PHP Telnet/SSH dynamic login

Question

I have an issue that's stumped me.

I'm trying to automate a CLI login to a router and run some commands obtained via a webpage. However I don't know if the router has telnet or SSH enabled (might be one,the other, or both) and I have a list of possible username/password combos that I need to try to gain access.
Oh, and I can't change either the protocol type or the credentials on the device, so that's not really an option.

I was able to figure out how to login to a router with a known protocol and login credentials and run the necessary commands(included below), but I don't know if I should use an if/else block to work through the telnet/ssh decisions, or if a switch statement might be better? Would using Expect inside PHP be an easier way to go?

function tunnelRun($commands,$user,$pass, $yubi){
    $cpeIP = "1.2.3.4";
    $commands_explode = explode("\n", $commands);

    $screenOut = "";

    $ssh = new Net_SSH2('router_jumphost');
    if (!$ssh->login($user, $pass . $yubi)) {
        exit('Login Failed');
    }


    $ssh->setTimeout(2);
    $ssh->write("ssh -l username $cpeIP\n");
    $ssh->read("assword:");
    $ssh->write("password\n");
    $ssh->read("#");
    $ssh->write("\n");
    $cpePrompt = $ssh->read('/.*[#|>]/', NET_SSH2_READ_REGEX);
    $cpePrompt = str_replace("\n", '', trim($cpePrompt));
    $ssh->write("config t\n");


    foreach ($commands_explode as $i) {
        $ssh->write("$i\n"); // note the "\n"
        $ssh->setTimeout(2);
        $screenOut .= $ssh->read();

    }
    $ssh->write("end\n");
    $ssh->read($cpePrompt);
    $ssh->write("exit\n");
    echo "Router Update completed! Results below:<br><br>";

    echo "<div id=\"text_out\"><textarea style=\" border:none; width: 700px;\" rows=\"20\">".$screenOut."</textarea></div>";

Update:

The solution I went with was a while/switch loop. I would of gone the Expect route, but I kept running into issues on getting the Expect module integrated into PHP on my server (Windows box.) If I had been using a Unix/Linux server Expect would of been the simplest way to achieve this. I just made it into a working demo for now, so there are a lot of variations missing from the case statements still, and error-handling still needs to bef figured out, but the basic idea is there. I still want to move the preg_match statements around a bit more to do the matching at the top of the while loop (so I don't spam the whole case section with different preg_match lines), but that may prove to be more work than I want for now. Hope this might help someone else trying to do the same!

    <?php
 include('Net/SSH2.php');
 define('NET_SSH2_LOGGING', NET_SSH2_LOG_COMPLEX);
 ini_set('display_errors', 1);

$conn = new Net_SSH2('somewhere.outthere.com');
if (!$conn->login($user, $pass . $yubi)) {
    exit('Login Failed');
}

$prompt = "Testing#";

$conn->setTimeout(2);
$conn->write("PS1=\"$prompt\"");
$conn->read();
$conn->write("\n");
$screenOut = $conn->read();

//echo "$screenOut is set on the shell<br><br>";
echo $login_db[3][0]. "  ". $login_db[3][1];

$logged_in = false;
$status = "SSH";
$status_prev = "";
$login_counter = 0;
while (!$logged_in && $login_counter <=3) {
    switch ($status) {

        case "Telnet":
            break;
        case "SSH":
            $conn->write("\n");
            $conn->write("ssh -l " . $login_db[$login_counter][0] . " $cpeIP\n");
            $status_prev = $status;
            $status = $conn->read('/\n([.*])$/', NET_SSH2_READ_REGEX);
            break;
        case (preg_match('/Permission denied.*/', $status) ? true : false):
            $conn->write(chr(3)); //Sends Ctrl+C
            $status = $conn->read();
            if (strstr($status, "Testing#")) {
                $status = "SSH";
                $login_counter++;
                break;
            } else {
                break 2;
            }
        case (preg_match('/[pP]assword:/', $status) ? true : false):

            $conn->write($login_db[$login_counter][1] . "\n");
            $status_prev = $status;
            $status = $conn->read('/\n([.*])$/', NET_SSH2_READ_REGEX);
            break;
        case (preg_match('/yes\/no/', $status) ? true : false):
            $conn->write("yes\n");
            $status_prev = $status;
            $status = $conn->read('/\n([.*])$/', NET_SSH2_READ_REGEX);
            break;
        case (preg_match('/(^[a-zA-Z0-9_]+[#]$)|(>)/', $status,$matches) ? true : false):


            $conn->write("show version\n");
            $status = $conn->read(">");
            if(preg_match('/ADTRAN|Adtran|Cisco/', $status)? true:false){
                $logged_in = true;
                break;
            }

        default:
            echo "<br>Something done messed up! Exiting";
            break 2;

    }
    //echo "<pre>" . $conn->getLog() . "</pre>";
}
if ($logged_in === true) {
    echo "<br> Made it out of the While loop cleanly";
} else {
    echo "<br> Made it out of the While loop, but not cleanly";
}
echo "<pre>" . $conn->getLog() . "</pre>";

$conn->disconnect();
echo "disconnected cleanly";
}
?>

Answer 1

If statements might make your code become unreadable.
In that case I would suggest you to use switch-case blocks,
since switch case will allow you to write clearer code, and will allow you to catch exceptional values more efficiently.

Using Expect in php is simple:

<?php>
ini_set("expect.loguser", "Off");

$stream = fopen("expect://ssh root@remotehost uptime", "r");

$cases = array (
    array (0 => "password:", 1 => PASSWORD)
);

switch (expect_expectl ($stream, $cases)) {
    case PASSWORD:
       fwrite ($stream, "password\n");
       break;
    default:
       die ("Error was occurred while connecting to the remote host!\n");
}

while ($line = fgets($stream)) {
      print $line;
}
fclose ($stream);

?>

Answer 2

There are some complication using the expect file_wrapper. If it were me, I'd just go for a simple socket connection for telnet and poll for the prompts (with a timeout) if the ssh connection fails.

On a casual inspection, the telnet client here seems to be sensibly written - and with a bit of renaming could provide the same interface as the ssh2 client extension (apart from the connect bit).