Edit Report a Bug

    ssh2_fingerprint

    (PECL ssh2 >= 0.9.0)

    ssh2_fingerprintRetrieve fingerprint of remote server

    Descrierea

    ssh2_fingerprint ( resource $session , int $flags = SSH2_FINGERPRINT_MD5 | SSH2_FINGERPRINT_HEX ) : string

    Returns a server hostkey hash from an active session.

    Parametri

    session

    An SSH connection link identifier, obtained from a call to ssh2_connect().

    flags

    flags may be either of SSH2_FINGERPRINT_MD5 or SSH2_FINGERPRINT_SHA1 logically ORed with SSH2_FINGERPRINT_HEX or SSH2_FINGERPRINT_RAW.

    Valorile întoarse

    Returns the hostkey hash as a string.

    Exemple

    Example #1 Checking the fingerprint against a known value

    <?php
    $known_host     '6F89C2F0A719B30CC38ABDF90755F2E4';

    $connection ssh2_connect('shell.example.com'22);

    $fingerprint ssh2_fingerprint($connection,
                       SSH2_FINGERPRINT_MD5 SSH2_FINGERPRINT_HEX);

    if (    $fingerprint != $known_host) {
      die(    "HOSTKEY MISMATCH!\n" .
              "Possible Man-In-The-Middle Attack?");
    }
    ?>

    add a note add a note

    User Contributed Notes 1 note

    up
    -16
    Lyle Mantooth
    10 years ago
    If you're going to compare the fingerprint to a user-submitted form field, it's probably a good idea to do case-insensitive comparison:
    <?php

    if ($conn = ssh2_connect($user, $password)) {
            $fingerprint = ssh2_fingerprint($conn);
        if (    strcasecmp($fingerprint, $known_value) === 0) {
                // Do your thing.
            }
    }
    ?>
    Of course, this is only necessary when you use the SSH2_FINGERPRINT_HEX option, not SSH2_FINGERPRINT_RAW.
    add a note add a note
    To Top