Re: Problem with Apache and SSH: Help needed!

Not a lot of information to go on, but I'll give it a shot anyway.

My guess is that the account that the cgi script runs as is different than the account you are using on the command line, and is not authorized to connect to the remote hosts.

Another possible problem is if you are using the ssh-agent for authentication, as the cgi script will not pick up the required environment variables.

Also, if you are using ssh to access new hosts, it will need a tty to ask for confirmation about new host keys. This could be combined with the first problem. If the web server account has never used ssh to access the other hosts, the first time it accesses each host it will need a tty to ask for confirmation about the host key, even if you have successfully used ssh from another account (including root) on the same server to access the other host.

Comment on Re: Problem with Apache and SSH: Help needed!

Replies are listed 'Best First'.
Re: Re: Problem with Apache and SSH: Help needed! by Anonymous Monk on Apr 08, 2002 at 09:15 UTC
Hi, Sorry if I didn't give too much information. I guess being my first time here, I didn't want to post a very long message. Anyway, you are right in that, it might be a problem of permissions. However, I set my directory permissions to 777. I still feel it is just a matter of permissions. I have the executable that I want to run sitting in /home/<user>/Scatter/bin and the permissions are 777 on this. For starters, any idea how apache/httpd runs or executes other scripts? I tried running "system("ls")" from the script and it gave me the results. However, when I tried system("ssh <machine name> pwd") the bally thing just hung! I have ssh set up so that I can ssh from the head to the nodes without using the passwords (basically I generated the keys using keygen and then copied them onto the authorization keys). Also, when I checked the error logs, it just gave an "Aborted by User" error. Hope I have been a little clearer with the problem.	[reply]
Re: Re: Re: Problem with Apache and SSH: Help needed! by tachyon (Chancellor) on Apr 08, 2002 at 09:41 UTC
Have a look at perlman:perlfunc on what system() actually does ie a fork() exec(). The script probably hangs because ssh is waiting for user input. Try executing via backtics and printing the output from ssh. print `ssh [blah]`; [download] cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply] [d/l]
Re: Re: Re: Problem with Apache and SSH: Help needed! by jeffenstein (Hermit) on Apr 08, 2002 at 09:59 UTC
For starters, any idea how apache/httpd runs or executes other scripts? You'll need to look at the http.conf to see what the username and group name are for the web server. `ps -ef` or `ps -aux` should also shed some light on the subject. Once you have this information, then you can su to this user and try `ssh <somehost> pwd` to see what it says, as this is closer to how the perl script would run it under cgi. It would actually run as this user without a tty, but that is harder to simulate. If you've generated keys as your userid, you may need to use `ssh user@host` to ssh to a different account. man ssh would have information on how to do this. Most likely, you'll also need to copy the private keys to the web server account. Last, mode 777 is evil!. The directories/scripts should be mode 755, as write permission is not needed to run the scripts. Leaving them mode 777 allows anybody with access to that box to change your scripts and files (either maliciously or accidentally). And, of course, read all the documentation you can find on apache and ssh. Hope this helps you on your way.	[reply] [d/l] [select]