ssh2_fingerprint

(PECL ssh2 >= 0.9.0)

ssh2_fingerprint — Retrieve fingerprint of remote server

说明

string ssh2_fingerprint ( resource $session [, int $flags = SSH2_FINGERPRINT_MD5 | SSH2_FINGERPRINT_HEX ] )

Returns a server hostkey hash from an active session.

参数

session: An SSH connection link identifier, obtained from a call to ssh2_connect() .
flags: flags may be either of SSH2_FINGERPRINT_MD5 or SSH2_FINGERPRINT_SHA1 logically ORed with SSH2_FINGERPRINT_HEX or SSH2_FINGERPRINT_RAW .

返回值

Returns the hostkey hash as a string.

范例

Example #1 Checking the fingerprint against a known value

  <?php
$known_host  =  '6F89C2F0A719B30CC38ABDF90755F2E4' ;

 $connection  =  ssh2_connect ( 'shell.example.com' ,  22 );

 $fingerprint  =  ssh2_fingerprint ( $connection ,
                SSH2_FINGERPRINT_MD5  |  SSH2_FINGERPRINT_HEX );

if ( $fingerprint  !=  $known_host ) {
  die( "HOSTKEY MISMATCH!\n"  .
       "Possible Man-In-The-Middle Attack?" );
}
 ?>

用户评论:

[#1] Lyle Mantooth [2013-12-07 15:42:33]

If you're going to compare the fingerprint to a user-submitted form field, it's probably a good idea to do case-insensitive comparison:
<?php if ($conn = ssh2_connect($user, $password)) { $fingerprint = ssh2_fingerprint($conn); if (strcasecmp($fingerprint, $known_value) === 0) { // Do your thing. } } ?>
Of course, this is only necessary when you use the SSH2_FINGERPRINT_HEX option, not SSH2_FINGERPRINT_RAW.