Quote:
I am new to Linux so please be gentle with me !!
|
No problem! Good work so far.
It is unclear so far how much you know about the SSH protocol and the public/private key authentication protocol, and on top of that, how to configure openssh to enable a client to connect to a particular host. Assuming you know how to do this, all you need to do is enable a password-less ssh connection from user www on the client machine to access the ssh server. I would recommend generating a new key, setting it to the www user's private key for this; then you would place the corresponding public key in the authorized_keys of the server so that www (the web/php server) can connect.
For the client system, when ssh is called by php as user www, it will check ~/.ssh, looking for the client configuration (ssh_config), and based on that and the server defaults (possibly in etc/ssh or /usr/etc), look for the private key to use for authentication. You will have to get all of this in order, which includes finding out which directory ~www points to - you can try to do
and see what directory you change to, or you can grep /etc/passwd for www and see what the home directory is listed as there (both methods should get you to the same spot in your filesystem, possibly /var/www, /srv/www, or something similar). I do not know if ssh requires the user's account to be login-able, which I mentioned before... you may have to alter that setting and set a password for www for outbound ssh to work.
So, assuming you get all these files lined up, www should behave just like your user account and connect to the ssh server just fine.
I would like to point out some security risks, however.
- passwordless (no passphrase) ssh keys can be a vulnerability when the world at large has access to that user account - no further checks are necessary for a hijacked php script to perform any operation that www can usually do
- allowing logins to 'www' could also grant access to that account, and through that account, the server you have allowed it access to
So you will need to come up with some safeguards to protect this setup.
Good luck!