when I use that script ./update.sh as root, it works like a charm as I set up the private/public key properly.
When run from a php script through the apache webserver
<?php
exec("update.sh");
?>
The rsync line is ignored. What could I do to have that setup work?
Thank you
apache runs php->bash->rsync as a different user => you must setup this user's ssh keys/dir.
BTW: Allowing root to connect over ssh is not recommended for security reasons. It is even less recommended to expose bash skripts, which do not check any environment variables, to the internet. It's an invitation for hackers and crackers.
i) because bash does not check i.e. environment variables calling bash from php is highly risky
ii) regarding keys: copy the keys from root's home to the home of the apache user and give apache user rights to read them. If someone takes over your apache he that way had root access to your remote backup machine (no difference to your current practice), which is not really what one wants. Better create a user on the backup machine with restricted rights which is more or less only allowed to write some files to one location and nothing more.
It is unclear to me what's the "home of the apache user". Is that the DocumentRoot as set in the httpd.conf file? should I copy the whole .ssh folder there?
Thank you for your help.
The user is apache and finger apache returns
Login: apache Name: Apache
Directory: /var/www Shell: /sbin/nologin
Never logged in.
No mail.
No Plan.
I did:
but apache is still unable to find those keys when calling the php script. I am using an apache virtual host and I copied that same .ssh folder to the DocumentRoot without better results.
Any idea?
Thank you
On the target server you need to create also a ./var/www/.ssh/ directory that should contain the authorized_keys file in which you should add the user "apache" public key.
Instead of copying the root keys or any other key, I would rather create a new set of key with ssh-keygen command under apache user. Transfer the public key to the target server and add that key to the /var/www/.ssh/authorized_keys file.
Thank you for the answer. How do I create a new set of keys with ssh-keygen under he apache user? Do I need to login as apache? I am not sure where to find the password.