I'm developing a website with PHP where I want the web server to pass information via SSH to a separate jobs server to process.

Now I'm pretty sure what I want here is to use public keys so that the servers can talk without needing to password authenticate every time.

What I'm having a hard time figuring out is how to generate the SSH keys initially. The PHP pages are executed by a non-login user, wwwrun, which also obviously doesn't have a .ssh directory to store the key in.

What is the best way for me to do this? Do I need to use a bunch of exec() statements to create the key and pass it a blank passphrase when it asks for one? Where can I store it?

The web server does not have the PECL SSH2 extension installed, if that makes a difference.

Thanks for any help.

Have you considered (and rejected) using cURL to access a remote server using HTTPS? It would mean putting a script on that server to do what is needed, but then you could be assured of all the right stuff happening with certificates without any involvement by your application code.

Just for future reference for anyone else with this issue, here's what I wound up doing:

First of all, I created the key for the user wwwrun by editing /etc/passwd and changing the default shell for the user from /bin/false to /bin/bash. That allowed me to use 'su wwwrun' to log in as the wwwrun user. Using 'cd ; pwd' I found that wwwrun actually does have a home directory inside the filesystem, so that's where I used ssh-keygen to create the key pair and copied the public key to the remote server.

I made sure to edit /etc/passwd to change wwwrun's shell back to /bin/false, and now no-login scp is working just fine.

Thank you guys for your help.