-1

I would like to run a local script that when done attempts to send a tarball via SSH to my server and therefore requires a password. Is there a way to use the ssh2 libraries, proc_open or another library to achieve this in PHP.

I understand how to perform terminal commands from within a PHP script, I'm getting stuck when I attempt to send this tarball to my server:

What I have so far

The calling code

private function run($command, array $arguments = array(), Response $response = null) {
    $pipes = array();
    $descriptorspec = array(
       array('pipe', 'r'),  // STDIN
       array('pipe', 'w'),  // STDOUT
       array('pipe', 'w'),  // STDERR
    );
    $process = proc_open($command, $descriptorspec, $pipes, $this->directory);
    foreach ($arguments as $arg) {
        // Write each of the supplied arguments to STDIN
        fwrite($pipes[0], (preg_match("/\n(:?\s+)?$/", $arg) ? $arg : "{$arg}\n"));
    }
    if (!$response) {
        $response = new Response;
    }
    $response->addCompletedCommand(stream_get_contents($pipes[1]), $command, $arguments);
    $error = stream_get_contents($pipes[2]);
    if ($error) {
        $response->addError($error, $command, $arguments);
    }
    // Make sure that each pipe is closed to prevent a lockout
    foreach ($pipes as $pipe) {
        fclose($pipe);
    }
    proc_close($process);
    return $response;
}

The command

$this->run('shell_script_i_cannot_change_that_runs_ssh', array('password'));

Error:

Host key verification failed

I cannot change the script, I can only call it from PHP. If there is a solution, can it be PHP only

Luke Madhanga
  • 6,871
  • 2
  • 43
  • 47
  • Possible duplicate of [How to enter ssh password using bash?](http://stackoverflow.com/questions/16928004/how-to-enter-ssh-password-using-bash) – cmorrissey Feb 19 '16 at 20:04
  • @cmorrissey That doesn't have anything to do with php, and note, I cannot change the shell script – Luke Madhanga Feb 19 '16 at 20:06
  • why can't you change the shell script? you could FTP it http://php.net/manual/en/book.ftp.php, you could send it via CURL etc, etc. – cmorrissey Feb 19 '16 at 20:07

2 Answers2

0

You can probably just reset the existing key on the client system using ssh-keygen -R hostname.

This introduce a major security flaw, please use carefully and try to understand the ssh problem first (for instance run the command on the system and try your PHP script again).

Thomas Dutrion
  • 1,844
  • 1
  • 11
  • 9
0

Okay I have solved the problem, rather convolutedly.

  • I added _www (the name of the user/group that Apache runs as on OSX, change to whatever it is on your system) to the group sudoers but I ONLY GAVE ACCESS TO RUN ONE SCRIPT.

The code:

 _www    ALL=(ALL) NOPASSWD: /path/to/script/i/couldnt/change

Read more on the sudoers file here

  • I prepended the calling script in PHP with sudo -u Luke. This makes the software run the binary as me

  • I then created a public key with ssh-keygen to allow password-less login to my server. I would advise creating a new user that only has access to specific folders and then possibly setting up a Match directive on your server's ssh_config to control this new user

Luke Madhanga
  • 6,871
  • 2
  • 43
  • 47