SSH into a windows PC and run a command from PHP script

peterjfrancis · 07-28-2009, 08:58 AM

I am trying to SSH into a windows PC and run a command from a PHP script
Here is a typical command I am trying to execute, I also need to run a batch file on the windows box.

Code:

ssh user@192.168.10.131 cmd /c dir

The above works fine when typed into a terminal window on the Linux server but when I put that in my PHP script it refuses to work

The following is a fragment of code from my PHP script

Code:

$command = 'ssh user@192.168.10.131 "cmd /c dir"';
$return = shell_exec("$command");

Can anyone offer any pointers ? Thanks in advance !

Server = Linux (SME) with PHP5
Client = WinXP Pro

Agrouf · 07-28-2009, 09:04 AM

Does the user running the php program (apache?) need a password to connect to user@192.168.10.131?

peterjfrancis · 07-29-2009, 02:38 AM

Quote:

Originally Posted by Agrouf

Does the user running the php program (apache?) need a password to connect to user@192.168.10.131?

Hello Agrouf
The password is handled by public-key authentication.

The problem seems to be related to sending the command to the remote system via PHP as the commands all work when typed into a terminal

Agrouf · 07-29-2009, 07:04 AM

But how are you executing the php script?
Are you calling php from the command line with your user, or are you using a browser to access a page served by apache?

geek745 · 07-29-2009, 09:48 AM

yes, Agrouf is getting at your problem, I think. If you are not running the apache or php servers as you (check httpd.conf for

Code:

user = www

or similar), then you should not expect the same behavior from it as from your user on the commandline - you should be able to duplicate the results by doing

Code:

su www bash

to get a shell with the web server user - then you will find your problem. Also, logs from the ssh server you're connecting to and possibly logs from the PHP script may also help diagnose what you need to change.

If it is possible, you will need to provide a private/public key pair to the web server user AND make sure that it can access it - ssh on the client will look in the user's home directory's .ssh/ to find ssh_config and the private key (id_rsa or similar), so you will need to put the private key into the web server user's home directory (find out what this is with grep -e "www" /etc/passwd). I do not know if the web server user needs to be able to login... in /etc/shadow, if there is a '!' instead of a password hash, that user does not have the privilege of logging into an interactive terminal... it may or may not make a difference.

peterjfrancis · 07-30-2009, 11:41 AM

Hello Agrouf and geek745,
The script is called from a browser (and therefore Apache) and the user is reported as www by the following....

PHP Code:



$whoami = shell_exec("whoami"); 
echo "whoami = " . $whoami . "<br>";

I checked httpd.conf as suggested by geek745 and found the following ....

Code:

# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.  

# User/Group: The name (or #number) of the user/group to run httpd as.
#  On SCO (ODT 3) use User nouser and Group nogroup
#  On HPUX you may not be able to use shared memory as nobody, and the
#  suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 60000; 
#  don't use Group nobody on these systems!

User www
Group www

from this it seems that httpd is running as www and that I can change who httpd runs as , however I don't understand how to do this.

Any suggestions.
I am new to Linux so please be gentle with me !!

geek745 · 07-30-2009, 12:10 PM

Quote:

I am new to Linux so please be gentle with me !!

No problem! Good work so far.

It is unclear so far how much you know about the SSH protocol and the public/private key authentication protocol, and on top of that, how to configure openssh to enable a client to connect to a particular host. Assuming you know how to do this, all you need to do is enable a password-less ssh connection from user www on the client machine to access the ssh server. I would recommend generating a new key, setting it to the www user's private key for this; then you would place the corresponding public key in the authorized_keys of the server so that www (the web/php server) can connect.

For the client system, when ssh is called by php as user www, it will check ~/.ssh, looking for the client configuration (ssh_config), and based on that and the server defaults (possibly in etc/ssh or /usr/etc), look for the private key to use for authentication. You will have to get all of this in order, which includes finding out which directory ~www points to - you can try to do

Code:

sudo cd ~www

and see what directory you change to, or you can grep /etc/passwd for www and see what the home directory is listed as there (both methods should get you to the same spot in your filesystem, possibly /var/www, /srv/www, or something similar). I do not know if ssh requires the user's account to be login-able, which I mentioned before... you may have to alter that setting and set a password for www for outbound ssh to work.

So, assuming you get all these files lined up, www should behave just like your user account and connect to the ssh server just fine.

I would like to point out some security risks, however.

passwordless (no passphrase) ssh keys can be a vulnerability when the world at large has access to that user account - no further checks are necessary for a hijacked php script to perform any operation that www can usually do
allowing logins to 'www' could also grant access to that account, and through that account, the server you have allowed it access to

So you will need to come up with some safeguards to protect this setup.

Good luck!