SSH command from PHP script - nothing, yet work at cmd line
Solution 1
First; try to run it as the webserver user, for example:
sudo -u www-data <whatever_command>
Second; make sure you not only capture the result of the command you are executing, but the lines it throws back. You can do this in PHP with:
string exec ( string $command [, array &$output [, int &$return_var ]] )
http://www.php.net/manual/en/function.exec.php
Third: please do come back with a working answer.
Solution 2
You need to specify the user in the ssh command options:
system('ssh -i /home/me/keys/key.pem [email protected] "ls"');
This probably still won't work unless apache has access to your key.pem file which would be a huge security vulnerability. I really suggest using some ssh library (like others have suggested) and setting up apache with it's own ssh keys, and set up the server it's connecting to with reduced permission access to that account.
Solution 3
you need to use php openssh library to properly run these commands, otherwise, it can compromise security of your system.
Solution 4
My recommendation would be to use phpseclib, a pure PHP SSH implementation. eg.
<?php
include('Net/SSH2.php');
$key = new Crypt_RSA();
$key->loadKey(file_get_contents('/home/me/keys/key.pem'));
$ssh = new Net_SSH2('ip-xx-xxx-xxx-xxx-end.ip');
if (!$ssh->login('user', $key)) {
exit('Login Failed');
}
echo $ssh->exec('ls');
//echo $ssh->read('username@username:~$');
//$ssh->write("ls -la\n");
//echo $ssh->read('username@username:~$');
?>
Related videos on Youtube
06 : 56
12 : 18
04 : 57
12 : 35
02 : 48
waxical
Updated on September 18, 2022Comments
-
waxical almost 2 years
I'm working on an EC2 box and trying to SSH command another box.
The command works in command-line, even php -a interactive. However it does not work when running as apache. Example cmd:-
system('ssh -i /home/me/keys/key.pem [email protected] "ls"');I've tried adding apache to wheel group, and gshadow on both boxes. I've also just tried chowning the pem file to apache. Nothing.
Yet the command response fine in the two other use cases outlines.
What's going on here? Anyone know?
-
Khaled over 12 yearsDid you try to run this command from the command line using the apache user? This should be the same as running it from php executed by apache.
-
-
waxical over 12 yearsThat was a mistake of the write up here - I do actually have a user@ - thanks for the pickup tho.
-
waxical over 12 yearsHi José - thanks for your thoughts. I have now logged in as apache and then run the command with system, which outputs all - tho I have tried with exec before. I have tried this at command line via php -a interactive shell - I now get to the point where it asks for passphrase. Still nothing in script tho. I will update here when I have finally resolved issues.
-
user9517 over 12 yearsCan you give an example of how to do this and expand on how it can compromise security not to use this library ?
-
Farhan over 12 years
-
Farhan over 12 years
-
Ladadadada over 12 yearsIf it's asking for a passphrase it sounds like the apache user can't read the .pem file or the .pem file is wrong for some reason. (Permissive file permissions are considered a critical error by ssh so don't chmod 777. chmod 600 and chown apache-user are more likely to work.)
-
devicenull over 12 yearsThose aren't really examples of how using embedded commands can be harmful. If you don't let any unsanitized user input near your exec command, it's not really any more harmful then any other PHP function.
