2

This is my first shot at trying out cgi-perl scripts. I have SSH keys set up between my (root user) local machine and a remote machine. I'm trying to run a command on the remote box and display the output on a webpage hosted from my local machine. The script runs fine from command line however, it throws SSH key error when called from the webpage because the user running the script is apache and not root. Is there a way to get around this issue?

Felix Kling
  • 795,719
  • 175
  • 1,089
  • 1,143
AV.
  • 21
  • 2
  • Create SSH keys for user apache? – Felix Kling May 24 '10 at 18:35
  • The user that logs in to the remote box would need sudo permissions to get the status. I do not think the admins would appreciate too many accounts to have that access. – AV. May 24 '10 at 18:39
  • @AV: But creating a SSH key pair for root is not a good idea either. Especially if this should be used for an automated web process. – Felix Kling May 24 '10 at 18:40
  • But apart from creating the ssh keys for apache, is there any other option? At least for the purposes of learning :) – AV. May 24 '10 at 18:43

1 Answers1

3

If you not already have a restricted account, create one, create the SSH keys and add the commands that the user should be allowed to execute via sudo to the /etc/sudoers file (e.g. via visudo, more about sudoers). This is the safest approach imho.
You can even restrict the user in such a way, that he can only execute these commands. For

I don't know about Perl, but normal you can specify which user should be logged in via SSH:

ssh user@host

Update:

Are you using the Net::SSH::Perl module? If so, just set the user accordingly:

my $host = "perlhowto.com";
my $user = "user";
my $password = "password";

#-- set up a new connection
my $ssh = Net::SSH::Perl->new($host);
#-- authenticate
$ssh->login($user, $pass);

(I just copied and pasted this code from perlhowto.com)

Felix Kling
  • 795,719
  • 175
  • 1,089
  • 1,143
  • ok. I just would need to then talk to the admin of the remote host to get that access set up. But is there a way I can make the script run as root when called from the webpage? – AV. May 24 '10 at 18:46
  • 1
    @AV: As I said, normally you can specify which user should be logged in via SSH: `user@host` which would be `root@host` in your case. But it can also be that you are not allowed to ssh as root. – Felix Kling May 24 '10 at 18:48
  • Actually, the root user on the local machine connects as "dummy@remote" and the dummy user has been granted the permissions to fetch the status. Yes I will try to follow the route of getting apache's ssh keys linked to the dummy user. – AV. May 24 '10 at 18:51