[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-general
Subject:    Re: [PHP] SSH system command problem
From:       "Richard Lynch" <ceo () l-i-e ! com>
Date:       2005-01-31 18:27:41
Message-ID: 1655.66.99.91.45.1107196061.squirrel () www ! l-i-e ! com
[Download RAW message or body]

Linn Fagerberg wrote:
> I am trying to use a php system command to run a script and access files
> from another server using SSH. This does not seem to work in PHP or else I
> am doing it wrong because I keep on getting the system return value=255
> when
> I do
>
> system("/usr/bin/ssh 10.0.0.1", $value)

Does it output anything at all?...

Perhaps try using http://php.net/exec and the optional arguments to
capture output in a variable.

Also MAYBE try to use 2&>1 at the end to re-direct stderr so you can
capture that, or even "2&>1 > /var/log/phpmessages" at the end to get
error output.

> I tried to do a "ssh -help" command to see if the reason it did not work
> was
> that there was a problem with the server, but that did not give me a
> correct
> return value either, so I am starting to suspect that ssh is different
> from
> other system commands in php?

What value did it give you?...

Can you replace 'shh' with, say, 'ls' and get THAT to work?
This would lend creedence to your theory that 'ssh' is somehow different.

> Is it possible to run ssh using php system command or do I have to try
> something else? I found a new php library called ssh2 but I don't know if
> that could be the solution to my problem? Have anyone used it?

I don't know about 'ssh' but, for example, the 'su' command REQUIRES a
valid tty (IE, a real login to a real shell) which PHP ain't got -- It's
*possible* your ssh is doing the same, somehow...

Exactly why are you doing an ssh from PHP, though?...  Perhaps if you tell
us the Big Picture, we can advise you with a better way, or tell you why
you should never ever do that :-v

For Sure:
Your PHP user (see <?php phpinfo()?> output) will need an actual login
shell and home directory.

You'll need to "seed" that directory with the sub-directories SSH needs,
as well as set up the host/keys so that you can:
su PHP_USER_HERE
ssh 10.0.0.1
without *ANY* keyboard interaction to get what you want.

If you *DO* need keyboard interaction, and really want to keep that, you
might need to do something like:

system("echo $PASSWORD | ssh 10.0.0.1", $value);

Then, of course, you have to be REAL CAREFUL about how/where you
store/retrieve handle $PASSWORD

In particular, the line above would be WILDLY INAPPROPRIATE on a shared
server, since *ANYBODY* on that server could do "ps auxcwwwww" and see
your password in plain-text if they just happen to catch it as your PHP
script is running.

This carries LESS risk on a dedicated server, though still leaves a hole
for somebody who has already broken in to gather more power...

Also note that on a shared server, once you *DO* get this to work, anybody
who can write a PHP script can log in to 10.0.0.1 -- So that's PROBABLY a
Bad Idea on a shared server, and might not be all that Good on a dedicated
server either, as, again, the person who breaks in will now be able to
rather quickly access 10.0.0.1

Apologies in advance if you're a Security Expert -- But what you are doing
is VERY RISKY and I want to be sure you understand the risks you are
taking -- Hell, I'm sure there are even MORE risks not apparent to me.

-- 
Like Music?
http://l-i-e.com/artists.htm

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]