对于密码和身份验证的不兼容性,似乎我有类似北方(elm-signal-extra
)的问题。
我得到: PHP注意:第3037行/usr/share/pear/Net/SSH2.php中的HMAC无效 PHP注意:服务在2015年的/usr/share/pear/Net/SSH2.php中被服务器关闭
我已经跟踪了一个PUTTY日志,以确定密钥交换哈希是Diffie-Hellman SHA-1,加密是AES.256 CBC。
所以我已经注释掉了我不希望在SSH2.php中使用的算法。但它似乎没有任何影响,我一直得到同样的错误
----------------- ENCRYPTION ALGORITH SECTION ------------------------
static $encryption_algorithms = false;
if ($encryption_algorithms === false) {
$encryption_algorithms = array(
// from <http://tools.ietf.org/html/rfc4345#section-4>:
// 'arcfour256',
// 'arcfour128',
//'arcfour', // OPTIONAL the ARCFOUR stream cipher with a 128-bit key
// CTR modes from <http://tools.ietf.org/html/rfc4344#section-4>:
// 'aes128-ctr', // RECOMMENDED AES (Rijndael) in SDCTR mode, with 128-bit key
// 'aes192-ctr', // RECOMMENDED AES with 192-bit key
// 'aes256-ctr', // RECOMMENDED AES with 256-bit key
// 'twofish128-ctr', // OPTIONAL Twofish in SDCTR mode, with 128-bit key
// 'twofish192-ctr', // OPTIONAL Twofish with 192-bit key
// 'twofish256-ctr', // OPTIONAL Twofish with 256-bit key
'aes128-cbc', // RECOMMENDED AES with a 128-bit key
'aes192-cbc', // OPTIONAL AES with a 192-bit key
'aes256-cbc', // OPTIONAL AES in CBC mode, with a 256-bit key
'twofish128-cbc', // OPTIONAL Twofish with a 128-bit key
'twofish192-cbc', // OPTIONAL Twofish with a 192-bit key
'twofish256-cbc',
'twofish-cbc', // OPTIONAL alias for "twofish256-cbc"
// (this is being retained for historical reasons)
'blowfish-ctr', // OPTIONAL Blowfish in SDCTR mode
'blowfish-cbc', // OPTIONAL Blowfish in CBC mode
'3des-ctr', // RECOMMENDED Three-key 3DES in SDCTR mode
'3des-cbc', // REQUIRED three-key 3DES in CBC mode
'none' // OPTIONAL no encryption; NOT RECOMMENDED
);
-------------- MAC算法部分----------------------------- < / p>
$mac_algorithms = array(
// from <http://www.ietf.org/rfc/rfc6668.txt>:
// 'hmac-sha2-256',// RECOMMENDED HMAC-SHA256 (digest length = key length = 32)
// 'hmac-sha1-96', // RECOMMENDED first 96 bits of HMAC-SHA1 (digest length = 12, key length = 20)
'hmac-sha1', // REQUIRED HMAC-SHA1 (digest length = key length = 20)
'hmac-md5-96', // OPTIONAL first 96 bits of HMAC-MD5 (digest length = 12, key length = 16)
'hmac-md5', // OPTIONAL HMAC-MD5 (digest length = key length = 16)
'none' // OPTIONAL no MAC; NOT RECOMMENDED
);
我的斗智尽头。任何帮助将非常感激。我在Fedora(Linux 3.6.11-1.fc16.x86_64 x86_64)BTW。
干杯, 安德烈
事件日志:使用哈希SHA-1进行Diffie-Hellman密钥交换 传出数据包#0x2,类型32 / 0x20(SSH2_MSG_KEX_DH_GEX_INIT)
....为简洁省略了文字.......
Event Log: Host key fingerprint is:
Event Log: ssh-rsa 1024 f4:a0:9f:17:a0:3d:74:60:4d:da:60:39:97:a0:07:9a
Outgoing packet #0x3, type 21 / 0x15 (SSH2_MSG_NEWKEYS)
Event Log: Initialised AES-256 CBC client->server encryption
Event Log: Initialised HMAC-SHA1 client->server MAC algorithm
Incoming packet #0x3, type 21 / 0x15 (SSH2_MSG_NEWKEYS)
Event Log: Initialised AES-256 CBC server->client encryption
Event Log: Initialised HMAC-SHA1 server->client MAC algorithm
Outgoing packet #0x4, type 2 / 0x02 (SSH2_MSG_IGNORE)
00000000 00 00 00 00 ....
Outgoing packet #0x5, type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST)
00000000 00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68 ....ssh-userauth
Incoming packet #0x4, type 6 / 0x06 (SSH2_MSG_SERVICE_ACCEPT)
00000000 00 00 00 0c 73 73 68 2d 75 73 65 72 61 75 74 68 ....ssh-userauth
Outgoing packet #0x6, type 2 / 0x02 (SSH2_MSG_IGNORE)
00000000 00 00 00 00 ....
Outgoing packet #0x7, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
00000000 00 00 00 05 61 64 6d 69 6e 00 00 00 0e 73 73 68 ....admin....ssh
00000010 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 04 6e -connection....n
00000020 6f 6e 65 one
Incoming packet #0x5, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
00000000 00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61 ...'publickey,pa
00000010 73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d ssword,keyboard-
00000020 69 6e 74 65 72 61 63 74 69 76 65 00 interactive.
Outgoing packet #0x8, type 2 / 0x02 (SSH2_MSG_IGNORE)
00000000 00 00 00 00 ....
Outgoing packet #0x9, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
00000000 00 00 00 05 61 64 6d 69 6e 00 00 00 0e 73 73 68 ....admin....ssh
00000010 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 14 6b -connection....k
00000020 65 79 62 6f 61 72 64 2d 69 6e 74 65 72 61 63 74 eyboard-interact
00000030 69 76 65 00 00 00 00 00 00 00 00 ive........
Event Log: Attempting keyboard-interactive authentication
Incoming packet #0x6, type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
00000000 00 00 00 27 70 75 62 6c 69 63 6b 65 79 2c 70 61 ...'publickey,pa
00000010 73 73 77 6f 72 64 2c 6b 65 79 62 6f 61 72 64 2d ssword,keyboard-
00000020 69 6e 74 65 72 61 63 74 69 76 65 00 interactive.
Event Log: Server refused keyboard-interactive authentication
Outgoing packet #0xa, type 2 / 0x02 (SSH2_MSG_IGNORE)
00000000 00 00 00 00 ....
Outgoing packet #0xb, type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
00000000 00 00 00 05 61 64 6d 69 6e 00 00 00 0e 73 73 68 ....admin....ssh
00000010 2d 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 08 70 -connection....p
00000020 61 73 73 77 6f 72 64 00 XX XX XX XX XX XX XX XX assword.XXXXXXXX
00000030 XX XX XX XX XX XXXXX
Outgoing packet #0xc, type 2 / 0x02 (SSH2_MSG_IGNORE)
00000000 00 00 00 90 7d 5f 2a c8 1f ad ee 38 a1 2e ec ae ....}_*....8....
00000010 ec 1a 21 1b b4 2d b3 df 81 f9 38 c2 b6 40 bb 6b ..!..-....8..@.k
00000020 84 f2 31 fa af da d2 dc dd b4 3c 41 43 2d e4 b2 ..1.......<AC-..
00000030 8c c6 8e 38 ce 3d 1c 52 9c 80 4d 79 1f 37 ab d0 ...8.=.R..My.7..
00000040 73 34 c2 5f 99 2c 5d 40 57 50 4f 5e df 3a d0 3f s4._.,]@WPO^.:.?
00000050 9d 38 28 7b 1f 8b ca 71 39 82 5f 91 cf f4 62 29 .8({...q9._...b)
00000060 48 cc 8b f1 8f dc 7d 8c 4d 54 d5 61 f2 b5 f5 1d H.....}.MT.a....
00000070 7c 67 66 43 96 c9 9c 5d 0d 83 a6 62 61 0e 6c 4d |gfC...]...ba.lM
00000080 e7 57 28 1a e6 c6 56 63 f4 52 ad 66 9c d5 16 c4 .W(...Vc.R.f....
00000090 b4 66 34 5b .f4[
Event Log: Sent password
Incoming packet #0x7, type 52 / 0x34 (SSH2_MSG_USERAUTH_SUCCESS)
Event Log: Access granted
-----------完整日志输出-------------------------------
PHP Notice: Invalid HMAC in /usr/share/pear/Net/SSH2.php on line 3037
PHP Notice: Connection closed by server in /usr/share/pear/Net/SSH2.php on line 2015
LOG: <-
00000000 53:53:48:2d:32:2e:30:2d:4f:70:65:6e:53:53:48:5f SSH-2.0-OpenSSH_
00000010 33:2e:34:70:31:0a 3.4p1.
->
00000000 53:53:48:2d:32:2e:30:2d:70:68:70:73:65:63:6c:69 SSH-2.0-phpsecli
00000010 62:5f:30:2e:33:20:28:6f:70:65:6e:73:73:6c:2c:20 b_0.3 (openssl,
00000020 67:6d:70:29:0d:0a gmp)..
<- NET_SSH2_MSG_KEXINIT (since last: 3.7292, network: 0.7724s)
00000000 1f:ed:9c:61:32:1e:70:f1:16:d0:99:37:6d:d3:7a:8d ...a2.p....7m.z.
00000010 00:00:00:3d:64:69:66:66:69:65:2d:68:65:6c:6c:6d ...=diffie-hellm
00000020 61:6e:2d:67:72:6f:75:70:2d:65:78:63:68:61:6e:67 an-group-exchang
00000030 65:2d:73:68:61:31:2c:64:69:66:66:69:65:2d:68:65 e-sha1,diffie-he
00000040 6c:6c:6d:61:6e:2d:67:72:6f:75:70:31:2d:73:68:61 llman-group1-sha
00000050 31:00:00:00:0f:73:73:68:2d:72:73:61:2c:73:73:68 1....ssh-rsa,ssh
00000060 2d:64:73:73:00:00:00:66:61:65:73:31:32:38:2d:63 -dss...faes128-c
00000070 62:63:2c:33:64:65:73:2d:63:62:63:2c:62:6c:6f:77 bc,3des-cbc,blow
00000080 66:69:73:68:2d:63:62:63:2c:63:61:73:74:31:32:38 fish-cbc,cast128
00000090 2d:63:62:63:2c:61:72:63:66:6f:75:72:2c:61:65:73 -cbc,arcfour,aes
000000a0 31:39:32:2d:63:62:63:2c:61:65:73:32:35:36:2d:63 192-cbc,aes256-c
000000b0 62:63:2c:72:69:6a:6e:64:61:65:6c:2d:63:62:63:40 bc,rijndael-cbc@
000000c0 6c:79:73:61:74:6f:72:2e:6c:69:75:2e:73:65:00:00 lysator.liu.se..
000000d0 00:66:61:65:73:31:32:38:2d:63:62:63:2c:33:64:65 .faes128-cbc,3de
000000e0 73:2d:63:62:63:2c:62:6c:6f:77:66:69:73:68:2d:63 s-cbc,blowfish-c
000000f0 62:63:2c:63:61:73:74:31:32:38:2d:63:62:63:2c:61 bc,cast128-cbc,a
00000100 72:63:66:6f:75:72:2c:61:65:73:31:39:32:2d:63:62 rcfour,aes192-cb
00000110 63:2c:61:65:73:32:35:36:2d:63:62:63:2c:72:69:6a c,aes256-cbc,rij
00000120 6e:64:61:65:6c:2d:63:62:63:40:6c:79:73:61:74:6f ndael-cbc@lysato
00000130 72:2e:6c:69:75:2e:73:65:00:00:00:55:68:6d:61:63 r.liu.se...Uhmac
00000140 2d:6d:64:35:2c:68:6d:61:63:2d:73:68:61:31:2c:68 -md5,hmac-sha1,h
00000150 6d:61:63:2d:72:69:70:65:6d:64:31:36:30:2c:68:6d mac-ripemd160,hm
00000160 61:63:2d:72:69:70:65:6d:64:31:36:30:40:6f:70:65 ac-ripemd160@ope
00000170 6e:73:73:68:2e:63:6f:6d:2c:68:6d:61:63:2d:73:68 nssh.com,hmac-sh
00000180 61:31:2d:39:36:2c:68:6d:61:63:2d:6d:64:35:2d:39 a1-96,hmac-md5-9
00000190 36:00:00:00:55:68:6d:61:63:2d:6d:64:35:2c:68:6d 6...Uhmac-md5,hm
000001a0 61:63:2d:73:68:61:31:2c:68:6d:61:63:2d:72:69:70 ac-sha1,hmac-rip
000001b0 65:6d:64:31:36:30:2c:68:6d:61:63:2d:72:69:70:65 emd160,hmac-ripe
000001c0 6d:64:31:36:30:40:6f:70:65:6e:73:73:68:2e:63:6f md160@openssh.co
000001d0 6d:2c:68:6d:61:63:2d:73:68:61:31:2d:39:36:2c:68 m,hmac-sha1-96,h
000001e0 6d:61:63:2d:6d:64:35:2d:39:36:00:00:00:09:6e:6f mac-md5-96....no
000001f0 6e:65:2c:7a:6c:69:62:00:00:00:09:6e:6f:6e:65:2c ne,zlib....none,
00000200 7a:6c:69:62:00:00:00:00:00:00:00:00:00:00:00:00 zlib............
00000210 00 .
-> NET_SSH2_MSG_KEXINIT (since last: 0.0008, network: 0.0002s)
00000000 8b:79:c0:7d:2a:c1:e6:36:d7:bf:e0:52:d3:7d:42:0a .y.}*..6...R.}B.
00000010 00:00:00:7e:64:69:66:66:69:65:2d:68:65:6c:6c:6d ...~diffie-hellm
00000020 61:6e:2d:67:72:6f:75:70:31:2d:73:68:61:31:2c:64 an-group1-sha1,d
00000030 69:66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72 iffie-hellman-gr
00000040 6f:75:70:31:34:2d:73:68:61:31:2c:64:69:66:66:69 oup14-sha1,diffi
00000050 65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f:75:70:2d e-hellman-group-
00000060 65:78:63:68:61:6e:67:65:2d:73:68:61:31:2c:64:69 exchange-sha1,di
00000070 66:66:69:65:2d:68:65:6c:6c:6d:61:6e:2d:67:72:6f ffie-hellman-gro
00000080 75:70:2d:65:78:63:68:61:6e:67:65:2d:73:68:61:32 up-exchange-sha2
00000090 35:36:00:00:00:0f:73:73:68:2d:72:73:61:2c:73:73 56....ssh-rsa,ss
000000a0 68:2d:64:73:73:00:00:00:8a:61:65:73:31:32:38:2d h-dss....aes128-
000000b0 63:62:63:2c:61:65:73:31:39:32:2d:63:62:63:2c:61 cbc,aes192-cbc,a
000000c0 65:73:32:35:36:2d:63:62:63:2c:74:77:6f:66:69:73 es256-cbc,twofis
000000d0 68:31:32:38:2d:63:62:63:2c:74:77:6f:66:69:73:68 h128-cbc,twofish
000000e0 31:39:32:2d:63:62:63:2c:74:77:6f:66:69:73:68:32 192-cbc,twofish2
000000f0 35:36:2d:63:62:63:2c:74:77:6f:66:69:73:68:2d:63 56-cbc,twofish-c
00000100 62:63:2c:62:6c:6f:77:66:69:73:68:2d:63:74:72:2c bc,blowfish-ctr,
00000110 62:6c:6f:77:66:69:73:68:2d:63:62:63:2c:33:64:65 blowfish-cbc,3de
00000120 73:2d:63:74:72:2c:33:64:65:73:2d:63:62:63:2c:6e s-ctr,3des-cbc,n
00000130 6f:6e:65:00:00:00:8a:61:65:73:31:32:38:2d:63:62 one....aes128-cb
00000140 63:2c:61:65:73:31:39:32:2d:63:62:63:2c:61:65:73 c,aes192-cbc,aes
00000150 32:35:36:2d:63:62:63:2c:74:77:6f:66:69:73:68:31 256-cbc,twofish1
00000160 32:38:2d:63:62:63:2c:74:77:6f:66:69:73:68:31:39 28-cbc,twofish19
00000170 32:2d:63:62:63:2c:74:77:6f:66:69:73:68:32:35:36 2-cbc,twofish256
00000180 2d:63:62:63:2c:74:77:6f:66:69:73:68:2d:63:62:63 -cbc,twofish-cbc
00000190 2c:62:6c:6f:77:66:69:73:68:2d:63:74:72:2c:62:6c ,blowfish-ctr,bl
000001a0 6f:77:66:69:73:68:2d:63:62:63:2c:33:64:65:73:2d owfish-cbc,3des-
000001b0 63:74:72:2c:33:64:65:73:2d:63:62:63:2c:6e:6f:6e ctr,3des-cbc,non
000001c0 65:00:00:00:23:68:6d:61:63:2d:73:68:61:31:2c:68 e...#hmac-sha1,h
000001d0 6d:61:63:2d:6d:64:35:2d:39:36:2c:68:6d:61:63:2d mac-md5-96,hmac-
000001e0 6d:64:35:2c:6e:6f:6e:65:00:00:00:23:68:6d:61:63 md5,none...#hmac
000001f0 2d:73:68:61:31:2c:68:6d:61:63:2d:6d:64:35:2d:39 -sha1,hmac-md5-9
00000200 36:2c:68:6d:61:63:2d:6d:64:35:2c:6e:6f:6e:65:00 6,hmac-md5,none.
00000210 00:00:04:6e:6f:6e:65:00:00:00:04:6e:6f:6e:65:00 ...none....none.
00000220 00:00:00:00:00:00:00:00:00:00:00:00 ............
-> NET_SSH2_MSG_KEXDH_INIT (since last: 0.0058, network: 0s)
00000000 00:00:00:81:00:ed:d4:d0:ea:a0:20:8e:cf:c0:4f:fc .......... ...O.
00000010 d6:bd:9b:a1:1d:4f:26:0e:a1:1e:30:8a:1d:93:36:48 .....O&...0...6H
00000020 de:0d:c9:dd:3c:f6:a9:92:84:ef:f2:0f:3c:e1:6b:b2 ..............k.
00000030 f4:a1:3d:07:93:ed:21:c4:1a:d5:1e:b9:fd:20:aa:b3 ..=...!...... ..
00000040 a3:a6:94:20:ff:f4:eb:19:08:03:07:52:e7:b6:c5:16 ... .......R....
00000050 4e:2e:6b:89:cc:34:17:03:d9:bf:5d:44:7c:6f:1d:2b N.k..4....]D|o.+
00000060 68:1e:4a:69:32:84:a1:3d:59:53:20:b4:12:79:8e:06 h.Ji2..=YS ..y..
00000070 3b:c7:a7:2f:1e:75:ed:ba:ee:ae:9a:6f:cd:80:8e:e7 ;../.u.....o....
00000080 9f:a5:97:b1:51 ....Q
<- NET_SSH2_MSG_KEXDH_REPLY (since last: 1.9064, network: 1.9063s)
00000000 00:00:00:95:00:00:00:07:73:73:68:2d:72:73:61:00 ........ssh-rsa.
00000010 00:00:01:23:00:00:00:81:00:b9:91:2c:ea:95:9c:34 ...#.......,...4
00000020 00:86:a0:f5:58:40:ff:44:d4:6a:9c:5c:05:1d:eb:ec ....X@.D.j.\....
00000030 8a:96:61:21:e5:98:c3:23:06:15:1e:46:55:39:60:90 ..a!...#...FU9`.
00000040 e7:3d:89:cb:b4:04:48:54:d8:0a:62:11:08:83:3c:8d .=....HT..b.....
00000050 eb:b3:5b:3d:fa:c3:d2:e5:89:ca:bf:ef:ea:a7:d9:38 ..[=...........8
00000060 04:10:ca:36:90:d1:57:1d:55:ec:b3:eb:40:17:ba:60 ...6..W.U...@..`
00000070 45:a0:f7:90:b0:f8:f2:52:4b:21:57:d9:91:d7:1a:0b E......RK!W.....
00000080 a4:7d:4a:85:e2:ac:e2:cd:2b:e3:f1:b5:31:9a:98:fe .}J.....+...1...
00000090 fd:3d:76:da:9d:23:cc:89:57:00:00:00:80:3d:e9:8c .=v..#..W....=..
000000a0 92:42:9c:ba:16:a6:64:e6:f7:41:fd:b0:90:c2:c1:37 .B....d..A.....7
000000b0 02:a4:12:15:e0:59:88:87:64:d4:33:49:ed:b1:df:d0 .....Y..d.3I....
000000c0 80:c6:fd:f0:af:7f:b9:40:fb:58:0c:2e:4f:29:1f:35 .......@.X..O).5
000000d0 74:93:fe:3b:c1:61:df:33:a0:90:ea:bb:da:02:34:16 t..;.a.3......4.
000000e0 a0:f2:49:49:49:80:ab:b5:fb:bb:96:9e:6f:8f:2a:be ..III.......o.*.
000000f0 f0:f7:5d:27:a0:02:5a:83:6b:4a:e6:5d:cc:0e:25:44 ..]'..Z.kJ.]..%D
00000100 9f:f6:35:d5:00:51:d0:e4:d3:ab:a0:41:3d:d7:b6:7c ..5..Q.....A=..|
00000110 c2:c4:85:50:19:70:f0:8c:2d:33:21:3e:2c:00:00:00 ...P.p..-3!>,...
00000120 8f:00:00:00:07:73:73:68:2d:72:73:61:00:00:00:80 .....ssh-rsa....
00000130 92:6a:9a:3a:b0:ff:bf:6d:ed:69:a1:40:e2:d1:7c:ac .j.:...m.i.@..|.
00000140 b9:21:ed:40:2c:66:f1:4f:d8:f2:07:6a:25:ef:a0:3b .!.@,f.O...j%..;
00000150 56:ed:00:e6:31:3b:e6:e9:8d:46:56:4e:87:73:6b:88 V...1;...FVN.sk.
00000160 f8:a2:52:cf:78:dd:22:37:31:37:68:09:35:c4:92:6d ..R.x."717h.5..m
00000170 23:40:6d:9e:31:99:6a:a9:75:c4:0b:0e:47:20:20:34 #@m.1.j.u...G 4
00000180 02:2b:66:d5:ce:1b:bd:b0:83:f3:c9:ef:bd:d2:31:c6 .+f...........1.
00000190 9a:6a:32:fa:22:31:48:74:e5:60:ae:c4:ce:d1:9a:2f .j2."1Ht.`...../
000001a0 e7:13:20:a9:75:3b:e1:8a:5b:18:37:e0:1e:c7:4a:05 .. .u;..[.7...J.
-> NET_SSH2_MSG_NEWKEYS (since last: 0.001, network: 0.0002s)
<- NET_SSH2_MSG_NEWKEYS (since last: 0.0001, network: 0s)
-> NET_SSH2_MSG_SERVICE_REQUEST (since last: 0.0039, network: 0s)
00000000 00:00:00:0c:73:73:68:2d:75:73:65:72:61:75:74:68 ....ssh-userauth