> > To relate this to php, I am ready to give up
> > trying to make my
> >
> > system("scp ......");
> >
> > code work, because I will have to give the apache user more permissions
> > than I am comfortable with.
> What exactly are the problems you're encountering using scp?

I created an apache user, which I called apache, and  made sure this user
could connect to the remote servers and created rsa keys so no passwords
would be necessary (so my system($cmd) call would work). This is what
happens when I run scp:

bash-2.05a$ scp -pvr -S ssh apache@thor:/home/web/testsite/cgi-bin
Executing: ssh -v -x -o'FallBackToRsh no' -o'ClearAllForwardings yes' -n -l
apache thor scp -v -r -p /home/web/testsite/cgi-bin
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be
debug1: restore_uid
debug1: ssh_connect: getuid 48 geteuid 0 anon 1
debug1: Connecting to thor [] port 22.
debug1: temporarily_use_uid: 48/48 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 48/48 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/apache/.ssh/identity type -1
debug1: identity file /home/apache/.ssh/id_rsa type 1
debug1: identity file /home/apache/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 135/256
debug1: bits set: 1551/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'thor' is known and matches the RSA host key.
debug1: Found key in /home/apache/.ssh/known_hosts:1
debug1: bits set: 1576/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: service_accept: ssh-userauth
debug1: authentications that can continue:
debug1: next auth method to try is publickey
debug1: try privkey: /home/apache/.ssh/identity
debug1: try pubkey: /home/apache/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x8086d50 hint
debug1: read PEM private key done: type RSA
debug1: ssh-userauth2 successful: method publickey
debug1: fd 4 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Sending command: scp -v -r -p /home/web/testsite/cgi-bin
debug1: channel request 0: exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel 0: read<=0 rfd 4 len 0
debug1: channel 0: read failed
debug1: channel 0: close_read
debug1: channel 0: input open -> drain
debug1: channel 0: ibuf empty
debug1: channel 0: send eof
debug1: channel 0: input drain -> closed

There is more output, but as you can see the read of the src files failed
and an empty ibuf is sent. This command line call works if I am a normal
user for whom I have set up known_hosts and authorized_keys. But the above
is the result when I run scp as user 'apache'.

> So, I am thinking fo using php's ftp commands
> > instead. I see nowhere in the documentation however, if the ftp_connect
> > be done via the ssh transport mechanism. Or, is this unnecessary, and
can I
> > use ftp (with plain text user and password passed to ftp_login()) on
> > 21 without worrying about getting hacked?
> Well, if you're going to be using ftp-over-ssh, I don't see why you're not
> using scp directly instead.

I thought that if I create an ssh tunnel for ftp, I could use the php ftp
functions, they would actually be using ssh transparently.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to