I know this question has been asked before in many different ways but I'm still scratching my head over why I can't get this to work.
Firstly I have two SLES servers setup, these are Server A & Server B which are both running on a small private network which is only accessed by a dedicated team.
Server A is configured as a web server which is running Apache, PHP, MYSQL and ssh all of which are running problem free.
Server B is used to run menial tasks with ssh also installed and activated.
I have created my rsa key on Server A and installed it on Server B which when run at the command line logs me in straight away with out asking for a password. I have repeated this process for both root & nobody accounts on Server A.
I have added this a PHP page to Server A which looks like:
<?php
shell_exec('ssh root#192.162.0.5 ./StartTest.sh');
header("Location: archive.php?page=home");
?>
But when I run it it does not create my folder. If I run this from the command line it works for both (I think both, I can't recall if I did try this for the nobody account on the cli now) root & the nobody account. I even went as far as adding the nobody account to the root group but still no joy.
Have I missed some thing here. All I would like to do is connect from Server A to Server B via php & ssh to execute one command and redirect to a another page on the web site.
Any help would be graciously appreciated as my paracetamol stock is running low.
The built-in SSH support George Cummins speaks of is non-existent. It is an extension to PHP that's not included by default. It has to be compiled separately and is notoriously difficult to setup / use. My recommendation would be to use phpseclib, a pure PHP SSH implementation:
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('www.domain.tld');
if (!$ssh->login('username', 'password')) {
exit('Login Failed');
}
echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
?>
You said "I have added this a PHP page", so I will assume that you are executing this script via your web server, rather than as a standalone script.
As such, the script may not be running from the directory you expect. You should use absolute (rather than relative) paths to ensure that the script finds the ssh binary and your script:
shell_exec('/path/to/ssh root#192.162.0.5 /home/yourdirectory/scripts/StartTest.sh');
You will also need to confirm that the webserver user had permissions to execute ssh and the StartTest.sh script.
I know that I'm too late at this answer but maybe can help someone:
To use shell_exec and ssh you need to add as parameter to ssh these
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=quiet
So the command doesn't try to create .ssh folder and you have a clear output without log of ssh
Related
I am automating installing multiple WordPress blogs on a server. Basically, I need to run multiple wp-cli commands.
Using phpseclib and doing exec(), doesn't work...
When I do something like:
$ssh->exec('wp core download');
I will just get:
/usr/bin/env: php: No such file or directory
Even though I can run it fine, in a normal ssh session...
If I try and $ssh->write the command out and do '\n' it doesn't seem to do anything. Even if I just try to do a simple command like: touch foo.txt
Although that test "touch" command will work with exec...
The system is Ubuntu 14.04...
Any ideas?
I have to connect via SSH from PHP to do this for multiple domains on a server, as new customers come on.
The path to PHP probably needs to be defined. When you SH in with the regular SSH client it's probably running any number of Bash initialization files.
In light of this I have two thoughts.
Try to use a PTY. eg.
$ssh->enablePTY();
$ssh->exec('passwd');
echo $ssh->read();
More info: http://phpseclib.sourceforge.net/ssh/pty.html
Are you doing $ssh->read('[prompt]'); after doing the write("command\n")? You may need to read the stream to get the command to actually be run.
I'm trying execute a python script from php function shell_exec(), but this script require root privileges.
The python code is very simple. Using libraries wifi python does a scan of all the SSID and provides in output the information on the various wireless networks to which he had a scan in JSON format. WiFi libraries are scanning using iwlist that requires root privileges. If it is performed by a user who does not have root privileges, it returns only the information referring to the wifi where you are connected.
If I plug in my code the string
<?php
echo 'Current script owner:'. get_current_user ();
?>
I print screen "Current script owner: root", but if I try to run my code
<?php
$ Output = shell_exec ("python /home/acme/XDOMV2/conn1.py");
echo $ output;
?>
It will only return information about the network on which my debian system is connected.
How to use lighttpd webserver and I have followed several guides about getting to the only result of having to re-install lighttpd.
The question is, is there a way to run a python script as root from lighttpd?
Where am I wrong?
I would suggest to run the script as a user with proper privileages.
This will minimize the risk for exploits on the system.
Next step would be ro run the script in a cron environment as that user (or root in the worst case scenario) and deliver the result via a database or a cached environment. You could also deliver the result via sockets or file handles.
Never enable a web environment to run scripts or well anything as root, it's dangerous and not how the software(lighttpd) were meant to operate.
If you're a brave soul:
This question belongs on UnixExchange but you can check this out:
http://www.sunspot.co.uk/Projects/Joggler/lighttpd_as_root.html
And also check the docs for your lighttpd version, running as root is possible but not sound in any way.
I want to run some command from a remote server in my php using exec. Like this:
<? php
exec('ssh user#remote_server command');
?>
My account has access to ssh to that remote_server with public/private key but not apache. Note that I don't have root access to either of the machines. All the answers for Generating SSH keys for 'apache' user need root access.
My recommendation: use phpseclib, a pure PHP SSH implementation. eg.
<?php
include('Net/SSH2.php');
$ssh = new Net_SSH2('www.domain.tld');
if (!$ssh->login('username', 'password')) {
exit('Login Failed');
}
echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
?>
Web server process is owned by apache user not root .
Make sure that apache user have password less login to remote server
SE linux should be disabled . Refer
I would try:
$identity_file = '/home/you/.ssh/id_rsa'; // <-- replace with actual priv key
exec('ssh -i ' . $identity_file . ' user#remote_server command');
and see if you can authenticate like that. You will have to make sure that the identity file is readable by Apache.
The downside is now the Apache user can read your private key, which means any other site running as the Apache user can as well. But even if you create a private key for the Apache user, the same is true. For better security, see about running PHP as your specific user using suPHP or suExec.
This is a bad idea without root access. To make sure that Apache's user can see your private key, you'll have to make it world-readable: without root you can't chown www-data:www-data, so not only will Apache be able to see it, every user on the system will be able to. Because this is such a bad idea, OpenSSH won't allow it by default - it will refuse to run if your private key has unreasonably open file permissions.
I very strongly advise against doing this. If you really need to be able to have PHP run remote commands with an SSH key, you'll need someone with root access to set up something more secure, along the lines of your link.
A more secure alternative would be to write a PHP script on the target machine that takes an HTTP request containing a password that you define, executes a pre-defined command and returns the output. If this script is written securely and can only execute that one pre-defined command, all an attacker can do is run that same command as you - as long as the password for this script isn't the same as any of your own passwords. It needn't be exactly one command, and it can even take some arguments if you're careful: the important point is that you're not allowing a remote user to execute arbitrary commands on the target machine. If you're sure that the command you want to be able to run isn't potentially harmful, and your script doesn't contain coding errors allowing other commands to be run instead, then this isn't too bad an idea.
Use SSH2.
http://php.net/manual/en/book.ssh2.php
I have a shellscript with connects to a a different machine with ssh and a key so it does not need the username and password.
When i run this script from commandline it works fine.. but when I run this script from php shell_exec it does not work.
If I make an ssh connection with PHP and run the script as my own user it does work.
Now for my question :D
Is there a way to just running the script in shell_exec from php without making an connection over ssh as a different user?
Did you specify the private key file correctly?
If you are using Ubuntu or Debian the web server is running with the user name www-data. For other systems please check the web server configuration for the user name. You can simply test if this user (and your php web application) is able to do the SSH connection.
1) Become the user of your web server
sudo su www-data
2) Try connecting the remote host
ssh remoteUser#remoteHost
If you will get connected without entering a password there must be a different problem. If you have to enter a password, the key files were stored for a different user - not for www-data. You have already configured SSH to use the key. Do the same for your local user www-data and it will work.
It seems ssh connection does not work with shell_exec. If i run the shellscript under ssh2_exec it does seem to work.
Which is a little strange as the ssh connection is made in the script file with a public and private key.. I would assume this would just run :s
The webserver is allowed to execute the file, as there are other command in there who work as expected.
Here's my goal :
I have a Windows XP PC with all the source code in it and a development database.
Let's call it "pc.dev.XP".
I have a destination computer that runs Linux.
Let's call it "pc.demo.Linux".
Here's what I've done on "pc.dev.XP" (just so you get the context) :
installed all cygwin stuff
created a valid rsa key and put it on the dest
backup computer so that ssh doesn't
ask for a password
rsync works pretty well this way
If i try to do this on "pc.dev.XP" via a command line :
cd \cygwin\bin
ssh Fred#pc.demo.Linux "cd /var/www && ls -al"
this works perfectly without asking a password
Now here's what I want to do on the "pc.dev.XP":
launch a php script that extract the dev. database into a sql file
zip this file
transfer it via ftp to the "pc.demo.Linux"
log to the "pc.demo.Linux" and execute "unzip then mysql -e "source unzipped file"
if I run on "pc.dev.XP" manually :
putty -load "myconf" -l Fred -pw XXX -m script.file.that.unzip.and.integrates.sql
this works perfectly.
Same for :
cd \cygwin\bin
ssh Fred#dest "cd /var/www && ls -al"
If I try to exec() in php (wamp installed on "pc.dev.XP") those scripts they hangs. I'm pretty sure this is because the user is "SYSTEM" and not "Fred", and putty or ssh ask for a password but maybe I'm wrong.
Anyway I'm looking for a way to automate those 4 tasks I've described and I'm stuck because exec() hangs. There's no problem with safe_exec_mode or safe_exec_dir directives, they're disabled on the development machine, thus exec() works pretty well if I try some basic stuff like exec("dir")
Any idea what I could do / check / correct ?
I'm not sure if this is what you need, but I typically use a construct like this to sync databases across machines:
php extractFromDb.php | ssh user#remote.com "mysql remoteDatabaseName"
This executes the PHP script locally, and pipes the SQL commands the script prints out through SSH straigt into the remote mysql process which executes them in the remote database.
If you need compression, you can either use SSH's -C switch, or integrate the use of your compression program of choice like this:
php extractFromDb.php | gzip -9 | ssh user#remote.com "gunzip | mysql remoteDatabaseName"
You want to do this from PHP running under apache, as in I go to http://myWebserver.com/crazyScript.php and all this happens? Or you just want to write your scripts in PHP and invoke them via cmd line?
If you want the first solution, try running your apache/iss under a different user that has credentials to perform all those tasks.
"if I run on the development PC manually this works perfectly.".
Why not do it like that? When you run that script, I assume you're connecting to the local SSH server on the dev machine. When you do this, you are using the credentials Fred, so everything works. When you run the PHP script, you are right that it is probably running as SYSTEM.
Try either changing the user that apache is running as or use php to connect to the local ssh thereby using alternate credentials.
Here's what I did :
a batch file that :
Calls a php file via "php.exe my_extract_then_compress_then_ftp.php"
Calls rsync to synchronize the source folder
Calls putty -l user -pw password -m file_with_ssh_commands_to_execute
It works like a charm.