[PHP] PHP hangs when exec'ing SSH
Hello,
I've beat on this for a while now, and I'm not seeming to get
anywhere. Any ideas would be appreciated.
I'm attempting to execute some things on remote servers using ssh, using
a strictly limited account created for this express purpose. I set up
passwordless key authentication from the user the web server runs as to
the limited account on the remote server. I wrote some PHP code which calls:
system("ssh [EMAIL PROTECTED] mycommand", $result)
If I become the web-server user and run this via php from the
command-line, everything works. The commands are executed remotely, and
the expected HTML comes to standard-out.
If I run this through apache, I can verify that the authentication
happens successfully, and the commands are run, but output to the
browser hangs. No errors, nothing. I have attempted using shell_exec,
and popen as well- both exhibit the same problems. I can run commands
other than ssh without difficulty.
This is happening on suse linux 9.1, PHP 4.3.4. Any clues as to what may
be happening?
I'm aware that there is a PECL library for calling SSH functionality,
but I really don't want to install more things and create more
dependancies for my code when this should be doable with what is already
on the system. Efficiency is not a concern in this case, either.
Cheers
Ross
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP hangs when exec'ing SSH
There is no output to stderr or stdout from the script being executed.
All I care about are the side-effects of running this remote program. If
something fails, a numeric error-code will be returned.
I have tried this using: system(), shell_exec() - same as backtick
operator, and popen(). I have tried this using an external shell script
which calls the ssh executable. All methods get the same results.
The program on the remote host is successfully executed, but PHP never
comes back if it is operating under the web server. Also note that I
became the same user that the web server runs as to execute the script
under the PHP CLI.
I actually located a bug filed for this in early 2003 reguarding this
happening on SuSE 8.1 with PHP 4.3.1, but the developers dropped it
because there was no feedback from the user.
My worry is that there's also another bug reguarding executing SSH that
the developers closed as bogus claiming it was an SSH problem, and
pointing to an FAQ on the openssh site saying that SSH can hang due to
not knowing if there's further output coming from the program. I'm
hoping that this isn't their answer to my problem, because I can
demonstrate that it all works when PHP runs in CLI mode.
--Ross
Jamie Alessio wrote:
I'm attempting to execute some things on remote servers using ssh,
using a strictly limited account created for this express purpose. I
set up passwordless key authentication from the user the web server
runs as to the limited account on the remote server. I wrote some PHP
code which calls:
system("ssh [EMAIL PROTECTED] mycommand", $result)
If I become the web-server user and run this via php from the
command-line, everything works. The commands are executed remotely,
and the expected HTML comes to standard-out.
If I run this through apache, I can verify that the authentication
happens successfully, and the commands are run, but output to the
browser hangs. No errors, nothing. I have attempted using shell_exec,
and popen as well- both exhibit the same problems. I can run commands
other than ssh without difficulty.
This is happening on suse linux 9.1, PHP 4.3.4. Any clues as to what
may be happening?
>
Ross,
A couple of ideas:
- Here's your code: "system("ssh [EMAIL PROTECTED] mycommand", $result)"
You do realize that $result only contains the return code of the system
call and not the actual output from the program called via system(), right?
- Do you have any sort of output buffering in the script?
- Have you tried using passthru() or backticks[1] instead of system()?
Same results?
- Is it possible the ssh command on the remote host is sending the
output to STDERR instead of STDOUT? I'm not sure that this makes sense
since you say it is working via PHP CLI, but perhaps you are seeing the
STDERR output along with the output of your script? This idea a longshot
at best.
--
Jamie
1. http://us4.php.net/language.operators.execution
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP hangs when exec'ing SSH
I actually do care about the return code from the program, as well as
knowing that the program executed and completed successfully, so
background execution is not a valid option.
I tried using system("ssh [EMAIL PROTECTED] mycommand > /dev/null 2>&1") and got
the same results.
You are correct that I am using "su" to become the same user that the
web server runs under, after temporarily changing the password file to
give said user a valid shell. I can verify that the shell does not
affect whether this problem occurs or not, and I have determined that
the SSH process is not left lying around after it executes- The remote
command is run, ssh executes, PHP simply never comes back.
Bug link is here: http://bugs.php.net/bug.php?id=22946
At this point I'd love to hear from anyone running a different version
of PHP, OS, or Apache who can actually execute this to find out if they
experience results which are the same or different.
--Ross
Jamie Alessio wrote:
There is no output to stderr or stdout from the script being executed.
All I care about are the side-effects of running this remote program.
If something fails, a numeric error-code will be returned.
Ross,
Since you don't care about the output from the program can you start the
process in the background so that PHP won't wait on it?
system("ssh [EMAIL PROTECTED] mycommand &");
and based on the notes at From http://us4.php.net/system you might need
something like:
system("ssh [EMAIL PROTECTED] mycommand > /dev/null 2>&1 &");
I think this gives up your ability to check on whether the script was
command actually ran successfully though which might not be acceptable
for your situation.
Some more random ideas...
- Could ssh possibly be relying on some environment variables to behave
properly that are available on the command line that aren't available
when running system() via the web server? I'm assuming you "become the
webserver" by doing something like "sudo apache" or "sudo nobody" in
which case you'd have environment variables lying around that won't
exist for the apache process. A quick look at "man ssh" lists a bunch of
environment variables it uses/sets, but none of them look like obvious
culprits.
> I actually located a bug filed for this in early 2003 reguarding this
> happening on SuSE 8.1 with PHP 4.3.1, but the developers dropped it
> because there was no feedback from the user.
>
URL to the bug report?
--
Jamie
I have tried this using: system(), shell_exec() - same as backtick
operator, and popen(). I have tried this using an external shell
script which calls the ssh executable. All methods get the same
results. The program on the remote host is successfully executed, but
PHP never comes back if it is operating under the web server. Also
note that I became the same user that the web server runs as to
execute the script under the PHP CLI.
I actually located a bug filed for this in early 2003 reguarding this
happening on SuSE 8.1 with PHP 4.3.1, but the developers dropped it
because there was no feedback from the user.
My worry is that there's also another bug reguarding executing SSH
that the developers closed as bogus claiming it was an SSH problem,
and pointing to an FAQ on the openssh site saying that SSH can hang
due to not knowing if there's further output coming from the program.
I'm hoping that this isn't their answer to my problem, because I can
demonstrate that it all works when PHP runs in CLI mode.
--Ross
Jamie Alessio wrote:
I'm attempting to execute some things on remote servers using ssh,
using a strictly limited account created for this express purpose. I
set up passwordless key authentication from the user the web server
runs as to the limited account on the remote server. I wrote some
PHP code which calls:
system("ssh [EMAIL PROTECTED] mycommand", $result)
If I become the web-server user and run this via php from the
command-line, everything works. The commands are executed remotely,
and the expected HTML comes to standard-out.
If I run this through apache, I can verify that the authentication
happens successfully, and the commands are run, but output to the
browser hangs. No errors, nothing. I have attempted using
shell_exec, and popen as well- both exhibit the same problems. I can
run commands other than ssh without difficulty.
This is happening on suse linux 9.1, PHP 4.3.4. Any clues as to what
may be happening?
>
Ross,
A couple of ideas:
- Here's your code: "system("ssh [EMAIL PROTECTED] mycommand", $result)"
You do realize that $result only contains the return code of the
system call and not the actual output from the program called via
system(), right?
- Do you have any sort of output buffering in the script?
- Have you tried using passthru() or backticks[1] instead of
system()? Same results?
- Is it possible the ssh command on the remote host is sending the
output to STDERR instead of STDOUT? I'm not sure that this makes
sense since you say it is workin
Re: [PHP] Re: PHP hangs when exec'ing SSH
Richard,
I'm really not sure what you're asking here. I've created a limited
access user account on a remote host so that I can kick off some things
on the remote host by hitting a web page. Access to the web page is
protected via SSL and user authentication. The things which are
executed on the remote host are special purpose programs I am building,
not general commands, and no place does the web page provide a user
direct control over what programs are run.
"su" was only used by me from the command-line to become the same user
the web-server runs under in order that I would get the same
public/private key authentication under SSH as I do when the script runs
as a web page. It is not involved in what the php code runs. Take a
look at the bug report to see a completely reduced test-case which
reproduces the problem I'm seeing.
--Ross
Richard Lynch wrote:
I actually do care about the return code from the program, as well as
knowing that the program executed and completed successfully, so
background execution is not a valid option.
I tried using system("ssh [EMAIL PROTECTED] mycommand > /dev/null 2>&1") and got
the same results.
You are correct that I am using "su" to become the same user that the
web server runs under, after temporarily changing the password file to
give said user a valid shell. I can verify that the shell does not
affect whether this problem occurs or not, and I have determined that
the SSH process is not left lying around after it executes- The remote
command is run, ssh executes, PHP simply never comes back.
Bug link is here: http://bugs.php.net/bug.php?id=22946
At this point I'd love to hear from anyone running a different version
of PHP, OS, or Apache who can actually execute this to find out if they
experience results which are the same or different.
I believe 'su' requires an actual TTY connection or it aborts...
Could be wrong.
"man su"
Why are you doing ssh anyway?
scp, maybe, but...
Sure you're not taking web-based user into and then doing SSH to execute
it on a different server?... [shudder]
Re: [PHP] Re: PHP hangs when exec'ing SSH
Incorrect. Setup now: Server A: Authenticates User SSL -> runs PHP -> runs SSH [EMAIL PROTECTED] Server B: Authenticates user SSH -> runs command "su" is not involved, and has not been involved- I stated in my original post, and in my last reply to you that it was only used in order for me to become the same user the web server runs as, to test the PHP script from the command line. Server B is not running a web server, and does not have an SSL certificate. Why would I add needless complexity and extra software and services? There's no output (besides the numeric return code) from SSH which I care about- there shouldnt be anything coming back via stdout or stderr. If there is, I'm happy to discard it. This SHOULD be a dead-nuts-simple case of exec the command and wait for it to return. --Ross Richard Lynch wrote: I'm really not sure what you're asking here. I've created a limited access user account on a remote host so that I can kick off some things on the remote host by hitting a web page. Access to the web page is protected via SSL and user authentication. The things which are executed on the remote host are special purpose programs I am building, not general commands, and no place does the web page provide a user direct control over what programs are run. Your setup now: Server A: Authenticates User SSL -> runs PHP -> runs su -> runs SSH to Server B Server B: Authenticates User SSH -> runs command My sugggested solution: Server A: Authenticates User SSL -> runs cURL -> Server B Server B: Authenticates User SSL -> runs PHP -> runs command IE: *MOVE* your PHP script that runs the command to Server B. Use SSL on both A and B Use cURL from A to B to authenticate. B runs PHP which runs command. You've taken out all the su and SSH stuff between A and B with no real loss of Security. You already know how to do everything in my suggested solution, except maybe cURL, which would take you an hour to figure out, max. I guarantee you that if you do this, you'll have a lot less headaches, now and in the future, and a lot cleaner/clearer code-base. Maybe having the PHP script on Server B is impossible. That's the only reason *not* to do it this way.
Re: [PHP] Re: PHP hangs when exec'ing SSH
I think you're probably right. My gut is telling me that this has to do with tty funkiness. I tried the batchmode option, but it didn't affect the problem. My bet is that ssh is mucking around with ttys, and PHP is loosing it's connection through apache. The php processing may actually be completing, it's just no longer sending it's output through apache, and apache hasn't figured that out, so apache is standing around waiting for PHP to complete. I'm hoping that the PHP devs may get around to this as a bug and decide it can be fixed- maybe by resetting the tty after returning from a system or whatever. --Ross Rasmus Lerdorf wrote: Ross Becker wrote: There's no output (besides the numeric return code) from SSH which I care about- there shouldnt be anything coming back via stdout or stderr. If there is, I'm happy to discard it. This SHOULD be a dead-nuts-simple case of exec the command and wait for it to return. And if ssh didn't require a controlling tty in interactive mode, you'd be right. But unfortunately it does and you aren't. You could try playing with the batch mode option. I am not sure if that disables the tty requirement or if it simply suppresses prompts. Regardless, this has nothing to do with PHP's exec stuff. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: PHP hangs when exec'ing SSH
Ah. Well, then my bug report is probably of no matter. Even looking further into SSH's options, there's something for controlling the TTY allocated for SSH, but it only controls what TTY SSH allocates, there is no means for turning tty allocation off completely. I was still holding out some hope that this was my system configuration, and not something fundamental in how PHP or worse- SSH acted. Ross Rasmus Lerdorf wrote: Ross Becker wrote: I think you're probably right. My gut is telling me that this has to do with tty funkiness. I tried the batchmode option, but it didn't affect the problem. My bet is that ssh is mucking around with ttys, and PHP is loosing it's connection through apache. The php processing may actually be completing, it's just no longer sending it's output through apache, and apache hasn't figured that out, so apache is standing around waiting for PHP to complete. I'm hoping that the PHP devs may get around to this as a bug and decide it can be fixed- maybe by resetting the tty after returning from a system or whatever. I am actually a PHP dev, believe it or not. Exactly which tty is it you are suggesting we reset? There is no tty here. You can't run interactive things that require a controlling tty from something which doesn't have one without some really nasty tricks. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
