Ajax request to PHP page and exec(ssh....) not working

Question

I am posting to a php page using ajax (ignore the data posted, thats not important)

When I run the php page on my linux server using the command: php addHit.php it correctly echoes out the hostname of the remote server. However this does not happen in ajax, all I get is a blank alert where the success function is. You can see it in action here: http://ec2-54-244-169-118.us-west-2.compute.amazonaws.com/bootstrap/jumbotron-narrow/index.php

    <script>
        $(function() {  
            $("form[name=addHit]").submit(function() {  
                alert("I am an alert box!");
                var link = $("input[name=link]").val();
                var comments = $("input[name=comments]").val();
                var datastring = "link="+link+"&comments="+comments;
                alert(datastring);
                $.ajax({
                    type: "POST",  
                    url: "/bootstrap/jumbotron-narrow/addHit.php",  
                    data: datastring,  
                    success: function(data, status, xhr) {  
                        alert(data);
                    }, 
                    error: function(httpRequest, textStatus, errorThrown) { 
                       alert("status=" + textStatus + ",error=" + errorThrown);
                    }
                });  
                alert("here");
                return false;
            }); 
        });  
    </script>

my addHit.php page

$commands = "ssh -i adoekey.pem ubuntu@ip-10-250-69-130.us-west-2.compute.internal hostname -f ";
echo exec($commands);

Are you sure that `ssh` is in the path of whatever shell PHP is using? Is that adoekey.pem file in the same directory as the php script, etc..? lots of things you could be doing to debug this yourself. — Marc B, Aug 12 '13 at 21:44
pem file is in the same directory as the php script, Im assuming since running php addHit.php gave me the correct result, ajax will too. — Archetype2, Aug 12 '13 at 21:47
bad assumption. php-in-webserver is a VERY different environment than php-in-your-personal-shell-prompt. — Marc B, Aug 12 '13 at 21:50

score 1 · Accepted Answer · edited May 23 '17 at 12:11

How @Archetype2 fixed the problem (from his post):

I had to create the folder /var/www/.ssh and I copied the items from the /root/.ssh folder into this new folder and changed the ownership of the new directory and its contents to www-data. Then I changed the permissions on the pem file to 400.

Getting the stderr output from a command

Instead of using exec to run a command, use the following (from "PHP StdErr after Exec()"):

$descriptorspec = array(
    0 => array("pipe", "r"),  // stdin
    1 => array("pipe", "w"),  // stdout
    2 => array("pipe", "w"),  // stderr
);

$command = "ssh -i adoekey.pem ubuntu@ip-10-250-69-130.us-west-2.compute.internal hostname -f ";
$pipes = '';
$process = proc_open($command, $descriptorspec, $pipes, dirname(__FILE__), null);

$stdout = stream_get_contents($pipes[1]);
fclose($pipes[1]);

$stderr = stream_get_contents($pipes[2]);
fclose($pipes[2]);

echo "stdout : \n";
var_dump($stdout);

echo "stderr :\n";
var_dump($stderr);

$returnCode = proc_close($process);
echo "Return code: " . $returnCode;

When you run the php addHit.php command, you're running it as the user you're logged in with (root maybe?). The HTTP server most likely has it's own user with severely limited permissions. What is your server configuration? Are you running a LAMP stack?

Also try to use the absolute file path to the .pem file since whatever is executing your php script may be changing the current working directory to something else.

I think you're on to something, going out of root to user ubuntu, I ran php addHit.php and it gave me permission denied(publickey). — Archetype2, Aug 12 '13 at 21:53
When you run PHP's `exec` command, it doesn't capture stderr (where the errors are printed) so that is probably why there is no output from the `exec` command. — Raman Lalia, Aug 12 '13 at 21:55
so the apache user is www-data, I did chown on the php and pem file to user www-data, made absolute file path and it still doesn't work....I need to see some error logs, how would I log this? — Archetype2, Aug 12 '13 at 22:19
On a related note, you should probably be using a SSH library to make thing easier for you. Running command on the host system through PHP isn't recommended. — Raman Lalia, Aug 12 '13 at 22:37
Very useful! It gave me a few errors and I managed to debug them, now it's working, thanks! — Archetype2, Aug 12 '13 at 22:55

score 1 · Answer 2 · answered Aug 12 '13 at 22:58

1

I had to create the folder /var/www/.ssh and I copied the items from the /root/.ssh folder into this new folder and changed the ownership of the new directory and its contents to www-data. Then I changed the permissions on the pem file to 400.

answered Aug 12 '13 at 22:58

Archetype2

97
1
10

score 0 · Answer 3 · answered Aug 13 '13 at 14:22

Honestly, instead of using proc_open, I think it'd be easier to use phpseclib, a pure PHP SSH implementation. eg

<?php
include('Net/SSH2.php');
include('Crypt/RSA.php');

$ssh = new Net_SSH2('ip-10-250-69-130.us-west-2.compute.internal');
$key = new Crypt_RSA();
$key->loadKey(file_get_contents('adoekey.pem'));
if (!$ssh->login('ubuntu', $key)) {
    exit('Login Failed');
}

//stderr will be included in output unless specifically disabled
//$ssh->enableQuietMode();
echo $ssh->exec('hostname -f');
//be quiet mode enabled or not you can still get stderr with $ssh->getStdError()
?>

Ajax request to PHP page and exec(ssh....) not working

3 Answers3

How @Archetype2 fixed the problem (from his post):

Getting the stderr output from a command