Re: Re: PHP hangs when exec'ing SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Incorrect.
Setup now:
Server A: Authenticates User SSL -> runs PHP -> runs SSH someotheruser@remotehost
Server B: Authenticates user SSH -> runs command

"su" is not involved, and has not been involved- I stated in my original post, and in my last reply to you that it was only used in order for me to become the same user the web server runs as, to test the PHP script from the command line.

Server B is not running a web server, and does not have an SSL certificate. Why would I add needless complexity and extra software and services?

There's no output (besides the numeric return code) from SSH which I care about- there shouldnt be anything coming back via stdout or stderr. If there is, I'm happy to discard it. This SHOULD be a dead-nuts-simple case of exec the command and wait for it to return.

--Ross

Richard Lynch wrote:

I'm really not sure what you're asking here. I've created a limited
access user account on a remote host so that I can kick off some things
on the remote host by hitting a web page. Access to the web page is
protected via SSL and user authentication. The things which are
executed on the remote host are special purpose programs I am building,
not general commands, and no place does the web page provide a user
direct control over what programs are run.



Your setup now:
Server A: Authenticates User SSL -> runs PHP -> runs su -> runs SSH to
Server B
Server B: Authenticates User SSH -> runs command

My sugggested solution:
Server A: Authenticates User SSL -> runs cURL -> Server B
Server B: Authenticates User SSL -> runs PHP -> runs command

IE:
*MOVE* your PHP script that runs the command to Server B.
Use SSL on both A and B
Use cURL from A to B to authenticate.
B runs PHP which runs command.

You've taken out all the su and SSH stuff between A and B with no real
loss of Security.

You already know how to do everything in my suggested solution, except
maybe cURL, which would take you an hour to figure out, max.

I guarantee you that if you do this, you'll have a lot less headaches, now
and in the future, and a lot cleaner/clearer code-base.

Maybe having the PHP script on Server B is impossible.  That's the only
reason *not* to do it this way.




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux