©
This document uses PHP Chinese website manual Release
(PECL ssh2 >= 0.9.0)
ssh2_fingerprint — Retrieve fingerprint of remote server
$session
[, int $flags
= SSH2_FINGERPRINT_MD5 | SSH2_FINGERPRINT_HEX
] )Returns a server hostkey hash from an active session.
session
An SSH connection link identifier, obtained from a call to ssh2_connect() .
flags
flags
may be either of
SSH2_FINGERPRINT_MD5
or
SSH2_FINGERPRINT_SHA1
logically ORed with
SSH2_FINGERPRINT_HEX
or
SSH2_FINGERPRINT_RAW
.
Returns the hostkey hash as a string.
Example #1 Checking the fingerprint against a known value
<?php
$known_host = '6F89C2F0A719B30CC38ABDF90755F2E4' ;
$connection = ssh2_connect ( 'shell.example.com' , 22 );
$fingerprint = ssh2_fingerprint ( $connection ,
SSH2_FINGERPRINT_MD5 | SSH2_FINGERPRINT_HEX );
if ( $fingerprint != $known_host ) {
die( "HOSTKEY MISMATCH!\n" .
"Possible Man-In-The-Middle Attack?" );
}
?>
[#1] Lyle Mantooth [2013-12-07 15:42:33]
If you're going to compare the fingerprint to a user-submitted form field, it's probably a good idea to do case-insensitive comparison:
<?php
if ($conn = ssh2_connect($user, $password)) {
$fingerprint = ssh2_fingerprint($conn);
if (strcasecmp($fingerprint, $known_value) === 0) {
// Do your thing.
}
}
?>
Of course, this is only necessary when you use the SSH2_FINGERPRINT_HEX option, not SSH2_FINGERPRINT_RAW.