Initial work on SSH server fingerprinting

DivineOmega · Oct 17, 2019 · 9f63f0d · 9f63f0d
1 parent 261d2ba
commit 9f63f0d
Show file tree

Hide file tree

Showing 2 changed files with 59 additions and 0 deletions.
diff --git a/src/SSHConnection.php b/src/SSHConnection.php
@@ -112,6 +112,27 @@ public function run(string $command): SSHCommand
         return new SSHCommand($this->ssh, $command);
     }
 
+    public function md5Fingerprint(): string
+    {
+        return $this->getFingerprint(0 | 0);
+    }
+
+    public function sha1Fingerprint(): string
+    {
+        return $this->getFingerprint(0 | 0);
+    }
+
+    private function getFingerprint(int $flags)
+    {
+        if (!$this->connected) {
+            throw new RuntimeException('Unable to get fingerprint when not connected.');
+        }
+
+        $hostkey = substr($this->ssh->getServerPublicHostKey(), 8);
+        $hostkey = ($flags & 1) ? sha1($hostkey) : md5($hostkey);
+        return ($flags & 2) ? pack('H*', $hostkey) : strtoupper($hostkey);
+    }
+
     public function upload(string $localPath, string $remotePath): bool
     {
         if (!$this->connected) {

diff --git a/tests/Integration/SSHConnectionTest.php b/tests/Integration/SSHConnectionTest.php
@@ -72,4 +72,42 @@ public function testSSHConnectionWithPassword()
         $this->assertEquals('', $command->getError());
         $this->assertEquals('', $command->getRawError());
     }
+
+    public function testMd5Fingerprint()
+    {
+        $connection1 = (new SSHConnection())
+            ->to('localhost')
+            ->onPort(22)
+            ->as('travis')
+            ->withPrivateKey('/home/travis/.ssh/id_rsa')
+            ->connect();
+
+        $connection2 = (new SSHConnection())
+            ->to('localhost')
+            ->onPort(22)
+            ->as('travis')
+            ->withPrivateKey('/home/travis/.ssh/id_rsa')
+            ->connect();
+
+        $this->assertEquals($connection1->md5Fingerprint(), $connection2->md5Fingerprint());
+    }
+
+    public function testSha1Fingerprint()
+    {
+        $connection1 = (new SSHConnection())
+            ->to('localhost')
+            ->onPort(22)
+            ->as('travis')
+            ->withPrivateKey('/home/travis/.ssh/id_rsa')
+            ->connect();
+
+        $connection2 = (new SSHConnection())
+            ->to('localhost')
+            ->onPort(22)
+            ->as('travis')
+            ->withPrivateKey('/home/travis/.ssh/id_rsa')
+            ->connect();
+
+        $this->assertEquals($connection1->sha1Fingerprint(), $connection2->sha1Fingerprint());
+    }
 }