如何使用 PHP 设置交互式 SSH 会话? [英] How can I use PHP to setup an interactive SSH session?

问题描述

我正在尝试通过 Mac OS X 10.6 上的命令行使用 PHP 建立到远程服务器的交互式 SSH 连接.我目前正在使用 PHP 的 proc_open 函数来执行以下命令:

I'm trying to establish an interactive SSH connection to a remote server using PHP via the command line on Mac OS X 10.6. I'm currently using PHP's proc_open function to execute the following command:

ssh -t -t -p 22 user@server.com

这几乎有效.-t -t 选项应该强制一个伪终端，它们几乎可以做到.我可以输入 SSH 密码并按回车键.然而，按下回车后，终端似乎只是挂起.没有输出，什么也没有——就好像 SSH 会话失败了.我无法运行命令或任何东西，必须使用 Ctrl+C 杀死整个过程.我知道登录成功，因为我可以执行像 ssh -t -t -p 22 user@server.com "ls -la" 这样的命令并获得正确的输出.

This almost works. The -t -t options are supposed to force a pseudo terminal which they almost do. I am able to enter the SSH password and press enter. However, after pressing enter the terminal appears to simply hang. No output, no nothing - it's as if the SSH session has failed. I can't run commands or anything and have to kill the whole thing using Ctrl+C. I know the login is successful because I can execute a command like ssh -t -t -p 22 user@server.com "ls -la" and get the correct output.

我认为问题一定与我在 proc_open 调用中使用标准管道有关，因此我将它们替换为 pty.我收到以下错误:此系统不支持 pty 伪终端..."

I thought the problem must be related to the fact that I was using standard pipes in my proc_open call, so I replaced them with pty. I get the following error: "pty pseudo terminal not supported on this system..."

Mac OS X 是否根本不支持 pty 或伪终端?(我对使用所有这些 shell 术语还很陌生).

Does Mac OS X simply not support pty or pseudo terminals? (I'm pretty new at using all this shell terminology).

这是 PHP 代码:

$descriptorspec = array(0 => array("pty"), 1 => array("pty"), 2 => array("pty"));  
$cwd = getcwd();  
$process = proc_open('ssh -t -t -p 22 user@server.com', $descriptorspec, $pipes, $cwd);  
if (is_resource($process))  
{  
    while (true)  
    {  
        echo(stream_get_contents($pipes[1]));  
        $status = proc_get_status($process);  
        if (! $status["running"])  
            break;  
    }  
} 

(对不起 - 我一生都无法弄清楚 SO 的格式说明...)

(Sorry - cannot for the life of me figure out SO's formatting instructions...)

我做错了什么?为什么我不能使用 pty?这在 Mac OS X 上是不可能的吗?感谢您的帮助！

What am I doing wrong? Why can't I use pty? Is this just impossible on Mac OS X? Thanks for your help!

推荐答案

您应该使用公钥身份验证，而不是尝试以编程方式绕过交互式密码身份验证.

You should use public key authentication rather than trying to programmatically bypass interactive password authentication.

密码提示应该从 tty 中使用，我相信它是故意难以使用的.此外，-t -t 参数仅在您连接到远程主机后才生效.而且我不相信 PHP 函数 proc_open() 可以在虚拟终端内运行命令.

The password prompt is supposed to be used from a tty and I believe it was made intentionally difficult to use otherwise. Also the -t -t argument only takes effect once you are connected to the remote host. And I don't believe the PHP function proc_open() can run a command inside a virtual terminal.

设置公钥认证:

# Generate keypair
ssh-keygen -t rsa

# Copy public key to server
scp ~/.ssh/id_rsa.pub example.com:.ssh/authorized_keys

# Now you shouldn't be prompted for a password when connecting to example.com
# from this host and user account.
ssh example.com

# Since the web server (and thus PHP) probably has its own user account...
# Copy the ~/.ssh/id_rsa file somewhere else
cp ~/.ssh/id_rsa /some_path/id_rsa

# Change ownership of the file to the web server account
chown www-data:www-data /some_path/id_rsa

# Fix the file permissions (ssh ignore the keyfile if it is world readable)
chown 600 /some_path/id_rsa

# Try connecting to the server through the web server account
su -c "ssh -i /some_path/id_rsa -o UserKnownHostsFile=/some_path/known_hosts example.com" www-data

# Add the host to the known hosts file when prompted

或者，您可以使用 plink(Linux 版 PuTTY 的一部分)代替 OpenSSH，因为它可以在命令行 plink -pw password example.com 上获取密码.但这样做会带来安全风险，因为任何在服务器上运行 ps aux 的人都可以在进程列表中看到密码.

Alternately, you could use plink (part of PuTTY for Linux) instead of OpenSSH as it can take the password on the command line plink -pw password example.com. But doing so presents a security risk as anyone who runs ps aux on the server can see the password in the process list.

还有一个名为 sshpass 的程序，它从环境变量或命令参数中获取密码并将其传递给 ssh.

There is also a program called sshpass that takes the password from an environment variable or command argument and passes it to ssh.

这篇关于如何使用 PHP 设置交互式 SSH 会话?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！