If it’s not too much trouble, could you send me the same info that you provided to Ryan? If it’s a pain, could you just point me in the right direction or hint?

thanks very much,

Matt @ Adelaide

phpseclib’s Net_SSH2 uses Crypt_AES – not Crypt_Rijndael. And Crypt_AES does use mcrypt. Crypt_Rijndael doesn’t, but then I suspect most people shouldn’t be using Crypt_Rijndael anyway.
The “weird stuff after that” in the random number generator is, I think, explained by this:

http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator#Designs_based_on_cryptographic_primitives

Note the whole bit about running block ciphers on counter mode and using stream ciphers.
The fact that you can only run one process at a time with exec() actually makes a lot of sense to me as it makes for a much simpler API. If you could run multiple processes simultaneously how would you know when one ended? Would you have to wait until all of them ended? Or maybe you could check once a second? Or maybe you could do something like select() and block until one process ends. But then you couldn’t do echo $ssh->exec(‘…’) – you’d have to do while ($ssh->block()) { echo $ssh->output(2); if ($ssh->num_open_streams == 0) break; }. Or something like that.
A Google search for stderr reveals this:

http://www.ohloh.net/p/phpseclib/commits/67946901

As for the random number generator… I’ll concede that OpenSSL’s is better. OpenSSL can take on a whole lot more sources of entropy, among other things. As for the “weird stuff after that”… check out wikipedia.org’s article on CSPRNG’s:

http://en.wikipedia.org/wiki/Cryptographically_secure_pseudorandom_number_generator#Designs_based_on_cryptographic_primitives

Note the whole bit about running block ciphers on counter mode and using stream ciphers.

I’m not sure I agree with your objection to exec() either. So you can’t run more than one process at a time. That makes for a much simpler API. Consider curl. There’s curl_init() and curl_multi_init(). The latter lets you perform multiple HTTP requests simultaneously but at the expense of having a more complicated API. You have to use curl_multi_select() or else bog down the CPU while you constantly check for updates. And given that I’ve never yet seen a program that actually uses curl_multi_init() its power seems unnecessary.

I think the phpseclib guys took the right approach with only letting exec() do one command at a time.

As for stderr… a Google search for phpseclib stderr revealed this:

http://www.ohloh.net/p/phpseclib/commits/67946901

It looks also like this lib cannot handle running more than one process at a time, the exec() function uses a constant (Oo) for each channel type, and exec() will not return until program execution completes (not even sure how stderr is handled in there).

Well, the philosophy behind phpseclib of doing *everything* in pure-PHP is nice, but not what I’m looking for (especially implementing the block cipher in pure php is most likely going to be very costly in terms of CPU). It is better documented than mine (when writing a ssh client in a few hours only comments tend to become minimalistic) but the work there is impressive (it just doesn’t fit my needs).

That said, if you’re planning on making a php ssh client library it should be noted that there already is one out there:

http://phpseclib.sourceforge.net/

Seems like ya’ll could combine your efforts instead of creating two classes that are functionally the same.