Hello guys,

I'm trying to use a variable as host to run ssh like ssh -l username $host.

When I run the command it works fine however when I use it inside of a bash I keep getting this:

ssh: Could not resolve hostname 10.32.48.82<br: Name or service not known

the IP is connect but it seems like it is trying to resolve it like if is a name instead on an IP.

Any help would be much appreciated.

Thanks!

Try adding the following a few lines earlier in your script:

and then watch what it reports what the variable actual contains.

If you included the full stop you typed in the script that would cause an error?

it actually contains a <br at the end which I dont know where is comming from...

Let me review it one more time...

Thanks!

that "<br"is likely something like the full stop or just having a newline (having pressed enter) after the last line.

I think we need to see the script itself, or at least the line(s) where the variable host is being populated.

Hi,

I wonder if the '<br' is some artifact from the text editor you are using. How are you writing this script?

Evo2.

I'm using this PHP script to get the variables from a HTML from and then send then to the bash script:

<?php
$device = $_GET['device'] . '<br />'; <<<< I beleive here is where I'm getting the <br...I modified and and I screwed up LOL I'm trying to fix it now
$inter = $_GET['inter'];
echo $device;
echo $inter
?>

<?php
// exec ( "/var/www/cgi-bin/port_prov.bash "$device" $inter" );
$output = "<pre>".shell_exec("/var/www/cgi-bin/port_prov.bash "$device\ $inter")."</pre>";
echo $output;
?>

It's good that you posted those two snippets. Let's fix the problem that affects all of us: Unless there is some additional code between them sanitizing the variables you have a very dangerous situation should the site go public. Using $_GET[...] in the way you have shown it allows visitors the potential to run arbitrary code on your system. That is because when using $_GET, you are fetching tainted variables straight from the outside world and they can contain anything.

So instead of "10.32.48.82" someone could pass it "10.32.48.82; /bin/rm -rf /" or somethings much, much worse.

Figure out what needs to be in both $device and $inter and then make a regular expression pattern to check on each variable. This is important for all the variables that use $_GET[...], don't skip this step for any of them. Don't work on anything else, including your SSH question, before completing this step.

You can find a concise example of how to filter for IPv4 and IPv6 IP addresses:
https://www.tutorialrepublic.com/php...hp-filters.php

Dig into that short routine and you'll see how you can write a similar routine to validate the network interface names, too. Then go through the rest of your code and do the same for every variable you have fetched using $_GET or $_POST.

When ecountering data deemed invalid by your regular expressions or validation fuctions, have the program stop running and make a log entry. Don't have it report any information to the web UI because you will forget to turn it off when it goes into production.

hello Turbocapitalist, I will definitely will take a look of the link you shared today. That is really good stuff, thanks a lot!

After that I will try to make the scrip work again.

Thanks guys!