php and authorized keys

[Pioden]

HI folks

 

Has anyone successfully used PHP with authorized keys to access another server?

 

I'm playing with the idea of writing a control panel for a Linux app. I don't want to keep the root passwords in a database so authorized keys looks like a good way forward. However I can't seem to get test code to work

 

<?php

$test = shell_exec('ssh root@myserver; uname -a');

echo "<pre>$test</pre>";
?>

 

Running this *should* IMHO give me the output of uname -a on 'myserver'. It doesn't. It gives me the output of uname -a on my laptop! However running exactly the same command in my laptops terminal window gives me the correct response i.e. uname -a on myserver.

 

Any ideas?

 

Huw

[Daniel0]

No it shouldn't.

 

This should, however:

 

shell_exec("ssh root@myserver 'uname -a'");

[Pioden]

Are you sure? Doesn't work for me - and I tried variations as well ... I'm glad to know that it should work in theory though!! 

[Daniel0]

Yes, I am sure:

 

daniel@daniel0:~$ hostname
daniel0.net
daniel@daniel0:~$ ssh phpfreaks.com 'hostname'
phpfreaks.serverpowered.com

 

Are you sure you've got the keys properly setup? Note that it will try with the private key for the user that PHP is run as (which means the user the web server is run as if you run it through a web server). You might want to explicitly set the identity file when calling ssh.

[Pioden]

Note that it will try with the private key for the user that PHP is run as (which means the user the web server is run as if you run it through a web server). You might want to explicitly set the identity file when calling ssh.

 

That sounds about right. How can I explicitly set the identity file?

 

Thanks for your help. This is very useful

[Daniel0]

Like this:

 

ssh user@machine -i /path/to/private/key 'command to run on machine as user'

[Pioden]

Still no joy  :'(

 

$stream = shell_exec("ssh root@itportal -i /home/huw/.ssh/id_dsa 'hostname'");

echo "<pre>$stream</pre>";

 

Did I miss something? If the code is OK I guess it will be a permissions issue with the .ssh directory.

[Daniel0]

In your case, only the user huw would have access to that .ssh directory. Either make a new key for Apache/PHP or move the key to where it is writable.

 

I wouldn't recommend using the root user though. You should use an unprivileged user unless the command you wish to run absolutely needs root.

[Pioden]

In your case, only the user huw would have access to that .ssh directory. Either make a new key for Apache/PHP or move the key to where it is writable.

I'll try this tomorrow.

 

 

I wouldn't recommend using the root user though. You should use an unprivileged user unless the command you wish to run absolutely needs root.

Yes. I'm thinking of writing some code to manage some server processes that run as root. The good new though is that the machines are not accessible from the net. Even so I'm putting security at the top of the agenda.