> > To relate this to php, I am ready to give up
> > trying to make my
> >
> > system("scp ......");
> >
> > code work, because I will have to give the apache user more permissions
> > than I am comfortable with.
>
> What exactly are the problems you're encountering using scp?
>I created an apache user, which I called apache, and made sure this user could connect to the remote servers and created rsa keys so no passwords would be necessary (so my system($cmd) call would work). This is what happens when I run scp: bash-2.05a$ scp -pvr -S ssh apache@thor:/home/web/testsite/cgi-bin apache@loki:/home/web/testsite Executing: ssh -v -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n -l apache thor scp -v -r -p /home/web/testsite/cgi-bin 'apache@loki:/home/web/testsite' OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: restore_uid debug1: ssh_connect: getuid 48 geteuid 0 anon 1 debug1: Connecting to thor [127.0.0.1] port 22. debug1: temporarily_use_uid: 48/48 (e=0) debug1: restore_uid debug1: temporarily_use_uid: 48/48 (e=0) debug1: restore_uid debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /home/apache/.ssh/identity type -1 debug1: identity file /home/apache/.ssh/id_rsa type 1 debug1: identity file /home/apache/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1 debug1: match: OpenSSH_3.1p1 pat OpenSSH* Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.1p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 135/256 debug1: bits set: 1551/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'thor' is known and matches the RSA host key. debug1: Found key in /home/apache/.ssh/known_hosts:1 debug1: bits set: 1576/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password,keyboard-interactive debug1: next auth method to try is publickey debug1: try privkey: /home/apache/.ssh/identity debug1: try pubkey: /home/apache/.ssh/id_rsa debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x8086d50 hint 1 debug1: read PEM private key done: type RSA debug1: ssh-userauth2 successful: method publickey debug1: fd 4 setting O_NONBLOCK debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. debug1: ssh_session2_setup: id 0 debug1: Sending command: scp -v -r -p /home/web/testsite/cgi-bin apache@loki:/home/web/testsite debug1: channel request 0: exec debug1: channel 0: open confirm rwindow 0 rmax 32768 debug1: channel 0: read<=0 rfd 4 len 0 debug1: channel 0: read failed debug1: channel 0: close_read debug1: channel 0: input open -> drain debug1: channel 0: ibuf empty debug1: channel 0: send eof debug1: channel 0: input drain -> closed There is more output, but as you can see the read of the src files failed and an empty ibuf is sent. This command line call works if I am a normal user for whom I have set up known_hosts and authorized_keys. But the above is the result when I run scp as user 'apache'. > So, I am thinking fo using php's ftp commands > > instead. I see nowhere in the documentation however, if the ftp_connect can > > be done via the ssh transport mechanism. Or, is this unnecessary, and can I > > use ftp (with plain text user and password passed to ftp_login()) on port > > 21 without worrying about getting hacked? > > Well, if you're going to be using ftp-over-ssh, I don't see why you're not > using scp directly instead. > I thought that if I create an ssh tunnel for ftp, I could use the php ftp functions, they would actually be using ssh transparently. Rich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
