using phpseclib with net_ssh how to su to root using $ssh->exec

Question

So i need to execute one command but it will only run if i su to root (or sudo ) but I can't seem to figure out how to send the command to su to root

(i can log in and execute other commands with loginuser fine)

http://phpseclib.sourceforge.net/ssh/examples.html

My code as follows

<?php
include('Net/SSH2.php');

$ssh = new Net_SSH2('255.255.255.255',22);
if (!$ssh->login('loginuser', 'fakepassword')) {
    exit('Login Failed');
}

echo $ssh->read('[prompt]');
echo $ssh->write("su\n");
echo $ssh->read('Password:');
echo $ssh->write("rootfakepassword");
echo $ssh->read('[prompt]');
echo $ssh->exec('cc get_wireless_status');
?>

I've also tried using the exec command to do roughly the same thing with no luck

any suggestions?

current revision of the code (doesnt work)

<?php
    include('Net/SSH2.php');

    $ssh = new Net_SSH2('255.255.99.74',22);
    if (!$ssh->login('loginuser', 'password')) {
        exit('Login Failed');
    }

    echo $ssh->read('loginuser@intranet:/home/login >');
    $ssh->write("su\n");
    echo $ssh->read('Password:');
    $ssh->write("rootpassword\n");
    echo $ssh->read('intranet:/home/login #');
    $ssh->write("cc get_wireless_status\n");
    echo $ssh->read('[prompt]');
?>

putty text of log in

login as: loginuser
loginuser@255.255.99.74's password:
Last login: Thu Feb 14 13:57:16 2013 from infong1045.lxa.perfora.net


Sophos UTM
(C) Copyrights by Astaro and by others 2000-2012.
For more copyright information look at /doc/astaro-license.txt
or http://www.astaro.com/doc/astaro-license.txt

NOTE: Any modifications done by root will void your support.
      Please use WebAdmin for any configuration changes.

loginuser@intranet:/home/login > su
Password:
intranet:/home/login #

response from code on newest version

Last login: Thu Feb 14 14:00:00 2013 from 10.10.10.194 Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > Last login: Tue Feb 19 11:09:18 2013 from infong1045.lxa.perfora.net Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > su Password: intranet:/home/login # Last login: Tue Feb 19 11:09:23 2013 from infong1045.lxa.perfora.net Sophos UTM (C) Copyrights by Astaro and by others 2000-2012. For more copyright information look at /doc/astaro-license.txt or http://www.astaro.com/doc/astaro-license.txt NOTE: Any modifications done by root will void your support. Please use WebAdmin for any configuration changes. loginuser@intranet:/home/login > cc get_wireless_status -bash: /usr/local/bin/confd-client.plx: Permission denied loginuser@intranet:/home/login > 

Answer 1

Su is not the way to go here. Instead, use sudo, while adding yourself to the /etc/sudoers file with a NOPASSWD flag, and then simply issuing sudo commands. You can find out how to do this here.

Alternatively, you can use expect inside your phpseclib script in order to spawn a root shell (this is not recommended, and is a pretty dirty trick):

echo $ssh->exec('expect -c \'log_user 0; set timeout -1; spawn /bin/su; expect "Password:"; send "rootpassword\r"; expect "\r\n"; send "/usr/bin/id\r\n"; log_user 1; expect "uid=0"\'');

On the machine I am trying this on, I get the following output:

/usr/bin/id

root@machine:/home/user# /usr/bin/id uid=0(root) gid=0(root) groups=0(root)

Again, this method is dirty and has a lot of unwanted output, which you could trim I guess, if you read a bit of expect documentation. Sorry for not providing you with a cleaner solution, but I am afraid this is as good as it can get.

Answer 2

<?php
    include('Net/SSH2.php');

    $ssh = new Net_SSH2('www.domain.tld');
    if (!$ssh->login('username', 'password')) {
        exit('Login Failed');
    }

    $ssh->setTimeout(5);
    echo $ssh->read('username@username:~$');
    $ssh->write("su\n");
    echo $ssh->read('Password:');
    $ssh->write("password\n");
    echo $ssh->read('username@username:~#');
    $ssh->write("cc get_wireless_status\n");
    echo $ssh->read('[prompt]');
?>

I modified your code snippet to include a setTimeout(). So if one call to read() is failing that call will timeout and echo out the data that it's gotten up to that point.

Answer 3

This should work:

<?php
    include('Net/SSH2.php');

    $ssh = new Net_SSH2('www.domain.tld');
    if (!$ssh->login('username', 'password')) {
        exit('Login Failed');
    }

    echo $ssh->read('username@username:~$');
    $ssh->write("su\n");
    echo $ssh->read('Password:');
    $ssh->write("password\n");
    echo $ssh->read('username@username:~#');
    $ssh->write("cc get_wireless_status\n");
    echo $ssh->read('[prompt]');
?>

Answer 4

You probably need to do echo $ssh->write("rootfakepassword\n");

ie. note the \n.

When you're running the command in putty or whatever you have to hit enter. This fact would need to be reflected in what you're sending to the server via phpseclib as well.