| Re: How to etablish an SSH2 tunnel with php ? [message #177473 is a reply to message #177471] |
Sat, 31 March 2012 22:56   |
M. Strobel
Messages: 386
Registered: December 2011
Karma:
|
Senior Member |
|
|
Am 31.03.2012 19:35, schrieb Mr. B-o-B:
> Une Bévue cried from the depths of the abyss...
>
>> The purpose is to query a remote PostgreSQL database via an ssh tunnel.
>>
>> If i do the tunnel "by hand" from terminal using :
>> $ ssh -L 3333:localhost:5432 yt@iMac
>>
>> then, i can query a remote database :
>> $host="localhost";
>> $port=3333;
>> $username='yt';
>> $password='topsecret';
>> $db = new PDO("pgsql:dbname=$dbname;host=$host;port=$port", $username, $password );
>> $ret=$db->query('SELECT * FROM categories;');
>> if($ret){
>> while($row=$ret->fetch()){
>> print_r($row);
>> }
>> }else{
>> echo 'Error';
>> }
>>
>> i've installes libssh2 for PHP on this computer, here is part of my info.php :
>>
>> SSH2 support enabled
>> extension version 0.11.2
>> libssh2 version 1.2.6
>> banner SSH-2.0-libssh2_1.2.6
>> remote forwarding enabled
>> hostbased auth enabled
>> polling support enabled
>> publickey subsystem enabled
>>
>> however, even if i can "connect", authentification fail, either using password or
>> keys...
>>
>> the code used :
>> function connect_to($machine)
>> {
>> $connection=@ssh2_connect($machine, 22, array("hostkey"=>"ssh-dsa"));
>> if(!$connection){
>> echo "No connection.<br />\n";
>> return false;
>> } else {
>> echo "Connection établie.<br />\n";
>> }
>>
>> $fingerprint=@ssh2_fingerprint($connection, SSH2_FINGERPRINT_MD5 |
>> SSH2_FINGERPRINT_HEX);
>> echo "\$fingerprint = $fingerprint<br />\n";
>>
>> /* Utilisation de public/private key */
>> if(@ssh2_auth_pubkey_file($connection, "yt",
>> '/home/yt/.ssh/id_dsa.pub', '/home/yt/.ssh/id_dsa',
>> 'my -valid- passphrase')){
>> echo "Authentification réussie.<br />\n";
>> return array($connection,$fingerprint);
>> } else {
>> echo "Échec de l'authentification.<br />\n";
>> return false;
>> }
>> }
>>
>> notice i get "Connection établie" and also the fingerprint.
>>
>> if after the print out of fingerprint i try a command i get nothing after an amout
>> of time but without error :
>> $stdout_stream=@ssh2_exec($connection, 'ls -al');
>>
>
> I don't know the answer here, but I have several setups using remote db's & I use
> stunnel (SSL) instead of SSH.
>
> http://www.stunnel.org
>
> Assuming you have static IP's on both sides it works well. End result is the same.
>
> Good Luck!
>
> Mr. B-o-b
stunnel is a good solution when it is difficult to setup SSL/TLS directly in/for a
service.
This is not the case with Postgresql, you get remote access and ssl capability by
giving it a certificate, and putting your IP into pg_hba.conf. Very easy to configure
IMO. I use it a lot, and the good thing is the client libraries support it out of the
box.
So I would question the need to use a ssh tunnel.
/Str.
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]