0

I want to connect to ssh via PHP. I can do that easily but the problem is the integrity of the login details (username, password). When I first tried the code I stored my username and password in plain sight. I thought about encrypting those variables. By looking at other questions I found libsodium: https://github.com/jedisct1/libsodium-php

I am using their first example of encrypting a string:

$secret_key = sodium_crypto_secretbox_keygen();
$message = 'Sensitive information';

$nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
$encrypted_message = sodium_crypto_secretbox($message, $nonce, $secret_key);

Decryption:

$decrypted_message = sodium_crypto_secretbox_open($encrypted_message, $nonce, $secret_key);

By looking at the example you can see $encrypted_message, $secret_key, $nonce. I am inserting these variables in the database when I am encrypting the login details and then I am fetching them when needed in the decryption code.

I am also storing my database connection script (PDO) in a folder where there is a .htaccess file with the following content:

order deny,allow
deny from all
allow from 127.0.0.1

1. Is my approach safe and hack-proof?

2. If somebody breaches my database will they be able to use my users' data?

3. How effective is the .htaccess file and can it stop hackers from accessing the database connection file?

GMBeniamin
  • 119
  • 1
  • 6
  • 12
  • 2
    this should be posted in code review – Funk Forty Niner Jan 21 '18 at 21:03
  • 1
    Why are you encrypting the details? It is pointless. If your server was breached then the attacker would have everything he needs to get the plaintext username and password. – Luke Joshua Park Jan 21 '18 at 21:08
  • 5
    I've never tried using php to open an ssh connection, but I would recommend a public/private key-pair instead of a password for an ssh connection. Storing an encrypted password seems like a very bad idea. – jeroen Jan 21 '18 at 21:08
  • Have you tried [how-to-execute-ssh-commands-via-php](https://stackoverflow.com/questions/6270419/how-to-execute-ssh-commands-via-php) – Cemal Jan 21 '18 at 21:15
  • @LukeJoshuaPark Well, if there is a difference in accessing the source code / resources and the data itself then encryption can require an attacker to gain access to the source code first. Otherwise you're right: it would be simple obfuscation, not really encryption. – Maarten Bodewes Jan 21 '18 at 22:05
  • Thank you for your comments and sorry for posting in the wrong section. – GMBeniamin Jan 22 '18 at 10:34

1 Answers1

2

  1. Nothing is totally bulletproof. Anyway, this is far from it. It's your implementation that lacks. First you encrypt it, but then you store the encrypted message along with the secret key in a database.

  2. This is all that's required to decrypt it. So any SQL injection flaws OR server/database breaches could compromise the encrypted messages and render it useless. Don't store the private key on the server; especially not with it's intended message. It's nothing more than expensive cleartext if you do that.

  3. Don't even store the database connection file in the web root. It's trivial for an hacker to grab that way, look up LFI. You can store it outside e.g. in /var/www/ and serve your index.php from /var/www/public/.

As noted in the comments, it's a little odd what you're doing here anyway. You'd probably be much better off using SSH keys with a pass phrase.

Exhibitioner
  • 123
  • 11
  • Thank you for the explanation. I only wanted to know a safe way to store encrypted messages. They are not password but just random numbers and letters, similar to password but which have to be fetched for the sole reason of verifying their authenticity. For instance I want to store paysafecard codes (16 random numbers ) in the database and then retrieve them and manually check if the codes are working when trying to withdraw the amount stored on them. – GMBeniamin Mar 11 '18 at 17:11