Hi!
I am starting a new web project,
Basically what I want to do is have php (on its own webserver) connect through SSH and run a command in its own screen on another machine. What I want be able to do, it click a button which will run a command in its own screen, then will print an active console out of that screen on the webpage.
Can anyone point me in the right direction? If that all makes sense? (Probably doesn't)
Cheers!
Take a gander into making a web service (using SOAP or REST)
Edit: To elaborate a bit more.
PHP is down right dangerous to make it commit anything down on to the command line. Just because if you're not careful it can be manipulated. Which if it has unrestricted access to the command line could cause havok. (Plus you can not variable type check, which can cause issues)
The reason I mention web services is because you can setup defined functions on the server side and then just pass it variables that may change.
For example: You could have a function called "processorLoad" that you can call but on the server side would actually commit the command "cat /proc/loadavg". Which would then return load averages.
This does mean that you would need to define each and every command you may want to run, however it is far more secure as if the command isn't defined, it can not be run.
Alternatively, you could input full commands on the PHP side but with an authentication field of some description. (Just so the service side knows that is genuine (but then you could potentially have some guess this auth))
Alternative to a web service, take a gander at noVNC. Which is a VNC client programmed in HTML5 and would allow you to connect to a remote VNC session on the server.
Ahh, I don't really understand what soap or reset is going to do. From what I've read, I setup predefined commands on the server itself and then I can call those commands from the website.
So the second option would be the way to go. I am making a game control panel, so the commands need to be flexible. For example a user wants to change which jar file is run for a modded minecart server, so there's text box that contains the default command (Java Minecraft_seever.jar).
So, how secure would this be then; you add a server, so IP, SSH port, user, pass, then with that it'll store it in a MySQL database securely. Then when you click on start it would look at the command that was in the text box earlier (probably storeind the database) then send that command to the Linux Server.
If the webserver is on a private network you could just use passwordless ssh via keygen. Then maybe do something like ssh myserver "screen -d -m doSomething".
That's pretty klugey though and I couldn't recommend it.
I assume you're using screen for essentially process management purposes. Why not switch over to supervisord or something like it? You can just write signal handlers for individual processes. Or just do this whole thing over sockets.
Hmm,
I'm not 100% sure how I want to do this.
Basically I just want to SSH (through PHP) to a server, run a command, and then be able to view the output of that console (live) on the webpage.
The only reason I suggested screen, was because other game server control panels used it.
What advantages does supervisord have over screen, for what I am using it for.
Anyway... to actually respond.
Actually, a web service sounds like EXACTLY what you need.
The problem with unrestricted access is the fact that anything can be executed. For instance if the server being used is running multiple game clients, then you do not want the whole server going down because someone thought it would be funny to do " rm -rf /* ".
Web services are a two way conversation that enable a lot of control. Say someone uploads a new jar file for a minecraft server, you can get the PHP side to dynamically adjust a drop down list of jar files available as it could ask the web service to return a list of jar files available.
For instance with a minecraft server, on the web server you could have a "select server" drop down and a "start" button.
The user would be able to chose the jar they wish to run (vanilla,craftbukkit,spigot etc) and then hit start. On the server side it would have the command "java -Xms1G -Xmx1G -jar $input" ready to go and would just drop in the name of the jar file before executing.
If you are specifically targeting minecraft server control, there is a RCON available that can be used to input commands into a running minecraft server.
Anyway as to actually answer the question, have you considered http://www.web-console.org . As it is open source you can take a gander through how they've done it or just implement it.
Ahh, this is exactly what I wanted.
@zanginator you're absolutely correct, I was thinking of that but had no idea how to implement it, but you have just make it all clear.
So I can still use these functions http://php.net/manual/en/ref.ssh2.php but I can just code it in such a way that people can't run there own commands like rm -rf * hahah.
@B1gbadwo1f this is also a very good idea, and I can still use 'web services' like everyone has said to do. But I can just pass variables to the interpreter script, which then will go and SSH to a game server. However the only issue I can see just off the top of my head, is that we've got here is that can you php_exec on just any old webserver such as one that Go Daddy would provide?
Lastly which would be more secure and the fastest, using the PHP SSH library, or using php_exec to run a .ah script that would take variables and then SSH into another box.
As someone with some experience with PHP, I would say, that you are looking at this completely wrong.
If you want to remotely manage a server, then you should create services, that can be managed (either by webserver's user directly or using suEXEC) by executing commands. Instead of attempting some harebrained scheme to create remote terminal.
Please, just stop.
the second-best suggestion so far was
Yeah, that is what we're currently doing.
@teresko But, just out of curiosity, how would you go about things? Remembering that, the web server is not the same machine as the game server machine and that they are running on two seperate systems.
Will post update later on if anyone is interested.
It's handles process management in a much more sophisticated manner. For example if something crashes, you can set it up to instantly restart the proc - things like that. Actually sounds exactly like what you're looking for.