Peter Stuge wrote:
> There is a very simple example of uploading a file using SFTP in PHP
> through the ssh2 extension here:
> Following the example, the first user comment includes a class wrapper.
> This comment further down shows what is needed for publickey authentication
> (by extending the wrapper class, but you can obviously just substitute
> ssh2_auth_password() for ssh2_auth_pubkey_file() yourself in the example):
> You'll obviously have to change 'r' to 'w' in the fopen call to write files
> to your SFTP server instead of read.
Taking another look in the PHP ssh2 documentation I found this user note
with yet another, but simple, class wrapper, which shows in particular how
to verify the server identity, which you should always do in order to avoid
falling victim to a man-in-the-middle attack:
However, that comment/code is 9 years old and by now MD5 is not a good
choice, so I'd certainly advise SSH2_FINGERPRINT_SHA1 instead, and preferably
something more modern still - but I don't know if the PHP ssh2 extension makes
anything else available - it doesn't look like it - that could well be an
argument for exploring the PHP curl extension after all.
Received on 2021-01-18