...

View Full Version : SSH Support / PHP-SSH in debian



meediake
02-09-2006, 02:14 PM
Hello to everybody,
i have one question, I searched from the internet a lot but I didnt find the neccessary answer.

So I have a debian box (LAMP), and I want to have PHP-SSH support in there to use SSH functions in PHP. I dont have any idea, what should be the name for apt package for that, ie apt-get install php4-ssh_support_paackage_name.
Or is there any well working alternative?

If somebody knows, I would be very thankful for helpful answer:)

Ok then

fci
02-09-2006, 02:56 PM
you'd probably just need to create a key with ssh-keys then use that as an interface, so, first, from a shell:

ssh-keygen -t dsa
then you will be eventually prompted to enter a password and asked where to save the file, e.g., /home/meediake/ssh_php/testing_id_dsa and /home/meediake/ssh_php/id_dsa.pub
If you do not enter a password then ssh will never prompt you for one when using it and it can make everything more seamless(this is common to see when someone is running remote backups). then, you will need to place a copy of id_dsa.pub on a remote server, usually append it to ~/.ssh/authorized_keys on that server
now, when you want to connect to that server from a php script, you can do:

echo shell_exec('ssh -i /home/meediake/ssh_php/id_dsa user@123.123.123.13 "ls -al"');
Warning: the id_dsa will *need* to be chmod'd to 600 for security purposes. you will also need to chown it to something like www:www or nobody:nobody (depends on the configuration) -- basically those are big security risks (any script running from the web server has the potential to be able to read the key).

firepages
02-09-2006, 04:37 PM
http://pecl.php.net/package/ssh2 is the pecl repository , I could not find any debian binaries though it should be php-ssh or php4-ssh or php4-ssh2 etc , you just gonna have to google and see if anyone has packaged it.

alternative is to download the php/apache&db sources and build from scratch.

fci
02-09-2006, 05:56 PM
http://pecl.php.net/package/ssh2 is the pecl repository , I could not find any debian binaries though it should be php-ssh or php4-ssh or php4-ssh2 etc , you just gonna have to google and see if anyone has packaged it.

alternative is to download the php/apache&db sources and build from scratch.

ooh.. that didn't come on a 'php ssh' google search(although comes up when doing php ssh2). he'll also need to install libssh2. I haven't done much with pecl stuff, but can't he just do `pecl install ssh2` ?

edit:
portability is another issue if you plan on going with the pecl package

meediake
02-09-2006, 10:03 PM
thanks for advise guys,
but there is another issue, when you see http://ee.php.net/ssh, there is php_ssh2.dll named file. Where it comes from(its not included in PHP zip package)? And why is OpenSSL required? Maybe my questions sound dummy, but I haven't made anything with PHP & SSH2 yet, and now its time:p

meediake
02-09-2006, 10:10 PM
I just want to log in with php to a remote SSH2 server and modify some files on it as a specific user. So every user can just log in using web-interface and make some modifications(over this web-interface) only to THEIR OWN text-files in their home directories(like exim autoresponder files and another config-like files).

There is also another alternative to use IMAP for authentication, but there are not so many capabilities as with SSH2, so I would prefer using SSH.

fci
02-10-2006, 12:16 AM
thanks for advise guys,
but there is another issue, when you see http://ee.php.net/ssh, there is php_ssh2.dll named file. Where it comes from(its not included in PHP zip package)?
why do you need that one? your box is running debian. anyway:
http://pecl4win.php.net/ext.php/php_ssh2.dll


And why is OpenSSL required? Maybe my questions sound dummy, but I haven't made anything with PHP & SSH2 yet, and now its time:p
secure socket layer.. anyway..

I'd go the route I suggested earlier on in this thread mainly due to portability(and the unknown stability of php ssh2). you'll need to generate an ssh key for each user then .. seems a little iffy on security IMO depending on how you implement, of course.

meediake
02-10-2006, 06:30 AM
yeah, using SSH sounds more and more queerly, I think that the better solution is just putting the web-interface to the same server where the mail service is running and then sending commands to server with php via telnet(ofcourse telnet isnt allowed to use remotely).

fci
02-10-2006, 01:16 PM
if you send commands to a remote via email, you can usually just pipe it to a script. unless you mean because you are controlling the users remote files.. but where will you send the results back to and all that? the first thing I posted IMO is the 'best' .. and if you know what you are doing it should all turn out fine.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum