shams Posted November 18, 2013 Share Posted November 18, 2013 I want to create a ssh tunnel with php script but it is not working: <?phpexec ('sshpass -p my_pass ssh -L 9001:remote_server:80 user@shell.example.net -N');echo '<b> Done </b>';?> just print the Done. Quote Link to comment Share on other sites More sharing options...
dalecosp Posted November 18, 2013 Share Posted November 18, 2013 Why are you not checking the output? Quote Link to comment Share on other sites More sharing options...
shams Posted November 18, 2013 Author Share Posted November 18, 2013 Thanks for reply, can you help how i can check the output? Quote Link to comment Share on other sites More sharing options...
dalecosp Posted November 18, 2013 Share Posted November 18, 2013 According to the docs, a second array parameter should store the output line(s), and a third parameter the return code. exec ('sshpass -p my_pass ssh -L 9001:remote_server:80 user@shell.example.net -N',$myOutput,$returnCode); echo "SSHPass attempted with return code $returnCode. The program said: "; print_r($myOutput); Quote Link to comment Share on other sites More sharing options...
shams Posted November 18, 2013 Author Share Posted November 18, 2013 The auth is now with rsa keys, this is the new command: exec ('ssh -L 9001:remote_server:80 user@shell.example.net -N'); the output now is: SSH attempted with return code 255. The program said: Array ( ) any help please? Quote Link to comment Share on other sites More sharing options...
shams Posted November 18, 2013 Author Share Posted November 18, 2013 (edited) I watch the log that says the connection established, but there is no tunnel because localhost:9001 is not working, this is log: OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013debug1: Reading configuration data /etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 19: Applying options for *debug1: Connecting to shell.example.net [216.194.93.9] port 22.debug1: Connection established.debug1: SELinux support disabledCould not create directory '/var/www/.ssh'.debug1: identity file /var/www/.ssh/id_rsa type -1debug1: identity file /var/www/.ssh/id_rsa-cert type -1debug1: identity file /var/www/.ssh/id_dsa type -1debug1: identity file /var/www/.ssh/id_dsa-cert type -1debug1: identity file /var/www/.ssh/id_ecdsa type -1debug1: identity file /var/www/.ssh/id_ecdsa-cert type -1debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2_hpn13v11 FreeBSD-20130515debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH*debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com nonedebug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com nonedebug1: sending SSH2_MSG_KEX_ECDH_INITdebug1: expecting SSH2_MSG_KEX_ECDH_REPLYdebug1: Server host key: ECDSA 7c:da:68:f1:0f:02:13:77:f2:6c:ad:b4:82:b4:f1:fddebug1: read_passphrase: can't open /dev/tty: No such device or addressHost key verification failed. Edited November 18, 2013 by shams Quote Link to comment Share on other sites More sharing options...
dalecosp Posted November 18, 2013 Share Posted November 18, 2013 (edited) OpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to shell.example.net [216.194.93.9] port 22. debug1: Connection established. debug1: SELinux support disabled Could not create directory '/var/www/.ssh'. debug1: identity file /var/www/.ssh/id_rsa type -1 debug1: identity file /var/www/.ssh/id_rsa-cert type -1 debug1: identity file /var/www/.ssh/id_dsa type -1 debug1: identity file /var/www/.ssh/id_dsa-cert type -1 debug1: identity file /var/www/.ssh/id_ecdsa type -1 debug1: identity file /var/www/.ssh/id_ecdsa-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2_hpn13v11 FreeBSD-20130515 debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH* debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 7c:da:68:f1:0f:02:13:77:f2:6c:ad:b4:82:b4:f1:fd debug1: read_passphrase: can't open /dev/tty: No such device or address Host key verification failed. A lot of this appears to be inadequate permissions --- note that it's trying to create an ".ssh" directory in the webroot, for example (this directly normally contains the known_hosts file, and in the case of a Real Person would also contain keys, etc.) The inability to bind to localhost 9001 would also indicate inadequate permissions IIRC. All the certificate checks/key checks are returning "-1" because they don't exist. The final straw appears to be the system asking for a passphrase and not being able to obtain a terminal (because, obviously, the WWW daemon isn't using one). What are you trying to do, exactly? Are you attempting an SSH proxy? Offhand, I'd say you need a lot more command options (hard-coded paths to keys, for example). Edited November 18, 2013 by dalecosp Quote Link to comment Share on other sites More sharing options...
shams Posted November 19, 2013 Author Share Posted November 19, 2013 Yes i want to use my shell server as proxy and forward my web traffic, but the above command working from the linux terminal and i can open localhost:9001 this is the output from terminal: ssh -v -L 9001:securitykiss.com:80 user@shell.example.net -NOpenSSH_6.2p2 Ubuntu-6ubuntu0.1, OpenSSL 1.0.1e 11 Feb 2013debug1: Reading configuration data /home/user/.ssh/configdebug1: Reading configuration data /etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 19: Applying options for *debug1: Connecting to shell.ecample.net [216.194.93.6] port 22.debug1: Connection established.debug1: identity file /home/user/.ssh/id_rsa type 1debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-2048debug1: Checking blacklist file /etc/ssh/blacklist.RSA-2048debug1: identity file /home/user/.ssh/id_rsa-cert type -1debug1: identity file /home/user/.ssh/id_dsa type -1debug1: identity file /home/user/.ssh/id_dsa-cert type -1debug1: identity file /home/user/.ssh/id_ecdsa type -1debug1: identity file /home/user/.ssh/id_ecdsa-cert type -1debug1: Enabling compatibility mode for protocol 2.0debug1: Local version string SSH-2.0-OpenSSH_6.2p2 Ubuntu-6ubuntu0.1debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2_hpn13v11 FreeBSD-20130515debug1: match: OpenSSH_6.2_hpn13v11 FreeBSD-20130515 pat OpenSSH*debug1: SSH2_MSG_KEXINIT sentdebug1: SSH2_MSG_KEXINIT receiveddebug1: kex: server->client aes128-ctr hmac-md5-etm@openssh.com none debug1: kex: client->server aes128-ctr hmac-md5-etm@openssh.com nonedebug1: sending SSH2_MSG_KEX_ECDH_INITdebug1: expecting SSH2_MSG_KEX_ECDH_REPLYdebug1: Server host key: ECDSA 7c:da:68:f1:0f:02:13:77:f2:6c:ad:b4:82:b4:f1:fddebug1: Host 'shell.example.net' is known and matches the ECDSA host key.debug1: Found key in /home/user/.ssh/known_hosts:2debug1: ssh_ecdsa_verify: signature correctdebug1: SSH2_MSG_NEWKEYS sentdebug1: expecting SSH2_MSG_NEWKEYSdebug1: SSH2_MSG_NEWKEYS receiveddebug1: Roaming not allowed by serverdebug1: SSH2_MSG_SERVICE_REQUEST sentdebug1: SSH2_MSG_SERVICE_ACCEPT receiveddebug1: Authentications that can continue: publickey,passworddebug1: Next authentication method: publickeydebug1: Offering RSA public key: /home/user/.ssh/id_rsadebug1: Server accepts key: pkalg ssh-rsa blen 279debug1: Authentication succeeded (publickey).Authenticated to shell.example.net ([216.194.93.6]:22).debug1: Local connections to LOCALHOST:9001 forwarded to remote address securitykiss.com:80debug1: Local forwarding listening on ::1 port 9001.debug1: channel 0: new [port listener]debug1: Local forwarding listening on 127.0.0.1 port 9001.debug1: channel 1: new [port listener]debug1: Requesting no-more-sessions@openssh.comdebug1: Entering interactive session.debug1: client_input_global_request: rtype keepalive@openssh.com want_reply 1debug1: Connection to port 9001 forwarding to securitykiss.com port 80 requested.debug1: channel 2: new [direct-tcpip]debug1: Connection to port 9001 forwarding to securitykiss.com port 80 requested.debug1: channel 3: new [direct-tcpip]debug1: channel 2: free: direct-tcpip: listening port 9001 for securitykiss.com port 80, connect from 192.168.1.2 port 53397, nchannels 4debug1: channel 3: free: direct-tcpip: listening port 9001 for securitykiss.com port 80, connect from 192.168.1.2 port 53398, nchannels 3 Quote Link to comment Share on other sites More sharing options...
shams Posted November 19, 2013 Author Share Posted November 19, 2013 (edited) What i exactly want to create sript for, it's a problem to run the above command for every site i open in the linux terminal so i want to create a html form and php script with the input field for the url of site i want to open and a submit button, when i inter the site url in the forum input field and hit the submit button the php script should do all the rest and open the site in the new tab of firefox, i don't have much knowlegde in html and php coding so started to go step by step. I aso created the socks proxy but that is slow so i preffer this one. Edited November 19, 2013 by shams Quote Link to comment Share on other sites More sharing options...
dalecosp Posted November 19, 2013 Share Posted November 19, 2013 Well, you're gonna have to fix the permissions issue if you want the web-server to run this. Keep in mind, however, that PHP doesn't have to be run by a webserver. I use PHP CLI scripts to do similar things, actually, although the box that has those scripts on it isn't online right now because of a hardware issue.What I'm saying --- you could just create a CLI script that took the URL as its argument and run it in a terminal and skip the permissions issues. Quote Link to comment Share on other sites More sharing options...
kicken Posted November 19, 2013 Share Posted November 19, 2013 I can't imagine how a socks proxy is slower than having to go to a form and enter the details of your tunnel manually. Aside from that, doing manual tunnels like that changes the hostname/port of the site and may cause issues on some sites. You really should just be using a real proxy and configuring your browser accordingly. As for your issue though, you should be setting up Public Key Authentication rather than trying to use a password. Based on the log it seems that sshpass is failing to provide the password to the ssh client and as such the connection fails. It may also be an issue of ssh trying to ask you to verify the server's key but can't so it fails the connection. To solve that you'd need to add the host to /var/www/.ssh/known_hosts. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.