Re: Net::OpenSSH - connection from out a CGI script fails

Doesn't suexec U2 imply it runs under user U2? Then you should create a writeable HOME_of_U2/.ssh and do not disable detection of changed host key. And rather than saving USER and PASS in your script or whatever random file it reads: why not exchange the keys for U2 with ZFS_HOST for one time? It would work like this:

su - U2
ssh-keygen -t dsa  # creates .ssh/...
cat .ssh/id_dsa.pub | ssh ZFS_HOST 'cat>>.ssh/authorized_keys' # accep
+t remote key; enter pw once
[download]

(Although either way it sounds scary to muck with remote filesystems from a web UI...)

Comment on Re: Net::OpenSSH - connection from out a CGI script fails Download Code

Replies are listed 'Best First'.
Re^2: Net::OpenSSH - connection from out a CGI script fails by logicalheart (Initiate) on Feb 13, 2014 at 19:17 UTC
There are two things you need: 1. .ssh/known_hosts in the apache home (and .ssh directory writeable by Apache 2. .libnet-openssh-perl directory in the apache home (writeable by Apache. For example, my Apache user is "apache" with a home directory of /var/www I have /var/www/.ssh owned by apache, and /var/www/.libnet-openssh-perl owned by apache I ssh to devices using my own account, then copy my known_hosts file to /var/www/.ssh/known_hosts	[reply]

Replies are listed 'Best First'.

Re^2: Net::OpenSSH - connection from out a CGI script fails
by logicalheart (Initiate) on Feb 13, 2014 at 19:17 UTC

[reply]