From c2110f68a0915be33415ecd312d2b5f5c80a353c Mon Sep 17 00:00:00 2001
From: terrafrost <terrafrost@php.net>
Date: Wed, 3 Feb 2016 23:54:55 -0600
Subject: [PATCH] SSH: fix broken public key auth

---
 phpseclib/Net/SSH1.php                  |  1 +
 phpseclib/Net/SSH2.php                  |  2 ++
 phpseclib/System/SSH/Agent/Identity.php | 18 +++++++++++++++++-
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/phpseclib/Net/SSH1.php b/phpseclib/Net/SSH1.php
index f1c53492..44cbe803 100644
--- a/phpseclib/Net/SSH1.php
+++ b/phpseclib/Net/SSH1.php
@@ -1302,6 +1302,7 @@ class SSH1
         /*
         $rsa = new RSA();
         $rsa->load($key, 'raw');
+        $rsa->setHash('sha1');
         return $rsa->encrypt($m, RSA::PADDING_PKCS1);
         */
 
diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php
index 59ce16e0..284fbbd5 100644
--- a/phpseclib/Net/SSH2.php
+++ b/phpseclib/Net/SSH2.php
@@ -2306,6 +2306,7 @@ class SSH2
         }
 
         $packet = $part1 . chr(1) . $part2;
+        $privatekey->setHash('sha1');
         $signature = $privatekey->sign(pack('Na*a*', strlen($this->session_id), $this->session_id, $packet), RSA::PADDING_PKCS1);
         $signature = pack('Na*Na*', strlen('ssh-rsa'), 'ssh-rsa', strlen($signature), $signature);
         $packet.= pack('Na*', strlen($signature), $signature);
@@ -4054,6 +4055,7 @@ class SSH2
 
                 $rsa = new RSA();
                 $rsa->load(array('e' => $e, 'n' => $n), 'raw');
+                $rsa->setHash('sha1');
                 if (!$rsa->verify($this->exchange_hash, $signature, RSA::PADDING_PKCS1)) {
                     //user_error('Bad server signature');
                     return $this->_disconnect(NET_SSH2_DISCONNECT_HOST_KEY_NOT_VERIFIABLE);
diff --git a/phpseclib/System/SSH/Agent/Identity.php b/phpseclib/System/SSH/Agent/Identity.php
index 30ab11d1..612c414e 100644
--- a/phpseclib/System/SSH/Agent/Identity.php
+++ b/phpseclib/System/SSH/Agent/Identity.php
@@ -115,6 +115,22 @@ class Identity
         return $this->key->getPublicKey($type);
     }
 
+    /**
+     * Sets the hash
+     *
+     * ssh-agent only supports signatures with sha1 hashes but to maintain BC with RSA.php this function exists
+     *
+     * @param string $hash optional
+     * @throws \phpseclib\Exception\UnsupportedAlgorithmException if the algorithm is unsupported
+     * @access public
+     */
+    function setHash($hash = 'sha1')
+    {
+        if ($hash != 'sha1') {
+            throw new UnsupportedAlgorithmException('ssh-agent can only be used with the sha1 hash');
+        }
+    }
+
     /**
      * Create a signature
      *
@@ -130,7 +146,7 @@ class Identity
     function sign($message, $padding = RSA::PADDING_PKCS1)
     {
         if ($padding != RSA::PADDING_PKCS1 && $padding != RSA::PADDING_RELAXED_PKCS1) {
-            throw new \UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
+            throw new UnsupportedAlgorithmException('ssh-agent can only create PKCS1 signatures');
         }
 
         // the last parameter (currently 0) is for flags and ssh-agent only defines one flag (for ssh-dss): SSH_AGENT_OLD_SIGNATURE