Open JonTheNiceGuy opened 10 years ago
Looked through the source code of phpseclib (I use it for the SSH connections) and this should be fairly easy to implement. Might be able to push that this weekend as well.
I've got some free time tonight, I'll cobble something together if I can :)
Okay, I have class tonight after work, but if you need help let me know. Looks like it should be somewhat easy to change:
$ssh = new Net_SSH2('localhost');
to
$ssh = new Net_SSH2('localhost', $ssh_port);
Just need to have the user change the port in the install.php file.
Then need to write that the settings.conf file: file_put_contents("settings.conf", "ssh_port:" . $ssh_port.PHP_EOL);
Then read that file as needed.
The only issue is that I was having issues functionalizing the SSH session establishment routine, so you may need to look at that as well, as pretty much every time I need to do anything via SSH I have to set up the session again, in case it timed out. If that can't be solved will need to change a lot of instances of code.
I'm working on that part (hence why I didn't push anything back last night!) - I've nearly got a class we can use once, and then re-use everywhere else you've got a Net_SSH2 connection. It'll also support privilege escalation using sudo (in case you don't permit root to log in) or possibly su. Not exactly sure though!
I think I tried supporting sudo and su before and ran into an issue. When setting up the certificates, running "source vars" was not working if you were running the commands using sudo. I tried su and still had problems if I remember correctly. If you get that working it would be amazing though.
I think the key to it is to su or sudo into root (like this: sudo su -
or su -
) and then perform your actions. I'll check and see :)
OK, I have a working shell class, including priv escalation. I'm just embedding that into the various functions which require it.
I'm kinda moving some code around a bit (using template html files, rather than having html live in the php) but I'll have something out soon!
This is massively spiralling out of this one issue! Sorry!! I've got a branch on my fork (Issue2) where I've started moving stuff around a bit. You'll notice I've got a shell class which covers starting a session, then escalating privilege as required. The setup.php is the new code I'm writing to make it a little cleaner. I hope it's useful to you!
I'm still working on this though! I hope you can see where I'm going with it?
Right, let's do this properly. So, in that fork I mentioned, I've got a single file: https://github.com/JonTheNiceGuy/OpenVPN-PHP-Management-Gui/blob/Issue2/website/libraries/shell.php
This can be used instead of the phpseclib connect request, and will connect and perform your sudo or su command to become root.
If you want to also use or draw parts from the session replacement I wrote (https://github.com/JonTheNiceGuy/OpenVPN-PHP-Management-Gui/blob/Issue2/website/libraries/session.php) then this inserts the session variables into the shell.php, which you can then start once with shell::connect(), as you'll see in the setup file I'm writing. https://github.com/JonTheNiceGuy/OpenVPN-PHP-Management-Gui/blob/Issue2/setup.php#L62
I have my SSH port off 22, to prevent brute-force attacks.
The install script currently does not permit me to change the ssh port.