> I'm really not sure what you're asking here. I've created a limited > access user account on a remote host so that I can kick off some things > on the remote host by hitting a web page. Access to the web page is > protected via SSL and user authentication. The things which are > executed on the remote host are special purpose programs I am building, > not general commands, and no place does the web page provide a user > direct control over what programs are run.
Your setup now: Server A: Authenticates User SSL -> runs PHP -> runs su -> runs SSH to Server B Server B: Authenticates User SSH -> runs command My sugggested solution: Server A: Authenticates User SSL -> runs cURL -> Server B Server B: Authenticates User SSL -> runs PHP -> runs command IE: *MOVE* your PHP script that runs the command to Server B. Use SSL on both A and B Use cURL from A to B to authenticate. B runs PHP which runs command. You've taken out all the su and SSH stuff between A and B with no real loss of Security. You already know how to do everything in my suggested solution, except maybe cURL, which would take you an hour to figure out, max. I guarantee you that if you do this, you'll have a lot less headaches, now and in the future, and a lot cleaner/clearer code-base. Maybe having the PHP script on Server B is impossible. That's the only reason *not* to do it this way. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
