Interacting with multiple servers over SSH in PHP

Question

I'm currently writing a deployment framework in PHP. The framework connects to servers and executes commands over SSH. I've been looking for quite a while trying to find a way in PHP to do this better. Here are the requirements. The technique should be able to:

1. Enter the SSH password programmatically. I know that using SSH keys is the way to go when you want password-less SSH logons, but remember, this is a deployment framework. It could potentially be deploying to 25 servers at a time. It doesn't seem right to require the user to have set up SSH keys to use the framework, and who wants to enter their password 25 times? I'm using Capistrano as a model here - it asks for your password once, then uses it to establish the SSH connections without re-prompting the user. I'm not suggesting the passwords be stored in the deploy script, just (silently) entered once and used until the deploy tasks are finished.

2. Send output to the PHP script. I would like to be able to intercept the terminal output from each of the SSH sessions independently, modify it, then send it back to the terminal for the user to see. This way, I can prepend the name of the server onto each line of output to show what's going on.

3. Provide write (as well as read) access to the terminal. It's important that the user (or the script) be able to enter other information into the terminal besides just the SSH password.

4. Support SSH v2.

Currently, my framework "compiles" the commands from the deploy script into one giant string and executes them by using the SSH command. Each final deploy command looks something like this:

ssh -t -t -p 12345 user@server.com 'command1; command2;'

Each of these SSH commands is executed via PHP's built-in passthru function:

<?php passthru("ssh -t -t -p 12345 user@server.com 'command1; command2;'"); ?>

I have tried using proc_open and nearly all of PHP's other command-executing functions to no avail - none of them provide all the functionality I've listed above. In addition, I've tried several pure PHP SSH implementations, also to no avail. The libraries either don't supply write access to the terminal or don't support SSH v2.

Any help on this would be greatly appreciated - thanks in advance!

Answer 1

Do you consider the following to be an example of write access to the terminal?:

ssh -t -t -p 12345 user@server.com 'command1; command2;'

If so then you can do that with phpseclib's pure PHP SSH implementation. eg.

$ssh = new Net_SSH2(...);
$ssh->login(..., ...);
$ssh->exec('command1; command2;');

If not then (1) I'd say you'd be better off using phpseclib than you are with you're current implementation and (2) if you want what the phpseclib author has referred to as "interactive" support maybe you could try contacting the author? Maybe offer to pay him some money to incentivize him to develop the feature. Looking at the support forums the author seems responsive enough.

Answer 2

I'm not sure php is the right tool here. Why not use something that is closer to the shell environment, like a bash script?

The only reason I can imagine you want to use PHP is so you can start the process by clicking a link on a page somewhere, and thereby punch a large hole in whatever security your system supposedly has. But if you really must, then it is still easier to write a script in a more shell friendly language and simply use php as a gateway to invoke the script.

Answer 3

You can make SSH connection with a PECL extension in PHP. http://php.net/manual/en/book.ssh2.php

$connection = ssh2_connect('server.com', 22);
ssh2_auth_password($connection, 'username', 'password');
$stream1 = ssh2_exec($connection, $command1);
$stream2 = ssh2_exec($connection, $command2);

You can also create a ssh interactive shell with ssh2_shell() if you need to more advanced things.