Package: php-ssh2
Version: 1.4.1-4
Severity: important
Tags: upstream
Dear Maintainer,
I encountered the following problem with php-ssh2:
*Description of the bug:*
PHP CLI program using the PHP-SSH2 package; after upgrading to Trixie,
SSH authentication stopped working.
I’m using an ECDSA key. On successful auth the process crashes with a
segfault or with free(): invalid pointer.
If I use an RSA key, it doesn’t crash.
*Steps to reproduce:*
1. apt install php-cli php-ssh2 openssh-client
2. ssh-keygen -t ecdsa -f id_ecdsa.pem
3. ssh-keygen -y -f id_ecdsa.pem > id_ecdsa.pub
4. add id_ecdsa.pub to authorized_keys an other server
5. Run this script:
<?php
$c=ssh2_connect('OTHER_SERVER',22);
var_dump(ssh2_auth_pubkey_file($c,'USERNAME','./id_ecdsa.pub','.id_ecdsa.pem',''));
?>
*Expected result:*
bool(true)
*Actual result:*
free(): invalid pointer
Félbeszakítva
*Environment:*
- Debian GNU/Linux 13.1
- PHP 2:8.4+96
- php-ssh2 1.4.1-4
- Kernel: Linux trixie-builder 6.14.11-1-pve #1 SMP PREEMPT_DYNAMIC PMX
6.14.11-1 (2025-08-26T16:06Z) x86_64 GNU/Linux
php --ri ssh2
ssh2
SSH2 support => enabled
extension version => 1.4.1
libssh2 version => 1.11.1
banner => SSH-2.0-libssh2_1.11.1
*Other information*
I created a C program that also uses libssh2 with key-based
authentication, and it worked properly with an ECDSA key as well.
C code with libssh2:
#include <arpa/inet.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char *argv[])
{
const char *hostname = "10.168.168.192";
const char *username = "datatransbackup";
const char *pubkey = "./id_ecdsa.pub";
const char *privkey = "./id_ecdsa.pem";
const char *passphrase = "";
int sock;
struct sockaddr_in sin;
struct hostent *host;
// Inicializálás
libssh2_init(0);
host = gethostbyname(hostname);
sock = socket(AF_INET, SOCK_STREAM, 0);
sin.sin_family = AF_INET;
sin.sin_port = htons(22);
sin.sin_addr = *(struct in_addr *)host->h_addr;
if (connect(sock, (struct sockaddr*)(&sin), sizeof(struct sockaddr_in))
!= 0) {
fprintf(stderr, "Connection failed\n");
return 1;
}
LIBSSH2_SESSION *session = libssh2_session_init();
if (!session) {
fprintf(stderr, "Could not init session\n");
return 1;
}
if (libssh2_session_handshake(session, sock)) {
fprintf(stderr, "Failure establishing SSH session\n");
return 1;
}
if (libssh2_userauth_publickey_fromfile(session, username, pubkey,
privkey, passphrase)) {
fprintf(stderr, "Authentication by key failed\n");
return 1;
}
LIBSSH2_CHANNEL *channel = libssh2_channel_open_session(session);
if (!channel) {
fprintf(stderr, "Unable to open channel\n");
return 1;
}
if (libssh2_channel_exec(channel, "ls /etc") != 0) {
fprintf(stderr, "Unable to execute command\n");
return 1;
}
char buffer[1024];
ssize_t n;
while ((n = libssh2_channel_read(channel, buffer, sizeof(buffer)-1)) > 0) {
buffer[n] = '\0';
printf("%s", buffer);
}
libssh2_channel_close(channel);
libssh2_channel_free(channel);
libssh2_session_disconnect(session, "Normal Shutdown");
libssh2_session_free(session);
close(sock);
libssh2_exit();
return 0;
}
gcc -Wall -O2 test.c -o ssh_ls -lssh2
Please let me know if I can provide further details (core dump, logs, etc).
Best regards,
Gabor Droszler
