SSH can transfer data through the technology of encrypting online packets; using SSH, all data transmitted can be encrypted. Even if someone intercepts the data, no useful information can be obtained. At the same time, the data is compressed, which greatly speeds up the transmission speed. In short, through the use of SSH, data transmission can be ensured to be relatively secure and efficient.
However, not everyone knows that PHP can connect to SSH and execute remote commands, but it is very useful. Since we can leverage PHP in so many different ways, it has a lot of setting options to control its behavior. A large set of optional parameters allows you to use PHP for many different purposes, but it also means that the combination of these parameters and server-side configuration can introduce some security issues. The author has been using SSH in a PHP CLI application. I used it from cronjobs, but it was not very simple at the beginning. It can be said that it was quite difficult. The manual on the safe use of Shell2 functions is not very practical. The author conducted many experiments before coming up with this small article today. I hope that after reading it, it can save you some time in configuring PHP.
In this article, I need to assume that
the operating system you are running is Debian/Ubuntu. If you are not running Debian/Ubuntu, you may need to replace the corresponding content of this article with the package manager provided by your Linux distribution.
You are running PHP5. If you are not running PHP5, you can use PHP4 instead.
You have a basic understanding of PHP and server administration.
You already have PHP installed.
Prerequisites
Installation Packages
First, let’s install the following packages:
sudo aptitude update
sudo aptitude install php5-dev php5-cli php-pear buid-essential
openssl-dev zlib1g-dev
The installation is complete and go to the next step.
Compile libssh2
After downloading Libssh2 from the sourceforge website, we need to compile it, but don't worry, you just need to do as follows:
cd /usr/src
wget
// log in at server1.example.com on port 22
if( !($con = ssh2_connect("server1.example.com", 22))){
echo "fail: unable to establish connectionn";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password ($con, "root", "secretpassword")) {
echo "fail: unable to authenticaten";
} else {
// allright, we're in!
echo "okay: logged in...n";
// execute a command
if(!($stream = ssh2_exec($con, "ls -al" )) ){
echo "fail: unable to execute commandn";
} else{
// collect returning data from command
stream_set_blocking( $stream, true );
$data = "";
while( $buf = fread($stream,4096) ){
$data .= $buf;
}
fclose($stream);
}
}
Second method: Shell
In the same way, you can also write a function or a class for the following code. However, this article only provides the basic concepts:
if (!function_exists("ssh2_connect")) die("function ssh2_connect doesn't exist")
// log in at server1.example.com on port 22
if(!($con = ssh2_connect ("server1.example.com", 22))){
echo "fail: unable to establish connectionn";
} else {
// try to authenticate with username root, password secretpassword
if(!ssh2_auth_password($con, "root ", "secretpassword")) {
echo "fail: unable to authenticaten";
} else {
// allright, we're in!
echo "okay: logged in...n";
// create a shell
if (!($shell = ssh2_shell($con, 'vt102', null, 80, 40, SSH2_TERM_UNIT_CHARS))){
echo "fail: unable to establish shelln";
} else{
stream_set_blocking( $shell, true );
/ / send a command
fwrite($shell,"ls -aln");
sleep(1);
// & collect returning data
$data = "";
while( $buf = fread($shell,,4096) ){
$data .= $buf;
}
fclose($shell);
}
}
}
Tip:
Sometimes the server is busy, or a connection error occurs, and there is no data in the buffer, and the PHP script will stop outputting from a command (even if the command does not complete! ) to collect data. You can do the following for this:
ssh2_exec($con, 'ls -al; echo "__COMMAND_FINISHED__"' );
Now, in your loop that's constantly checking the buffer, just look at COMMAND_FINISHED. Because then you know you have all the data. In order to avoid infinite loops (infinite loops), you can use a 10-second timeout limit:
$time_start = time();
$data = "";
while( true ){
$data .= fread($stream, 4096);
if( strpos($data,"__COMMAND_FINISHED__") !== false){
echo "okay: command finishedn";
break;
}
if( (time()-$time_start) > 10 ){
echo "fail: timeout of 10 seconds has been reachedn";
break;
}
}
In the above example, you'd better set stream_set_blocking to false.
Send files through SSH
ssh2_scp_send($con, "/tmp/source.dat", "/tmp/dest.dat", 0644);
If it does not work properly,
please check the following aspects:
Follow this article to check every step of your operation
On the server side, "PasswordAuthentication yes" must be enabled in sshd_config. The default value on most servers is yes, but in some cases you may need to add the following line to the file to turn this feature on yourself:
/etc/ssh/sshd_config:
# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication yes
If you make changes, you need to restart SSH:
/etc/init.d/ssh restart