如何在 PHP 中安全地维护持久的 SSH 连接? [英] How to securely maintain a persistent SSH connection in PHP?
问题描述
我目前正在研究使用主从模型的 VPS 面板.一台主服务器运行PHP编写的面板,通过SSH管理多台从服务器.从服务器通过有限的帐户访问,该帐户可以对特定的服务器管理相关命令进行 sudo,并且所有交互都记录在帐户本身无权访问的目录中.
I am currently working on a VPS panel that uses a master-slave model. One master server runs a panel written in PHP, and manages multiple slave servers via SSH. The slave servers are accessed via a limited account, that can sudo to specific server administration-related commands, and all interaction is logged in a directory that the account itself does not have access to.
我目前使用的是 PHP-SSH2,但这种方法有一些问题:
I am currently using PHP-SSH2, but this approach has a few problems:
- 退出代码无法可靠地返回,因此所有命令都必须在包装脚本中执行,该脚本将 stdout、stderr 和退出代码打包成一个 JSON 对象并通过 stdout 返回.此脚本必须存在于每个从属服务器上.
- PHP-SSH2 库不知道自定义连接超时"的概念,这意味着在尝试使用 PHP-SSH2 连接之前,我必须使用 fsockopen 探测服务器 - 如果我不这样做,无法访问的服务器可能会延迟页面加载一分钟或更长时间.由于下一个问题,情况更糟.
- 持久连接是不可能的.这会导致面板中的页面加载时间非常荒谬,尤其是与之前的超时问题相结合.
现在,我主要尝试解决最后一个问题.
Right now, I'm trying to solve the last problem primarily.
我遇到了几种可能的解决方案,但它们都存在某种问题:
There are several possible solutions I have run across, but all of them have an issue of some sort:
- 使用 PHPSecLib,一种纯 PHP SSH 实现,并用 pfsockopen 调用替换所有 fsockopen 调用.这将使连接持久,但它比我想要的更黑客,而且 PHP 中持久套接字的安全影响尚不清楚.
- 设置从主服务器到每个从服务器的持久 SSH 隧道,并在每个从服务器上运行一个简单的守护进程(绑定到本地主机),运行它被告知的任何内容.这是一个问题,原因有二.首先,它引入了对从服务器上的守护程序的需求,这是我宁愿避免的.第二个问题是,如果有人要破坏从服务器上的有限帐户,他们仍然可以通过连接到命令守护进程"来运行某些系统命令,即使他们无法从自己的 shell 访问这些命令.这是一个问题.
- 在主服务器上运行守护程序,代表面板管理与从服务器的持久 SSH 连接.这将涉及用 Python 编写 SSH 客户端(这是我熟悉的唯一合适的语言),并且可能归结为使用 paramiko.由于 paramiko 的文档很差,这不是一个非常有吸引力的选择,甚至可能导致安全问题,因为我并不完全清楚应该如何在 paramiko 中使用这些东西.立>
- Using PHPSecLib, a pure PHP SSH implementation, and replacing all fsockopen calls with pfsockopen calls. This will make the connections persistent, but it's hackier than I'd like and the security implications of persistent sockets in PHP are unclear.
- Setting up a persistent SSH tunnel from the master server to each slave server, and running a simple daemon (bound to localhost) on each slave server that runs whatever it's told to. This is a problem for two reasons. First off it introduces the need for a daemon on the slave servers, which is something I'd rather avoid. The second issue is that if someone were to compromise a limited account on a slave server, they could still run certain system commands simply by connecting to the "command daemon", even if they would not have access to those commands from their own shell. This is a problem.
- Running a daemon on the master server that manages persistent SSH connections to slave servers on behalf of the panel. This would involve writing an SSH client in Python (this is the only suitable language I am familiar with), and would probably come down to using paramiko. Since the documentation of paramiko is poor, this isn't a very attractive option and may even cause security issues because it isn't entirely clear to me how things are supposed to be used in paramiko.
以下不是一个选项:
- 为面板本身切换到不同的语言.我正在用 PHP 编写面板,因为这是我最熟悉的语言,而且我知道我可能遇到的怪癖和潜在问题.用我不熟悉的语言编写这样一个重要的面向公众的项目是个坏主意.
- 将 Twisted 用于第三个可能的解决方案".Twisted 是一个非常大且复杂的依赖项,而且文档似乎比 paramiko 的文档还要糟糕.
- 在从属服务器上运行 HTTPd 或其他非 SSH 面向公众的守护进程.
在实践中,当必须联系多个服务器进行页面加载时,我看到页面加载时间有时超过一分钟.这对于 VPS 面板来说显然是不可接受的.
In practice, I am seeing pageload times of sometimes over a minute when multiple servers have to be contacted for a pageload. This is obviously not acceptable for a VPS panel.
我的目标是采用某种实现方式来避免使用 PHP-SSH2 时引入的连接开销.以安全的方式做到这一点的最佳方法是什么,同时对从属服务器引入最少的依赖?
My goal is to have some kind of implementation that avoids the connection overhead that is introduced when using PHP-SSH2. What would be the best way to do this, in a secure manner, while introducing a minimal amount of dependencies on the slave servers?
推荐答案
您可以使用 autossh,并使用 autossh 创建反向(portforward)隧道.然后让您的 php 应用程序与那些反向 ssh 端口进行通信.如果 ssh 连接失败,autossh 将继续尝试重新创建连接.您的 php 应用将无法连接到反向隧道,甚至不会超时.
You could use autossh, and create reverse (portforward) tunnels with autossh. Then let your php application talk against those reverse ssh ports. If the ssh connection fails, autossh will keep trying to recreate the connection. Your php app will fail to connect to the reverse tunnel and not even timeout.
这篇关于如何在 PHP 中安全地维护持久的 SSH 连接?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
