(PECL ssh2 >= 0.9.0)
ssh2_tunnel — Open a tunnel through a remote server
$session
, string $host
, int $port
)Open a socket stream to an arbitrary host/port by way of the currently connected SSH server.
Example #1 Opening a tunnel to an arbitrary host
<?php
$connection = ssh2_connect('shell.example.com', 22);
ssh2_auth_pubkey_file($connection, 'username', 'id_dsa.pub', 'id_dsa');
$tunnel = ssh2_tunnel($connection, '10.0.0.101', 12345);
?>
tim dot wood at datawranglers dot com (2007-01-06 23:06:58)
The tunnel command doesn't seem to support ssh2_auth_password. For people trying to go from their own computer to a second box and then ssh one to a third box, here's an approach that works for me. YMMV and IMKYD.
// the relay box
$ip1 = '192.168.1.1';
$user1 = 'usename';
$pswd1 = 'password';
// the destination box
$ip3 = '192.168.1.2';
$user3 = 'usename';
$pswd3 = 'password';
// PART 1
// set up a basic ssh2 connection:
$connection = ssh2_connect($ip1, 22);
ssh2_auth_password($connection, $user1, $pswd1);
$shell = ssh2_shell($connection,"bash");
// PART 2
// Create a basic expect script to handle
// a simple ssh login and then passes the session back to the user
// remove any existing login expect script
$cmd = "rm -f login-via-ssh.expect";
fwrite($shell,$cmd . "\n");
// see discussion with other commands on sleep vs other options
sleep( 1 );
// echo does not like #!/usr/bin/expect ... so gawk it over
$cmd = "echo \"\" | gawk '{ print \"#\" \"!\" \"\/usr\/bin\/expect\" }' > login-via-ssh.expect";
fwrite($shell,$cmd . "\n");
// more bad sleep
sleep( 1 );
// Add in the rest of the expect script
$script = array(
'spawn ssh -l [lindex \$argv 1] [lindex \$argv 0]',
'expect \"password:\"',
'send \"[lindex \$argv 2]\r\"',
'interact'
);
$append = '>>';
foreach( $script as $line ) {
$cmd = 'echo "'. $line . '" '.$append.' login-via-ssh.expect' . "\n";
fwrite($shell,$cmd);
sleep( 1 );
}
// Make it executable
$cmd = "chmod +x login-via-ssh.expect";
fwrite($shell,$cmd . "\n");
sleep( 1 );
// PART 3
// Get into the other server
// Pass an ip, username, password to the expect script
// The expect script happily logs the php script in.
// put together the command and execute it
$cmd = "./login-via-ssh.expect $ip3 $user3 $pswd3";
fwrite($shell,$cmd . "\n");
// A long bad sleep since ssh takes a while to respond
sleep( 15 );
while( $line = fgets( $shell, 4096 ) ) {
// flush the buffer
}
// do a test directory listing to show that we really got there
$cmd = "ls -alb /";
fwrite($shell,$cmd . "\n");
sleep( 1 );
while( $line = fgets( $shell, 4096 ) ) {
print $line;
}
Bingo... the php script is tunneled to the third box.