Monthly Archives: July 2008

Installing SSH2 for PHP shell connections – How-to

In order to be able to open ssh connections within a php script you will need a few things done, few modules installed on the server.

Mainly the install will need 3 packages: OpenSSL, libssh2 and ssh2 modules and of course root access to the server.

OpenSSL it is usually installed on many system so you may not need to install this, in order to make sure that you have this package installed or not run the following on the server:

[root@box1 ~]#rpm -qa |grep openssl

If the package is installed the output will show something like this:
openssl096b-0.9.6b-22.46
openssl-0.9.7a-43.17.el4_6.1
openssl-devel-0.9.7a-43.17.el4_6.1

The versions may deffer depending on the OS you have installed on the server.

If the output shows nothing then you need to install OpenSSL and this can be easy achieved using yum or apt-get(redhat or debian based servers):

yum install openssl (redhat based OS)

apt-get install openssl (debian based OS)

Second package needed is libssh2. You will not find this on your server usually and will have to be installed from the source like this:

[root@box1 ~]wget http://voxel.dl.sourceforge.net/sourceforge/libssh2/libssh2-0.18.tar.gz
[root@box1 ~]tar -zxvf libssh2-0.18.tar.gz
[root@box1 ~]cd libssh2-0.18
[root@box1 libssh2-0.18]# ./configure
[root@box1 libssh2-0.18]# make
[root@box1 libssh2-0.18]# make install

When all the compile is done libssh2 is installed.

Next in line will be ssh2 php module.
This can be installed in a few ways like using PECL or PEAR or by directly downloading and compiling the module yourself.

I will use the 3rd install type because lately using PECL or PEAR did not really do the job.

[root@box1 ~]# wget http://pecl.php.net/get/ssh2-0.10.tgz
[root@box1 ~]# tar -xzf ssh2-0.10.tgz
[root@box1 ~]# cd ssh2-0.10
[root@box1 ssh2-0.10]# phpize && ./configure --with-ssh2 && make

If this finishes without an error you are almost done, the only thing left to be done will be to copy the ssh2.so module from withing /ssh2-0.10/modules/ to the php extensions directory which you can find out where it is by checking the php.ini file.
At the end just restart apache and you are done, you can try your script to see if everything is alright.

If after running phpize && ./configure --with-ssh2 && make you end up with an error like make: *** [ssh2.lo] Error 1 you will have to do a small hack.

[root@box1 ssh2-0.10]# vi ssh2.c
Search for the line:
#if LIBSSH2_APINO < 200412301450
and edit it to look like:
#if LIBSSH2_VERSION_NUM < 0x001000
Save the file and run phpize && ./configure --with-ssh2 && make again.

If everything finishes fine you are done, check this how-to before the error part and that is all.

If there is anything that was left aside let me know.

Share/Bookmark

Installing ssh2 module in php – make: *** [ssh2.lo] Error 1

Some will try to use a webserver/php to open ssh connections to the servers without using a ssh client.

At this point you need Openssl, libssh2 installed on the server and of course ssh2 php module.

The only issue is that the latest ssh2 module is in Beta only and most of the time it will be impossible to install it using PECL or PEAR so the only way to do it will be using the tarball.

The latest tarball has also an issue as it may not compile correctly ending in a make: *** [ssh2.lo] Error 1 error . This is because of the tarball actually and there is a patch for it but the easiest way to get over this will be the next fix:

1. Extract the files from the tarball
2. Edit ssh2.c and look for :
#if LIBSSH2_APINO < 200412301450
3. Change the line to look like:
#if LIBSSH2_VERSION_NUM < 0x001000
4. Save and run phpize && ./configure --with-ssh2 && make from within the directory .

I will try to post a full how-to on the full installation this days.

BIND DNS Query Port Entropy Weakness

As a few days ago a vulnerability was reported in BIND. A remote user can spoof the system.

The domain name system (DNS) service does not use sufficiently random UDP sockets to process queries. A remote user can send specially crafted DNS queries and responses to the target service to spoof responses and insert records into the DNS cache. This may cause traffic to be redirected to arbitrary IP addresses specified by the remote user.

The vendor indicates that the vulnerability exists in the DNS protocol itself, rather than in any particular vendor’s implementation.

Systems using BIND as a caching resolver are affected.

Some demonstration exploit code is available at:
http://www.caughq.org/exploits/CAU-EX-2008-0002.txt
http://www.caughq.org/exploits/CAU-EX-2008-0003. txt

Dan Kaminsky of IOActive reported this vulnerability.
Impact: A remote user can spoof the DNS service, causing traffic to be redirected to arbitrary hosts.
Solution: The vendor has issued patches (9.5.0-P1, 9.4.2-P1, 9.3.5-P1). New beta releases (9.5.1b1, 9.4.3b2) are also available.

The software is available at:
http://www.isc.org/index.pl?/menu.pl?sect=sw

The vendor reports that the fix provides increased resilience to the attack, but that “DNSSEC is the only full solution.”

In conclusion just check your bind(named) version and upgrade the application asap if you don’t want to have any issues.

Source: SecurityTracker