1

My case is similar to PHP shell_exec running a shellscript with ssh but not the same.

Situation: I exchanged ssh-keys between the 2 servers, switched to the www-data user and connecting to the 2nd server via SSH works without password.

Test 1: ssh [email protected] Documents/run.sh list works fine when executed in shell

Test 2: Putting a simple PHP Exec in a PHP file works fine. It returns an Array and the Retval is 0

Test 3: Putting the exec into a "big" PHP script and calling it will result in Retval 255 (Fatal Error ?!?!?)

So at the moment I don't really understand why it isn't working. I tried to figure out more details about the retval 255 but didn't get far.

The difference must be somewhere in PHP5 vs PHP5 cli. But before I had to use OpenVPN it worked fine also via normal Apache call.

Improve this question
5
  • Start by trying to get a more informative error by spawning SSH with 2>&1, e.g. $retval = shell_exec("/path/to/ssh ... 2>&1");, so that you can inspect $retval. That might show you some easy fix. Otherwise I'll try with a 'diagnostic' answer. Commented Oct 22, 2012 at 8:42
  • thx for the hint, was very good: Return Host key verification failed. so although it worked with www-data on commandline, the host verfication doesn't work here strange... Commented Oct 22, 2012 at 8:45
  • Gern geschehen :-). What was it? Commented Oct 22, 2012 at 8:46
  • i rechecked that i changed the home directory of www-data to the home folder where i created the ssh keys www-data:x:33:33:www-data:/home/www-data:/bin/sh Commented Oct 22, 2012 at 8:47
  • I found a similar problem, so in case it helps anyone else... I could ssh on the command line, but not when run from a script. The problem was I had agent forwarding turned on (in Putty) when I logged into the machine from which I was doing the ssh, so the problem with my certificate (which was that it I hadn't got the permissions right) was not showing up because it used my forwarded key instead. I had to turn off agent forwarding to see the error message that the script was presumably also getting but wasn't being captured in the output. Commented May 22, 2015 at 16:02

1 Answer 1

Reset to default
5

Generic

The first level of diagnosis for shell_exec problems is trying to get a more informative error by spawning the same command adding 2>&1, e.g. in your case

$retval = shell_exec("/path/to/ssh ... 2>&1");

and inspecting $retval.

Update

'Host key verification failed' means that the ~/.ssh/known_hosts for the user running Apache contains a different key. Check in the file both hostname and IP keys; in a pinch, delete both, log in as user www-data and reinstate the keys by connecting manually.

It is also possible, if connecting with a hostname, that the IPs have changed due to DHCP or different VPN tunnels being up, and that is not the host you're looking for.

In the case of SSH, it is possible to execute it with -vvv very violently verbose option, and then parse through the kilobytes of output searching for the source of the known_hosts file. It can also be useful to shell_exec diagnostic commands such as

$ret = shell_exec('set');

to see the value of HOME variable.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

ok good start, there must be a permission error on my system i created /home/www-data for the www user and chowned it to www-data:www-data but when i change to www-data "su www-data" and try and ls -all on the home directory "ls: cannot open directory .: Permission denied" although permission is on 0755
APACHE_LOCK_DIR='/var/lock/apache2' APACHE_LOG_DIR='/var/log/apache2' APACHE_PID_FILE='/var/run/apache2.pid' APACHE_RUN_DIR='/var/run/apache2' APACHE_RUN_GROUP='www-data' APACHE_RUN_USER='www-data' IFS=' ' LANG='C' OPTIND='1' PATH='/usr/local/bin:/usr/bin:/bin'
read_passphrase: can't open /dev/tty: No such device or address
Good answer -- helped me troubleshoot my own issue with shell_exec() and SSH. Thanks!
2>&1 was helpful.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.