SFTP, SSH and SSH2 Libraries
Permalink 1 user found helpful
I fell into a project that requires running a x-server virtual frame buffer (Xvfb). I quickly realized that running such processes as www-data (the apache user) is not only a pain in the butt, but also presents a rather large security hole.
Just wanted to share my findings...
I have full control over the server, but I found this LGPL library very easy to use. Not to mention much easier to deploy.
I've slightly modified it to work in conjunction with c5.
I haven't packaged it up, so just drop it in the ~/libraries folder.
Usage:
The 'whoami' command will display the current user.
Wouldn't be possible with out these guys:http://phpseclib.sourceforge.net/...
I'll leave it up to yall's imaginations to do with it what you will. Hope it comes in handy. :D
Just wanted to share my findings...
I have full control over the server, but I found this LGPL library very easy to use. Not to mention much easier to deploy.
I've slightly modified it to work in conjunction with c5.
I haven't packaged it up, so just drop it in the ~/libraries folder.
Usage:
// Load the phpseclib Library Loader::library('phpseclib/SSH2'); // Define your login credentials $host = 'my.server.com'; $username = 'myusername'; $password = 'mYpAsSwOrD'; // Initiate connection $ssh = new Net_SSH2($host); if (!$ssh->login($username, $password)) { exit('Login Failed'); } // Execute commands... echo $ssh->exec('whoami');
The 'whoami' command will display the current user.
Wouldn't be possible with out these guys:http://phpseclib.sourceforge.net/...
I'll leave it up to yall's imaginations to do with it what you will. Hope it comes in handy. :D
So, when you want to run items on the server, but instead of running them using system(), etc.. from PHP (which would require them to be runnable by the web user) you can simulate an SSH connection to your own server and run them with those privileges? That's pretty awesome. Probably reduces lots of headaches when you're trying to figure out why some system() call isn't working from PHP but is working from the command line.
No joke. Combined with some bash scripts, this is a powerful tool.
I'm using this to create "screenshots" of web pages on the fly.
I'll release my code when it's bulletproof, but right now it loads up an Xvfb instance, starts up Firefox (which has the Page Saver and R-Kiosk extensions), goes to a specified url, sets the window size, waits for flash to load and snaps a shot.
This is the command:
/bin/bash ~/public_html/ephemeral-x.sh firefox -new-window -saveimagehttp://www.google.com -captureflash -savedelay 1000 -width 1280 -height 1024
/bin/bash may not be necessary depending on how you have your user set up.
The ephemeral-x script can be found here:http://code.google.com/p/semicomplete/source/browse/xdotool/t/ephem...
Basically what it does is look for an inactive DISPLAY to attach Xvfb to and runs a program in that DISPLAY.
You don't have to use Xvfb, but I would recommend it over most other x-servers. The guy that wrote the ephemeral-x script likes to use Xephyr, but that's more for nesting x-servers. Very cool, but doesn't work well on a headless server.
My code is rather sloppy and slow at the moment because I'm using the Basic (free) version of Page Saver. Consequently, I can't set the name of the file that is saved or the type or compression. So I have to run additional SSH and PHP commands to figure things out.
Working version here:http://173.165.169.89/index.php/phpseclib?url=www.google.com&sa...
PLEASE DON'T ABUSE THIS LINK
It's only at a proof of concept point right now.
It automatically prepends http:// to the url argument. I don't have any sort of caching system either.
I'm using this to create "screenshots" of web pages on the fly.
I'll release my code when it's bulletproof, but right now it loads up an Xvfb instance, starts up Firefox (which has the Page Saver and R-Kiosk extensions), goes to a specified url, sets the window size, waits for flash to load and snaps a shot.
This is the command:
/bin/bash ~/public_html/ephemeral-x.sh firefox -new-window -saveimagehttp://www.google.com -captureflash -savedelay 1000 -width 1280 -height 1024
/bin/bash may not be necessary depending on how you have your user set up.
The ephemeral-x script can be found here:http://code.google.com/p/semicomplete/source/browse/xdotool/t/ephem...
Basically what it does is look for an inactive DISPLAY to attach Xvfb to and runs a program in that DISPLAY.
You don't have to use Xvfb, but I would recommend it over most other x-servers. The guy that wrote the ephemeral-x script likes to use Xephyr, but that's more for nesting x-servers. Very cool, but doesn't work well on a headless server.
My code is rather sloppy and slow at the moment because I'm using the Basic (free) version of Page Saver. Consequently, I can't set the name of the file that is saved or the type or compression. So I have to run additional SSH and PHP commands to figure things out.
Working version here:http://173.165.169.89/index.php/phpseclib?url=www.google.com&sa...
PLEASE DON'T ABUSE THIS LINK
It's only at a proof of concept point right now.
It automatically prepends http:// to the url argument. I don't have any sort of caching system either.
Correction, very basic caching system added. If the url you are asking for has been captured within the last week, it will spit out the cached image.
I added some explanations as to what the server has done, some anti-abuse clauses and some timing statistics.
So fire away people! Have fun with it. If it breaks... well darn.
http://173.165.169.89/index.php/phpseclib?url=msn.com&debug=ena...
If the debug argument is enabled, it will print out what's going on. Otherwise it just spits out the resulting image.
So if for some reason a rendering doesn't display, enable debugging to see what's happening... and post/PM me the results.
Also available as a tool:
http://173.165.169.89/index.php/tools/screengrab?url=msn.com...
The tool (assuming debug is not enabled), for all intents and purposes, is the rendered image.
So <img src="index.php/tools/screengrab?url=msn.com" /> is valid.
So fire away people! Have fun with it. If it breaks... well darn.
http://173.165.169.89/index.php/phpseclib?url=msn.com&debug=ena...
If the debug argument is enabled, it will print out what's going on. Otherwise it just spits out the resulting image.
So if for some reason a rendering doesn't display, enable debugging to see what's happening... and post/PM me the results.
Also available as a tool:
http://173.165.169.89/index.php/tools/screengrab?url=msn.com...
The tool (assuming debug is not enabled), for all intents and purposes, is the rendered image.
So <img src="index.php/tools/screengrab?url=msn.com" /> is valid.
You know... I was just thinking, this could really open up some possibilities.
I don't know why the thought didn't occur to me sooner (perhaps due to my focus).
But you don't have to connect to only the localhost. This could allow you to connect to a farm of servers that could process all sorts of data for you then send back the results.
Example:
One project I was working on when I first encountered c5 was to automatically convert video files to FLV format that were uploaded via the File Manager.
Unfortunately, AFAIK, there has yet to be a *nix implementation of ffmpeg that can take advantage of CUDA or OpenAC(?). But we all know Windows makes for horrible PHP servers, and well... just web servers in general (ok so that's a totally biased opinion).
Anyways...
Solution:
Just SFTP a file over to a Windows machine with 20 jillion Nvidia 9800GTs all SLI'd together, SSH in and run a bat file against the uploaded file, then either SFTP or wget the new file back over.
Botta-bing!
Granted, if you have a machine with 20 jillion Nvidia 9800GTs, you probably should just have your own web server anyways and set up built in SFTP and SSH extensions.
But I digress, this still opens up a ton of doors I hadn't thought of before!
I don't know why the thought didn't occur to me sooner (perhaps due to my focus).
But you don't have to connect to only the localhost. This could allow you to connect to a farm of servers that could process all sorts of data for you then send back the results.
Example:
One project I was working on when I first encountered c5 was to automatically convert video files to FLV format that were uploaded via the File Manager.
Unfortunately, AFAIK, there has yet to be a *nix implementation of ffmpeg that can take advantage of CUDA or OpenAC(?). But we all know Windows makes for horrible PHP servers, and well... just web servers in general (ok so that's a totally biased opinion).
Anyways...
Solution:
Just SFTP a file over to a Windows machine with 20 jillion Nvidia 9800GTs all SLI'd together, SSH in and run a bat file against the uploaded file, then either SFTP or wget the new file back over.
Botta-bing!
Granted, if you have a machine with 20 jillion Nvidia 9800GTs, you probably should just have your own web server anyways and set up built in SFTP and SSH extensions.
But I digress, this still opens up a ton of doors I hadn't thought of before!
