInBytes(), max($encryptKeyLength, $decryptKeyLength));
 
            $ourPrivate = DH::createKey($params, 16 * $keyLength); // 2 * 8 * $keyLength
            $ourPublic = $ourPrivate->getPublicKey()->toBigInteger();
            $ourPublicBytes = $ourPublic->toBytes(true);
        }
 
        $data = pack('CNa*', constant($clientKexInitMessage), strlen($ourPublicBytes), $ourPublicBytes);
 
        $this->send_binary_packet($data);
 
        switch ($clientKexInitMessage) {
            case 'NET_SSH2_MSG_KEX_ECDH_INIT':
                $this->updateLogHistory('NET_SSH2_MSG_KEXDH_INIT', 'NET_SSH2_MSG_KEX_ECDH_INIT');
                break;
            case 'NET_SSH2_MSG_KEXDH_GEX_INIT':
                $this->updateLogHistory('UNKNOWN (32)', 'NET_SSH2_MSG_KEXDH_GEX_INIT');
        }
 
        $response = $this->get_binary_packet();
 
        list(

            $server_public_host_key,
            $theirPublicBytes,
            $this->signature
        ) = Strings::unpackSSH2('Csss', $response);
 
        if ($type != constant($serverKexReplyMessage)) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
            throw new \UnexpectedValueException("Expected $serverKexReplyMessage");
        }
        switch ($serverKexReplyMessage) {
            case 'NET_SSH2_MSG_KEX_ECDH_REPLY':
                $this->updateLogHistory('NET_SSH2_MSG_KEXDH_REPLY', 'NET_SSH2_MSG_KEX_ECDH_REPLY');
                break;
            case 'NET_SSH2_MSG_KEXDH_GEX_REPLY':
                $this->updateLogHistory('UNKNOWN (33)', 'NET_SSH2_MSG_KEXDH_GEX_REPLY');
        }
 
        $this->server_public_host_key = $server_public_host_key;
        list($public_key_format) = Strings::unpackSSH2('s', $server_public_host_key);
        if (strlen($this->signature) < 4) {

        if ($public_key_format != $expected_key_format || $this->signature_format != $server_host_key_algorithm) {
            switch (true) {
                case $this->signature_format == $server_host_key_algorithm:
                case $server_host_key_algorithm != 'rsa-sha2-256' && $server_host_key_algorithm != 'rsa-sha2-512':
                case $this->signature_format != 'ssh-rsa':
                    $this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
                    throw new \RuntimeException('Server Host Key Algorithm Mismatch (' . $this->signature_format . ' vs ' . $server_host_key_algorithm . ')');
            }
        }
 
        $packet = pack('C', NET_SSH2_MSG_NEWKEYS);
        $this->send_binary_packet($packet);
 
        $response = $this->get_binary_packet();
 
        if ($response === false) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
            throw new ConnectionClosedException('Connection closed by server');
        }
 
        list($type) = Strings::unpackSSH2('C', $response);
        if ($type != NET_SSH2_MSG_NEWKEYS) {
            $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
            throw new \UnexpectedValueException('Expected SSH_MSG_NEWKEYS');
        }
 
        $keyBytes = pack('Na*', strlen($keyBytes), $keyBytes);
 

    /**
     * Maps an encryption algorithm name to the number of key bytes.
     *
     * @param string $algorithm Name of the encryption algorithm
     * @return int|null Number of bytes as an integer or null for unknown
     * @access private
     */
    private function encryption_algorithm_to_key_size($algorithm)
    {
        if ($this->bad_key_size_fix && self::bad_algorithm_candidate($algorithm)) {
            return 16;

     * Maps an encryption algorithm name to an instance of a subclass of
     * \phpseclib3\Crypt\Common\SymmetricKey.
     *
     * @param string $algorithm Name of the encryption algorithm
     * @return SymmetricKey|null
     * @access private
     */
    private static function encryption_algorithm_to_crypt_instance($algorithm)
    {
        switch ($algorithm) {
            case '3des-cbc':

     * Maps an encryption algorithm name to an instance of a subclass of
     * \phpseclib3\Crypt\Hash.
     *
     * @param string $algorithm Name of the encryption algorithm
     * @return array{Hash, int}|null
     * @access private
     */
    private static function mac_algorithm_to_hash_instance($algorithm)
    {
        switch ($algorithm) {
            case 'umac-64@openssh.com':

     *
     * @link https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/ssh2-aesctr-openssh.html
     * @link https://bugzilla.mindrot.org/show_bug.cgi?id=1291
     * @param string $algorithm Name of the encryption algorithm
     * @return bool
     * @access private
     */
    private static function bad_algorithm_candidate($algorithm)
    {
        switch ($algorithm) {
            case 'arcfour256':

     *
     * @param string $username
     * @param string|AsymmetricKey|array[]|Agent|null ...$args
     * @return bool
     * @see self::_login()
     * @access public
     */
    public function login($username, ...$args)
    {
        $this->auth[] = func_get_args();
 

     *
     * @param string $username
     * @param string ...$args
     * @return bool
     * @see self::_login_helper()
     * @access private
     */
    protected function sublogin($username, ...$args)
    {
        if (!($this->bitmap & self::MASK_CONSTRUCTOR)) {
            $this->connect();

     * @param string $username
     * @param string|AsymmetricKey|array[]|Agent|null ...$args
     * @return bool
     * @throws \UnexpectedValueException on receipt of unexpected packets
     * @throws \RuntimeException on other errors
     * @access private
     */
    private function login_helper($username, $password = null)
    {
        if (!($this->bitmap & self::MASK_CONNECTED)) {
            return false;
        }
 
        if (!($this->bitmap & self::MASK_LOGIN_REQ)) {
            $packet = Strings::packSSH2('Cs', NET_SSH2_MSG_SERVICE_REQUEST, 'ssh-userauth');
            $this->send_binary_packet($packet);
 
            try {
                $response = $this->get_binary_packet();
            } catch (\Exception $e) {
                if ($this->retry_connect) {
                    $this->retry_connect = false;
                    $this->connect();
                    return $this->login_helper($username, $password);
                }
                $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
                throw new ConnectionClosedException('Connection closed by server');
            }
 
            list($type, $service) = Strings::unpackSSH2('Cs', $response);
            if ($type != NET_SSH2_MSG_SERVICE_ACCEPT || $service != 'ssh-userauth') {
                $this->disconnect_helper(NET_SSH2_DISCONNECT_PROTOCOL_ERROR);
                throw new \UnexpectedValueException('Expected SSH_MSG_SERVICE_ACCEPT');
            }
            $this->bitmap |= self::MASK_LOGIN_REQ;
        }
 

        }
 
        if (!isset($password)) {
            $packet = Strings::packSSH2(
                'Cs3',
                NET_SSH2_MSG_USERAUTH_REQUEST,
                $username,
                'ssh-connection',
                'none'
            );
 

 
            $response = $this->get_binary_packet();
 
            list($type) = Strings::unpackSSH2('C', $response);
            switch ($type) {
                case NET_SSH2_MSG_USERAUTH_SUCCESS:
                    $this->bitmap |= self::MASK_LOGIN;
                    return true;
                case NET_SSH2_MSG_USERAUTH_FAILURE:
                    list($auth_methods) = Strings::unpackSSH2('L', $response);
                    $this->auth_methods_to_continue = $auth_methods;
                    // fall-through
                default:
                    return false;
            }
        }
 
        $packet = Strings::packSSH2(
            'Cs3bs',
            NET_SSH2_MSG_USERAUTH_REQUEST,
            $username,
            'ssh-connection',
            'password',
            false,
            $password

        if (!defined('NET_SSH2_LOGGING')) {
            $logged = null;
        } else {
            $logged = Strings::packSSH2(
                'Cs3bs',
                NET_SSH2_MSG_USERAUTH_REQUEST,
                $username,
                'ssh-connection',
                'password',
                false,
                'password'

        }
 
        $this->send_binary_packet($packet, $logged);
 
        $response = $this->get_binary_packet();
 
 
 
        list($type) = Strings::unpackSSH2('C', $response);
        switch ($type) {
            case NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ: // in theory, the password can be changed
                $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ');
 
                list($message) = Strings::unpackSSH2('s', $response);
                $this->errors[] = 'SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: ' . $message;
 
                return $this->disconnect_helper(NET_SSH2_DISCONNECT_AUTH_CANCELLED_BY_USER);
            case NET_SSH2_MSG_USERAUTH_FAILURE:
                // can we use keyboard-interactive authentication?  if not then either the login is bad or the server employees
                // multi-factor authentication
                list($auth_methods, $partial_success) = Strings::unpackSSH2('Lb', $response);
                $this->auth_methods_to_continue = $auth_methods;
                if (!$partial_success && in_array('keyboard-interactive', $auth_methods)) {

                        return true;
                    }
                    return false;
                }
                return false;
            case NET_SSH2_MSG_USERAUTH_SUCCESS:
                $this->bitmap |= self::MASK_LOGIN;
                return true;
        }
 
        return false;

     * See {@link http://tools.ietf.org/html/rfc4256 RFC4256} for details.  This is not a full-featured keyboard-interactive authenticator.
     *
     * @param string $username
     * @param string|array $password
     * @return bool
     * @access private
     */
    private function keyboard_interactive_login($username, $password)
    {
        $packet = Strings::packSSH2(
            'Cs5',
            NET_SSH2_MSG_USERAUTH_REQUEST,
            $username,
            'ssh-connection',
            'keyboard-interactive',
            '', // language tag
            '' // submethods

     * Handle the keyboard-interactive requests / responses.
     *
     * @param string|array ...$responses
     * @return bool
     * @throws \RuntimeException on connection error
     * @access private
     */
    private function keyboard_interactive_process(...$responses)
    {
        if (strlen($this->last_interactive_response)) {
            $response = $this->last_interactive_response;

            $orig = $response = $this->get_binary_packet();
        }
 
        list($type) = Strings::unpackSSH2('C', $response);
        switch ($type) {
            case NET_SSH2_MSG_USERAUTH_INFO_REQUEST:
                list(
                    , // name; may be empty
                    , // instruction; may be empty
                    , // language tag; may be empty
                    $num_prompts

 
                // see http://tools.ietf.org/html/rfc4256#section-3.2
                if (strlen($this->last_interactive_response)) {
                    $this->last_interactive_response = '';
                } else {
                    $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_INFO_REQUEST');
                }
 
                if (!count($responses) && $num_prompts) {
                    $this->last_interactive_response = $orig;
                    return false;

                /*
                   After obtaining the requested information from the user, the client
                   MUST respond with an SSH_MSG_USERAUTH_INFO_RESPONSE message.
                */
                // see http://tools.ietf.org/html/rfc4256#section-3.4
                $packet = $logged = pack('CN', NET_SSH2_MSG_USERAUTH_INFO_RESPONSE, count($responses));
                for ($i = 0; $i < count($responses); $i++) {
                    $packet .= Strings::packSSH2('s', $responses[$i]);
                    $logged .= Strings::packSSH2('s', 'dummy-answer');
                }
 
                $this->send_binary_packet($packet, $logged);
 
                $this->updateLogHistory('UNKNOWN (61)', 'NET_SSH2_MSG_USERAUTH_INFO_RESPONSE');
 
                /*
                   After receiving the response, the server MUST send either an
                   SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, or another
                   SSH_MSG_USERAUTH_INFO_REQUEST message.
                */
                // maybe phpseclib should force close the connection after x request / responses?  unless something like that is done
                // there could be an infinite loop of request / responses.
                return $this->keyboard_interactive_process();
            case NET_SSH2_MSG_USERAUTH_SUCCESS:
                return true;
            case NET_SSH2_MSG_USERAUTH_FAILURE:
                list($auth_methods) = Strings::unpackSSH2('L', $response);
                $this->auth_methods_to_continue = $auth_methods;
                return false;
        }
 

     * Login with an ssh-agent provided key
     *
     * @param string $username
     * @param \phpseclib3\System\SSH\Agent $agent
     * @return bool
     * @access private
     */
    private function ssh_agent_login($username, Agent $agent)
    {
        $this->agent = $agent;
        $keys = $agent->requestIdentities();

     *
     * @param string $username
     * @param \phpseclib3\Crypt\Common\PrivateKey $privatekey
     * @return bool
     * @throws \RuntimeException on connection error
     * @access private
     */
    private function privatekey_login($username, PrivateKey $privatekey)
    {
        $publickey = $privatekey->getPublicKey();
 

 
        $publickeyStr = $publickey->toString('OpenSSH', ['binary' => true]);
 
        $part1 = Strings::packSSH2(
            'Csss',
            NET_SSH2_MSG_USERAUTH_REQUEST,
            $username,
            'ssh-connection',
            'publickey'
        );
        $part2 = Strings::packSSH2('ss', $signatureType, $publickeyStr);

 
        $response = $this->get_binary_packet();
 
        list($type) = Strings::unpackSSH2('C', $response);
        switch ($type) {
            case NET_SSH2_MSG_USERAUTH_FAILURE:
                list($auth_methods) = Strings::unpackSSH2('L', $response);
                $this->auth_methods_to_continue = $auth_methods;
                $this->errors[] = 'SSH_MSG_USERAUTH_FAILURE';
                return false;
            case NET_SSH2_MSG_USERAUTH_PK_OK:
                // we'll just take it on faith that the public key blob and the public key algorithm name are as
                // they should be
                $this->updateLogHistory('UNKNOWN (60)', 'NET_SSH2_MSG_USERAUTH_PK_OK');
                break;
            case NET_SSH2_MSG_USERAUTH_SUCCESS:
                $this->bitmap |= self::MASK_LOGIN;
                return true;
            default:
                $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
                throw new ConnectionClosedException('Unexpected response to publickey authentication pt 1');
        }
 
        $packet = $part1 . chr(1) . $part2;
        $privatekey = $privatekey->withHash($hash);

 
        $response = $this->get_binary_packet();
 
        list($type) = Strings::unpackSSH2('C', $response);
        switch ($type) {
            case NET_SSH2_MSG_USERAUTH_FAILURE:
                // either the login is bad or the server employs multi-factor authentication
                list($auth_methods) = Strings::unpackSSH2('L', $response);
                $this->auth_methods_to_continue = $auth_methods;
                return false;
            case NET_SSH2_MSG_USERAUTH_SUCCESS:
                $this->bitmap |= self::MASK_LOGIN;
                return true;
        }
 
        $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
        throw new ConnectionClosedException('Unexpected response to publickey authentication pt 2');
    }
 
    /**
     * Set Timeout
     *
     * $ssh->exec('ping 127.0.0.1'); on a Linux host will never return and will run indefinitely.  setTimeout() makes it so it'll timeout.
     * Setting $timeout to false or 0 will mean there is no timeout.
     *
     * @param mixed $timeout
     * @access public
     */
    public function setTimeout($timeout)
    {
        $this->timeout = $this->curTimeout = $timeout;
    }

     * Set Keep Alive
     *
     * Sends an SSH2_MSG_IGNORE message every x seconds, if x is a positive non-zero number.
     *
     * @param int $interval
     * @access public
     */
    public function setKeepAlive($interval)
    {
        $this->keepAlive = $interval;
    }
 
    /**
     * Get the output from stdError
     *
     * @access public
     */
    public function getStdError()
    {
        return $this->stdErrorLog;
    }

     *
     * @param string $command
     * @return string|bool
     * @psalm-return ($callback is callable ? bool : string|bool)
     * @throws \RuntimeException on connection error
     * @access public
     */
    public function exec($command, callable $callback = null)
    {
        $this->curTimeout = $this->timeout;
        $this->is_timeout = false;

        // uses 0x4000, that's what will be used here, as well.
        $packet_size = 0x4000;
 
        $packet = Strings::packSSH2(
            'CsN3',
            NET_SSH2_MSG_CHANNEL_OPEN,
            'session',
            self::CHANNEL_EXEC,
            $this->window_size_server_to_client[self::CHANNEL_EXEC],
            $packet_size
        );
        $this->send_binary_packet($packet);
 
        $this->channel_status[self::CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_OPEN;
 
        $this->get_channel_packet(self::CHANNEL_EXEC);
 
        if ($this->request_pty === true) {
            $terminal_modes = pack('C', NET_SSH2_TTY_OP_END);
            $packet = Strings::packSSH2(
                'CNsCsN4s',
                NET_SSH2_MSG_CHANNEL_REQUEST,
                $this->server_channels[self::CHANNEL_EXEC],
                'pty-req',
                1,
                $this->term,
                $this->windowColumns,

                $terminal_modes
            );
 
            $this->send_binary_packet($packet);
 
            $this->channel_status[self::CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_REQUEST;
            if (!$this->get_channel_packet(self::CHANNEL_EXEC)) {
                $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
                throw new \RuntimeException('Unable to request pseudo-terminal');
            }
 
            $this->in_request_pty_exec = true;
        }

        // although, in theory, the size of SSH_MSG_CHANNEL_REQUEST could exceed the maximum packet size established by
        // SSH_MSG_CHANNEL_OPEN_CONFIRMATION, RFC4254#section-5.1 states that the "maximum packet size" refers to the
        // "maximum size of an individual data packet". ie. SSH_MSG_CHANNEL_DATA.  RFC4254#section-5.2 corroborates.
        $packet = Strings::packSSH2(
            'CNsCs',
            NET_SSH2_MSG_CHANNEL_REQUEST,
            $this->server_channels[self::CHANNEL_EXEC],
            'exec',
            1,
            $command
        );
        $this->send_binary_packet($packet);
 
        $this->channel_status[self::CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_REQUEST;
 
        if (!$this->get_channel_packet(self::CHANNEL_EXEC)) {
            return false;
        }
 
        $this->channel_status[self::CHANNEL_EXEC] = NET_SSH2_MSG_CHANNEL_DATA;
 
        if ($callback === false || $this->in_request_pty_exec) {
            return true;
        }
 

     * @see self::read()
     * @see self::write()
     * @return bool
     * @throws \UnexpectedValueException on receipt of unexpected packets
     * @throws \RuntimeException on other errors
     * @access private
     */
    private function initShell()
    {
        if ($this->in_request_pty_exec === true) {
            return true;

        $this->window_size_server_to_client[self::CHANNEL_SHELL] = $this->window_size;
        $packet_size = 0x4000;
 
        $packet = Strings::packSSH2(
            'CsN3',
            NET_SSH2_MSG_CHANNEL_OPEN,
            'session',
            self::CHANNEL_SHELL,
            $this->window_size_server_to_client[self::CHANNEL_SHELL],
            $packet_size
        );
 
        $this->send_binary_packet($packet);
 
        $this->channel_status[self::CHANNEL_SHELL] = NET_SSH2_MSG_CHANNEL_OPEN;
 
        $this->get_channel_packet(self::CHANNEL_SHELL);
 
        $terminal_modes = pack('C', NET_SSH2_TTY_OP_END);
        $packet = Strings::packSSH2(
            'CNsbsN4s',
            NET_SSH2_MSG_CHANNEL_REQUEST,
            $this->server_channels[self::CHANNEL_SHELL],
            'pty-req',
            true, // want reply
            $this->term,
            $this->windowColumns,

            $terminal_modes
        );
 
        $this->send_binary_packet($packet);
 
        $this->channel_status[self::CHANNEL_SHELL] = NET_SSH2_MSG_CHANNEL_REQUEST;
 
        if (!$this->get_channel_packet(self::CHANNEL_SHELL)) {
            throw new \RuntimeException('Unable to request pty');
        }
 
        $packet = Strings::packSSH2(
            'CNsb',
            NET_SSH2_MSG_CHANNEL_REQUEST,
            $this->server_channels[self::CHANNEL_SHELL],
            'shell',
            true // want reply
        );
        $this->send_binary_packet($packet);

        $response = $this->get_channel_packet(self::CHANNEL_SHELL);
        if ($response === false) {
            throw new \RuntimeException('Unable to request shell');
        }
 
        $this->channel_status[self::CHANNEL_SHELL] = NET_SSH2_MSG_CHANNEL_DATA;
 
        $this->bitmap |= self::MASK_SHELL;
 
        return true;
    }

     * Return the channel to be used with read() / write()
     *
     * @see self::read()
     * @see self::write()
     * @return int
     * @access public
     */
    private function get_interactive_channel()
    {
        switch (true) {
            case $this->in_subsystem:

 
    /**
     * Return an available open channel
     *
     * @return int
     * @access public
     */
    private function get_open_channel()
    {
        $channel = self::CHANNEL_EXEC;
        do {
            if (isset($this->channel_status[$channel]) && $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_OPEN) {
                return $channel;
            }
        } while ($channel++ < self::CHANNEL_SUBSYSTEM);
 
        return false;

 
    /**
     * Request agent forwarding of remote server
     *
     * @return bool
     * @access public
     */
    public function requestAgentForwarding()
    {
        $request_channel = $this->get_open_channel();
        if ($request_channel === false) {
            return false;
        }
 
        $packet = Strings::packSSH2(
            'CNsC',
            NET_SSH2_MSG_CHANNEL_REQUEST,
            $this->server_channels[$request_channel],
            'auth-agent-req@openssh.com',
            1
        );
 
        $this->channel_status[$request_channel] = NET_SSH2_MSG_CHANNEL_REQUEST;
 
        $this->send_binary_packet($packet);
 
        if (!$this->get_channel_packet($request_channel)) {
            return false;
        }
 
        $this->channel_status[$request_channel] = NET_SSH2_MSG_CHANNEL_OPEN;
 
        return true;
    }
 
    /**

     * @see self::write()
     * @param string $expect
     * @param int $mode
     * @return string|bool|null
     * @throws \RuntimeException on connection error
     * @access public
     */
    public function read($expect = '', $mode = self::READ_SIMPLE)
    {
        $this->curTimeout = $this->timeout;
        $this->is_timeout = false;

     * if there's sufficient demand for such a feature.
     *
     * @see self::stopSubsystem()
     * @param string $subsystem
     * @return bool
     * @access public
     */
    public function startSubsystem($subsystem)
    {
        $this->window_size_server_to_client[self::CHANNEL_SUBSYSTEM] = $this->window_size;
 
        $packet = Strings::packSSH2(
            'CsN3',
            NET_SSH2_MSG_CHANNEL_OPEN,
            'session',
            self::CHANNEL_SUBSYSTEM,
            $this->window_size,
            0x4000
        );
 
        $this->send_binary_packet($packet);
 
        $this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_OPEN;
 
        $this->get_channel_packet(self::CHANNEL_SUBSYSTEM);
 
        $packet = Strings::packSSH2(
            'CNsCs',
            NET_SSH2_MSG_CHANNEL_REQUEST,
            $this->server_channels[self::CHANNEL_SUBSYSTEM],
            'subsystem',
            1,
            $subsystem
        );
        $this->send_binary_packet($packet);
 
        $this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_REQUEST;
 
        if (!$this->get_channel_packet(self::CHANNEL_SUBSYSTEM)) {
            return false;
        }
 
        $this->channel_status[self::CHANNEL_SUBSYSTEM] = NET_SSH2_MSG_CHANNEL_DATA;
 
        $this->bitmap |= self::MASK_SHELL;
        $this->in_subsystem = true;
 
        return true;

    /**
     * Stops a subsystem.
     *
     * @see self::startSubsystem()
     * @return bool
     * @access public
     */
    public function stopSubsystem()
    {
        $this->in_subsystem = false;
        $this->close_channel(self::CHANNEL_SUBSYSTEM);

    /**
     * Closes a channel
     *
     * If read() timed out you might want to just close the channel and have it auto-restart on the next read() call
     *
     * @access public
     */
    public function reset()
    {
        $this->close_channel($this->get_interactive_channel());
    }

    /**
     * Is timeout?
     *
     * Did exec() or read() return because they timed out or because they encountered the end?
     *
     * @access public
     */
    public function isTimeout()
    {
        return $this->is_timeout;
    }
 
    /**
     * Disconnect
     *
     * @access public
     */
    public function disconnect()
    {
        $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
        if (isset($this->realtime_log_file) && is_resource($this->realtime_log_file)) {
            fclose($this->realtime_log_file);
        }
        unset(self::$connections[$this->getResourceId()]);
    }

     * Destructor.
     *
     * Will be called, automatically, if you're supporting just PHP5.  If you're supporting PHP4, you'll need to call
     * disconnect().
     *
     * @access public
     */
    public function __destruct()
    {
        $this->disconnect();
    }
 
    /**
     * Is the connection still active?
     *
     * @return bool
     * @access public
     */
    public function isConnected()
    {
        return (bool) ($this->bitmap & self::MASK_CONNECTED);
    }
 
    /**
     * Have you successfully been logged in?
     *
     * @return bool
     * @access public
     */
    public function isAuthenticated()
    {
        return (bool) ($this->bitmap & self::MASK_LOGIN);
    }

 
        $this->window_size_server_to_client[self::CHANNEL_KEEP_ALIVE] = $this->window_size;
        $packet_size = 0x4000;
        $packet = Strings::packSSH2(
            'CsN3',
            NET_SSH2_MSG_CHANNEL_OPEN,
            'session',
            self::CHANNEL_KEEP_ALIVE,
            $this->window_size_server_to_client[self::CHANNEL_KEEP_ALIVE],
            $packet_size
        );
 
        try {
            $this->send_binary_packet($packet);
 
            $this->channel_status[self::CHANNEL_KEEP_ALIVE] = NET_SSH2_MSG_CHANNEL_OPEN;
 
            $response = $this->get_channel_packet(self::CHANNEL_KEEP_ALIVE);
        } catch (\RuntimeException $e) {
            return $this->reconnect();
        }

     *
     * @return boolean
     */
    private function reconnect()
    {
        $this->reset_connection(NET_SSH2_DISCONNECT_CONNECTION_LOST);
        $this->retry_connect = true;
        $this->connect();
        foreach ($this->auth as $auth) {
            $result = $this->login(...$auth);
        }

 
    /**
     * Resets a connection for re-use
     *
     * @param int $reason
     * @access private
     */
    protected function reset_connection($reason)
    {
        $this->disconnect_helper($reason);
        $this->decrypt = $this->encrypt = false;

     * See '6. Binary Packet Protocol' of rfc4253 for more info.
     *
     * @see self::_send_binary_packet()
     * @param bool $skip_channel_filter
     * @return bool|string
     * @access private
     */
    private function get_binary_packet($skip_channel_filter = false)
    {
        if ($skip_channel_filter) {
            if (!is_resource($this->fsock)) {

            if (!$this->curTimeout) {
                if ($this->keepAlive <= 0) {
                    @stream_select($read, $write, $except, null);
                } else {
                    if (!@stream_select($read, $write, $except, $this->keepAlive)) {
                        $this->send_binary_packet(pack('CN', NET_SSH2_MSG_IGNORE, 0));
                        return $this->get_binary_packet(true);
                    }
                }
            } else {
                if ($this->curTimeout < 0) {

 
                $start = microtime(true);
 
                if ($this->keepAlive > 0 && $this->keepAlive < $this->curTimeout) {
                    if (!@stream_select($read, $write, $except, $this->keepAlive)) {
                        $this->send_binary_packet(pack('CN', NET_SSH2_MSG_IGNORE, 0));
                        $elapsed = microtime(true) - $start;
                        $this->curTimeout -= $elapsed;
                        return $this->get_binary_packet(true);
                    }
                    $elapsed = microtime(true) - $start;

        $padding = Strings::shift($raw, $padding_length); // should leave $raw empty
 
        if ($this->hmac_check instanceof Hash) {
            $hmac = stream_get_contents($this->fsock, $this->hmac_size);
            if ($hmac === false || strlen($hmac) != $this->hmac_size) {
                $this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
                throw new \RuntimeException('Error reading socket');
            }
 
            $reconstructed = !$this->hmac_check_etm ?
                pack('NCa*', $packet_length, $padding_length, $payload . $padding) :
                $encrypted;
            if (($this->hmac_check->getHash() & "\xFF\xFF\xFF\xFF") == 'umac') {
                $this->hmac_check->setNonce("\0\0\0\0" . pack('N', $this->get_seq_no));
                if ($hmac != $this->hmac_check->hash($reconstructed)) {
                    $this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
                    throw new \RuntimeException('Invalid UMAC');
                }
            } else {
                if ($hmac != $this->hmac_check->hash(pack('Na*', $this->get_seq_no, $reconstructed))) {
                    $this->disconnect_helper(NET_SSH2_DISCONNECT_MAC_ERROR);
                    throw new \RuntimeException('Invalid HMAC');
                }
            }
        }
 

 
        $this->get_seq_no++;
 
        if (defined('NET_SSH2_LOGGING')) {
            $current = microtime(true);
 
 
            $message_number = isset($this->message_numbers[ord($payload[0])]) ? $this->message_numbers[ord($payload[0])] : 'UNKNOWN (' . ord($payload[0]) . ')';
            $message_number = '<- ' . $message_number .
 
                              ' (since last: ' . round($current - $this->last_packet, 4) . ', network: ' . round($stop - $start, 4) . 's)';
 
 
            $this->append_log($message_number, $payload);
            $this->last_packet = $current;
        }
 
        return $this->filter($payload, $skip_channel_filter);

     * Read Remaining Bytes
     *
     * @see self::get_binary_packet()
     * @param int $remaining_length
     * @return string
     * @access private
     */
    private function read_remaining_bytes($remaining_length)
    {
        if (!$remaining_length) {
            return '';

        // PuTTY uses 0x9000 as the actual max packet size and so to shall we
        // don't do this when GCM mode is used since GCM mode doesn't encrypt the length
        if ($remaining_length < -$this->decrypt_block_size || $remaining_length > 0x9000 || $remaining_length % $this->decrypt_block_size != 0) {
            if (!$this->bad_key_size_fix && self::bad_algorithm_candidate($this->decrypt ? $this->decryptName : '') && !($this->bitmap & SSH2::MASK_LOGIN)) {
                $this->bad_key_size_fix = true;
                $this->reset_connection(NET_SSH2_DISCONNECT_KEY_EXCHANGE_FAILED);
                return false;
            }
            throw new \RuntimeException('Invalid size');
        }
 

 
        $buffer = '';
        while ($remaining_length > 0) {
            $temp = stream_get_contents($this->fsock, $remaining_length);
            if ($temp === false || feof($this->fsock)) {
                $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
                throw new \RuntimeException('Error reading from socket');
            }
            $buffer .= $temp;
            $remaining_length -= strlen($temp);
        }

     *
     * @see self::_get_binary_packet()
     * @param string $payload
     * @param bool $skip_channel_filter
     * @return string|bool
     * @access private
     */
    private function filter($payload, $skip_channel_filter)
    {
        switch (ord($payload[0])) {
            case NET_SSH2_MSG_DISCONNECT:
                Strings::shift($payload, 1);
                list($reason_code, $message) = Strings::unpackSSH2('Ns', $payload);
                $this->errors[] = 'SSH_MSG_DISCONNECT: ' . $this->disconnect_reasons[$reason_code] . "\r\n$message";
                $this->bitmap = 0;
                return false;
            case NET_SSH2_MSG_IGNORE:
                $payload = $this->get_binary_packet($skip_channel_filter);
                break;
            case NET_SSH2_MSG_DEBUG:
                Strings::shift($payload, 2); // second byte is "always_display"
                list($message) = Strings::unpackSSH2('s', $payload);
                $this->errors[] = "SSH_MSG_DEBUG: $message";
                $payload = $this->get_binary_packet($skip_channel_filter);
                break;
            case NET_SSH2_MSG_UNIMPLEMENTED:
                return false;
            case NET_SSH2_MSG_KEXINIT:
                if ($this->session_id !== false) {
                    if (!$this->key_exchange($payload)) {
                        $this->bitmap = 0;
                        return false;
                    }
                    $payload = $this->get_binary_packet($skip_channel_filter);
                }
        }
 
        // see http://tools.ietf.org/html/rfc4252#section-5.4; only called when the encryption has been activated and when we haven't already logged in
        if (($this->bitmap & self::MASK_CONNECTED) && !$this->isAuthenticated() && !is_bool($payload) && ord($payload[0]) == NET_SSH2_MSG_USERAUTH_BANNER) {
            Strings::shift($payload, 1);
            list($this->banner_message) = Strings::unpackSSH2('s', $payload);
            $payload = $this->get_binary_packet();
        }
 

            if (is_bool($payload)) {
                return $payload;
            }
 
            switch (ord($payload[0])) {
                case NET_SSH2_MSG_CHANNEL_REQUEST:
                    if (strlen($payload) == 31) {
                        extract(unpack('cpacket_type/Nchannel/Nlength', $payload));
                        if (substr($payload, 9, $length) == 'keepalive@openssh.com' && isset($this->server_channels[$channel])) {
                            if (ord(substr($payload, 9 + $length))) { // want reply
                                $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_SUCCESS, $this->server_channels[$channel]));
                            }
                            $payload = $this->get_binary_packet($skip_channel_filter);
                        }
                    }
                    break;
                case NET_SSH2_MSG_CHANNEL_DATA:
                case NET_SSH2_MSG_CHANNEL_EXTENDED_DATA:
                case NET_SSH2_MSG_CHANNEL_CLOSE:
                case NET_SSH2_MSG_CHANNEL_EOF:
                    if (!$skip_channel_filter && !empty($this->server_channels)) {
                        $this->binary_packet_buffer = $payload;
                        $this->get_channel_packet(true);
                        $payload = $this->get_binary_packet();
                    }
                    break;
                case NET_SSH2_MSG_GLOBAL_REQUEST: // see http://tools.ietf.org/html/rfc4254#section-4
                    Strings::shift($payload, 1);
                    list($request_name) = Strings::unpackSSH2('s', $payload);
                    $this->errors[] = "SSH_MSG_GLOBAL_REQUEST: $request_name";
 
                    try {
                        $this->send_binary_packet(pack('C', NET_SSH2_MSG_REQUEST_FAILURE));
                    } catch (\RuntimeException $e) {
                        return $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
                    }
 
                    $payload = $this->get_binary_packet($skip_channel_filter);
                    break;
                case NET_SSH2_MSG_CHANNEL_OPEN: // see http://tools.ietf.org/html/rfc4254#section-5.1
                    Strings::shift($payload, 1);
                    list($data, $server_channel) = Strings::unpackSSH2('sN', $payload);
                    switch ($data) {
                        case 'auth-agent':
                        case 'auth-agent@openssh.com':

 
                                $packet_size = 0x4000;
 
                                $packet = pack(
                                    'CN4',
                                    NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION,
                                    $server_channel,
                                    $new_channel,
                                    $packet_size,
                                    $packet_size
                                );
 
                                $this->server_channels[$new_channel] = $server_channel;
                                $this->channel_status[$new_channel] = NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION;
                                $this->send_binary_packet($packet);
                            }
                            break;
                        default:
                            $packet = Strings::packSSH2(
                                'CN2ss',
                                NET_SSH2_MSG_CHANNEL_OPEN_FAILURE,
                                $server_channel,
                                NET_SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED,
                                '', // description
                                '' // language tag
                            );
 
                            try {
                                $this->send_binary_packet($packet);
                            } catch (\RuntimeException $e) {
                                return $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
                            }
                    }
 
                    $payload = $this->get_binary_packet($skip_channel_filter);
                    break;
                case NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST:
                    Strings::shift($payload, 1);
                    list($channel, $window_size) = Strings::unpackSSH2('NN', $payload);
 
                    $this->window_size_client_to_server[$channel] += $window_size;
 

    /**
     * Enable Quiet Mode
     *
     * Suppress stderr from output
     *
     * @access public
     */
    public function enableQuietMode()
    {
        $this->quiet_mode = true;
    }

    /**
     * Disable Quiet Mode
     *
     * Show stderr in output
     *
     * @access public
     */
    public function disableQuietMode()
    {
        $this->quiet_mode = false;
    }

    /**
     * Returns whether Quiet Mode is enabled or not
     *
     * @see self::enableQuietMode()
     * @see self::disableQuietMode()
     * @access public
     * @return bool
     */
    public function isQuietModeEnabled()
    {
        return $this->quiet_mode;
    }
 
    /**
     * Enable request-pty when using exec()
     *
     * @access public
     */
    public function enablePTY()
    {
        $this->request_pty = true;
    }
 
    /**
     * Disable request-pty when using exec()
     *
     * @access public
     */
    public function disablePTY()
    {
        if ($this->in_request_pty_exec) {
            $this->close_channel(self::CHANNEL_EXEC);

    /**
     * Returns whether request-pty is enabled or not
     *
     * @see self::enablePTY()
     * @see self::disablePTY()
     * @access public
     * @return bool
     */
    public function isPTYEnabled()
    {
        return $this->request_pty;

     *
     * @param int $client_channel
     * @param bool $skip_extended
     * @return mixed
     * @throws \RuntimeException on connection error
     * @access private
     */
    protected function get_channel_packet($client_channel, $skip_extended = false)
    {
        if (!empty($this->channel_buffers[$client_channel])) {
            switch ($this->channel_status[$client_channel]) {
                case NET_SSH2_MSG_CHANNEL_REQUEST:
                    foreach ($this->channel_buffers[$client_channel] as $i => $packet) {
                        switch (ord($packet[0])) {
                            case NET_SSH2_MSG_CHANNEL_SUCCESS:
                            case NET_SSH2_MSG_CHANNEL_FAILURE:
                                unset($this->channel_buffers[$client_channel][$i]);
                                return substr($packet, 1);
                        }
                    }
                    break;

                        $this->close_channel($client_channel);
                    }
                    return true;
                }
                if ($response === false) {
                    $this->disconnect_helper(NET_SSH2_DISCONNECT_CONNECTION_LOST);
                    throw new ConnectionClosedException('Connection closed by server');
                }
            }
 
            if ($client_channel == -1 && $response === true) {

 
                // resize the window, if appropriate
                if ($this->window_size_server_to_client[$channel] < 0) {
                // PuTTY does something more analogous to the following:
                //if ($this->window_size_server_to_client[$channel] < 0x3FFFFFFF) {
                    $packet = pack('CNN', NET_SSH2_MSG_CHANNEL_WINDOW_ADJUST, $this->server_channels[$channel], $this->window_resize);
                    $this->send_binary_packet($packet);
                    $this->window_size_server_to_client[$channel] += $this->window_resize;
                }
 
                switch ($type) {
                    case NET_SSH2_MSG_CHANNEL_EXTENDED_DATA:
                        /*
                        if ($client_channel == self::CHANNEL_EXEC) {
                            $this->send_channel_packet($client_channel, chr(0));
                        }
                        */

                        list($data_type_code, $data) = Strings::unpackSSH2('Ns', $response);
                        $this->stdErrorLog .= $data;
                        if ($skip_extended || $this->quiet_mode) {
                            continue 2;
                        }
                        if ($client_channel == $channel && $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_DATA) {
                            return $data;
                        }
                        $this->channel_buffers[$channel][] = chr($type) . $data;
 
                        continue 2;
                    case NET_SSH2_MSG_CHANNEL_REQUEST:
                        if ($this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_CLOSE) {
                            continue 2;
                        }
                        list($value) = Strings::unpackSSH2('s', $response);
                        switch ($value) {
                            case 'exit-signal':

                                $this->errors[] = "SSH_MSG_CHANNEL_REQUEST (exit-signal): $signal_name";
                                if (strlen($error_message)) {
                                    $this->errors[count($this->errors) - 1] .= "\r\n$error_message";
                                }
 
                                $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_EOF, $this->server_channels[$client_channel]));
                                $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$channel]));
 
                                $this->channel_status[$channel] = NET_SSH2_MSG_CHANNEL_EOF;
 
                                continue 3;
                            case 'exit-status':
                                list(, $this->exit_status) = Strings::unpackSSH2('CN', $response);
 

                                continue 3;
                        }
                }
 
                switch ($this->channel_status[$channel]) {
                    case NET_SSH2_MSG_CHANNEL_OPEN:
                        switch ($type) {
                            case NET_SSH2_MSG_CHANNEL_OPEN_CONFIRMATION:
                                list(
                                    $this->server_channels[$channel],
                                    $window_size,
                                    $this->packet_size_client_to_server[$channel]
                                ) = Strings::unpackSSH2('NNN', $response);

                                }
                                $this->window_size_client_to_server[$channel] = $window_size;
                                $result = $client_channel == $channel ? true : $this->get_channel_packet($client_channel, $skip_extended);
                                $this->on_channel_open();
                                return $result;
                            case NET_SSH2_MSG_CHANNEL_OPEN_FAILURE:
                                $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
                                throw new \RuntimeException('Unable to open channel');
                            default:
                                if ($client_channel == $channel) {
                                    $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
                                    throw new \RuntimeException('Unexpected response to open request');
                                }
                                return $this->get_channel_packet($client_channel, $skip_extended);
                        }
                        break;
                    case NET_SSH2_MSG_CHANNEL_REQUEST:
                        switch ($type) {
                            case NET_SSH2_MSG_CHANNEL_SUCCESS:
                                return true;
                            case NET_SSH2_MSG_CHANNEL_FAILURE:
                                return false;
                            case NET_SSH2_MSG_CHANNEL_DATA:
                                list($data) = Strings::unpackSSH2('s', $response);
                                $this->channel_buffers[$channel][] = chr($type) . $data;
                                return $this->get_channel_packet($client_channel, $skip_extended);
                            default:
                                $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
                                throw new \RuntimeException('Unable to fulfill channel request');
                        }
                    case NET_SSH2_MSG_CHANNEL_CLOSE:
                        return $type == NET_SSH2_MSG_CHANNEL_CLOSE ? true : $this->get_channel_packet($client_channel, $skip_extended);
                }
            }
 
            // ie. $this->channel_status[$channel] == NET_SSH2_MSG_CHANNEL_DATA
 
            switch ($type) {
                case NET_SSH2_MSG_CHANNEL_DATA:
                    /*
                    if ($channel == self::CHANNEL_EXEC) {
                        // SCP requires null packets, such as this, be sent.  further, in the case of the ssh.com SSH server
                        // this actually seems to make things twice as fast.  more to the point, the message right after
                        // SSH_MSG_CHANNEL_DATA (usually SSH_MSG_IGNORE) won't block for as long as it would have otherwise.

                    if ($client_channel == $channel) {
                        return $data;
                    }
                    $this->channel_buffers[$channel][] = chr($type) . $data;
                    break;
                case NET_SSH2_MSG_CHANNEL_CLOSE:
                    $this->curTimeout = 5;
 
                    if ($this->bitmap & self::MASK_SHELL) {
                        $this->bitmap &= ~self::MASK_SHELL;
                    }
                    if ($this->channel_status[$channel] != NET_SSH2_MSG_CHANNEL_EOF) {
                        $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$channel]));
                    }
 
                    $this->channel_status[$channel] = NET_SSH2_MSG_CHANNEL_CLOSE;
                    if ($client_channel == $channel) {
                        return true;
                    }
                    // fall-through
                case NET_SSH2_MSG_CHANNEL_EOF:
                    break;
                default:
                    $this->disconnect_helper(NET_SSH2_DISCONNECT_BY_APPLICATION);
                    throw new \RuntimeException("Error reading channel data ($type)");
            }
        }
    }
 

     *
     * @param string $data
     * @param string $logged
     * @see self::_get_binary_packet()
     * @return void
     * @access private
     */
    protected function send_binary_packet($data, $logged = null)
    {
        if (!is_resource($this->fsock) || feof($this->fsock)) {
            $this->bitmap = 0;

        $sent = @fputs($this->fsock, $packet);
        $stop = microtime(true);
 
        if (defined('NET_SSH2_LOGGING')) {
            $current = microtime(true);
 
 
            $message_number = isset($this->message_numbers[ord($logged[0])]) ? $this->message_numbers[ord($logged[0])] : 'UNKNOWN (' . ord($logged[0]) . ')';
            $message_number = '-> ' . $message_number .
 
                              ' (since last: ' . round($current - $this->last_packet, 4) . ', network: ' . round($stop - $start, 4) . 's)';
 
 
            $this->append_log($message_number, $logged);
            $this->last_packet = $current;
        }
 
        if (strlen($packet) != $sent) {

     *
     * Makes sure that only the last 1MB worth of packets will be logged
     *
     * @param string $message_number
     * @param string $message
     * @access private
     */
    private function append_log($message_number, $message)
    {
 
 
 
 
        // remove the byte identifying the message type from all but the first two messages (ie. the identification strings)
        if (strlen($message_number) > 2) {
            Strings::shift($message);
        }
 

            );
 
            $temp = Strings::shift($data, $max_size);
            $packet = Strings::packSSH2(
                'CNs',
                NET_SSH2_MSG_CHANNEL_DATA,
                $this->server_channels[$client_channel],
                $temp
            );
            $this->window_size_client_to_server[$client_channel] -= strlen($temp);
            $this->send_binary_packet($packet);

     * for SCP more than anything.
     *
     * @param int $client_channel
     * @param bool $want_reply
     * @return void
     * @access private
     */
    private function close_channel($client_channel, $want_reply = false)
    {
        // see http://tools.ietf.org/html/rfc4254#section-5.3
 
        $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_EOF, $this->server_channels[$client_channel]));
 
        if (!$want_reply) {
            $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$client_channel]));
        }
 
        $this->channel_status[$client_channel] = NET_SSH2_MSG_CHANNEL_CLOSE;
 
        $this->curTimeout = 5;
 
        while (!is_bool($this->get_channel_packet($client_channel))) {
        }

        if ($this->is_timeout) {
            $this->disconnect();
        }
 
        if ($want_reply) {
            $this->send_binary_packet(pack('CN', NET_SSH2_MSG_CHANNEL_CLOSE, $this->server_channels[$client_channel]));
        }
 
        if ($this->bitmap & self::MASK_SHELL) {
            $this->bitmap &= ~self::MASK_SHELL;
        }

    /**
     * Disconnect
     *
     * @param int $reason
     * @return false
     * @access protected
     */
    protected function disconnect_helper($reason)
    {
        if ($this->bitmap & self::MASK_CONNECTED) {
            $data = Strings::packSSH2('CNss', NET_SSH2_MSG_DISCONNECT, $reason, '', '');
            try {
                $this->send_binary_packet($data);
            } catch (\Exception $e) {
            }
        }

 
        return false;
    }
 
    /**
     * Define Array
     *
     * Takes any number of arrays whose indices are integers and whose values are strings and defines a bunch of
     * named constants from it, using the value as the name of the constant and the index as the value of the constant.
     * If any of the constants that would be defined already exists, none of the constants will be defined.
     *
     * @param mixed[] ...$args
     * @access protected
     */
    protected function define_array(...$args)
    {
        foreach ($args as $arg) {
            foreach ($arg as $key => $value) {
                if (!defined($value)) {
                    define($value, $key);
                } else {
                    break 2;
                }
            }
        }
    }
 
    /**
     * Returns a log of the packets that have been sent and received.
     *
     * Returns a string if NET_SSH2_LOGGING == self::LOG_COMPLEX, an array if NET_SSH2_LOGGING == self::LOG_SIMPLE and false if !defined('NET_SSH2_LOGGING')
     *
     * @access public
     * @return array|false|string
     */
    public function getLog()
    {
        if (!defined('NET_SSH2_LOGGING')) {

    /**
     * Formats a log for printing
     *
     * @param array $message_log
     * @param array $message_number_log
     * @access private
     * @return string
     */
    protected function format_log($message_log, $message_number_log)
    {
        $output = '';

     *
     * Used when channels are created to inform agent
     * of said channel opening. Must be called after
     * channel open confirmation received
     *
     * @access private
     */
    private function on_channel_open()
    {
        if (isset($this->agent)) {
            $this->agent->registerChannelOpen($this);

     * the intersection is empty. The order is defined by the first parameter.
     *
     * @param array $array1
     * @param array $array2
     * @return mixed False if intersection is empty, else intersected value.
     * @access private
     */
    private static function array_intersect_first($array1, $array2)
    {
        foreach ($array1 as $value) {
            if (in_array($value, $array2)) {

 
    /**
     * Returns all errors
     *
     * @return string[]
     * @access public
     */
    public function getErrors()
    {
        return $this->errors;
    }
 
    /**
     * Returns the last error
     *
     * @return string
     * @access public
     */
    public function getLastError()
    {
        $count = count($this->errors);
 

 
    /**
     * Return the server identification.
     *
     * @return string|false
     * @access public
     */
    public function getServerIdentification()
    {
        $this->connect();
 

 
    /**
     * Returns a list of algorithms the server supports
     *
     * @return array
     * @access public
     */
    public function getServerAlgorithms()
    {
        $this->connect();
 

 
    /**
     * Returns a list of KEX algorithms that phpseclib supports
     *
     * @return array
     * @access public
     */
    public static function getSupportedKEXAlgorithms()
    {
        $kex_algorithms = [
            // Elliptic Curve Diffie-Hellman Key Agreement (ECDH) using

 
    /**
     * Returns a list of host key algorithms that phpseclib supports
     *
     * @return array
     * @access public
     */
    public static function getSupportedHostKeyAlgorithms()
    {
        return [
            'ssh-ed25519', // https://tools.ietf.org/html/draft-ietf-curdle-ssh-ed25519-02

 
    /**
     * Returns a list of symmetric key algorithms that phpseclib supports
     *
     * @return array
     * @access public
     */
    public static function getSupportedEncryptionAlgorithms()
    {
        $algos = [
            // from <https://tools.ietf.org/html/rfc5647>:

            // CTR modes from <http://tools.ietf.org/html/rfc4344#section-4>:
            'aes128-ctr',     // RECOMMENDED       AES (Rijndael) in SDCTR mode, with 128-bit key
            'aes192-ctr',     // RECOMMENDED       AES with 192-bit key
            'aes256-ctr',     // RECOMMENDED       AES with 256-bit key
 
            // from <https://git.io/fhxOl>:
            // one of the big benefits of chacha20-poly1305 is speed. the problem is...
            // libsodium doesn't generate the poly1305 keys in the way ssh does and openssl's PHP bindings don't even
            // seem to support poly1305 currently. so even if libsodium or openssl are being used for the chacha20
            // part, pure-PHP has to be used for the poly1305 part and that's gonna cause a big slow down.
            // speed-wise it winds up being faster to use AES (when openssl or mcrypt are available) and some HMAC

 
    /**
     * Returns a list of MAC algorithms that phpseclib supports
     *
     * @return array
     * @access public
     */
    public static function getSupportedMACAlgorithms()
    {
        return [
            'hmac-sha2-256-etm@openssh.com',

 
    /**
     * Returns a list of compression algorithms that phpseclib supports
     *
     * @return array
     * @access public
     */
    public static function getSupportedCompressionAlgorithms()
    {
        $algos = ['none']; // REQUIRED        no compression
        if (function_exists('deflate_init')) {

     * Return list of negotiated algorithms
     *
     * Uses the same format as https://www.php.net/ssh2-methods-negotiated
     *
     * @return array
     * @access public
     */
    public function getAlgorithmsNegotiated()
    {
        $this->connect();
 

 
    /**
     * Allows you to set the terminal
     *
     * @param string $term
     * @access public
     */
    public function setTerminal($term)
    {
        $this->term = $term;
    }

    /**
     * Accepts an associative array with up to four parameters as described at
     * <https://www.php.net/manual/en/function.ssh2-connect.php>
     *
     * @param array $methods
     * @access public
     */
    public function setPreferredAlgorithms(array $methods)
    {
        $preferred = $methods;
 

     *
     * Quoting from the RFC, "in some jurisdictions, sending a warning message before
     * authentication may be relevant for getting legal protection."
     *
     * @return string
     * @access public
     */
    public function getBannerMessage()
    {
        return $this->banner_message;
    }

     * is recommended.  Returns false if the server signature is not signed correctly with the public host key.
     *
     * @return string|false
     * @throws \RuntimeException on badly formatted keys
     * @throws \phpseclib3\Exception\NoSupportedAlgorithmsException when the key isn't in a supported format
     * @access public
     */
    public function getServerPublicHostKey()
    {
        if (!($this->bitmap & self::MASK_CONSTRUCTOR)) {
            $this->connect();

                        $hash = 'sha1';
                }
                $key = $key->withHash($hash);
                break;
            default:
                $this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
                throw new NoSupportedAlgorithmsException('Unsupported signature format');
        }
 
        if (!$key->verify($this->exchange_hash, $signature)) {
            return $this->disconnect_helper(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
        };
 
        return $this->signature_format . ' ' . $server_public_host_key;
    }
 
    /**
     * Returns the exit status of an SSH command or false.
     *
     * @return false|int
     * @access public
     */
    public function getExitStatus()
    {
        if (is_null($this->exit_status)) {
            return false;

 
    /**
     * Returns the number of columns for the terminal window size.
     *
     * @return int
     * @access public
     */
    public function getWindowColumns()
    {
        return $this->windowColumns;
    }
 
    /**
     * Returns the number of rows for the terminal window size.
     *
     * @return int
     * @access public
     */
    public function getWindowRows()
    {
        return $this->windowRows;
    }
 
    /**
     * Sets the number of columns for the terminal window size.
     *
     * @param int $value
     * @access public
     */
    public function setWindowColumns($value)
    {
        $this->windowColumns = $value;
    }
 
    /**
     * Sets the number of rows for the terminal window size.
     *
     * @param int $value
     * @access public
     */
    public function setWindowRows($value)
    {
        $this->windowRows = $value;
    }

    /**
     * Sets the number of columns and rows for the terminal window size.
     *
     * @param int $columns
     * @param int $rows
     * @access public
     */
    public function setWindowSize($columns = 80, $rows = 24)
    {
        $this->windowColumns = $columns;
        $this->windowRows = $rows;

 
    /**
     * To String Magic Method
     *
     * @return string
     * @access public
     */
    #[\ReturnTypeWillChange]
    public function __toString()
    {
        return $this->getResourceId();

            $temp[$key] = $ref->get();
        }
        return $temp;
    }
 
    /*
     * Update packet types in log history
     *
     * @param string $old
     * @param string $new
     * @access private
     */
    private function updateLogHistory($old, $new)
    {
        if (defined('NET_SSH2_LOGGING') && NET_SSH2_LOGGING == self::LOG_COMPLEX) {
            $this->message_number_log[count($this->message_number_log) - 1] = str_replace(

Rev 846	Rev 874
Line 35...	Line 35...
35	* $ssh->write("ls -la\n");	35	* $ssh->write("ls -la\n");
36	* echo $ssh->read('username@username:~$');	36	* echo $ssh->read('username@username:~$');
37	* ?>	37	* ?>
38	* </code>	38	* </code>
39	*	39	*
-		40	* @category Net
-		41	* @package SSH2
40	* @author Jim Wigginton <terrafrost@php.net>	42	* @author Jim Wigginton <terrafrost@php.net>
41	* @copyright 2007 Jim Wigginton	43	* @copyright 2007 Jim Wigginton
42	* @license http://www.opensource.org/licenses/mit-license.html MIT License	44	* @license http://www.opensource.org/licenses/mit-license.html MIT License
43	* @link http://phpseclib.sourceforge.net	45	* @link http://phpseclib.sourceforge.net
44	*/	46	*/
Line 58...	Line 60...
58	use phpseclib3\Crypt\Hash;	60	use phpseclib3\Crypt\Hash;
59	use phpseclib3\Crypt\Random;	61	use phpseclib3\Crypt\Random;
60	use phpseclib3\Crypt\RC4;	62	use phpseclib3\Crypt\RC4;
61	use phpseclib3\Crypt\Rijndael;	63	use phpseclib3\Crypt\Rijndael;
62	use phpseclib3\Crypt\RSA;	64	use phpseclib3\Crypt\RSA;
63	use phpseclib3\Crypt\TripleDES;	65	use phpseclib3\Crypt\TripleDES; // Used to do Diffie-Hellman key exchange and DSA/RSA signature verification.
64	use phpseclib3\Crypt\Twofish;	66	use phpseclib3\Crypt\Twofish;
65	use phpseclib3\Exception\ConnectionClosedException;	67	use phpseclib3\Exception\ConnectionClosedException;
66	use phpseclib3\Exception\InsufficientSetupException;	68	use phpseclib3\Exception\InsufficientSetupException;
67	use phpseclib3\Exception\NoSupportedAlgorithmsException;	69	use phpseclib3\Exception\NoSupportedAlgorithmsException;
68	use phpseclib3\Exception\UnableToConnectException;	70	use phpseclib3\Exception\UnableToConnectException;
69	use phpseclib3\Exception\UnsupportedAlgorithmException;	71	use phpseclib3\Exception\UnsupportedAlgorithmException;
70	use phpseclib3\Exception\UnsupportedCurveException;	72	use phpseclib3\Exception\UnsupportedCurveException;
71	use phpseclib3\Math\BigInteger;	73	use phpseclib3\Math\BigInteger;
72	use phpseclib3\Net\SSH2\ChannelConnectionFailureReason;	-
73	use phpseclib3\Net\SSH2\DisconnectReason;	-
74	use phpseclib3\Net\SSH2\MessageType;	-
75	use phpseclib3\Net\SSH2\MessageTypeExtra;	-
76	use phpseclib3\Net\SSH2\TerminalMode;	-
77	use phpseclib3\System\SSH\Agent;	74	use phpseclib3\System\SSH\Agent;
78		75
79	/**	76	/**
80	* Pure-PHP implementation of SSHv2.	77	* Pure-PHP implementation of SSHv2.
81	*	78	*
-		79	* @package SSH2
82	* @author Jim Wigginton <terrafrost@php.net>	80	* @author Jim Wigginton <terrafrost@php.net>
-		81	* @access public
83	*/	82	*/
84	class SSH2	83	class SSH2
85	{	84	{
86	/**#@+	85	/**#@+
87	* Compression Types	86	* Compression Types
88	*	87	*
-		88	* @access private
89	*/	89	*/
90	/**	90	/**
91	* No compression	91	* No compression
92	*/	92	*/
93	const NET_SSH2_COMPRESSION_NONE = 1;	93	const NET_SSH2_COMPRESSION_NONE = 1;
Line 121...	Line 121...
121	* open request, and 'sender channel' is the channel number allocated by	121	* open request, and 'sender channel' is the channel number allocated by
122	* the other side.	122	* the other side.
123	*	123	*
124	* @see \phpseclib3\Net\SSH2::send_channel_packet()	124	* @see \phpseclib3\Net\SSH2::send_channel_packet()
125	* @see \phpseclib3\Net\SSH2::get_channel_packet()	125	* @see \phpseclib3\Net\SSH2::get_channel_packet()
-		126	* @access private
126	*/	127	*/
127	const CHANNEL_EXEC = 1; // PuTTy uses 0x100	128	const CHANNEL_EXEC = 1; // PuTTy uses 0x100
128	const CHANNEL_SHELL = 2;	129	const CHANNEL_SHELL = 2;
129	const CHANNEL_SUBSYSTEM = 3;	130	const CHANNEL_SUBSYSTEM = 3;
130	const CHANNEL_AGENT_FORWARD = 4;	131	const CHANNEL_AGENT_FORWARD = 4;
131	const CHANNEL_KEEP_ALIVE = 5;	132	const CHANNEL_KEEP_ALIVE = 5;
132		133
133	/**	134	/**
134	* Returns the message numbers	135	* Returns the message numbers
135	*	136	*
-		137	* @access public
136	* @see \phpseclib3\Net\SSH2::getLog()	138	* @see \phpseclib3\Net\SSH2::getLog()
137	*/	139	*/
138	const LOG_SIMPLE = 1;	140	const LOG_SIMPLE = 1;
139	/**	141	/**
140	* Returns the message content	142	* Returns the message content
141	*	143	*
-		144	* @access public
142	* @see \phpseclib3\Net\SSH2::getLog()	145	* @see \phpseclib3\Net\SSH2::getLog()
143	*/	146	*/
144	const LOG_COMPLEX = 2;	147	const LOG_COMPLEX = 2;
145	/**	148	/**
146	* Outputs the content real-time	149	* Outputs the content real-time
147	*	150	*
-		151	* @access public
148	* @see \phpseclib3\Net\SSH2::getLog()	152	* @see \phpseclib3\Net\SSH2::getLog()
149	*/	153	*/
150	const LOG_REALTIME = 3;	154	const LOG_REALTIME = 3;
151	/**	155	/**
152	* Dumps the content real-time to a file	156	* Dumps the content real-time to a file
153	*	157	*
-		158	* @access public
154	* @see \phpseclib3\Net\SSH2::getLog()	159	* @see \phpseclib3\Net\SSH2::getLog()
155	*/	160	*/
156	const LOG_REALTIME_FILE = 4;	161	const LOG_REALTIME_FILE = 4;
157	/**	162	/**
158	* Make sure that the log never gets larger than this	163	* Make sure that the log never gets larger than this
159	*	164	*
-		165	* @access public
160	* @see \phpseclib3\Net\SSH2::getLog()	166	* @see \phpseclib3\Net\SSH2::getLog()
161	*/	167	*/
162	const LOG_MAX_SIZE = 1048576; // 1024 * 1024	168	const LOG_MAX_SIZE = 1048576; // 1024 * 1024
163		169
164	/**	170	/**
165	* Returns when a string matching $expect exactly is found	171	* Returns when a string matching $expect exactly is found
166	*	172	*
-		173	* @access public
167	* @see \phpseclib3\Net\SSH2::read()	174	* @see \phpseclib3\Net\SSH2::read()
168	*/	175	*/
169	const READ_SIMPLE = 1;	176	const READ_SIMPLE = 1;
170	/**	177	/**
171	* Returns when a string matching the regular expression $expect is found	178	* Returns when a string matching the regular expression $expect is found
172	*	179	*
-		180	* @access public
173	* @see \phpseclib3\Net\SSH2::read()	181	* @see \phpseclib3\Net\SSH2::read()
174	*/	182	*/
175	const READ_REGEX = 2;	183	const READ_REGEX = 2;
176	/**	184	/**
177	* Returns whenever a data packet is received.	185	* Returns whenever a data packet is received.
178	*	186	*
179	* Some data packets may only contain a single character so it may be necessary	187	* Some data packets may only contain a single character so it may be necessary
180	* to call read() multiple times when using this option	188	* to call read() multiple times when using this option
181	*	189	*
-		190	* @access public
182	* @see \phpseclib3\Net\SSH2::read()	191	* @see \phpseclib3\Net\SSH2::read()
183	*/	192	*/
184	const READ_NEXT = 3;	193	const READ_NEXT = 3;
185		194
186	/**	195	/**
187	* The SSH identifier	196	* The SSH identifier
188	*	197	*
189	* @var string	198	* @var string
-		199	* @access private
190	*/	200	*/
191	private $identifier;	201	private $identifier;
192		202
193	/**	203	/**
194	* The Socket Object	204	* The Socket Object
195	*	205	*
196	* @var resource\|closed-resource\|null	206	* @var resource\|closed-resource\|null
-		207	* @access private
197	*/	208	*/
198	public $fsock;	209	public $fsock;
199		210
200	/**	211	/**
201	* Execution Bitmap	212	* Execution Bitmap
202	*	213	*
203	* The bits that are set represent functions that have been called already. This is used to determine	214	* The bits that are set represent functions that have been called already. This is used to determine
204	* if a requisite function has been successfully executed. If not, an error should be thrown.	215	* if a requisite function has been successfully executed. If not, an error should be thrown.
205	*	216	*
206	* @var int	217	* @var int
-		218	* @access private
207	*/	219	*/
208	protected $bitmap = 0;	220	protected $bitmap = 0;
209		221
210	/**	222	/**
211	* Error information	223	* Error information
212	*	224	*
213	* @see self::getErrors()	225	* @see self::getErrors()
214	* @see self::getLastError()	226	* @see self::getLastError()
215	* @var array	227	* @var array
-		228	* @access private
216	*/	229	*/
217	private $errors = [];	230	private $errors = [];
218		231
219	/**	232	/**
220	* Server Identifier	233	* Server Identifier
221	*	234	*
222	* @see self::getServerIdentification()	235	* @see self::getServerIdentification()
223	* @var string\|false	236	* @var string\|false
-		237	* @access private
224	*/	238	*/
225	protected $server_identifier = false;	239	protected $server_identifier = false;
226		240
227	/**	241	/**
228	* Key Exchange Algorithms	242	* Key Exchange Algorithms
229	*	243	*
230	* @see self::getKexAlgorithims()	244	* @see self::getKexAlgorithims()
231	* @var array\|false	245	* @var array\|false
-		246	* @access private
232	*/	247	*/
233	private $kex_algorithms = false;	248	private $kex_algorithms = false;
234		249
235	/**	250	/**
236	* Key Exchange Algorithm	251	* Key Exchange Algorithm
237	*	252	*
238	* @see self::getMethodsNegotiated()	253	* @see self::getMethodsNegotiated()
239	* @var string\|false	254	* @var string\|false
-		255	* @access private
240	*/	256	*/
241	private $kex_algorithm = false;	257	private $kex_algorithm = false;
242		258
243	/**	259	/**
244	* Minimum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods	260	* Minimum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
245	*	261	*
246	* @see self::_key_exchange()	262	* @see self::_key_exchange()
247	* @var int	263	* @var int
-		264	* @access private
248	*/	265	*/
249	private $kex_dh_group_size_min = 1536;	266	private $kex_dh_group_size_min = 1536;
250		267
251	/**	268	/**
252	* Preferred Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods	269	* Preferred Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
253	*	270	*
254	* @see self::_key_exchange()	271	* @see self::_key_exchange()
255	* @var int	272	* @var int
-		273	* @access private
256	*/	274	*/
257	private $kex_dh_group_size_preferred = 2048;	275	private $kex_dh_group_size_preferred = 2048;
258		276
259	/**	277	/**
260	* Maximum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods	278	* Maximum Diffie-Hellman Group Bit Size in RFC 4419 Key Exchange Methods
261	*	279	*
262	* @see self::_key_exchange()	280	* @see self::_key_exchange()
263	* @var int	281	* @var int
-		282	* @access private
264	*/	283	*/
265	private $kex_dh_group_size_max = 4096;	284	private $kex_dh_group_size_max = 4096;
266		285
267	/**	286	/**
268	* Server Host Key Algorithms	287	* Server Host Key Algorithms
269	*	288	*
270	* @see self::getServerHostKeyAlgorithms()	289	* @see self::getServerHostKeyAlgorithms()
271	* @var array\|false	290	* @var array\|false
-		291	* @access private
272	*/	292	*/
273	private $server_host_key_algorithms = false;	293	private $server_host_key_algorithms = false;
274		294
275	/**	295	/**
276	* Encryption Algorithms: Client to Server	296	* Encryption Algorithms: Client to Server
277	*	297	*
278	* @see self::getEncryptionAlgorithmsClient2Server()	298	* @see self::getEncryptionAlgorithmsClient2Server()
279	* @var array\|false	299	* @var array\|false
-		300	* @access private
280	*/	301	*/
281	private $encryption_algorithms_client_to_server = false;	302	private $encryption_algorithms_client_to_server = false;
282		303
283	/**	304	/**
284	* Encryption Algorithms: Server to Client	305	* Encryption Algorithms: Server to Client
285	*	306	*
286	* @see self::getEncryptionAlgorithmsServer2Client()	307	* @see self::getEncryptionAlgorithmsServer2Client()
287	* @var array\|false	308	* @var array\|false
-		309	* @access private
288	*/	310	*/
289	private $encryption_algorithms_server_to_client = false;	311	private $encryption_algorithms_server_to_client = false;
290		312
291	/**	313	/**
292	* MAC Algorithms: Client to Server	314	* MAC Algorithms: Client to Server
293	*	315	*
294	* @see self::getMACAlgorithmsClient2Server()	316	* @see self::getMACAlgorithmsClient2Server()
295	* @var array\|false	317	* @var array\|false
-		318	* @access private
296	*/	319	*/
297	private $mac_algorithms_client_to_server = false;	320	private $mac_algorithms_client_to_server = false;
298		321
299	/**	322	/**
300	* MAC Algorithms: Server to Client	323	* MAC Algorithms: Server to Client
301	*	324	*
302	* @see self::getMACAlgorithmsServer2Client()	325	* @see self::getMACAlgorithmsServer2Client()
303	* @var array\|false	326	* @var array\|false
-		327	* @access private
304	*/	328	*/
305	private $mac_algorithms_server_to_client = false;	329	private $mac_algorithms_server_to_client = false;
306		330
307	/**	331	/**
308	* Compression Algorithms: Client to Server	332	* Compression Algorithms: Client to Server
309	*	333	*
310	* @see self::getCompressionAlgorithmsClient2Server()	334	* @see self::getCompressionAlgorithmsClient2Server()
311	* @var array\|false	335	* @var array\|false
-		336	* @access private
312	*/	337	*/
313	private $compression_algorithms_client_to_server = false;	338	private $compression_algorithms_client_to_server = false;
314		339
315	/**	340	/**
316	* Compression Algorithms: Server to Client	341	* Compression Algorithms: Server to Client
317	*	342	*
318	* @see self::getCompressionAlgorithmsServer2Client()	343	* @see self::getCompressionAlgorithmsServer2Client()
319	* @var array\|false	344	* @var array\|false
-		345	* @access private
320	*/	346	*/
321	private $compression_algorithms_server_to_client = false;	347	private $compression_algorithms_server_to_client = false;
322		348
323	/**	349	/**
324	* Languages: Server to Client	350	* Languages: Server to Client
325	*	351	*
326	* @see self::getLanguagesServer2Client()	352	* @see self::getLanguagesServer2Client()
327	* @var array\|false	353	* @var array\|false
-		354	* @access private
328	*/	355	*/
329	private $languages_server_to_client = false;	356	private $languages_server_to_client = false;
330		357
331	/**	358	/**
332	* Languages: Client to Server	359	* Languages: Client to Server
333	*	360	*
334	* @see self::getLanguagesClient2Server()	361	* @see self::getLanguagesClient2Server()
335	* @var array\|false	362	* @var array\|false
-		363	* @access private
336	*/	364	*/
337	private $languages_client_to_server = false;	365	private $languages_client_to_server = false;
338		366
339	/**	367	/**
340	* Preferred Algorithms	368	* Preferred Algorithms
341	*	369	*
342	* @see self::setPreferredAlgorithms()	370	* @see self::setPreferredAlgorithms()
343	* @var array	371	* @var array
-		372	* @access private
344	*/	373	*/
345	private $preferred = [];	374	private $preferred = [];
346		375
347	/**	376	/**
348	* Block Size for Server to Client Encryption	377	* Block Size for Server to Client Encryption
Line 355...	Line 384...
355	* -- http://tools.ietf.org/html/rfc4253#section-6	384	* -- http://tools.ietf.org/html/rfc4253#section-6
356	*	385	*
357	* @see self::__construct()	386	* @see self::__construct()
358	* @see self::_send_binary_packet()	387	* @see self::_send_binary_packet()
359	* @var int	388	* @var int
-		389	* @access private
360	*/	390	*/
361	private $encrypt_block_size = 8;	391	private $encrypt_block_size = 8;
362		392
363	/**	393	/**
364	* Block Size for Client to Server Encryption	394	* Block Size for Client to Server Encryption
365	*	395	*
366	* @see self::__construct()	396	* @see self::__construct()
367	* @see self::_get_binary_packet()	397	* @see self::_get_binary_packet()
368	* @var int	398	* @var int
-		399	* @access private
369	*/	400	*/
370	private $decrypt_block_size = 8;	401	private $decrypt_block_size = 8;
371		402
372	/**	403	/**
373	* Server to Client Encryption Object	404	* Server to Client Encryption Object
374	*	405	*
375	* @see self::_get_binary_packet()	406	* @see self::_get_binary_packet()
376	* @var SymmetricKey\|false	407	* @var SymmetricKey\|false
-		408	* @access private
377	*/	409	*/
378	private $decrypt = false;	410	private $decrypt = false;
379		411
380	/**	412	/**
381	* Decryption Algorithm Name	413	* Decryption Algorithm Name
382	*	414	*
383	* @var string\|null	415	* @var string\|null
-		416	* @access private
384	*/	417	*/
385	private $decryptName;	418	private $decryptName;
386		419
387	/**	420	/**
388	* Decryption Invocation Counter	421	* Decryption Invocation Counter
389	*	422	*
390	* Used by GCM	423	* Used by GCM
391	*	424	*
392	* @var string\|null	425	* @var string\|null
-		426	* @access private
393	*/	427	*/
394	private $decryptInvocationCounter;	428	private $decryptInvocationCounter;
395		429
396	/**	430	/**
397	* Fixed Part of Nonce	431	* Fixed Part of Nonce
398	*	432	*
399	* Used by GCM	433	* Used by GCM
400	*	434	*
401	* @var string\|null	435	* @var string\|null
-		436	* @access private
402	*/	437	*/
403	private $decryptFixedPart;	438	private $decryptFixedPart;
404		439
405	/**	440	/**
406	* Server to Client Length Encryption Object	441	* Server to Client Length Encryption Object
407	*	442	*
408	* @see self::_get_binary_packet()	443	* @see self::_get_binary_packet()
409	* @var object	444	* @var object
-		445	* @access private
410	*/	446	*/
411	private $lengthDecrypt = false;	447	private $lengthDecrypt = false;
412		448
413	/**	449	/**
414	* Client to Server Encryption Object	450	* Client to Server Encryption Object
415	*	451	*
416	* @see self::_send_binary_packet()	452	* @see self::_send_binary_packet()
417	* @var SymmetricKey\|false	453	* @var SymmetricKey\|false
-		454	* @access private
418	*/	455	*/
419	private $encrypt = false;	456	private $encrypt = false;
420		457
421	/**	458	/**
422	* Encryption Algorithm Name	459	* Encryption Algorithm Name
423	*	460	*
424	* @var string\|null	461	* @var string\|null
-		462	* @access private
425	*/	463	*/
426	private $encryptName;	464	private $encryptName;
427		465
428	/**	466	/**
429	* Encryption Invocation Counter	467	* Encryption Invocation Counter
430	*	468	*
431	* Used by GCM	469	* Used by GCM
432	*	470	*
433	* @var string\|null	471	* @var string\|null
-		472	* @access private
434	*/	473	*/
435	private $encryptInvocationCounter;	474	private $encryptInvocationCounter;
436		475
437	/**	476	/**
438	* Fixed Part of Nonce	477	* Fixed Part of Nonce
439	*	478	*
440	* Used by GCM	479	* Used by GCM
441	*	480	*
442	* @var string\|null	481	* @var string\|null
-		482	* @access private
443	*/	483	*/
444	private $encryptFixedPart;	484	private $encryptFixedPart;
445		485
446	/**	486	/**
447	* Client to Server Length Encryption Object	487	* Client to Server Length Encryption Object
448	*	488	*
449	* @see self::_send_binary_packet()	489	* @see self::_send_binary_packet()
450	* @var object	490	* @var object
-		491	* @access private
451	*/	492	*/
452	private $lengthEncrypt = false;	493	private $lengthEncrypt = false;
453		494
454	/**	495	/**
455	* Client to Server HMAC Object	496	* Client to Server HMAC Object
456	*	497	*
457	* @see self::_send_binary_packet()	498	* @see self::_send_binary_packet()
458	* @var object	499	* @var object
-		500	* @access private
459	*/	501	*/
460	private $hmac_create = false;	502	private $hmac_create = false;
461		503
462	/**	504	/**
463	* Client to Server HMAC Name	505	* Client to Server HMAC Name
464	*	506	*
465	* @var string\|false	507	* @var string\|false
-		508	* @access private
466	*/	509	*/
467	private $hmac_create_name;	510	private $hmac_create_name;
468		511
469	/**	512	/**
470	* Client to Server ETM	513	* Client to Server ETM
471	*	514	*
472	* @var int\|false	515	* @var int\|false
-		516	* @access private
473	*/	517	*/
474	private $hmac_create_etm;	518	private $hmac_create_etm;
475		519
476	/**	520	/**
477	* Server to Client HMAC Object	521	* Server to Client HMAC Object
478	*	522	*
479	* @see self::_get_binary_packet()	523	* @see self::_get_binary_packet()
480	* @var object	524	* @var object
-		525	* @access private
481	*/	526	*/
482	private $hmac_check = false;	527	private $hmac_check = false;
483		528
484	/**	529	/**
485	* Server to Client HMAC Name	530	* Server to Client HMAC Name
486	*	531	*
487	* @var string\|false	532	* @var string\|false
-		533	* @access private
488	*/	534	*/
489	private $hmac_check_name;	535	private $hmac_check_name;
490		536
491	/**	537	/**
492	* Server to Client ETM	538	* Server to Client ETM
493	*	539	*
494	* @var int\|false	540	* @var int\|false
-		541	* @access private
495	*/	542	*/
496	private $hmac_check_etm;	543	private $hmac_check_etm;
497		544
498	/**	545	/**
499	* Size of server to client HMAC	546	* Size of server to client HMAC
Line 502...	Line 549...
502	* For the client to server side, the HMAC object will make the HMAC as long as it needs to be. All we need to do is	549	* For the client to server side, the HMAC object will make the HMAC as long as it needs to be. All we need to do is
503	* append it.	550	* append it.
504	*	551	*
505	* @see self::_get_binary_packet()	552	* @see self::_get_binary_packet()
506	* @var int	553	* @var int
-		554	* @access private
507	*/	555	*/
508	private $hmac_size = false;	556	private $hmac_size = false;
509		557
510	/**	558	/**
511	* Server Public Host Key	559	* Server Public Host Key
512	*	560	*
513	* @see self::getServerPublicHostKey()	561	* @see self::getServerPublicHostKey()
514	* @var string	562	* @var string
-		563	* @access private
515	*/	564	*/
516	private $server_public_host_key;	565	private $server_public_host_key;
517		566
518	/**	567	/**
519	* Session identifier	568	* Session identifier
Line 524...	Line 573...
524	*	573	*
525	* -- http://tools.ietf.org/html/rfc4253#section-7.2	574	* -- http://tools.ietf.org/html/rfc4253#section-7.2
526	*	575	*

Subversion Repositories oidplus

oidplus/trunk/vendor/phpseclib/phpseclib/phpseclib/Net/SSH2.php – Rev 846 → 874