所以我需要执行一个命令,但只有当我su到root(或sudo)时它才会运行,但我似乎不知道如何将命令发送到su到root
(我可以登录并使用loginuser fine执行其他命令)
http://phpseclib.sourceforge.net/ssh/examples.html
我的代码如下
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('255.255.255.255',22);
if (!$ssh->login('loginuser', 'fakepassword')) {
exit('Login Failed');
}
echo $ssh->read('[prompt]');
echo $ssh->write("su'n");
echo $ssh->read('Password:');
echo $ssh->write("rootfakepassword");
echo $ssh->read('[prompt]');
echo $ssh->exec('cc get_wireless_status');
?>
我还尝试过使用exec命令来做大致相同的事情,但没有运气
有什么建议吗?
代码的当前修订版(无效)
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('255.255.99.74',22);
if (!$ssh->login('loginuser', 'password')) {
exit('Login Failed');
}
echo $ssh->read('loginuser@intranet:/home/login >');
$ssh->write("su'n");
echo $ssh->read('Password:');
$ssh->write("rootpassword'n");
echo $ssh->read('intranet:/home/login #');
$ssh->write("cc get_wireless_status'n");
echo $ssh->read('[prompt]');
?>
中日志的油灰文本
login as: loginuser
loginuser@255.255.99.74's password:
Last login: Thu Feb 14 13:57:16 2013 from infong1045.lxa.perfora.net
Sophos UTM
(C) Copyrights by Astaro and by others 2000-2012.
For more copyright information look at /doc/astaro-license.txt
or http://www.astaro.com/doc/astaro-license.txt
NOTE: Any modifications done by root will void your support.
Please use WebAdmin for any configuration changes.
loginuser@intranet:/home/login > su
Password:
intranet:/home/login #
最新版本上的代码响应
Last login: Thu Feb 14 14:00:00 2013 from 10.10.10.194 Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > Last login: Tue Feb 19 11:09:18 2013 from infong1045.lxa.perfora.net Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > su Password: intranet:/home/login # Last login: Tue Feb 19 11:09:23 2013 from infong1045.lxa.perfora.net Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > cc get_wireless_status -bash: /usr/local/bin/confd-client.plx: Permission denied loginuser@intranet:/home/login >
这应该有效:
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('www.domain.tld');
if (!$ssh->login('username', 'password')) {
exit('Login Failed');
}
echo $ssh->read('username@username:~$');
$ssh->write("su'n");
echo $ssh->read('Password:');
$ssh->write("password'n");
echo $ssh->read('username@username:~#');
$ssh->write("cc get_wireless_status'n");
echo $ssh->read('[prompt]');
?>
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('www.domain.tld');
if (!$ssh->login('username', 'password')) {
exit('Login Failed');
}
$ssh->setTimeout(5);
echo $ssh->read('username@username:~$');
$ssh->write("su'n");
echo $ssh->read('Password:');
$ssh->write("password'n");
echo $ssh->read('username@username:~#');
$ssh->write("cc get_wireless_status'n");
echo $ssh->read('[prompt]');
?>
我修改了您的代码片段,使其包含一个setTimeout()。因此,如果对read()的一个调用失败,那么该调用将超时并回显到该点的数据。
您可能需要执行echo $ssh->write("rootfakepassword'n");
即。注意''n。
当你在腻子或任何你必须点击的地方运行命令时,输入。这一事实也需要反映在您通过phpseclib发送到服务器的内容中。
Su不是通往这里的路。相反,使用sudo,同时将自己添加到带有NOPASSWD标志的/etc/sudoers文件中,然后简单地发出sudo命令。你可以在这里找到如何做到这一点。
或者,您可以在phpseclib脚本中使用expect来生成根shell(这是不推荐的,而且是一个非常肮脏的技巧):
echo $ssh->exec('expect -c ''log_user 0; set timeout -1; spawn /bin/su; expect "Password:"; send "rootpassword'r"; expect "'r'n"; send "/usr/bin/id'r'n"; log_user 1; expect "uid=0"''');
在我正在尝试的机器上,我得到以下输出:
/usr/bin/id
root@machine:/home/user#/usr/bin/id uid=0(root)gid=0(root)组=0(根)
同样,这个方法是脏的,并且有很多不需要的输出,我想,如果你阅读了一些预期文档,你可以修剪这些输出。很抱歉没有为您提供更清洁的解决方案,但恐怕这已经是最好的了。