3

I use a command like this on my Mac to scp to my remote server (in a .sh file—it must be done automatically). 

scp -i my_key.pem index.html ubuntu@<ip>:~/public/index.html;

Now I have to do the same thing from a Windows machine and figured I would just write it in php instead of using bash so that the code is the same on Windows and Mac (our app runs a local server too that already uses php scripts, it's complicated). I've looked at a few examples but can't find my exact solution. Also, to be honest I don't know much about private/public keys and I want to be careful.

I've got something like this. I don't know what to do for the key.

$hostname = '21.232.foo.bar'; 
$sourceFile = 'index.html';
$targetFile = '~/public/indexx.html';

// SSH Key File — I'm guessing this should be private, not public
    private $ssh_auth_priv = '~/.ec2/my_key.pem'; 

$connection = ssh2_connect($hostname, 22);

ssh2_scp_send($connection, $sourceFile, $targetFile, 0777);

Also, if I'm trying to do something stupid and there is a much easier way, please let me know. Thanks for your help.

~~ UPDATE

My code now looks as follows and I'm getting an error Warning: ssh2_scp_send(): Failure creating remote file: failed to send file

<html>
 <head>
  <title>PHP Test</title>
 </head>
 <body>
 <?php 

$hostname = '13.124.foo.bar'; 
$sourceFile = 'foo.txt';
$targetFile = '~/public2/foo.txt';

$connection = ssh2_connect($hostname, 22);

ssh2_auth_pubkey_file(
    $connection,
    'ubuntu',
    '~/.ec2/id_rsa.pub',
    '~/.ec2/bh.pem'
);


ssh2_scp_send($connection, $sourceFile, $targetFile, 0644);



 ?> 
 </body>
</html>

That's being hosted on my localhost:8000

Steven2163712
  • 169
  • 2
  • 12

1 Answers1

0

The general format will be

1   <?php
2   $conn = ssh2_connect('example.com', 22);
3   ssh2_auth_pubkey_file(
4       $conn,
5       'username',
6       '/home/username/.ssh/id_rsa.pub',
7       '/home/username/.ssh/id_rsa'
8   );
9   ......

Use ssh2_scp_send($conn, '/local/filename', '/remote/filename', 0644); to send the file where 0644 are file permissions.

Check out http://www.patcup.com/php-ssh-authentication-using-a-public-key/ if you want to continue using ssh2 for this type of thing, but it's recommended you use https://github.com/phpseclib/phpseclib.

Z. Bagley
  • 8,942
  • 1
  • 40
  • 52
  • Ty. Why is it recommended to use phpseclib? The code you wrote seems much easier, as I don't have to install another library. Also, I read that no one is working on phpseclib anymore and it's hard to install (in a SO comment). – Steven2163712 May 25 '17 at 11:39
  • For simple scp's I wouldn't worry about it, but if you're looking to integrate other privacy/encryption at some point or build more intense secure transfers... http://phpseclib.sourceforge.net/ssh/compare.html also https://stackoverflow.com/questions/14304234/phpseclib-or-ssh2-pecl-extension (huge piece is interactive console... which makes scp from remote to remote easy pz) – Z. Bagley May 25 '17 at 11:42
  • Also, I use a .pem file. I don't know anything about RSA. – Steven2163712 May 25 '17 at 11:46
  • pem is just a type of encoding, rsa is a cypher. Your pem key is like RSA. – Z. Bagley May 25 '17 at 11:47
  • So instead of '/home/username/.ssh/id_rsa.pub', '/home/username/.ssh/id_rsa' ... I can just have /home/username/.ec2/my_key.pem? – Steven2163712 May 25 '17 at 11:50
  • For ssh there's always two keys, a public and a private. You uploaded the public one to your amazon EC2. Both of these are typically stored locally, and should be available (you'll need to transfer it from your mac). – Z. Bagley May 25 '17 at 11:54
  • I'm using the key I received from AWS when I set up my server instance. I only download one .pem file from AWS. I didn't upload a key to my remote server. – Steven2163712 May 25 '17 at 11:57
  • I'd suggest going ahead and trying it with just the private key, and if it doesn't work you'll need to create a key-pair locally and start a new instance with it: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#how-to-generate-your-own-key-and-import-it-to-aws Generating your own key-pair is a good practice to start working with, and it's a general use. – Z. Bagley May 25 '17 at 11:59
  • Looks like I might be able to generate the pub and private OpenSSH format keys using ssh-keygen. https://security.stackexchange.com/questions/143114/what-is-the-difference-between-pem-format-to-dsa-rsa-ecc-might-i-confuse-pem-w – Steven2163712 May 25 '17 at 12:04
  • That's correct. Then you'll upload the keys from the link I posted, and start an instance using your newly generated keys :) This should make you all set. – Z. Bagley May 25 '17 at 12:05
  • Actually when I look at the text in my pem file it shows that it's only a private key. I'm looking up how to get my public key now. Looks like ssh2_auth_pubkey_file needs it. – Steven2163712 May 25 '17 at 12:13
  • 1
    I think I'll get it though with the link you provided me. – Steven2163712 May 25 '17 at 12:16
  • Updated. It seems that I have successfully provided my public and private keys, but there is a new problem. – Steven2163712 May 25 '17 at 12:55