Re: [PHP] Re: running SSH through a PHP script

Fri, 18 Jul 2003 09:13:48 -0700 

it's running as the apache user..  I negated the need for a ~/.ssh/ 
directory by specifying the path to a private key and by putting entries 
for the hosts in /etc/ssh/ssh_authorized_keys.  It stopped complaining 
after I did that.  Chaining commands together doesn't work for me because 
I'm going to different hosts, unfortunately.  Also, the key exchange isn't 
taken a long time at all, I watch the process in TOP appear, do it's 
thing, and dissappear.  It's something with PHP waiting extraordinary 
amounts of time between the SSH process.  Why would it be waiting if it is 
clear the process has been executed?  Thanks for the tip on the user 
input, I'll definately do that once this get's into production.

James

James S. Martin, RHCE
Contractor
Administrative Office of the United States Courts
Washington, DC
(202) 502-2394




Paul Chvostek <[EMAIL PROTECTED]>
07/18/2003 11:45 AM
Please respond to php-general

 
        To:     [EMAIL PROTECTED]
        cc:     [EMAIL PROTECTED]
        Subject:        [PHP] Re: running SSH through a PHP script




On Fri, Jul 18, 2003 at 11:29:50AM -0400, [EMAIL PROTECTED] 
wrote:
> There is no delay in the SSH commands when run from a shell, only 
> through the web page.  Any ideas?

What user is running the ssh commands?  Does that user have a home
directory to which it has write permissions in order to create a ~/.ssh/
directory in which to store host keys?

The ssh key negotiation will always take a certain amount of time.  If
all three ssh commands are to the same remote host, you should consider
stringing them together on a single command line, so that you only have
to run ssh once.

 $result = `/usr/bin/ssh [EMAIL PROTECTED] "cd /some/path/ && ./do_something 
&& ./do_something_else"`

Note: this is one of those cases where you should be ULTRA careful about
user input.  If your ssh command includes any variables that have been
posted in a form, do extensive format checks on them.  Usernames should
always match ^[a-z0-9]+$ .  Nothing being used in the ssh command should
be allowed to have [;&|] in it.  Be so anal and paranoid that you risk
compromising functionality, and you're less likely to screw yourself.

-- 
  Paul Chvostek                                             <[EMAIL PROTECTED]>
  it.canada                                            http://www.it.ca/
  Free PHP web hosting!                            http://www.it.ca/web/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to