This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new Linux.com!

Linux.com

Feature: Tools & Utilities

PHP Shell, for secure remote access when SSH isn't available

By Ben Martin on February 19, 2008 (9:00:00 AM)

Share    Print    Comments   

Many companies offer LAMP hosting, but some of the cheaper LAMP providers do not allow SSH access, reserving that feature for higher-paying customers. Without SSH you may think you'll have trouble executing commands on the hosted server. Not so -- PHP Shell allows execution of some commands without having SSH access to the LAMP server.

The only PHP function that PHP Shell requires is proc_open(). If you can execute that function using PHP code, then PHP Shell should work. As PHP Shell is easy to install, the easiest way to find out if you are allowed to execute it is to just install it and see if it runs.

You might wonder about the security of setting up a PHP script that allows shell commands to be executed, but PHP Shell is no more or less secure an application than any other PHP file on the server. Of course, you must be responsible for your own security.

When using PHP Shell you should protect the directory containing the PHP file from unauthorized access. The best way to protect it would be to force the use of the secure protocol HTTPS to access that directory and to use bidirectional certificate authentication. Unfortunately, the use of HTTPS is another feature that many of the cheaper LAMP providers reserve for higher-paying customers. An alternative approach is to use hash-based HTTP authorization and to delete the PHP Shell script from the server when you are done.

For the article I'll use phpshell-2.1 on a 64-bit Fedora 8 machine. To install the software, expand the archive into the DocumentRoot of your Apache server:

# cd /var/www/html # tar xjvf /T/phpshell-2.1.tar.bz2 # chown -R root.apache phpshell-2.1

No users can log in via PHP Shell by default. The first thing you should do is load pwhash.php into your browser and set a username and password to generate a password hash. As the pwhash.php page mentions, you must add this hashed password line into the [users] section of PHP Shell's config.php file.

You should then be able to log in to PHP Shell. The username and password checks are done by PHP Shell; they do not affect the Linux user that the script is running as. By default PHP Shell gives you the abilities of the user who is running the PHP script itself -- in this case, the Apache Web server user and group. This lack of more restrictive permissions has engendered some negative feedback in the comments on PHP Shell's homepage, where some folks say they have had their Web servers tampered with. Depending on where you are using PHP Shell, you might want to look at setting up SuPHP to only allow the use of PHP Shell as certain Linux users.

You cannot run interactive programs with PHP Shell. For example, running vi will result in PHP Shell sitting for a long time, because vi requires keyboard input and cannot get it. To log out from a PHP Shell in which you have run an interactive program, you might need to either wait for a timeout for that command or kill the command process itself.

Another area where non-interactive use can make things annoying is if you execute cp -avi source target. The copy command will ask if you wish to replace the output, but as it cannot get a reply it will fail.

By far the main drawback of non-interactive use is the inability to stop an errant process. For example, if you run vi, then that session of PHP Shell will not operate properly again until you kill the vi process from another PHP Shell session or by using different means.

I found that PHP Shell would not allow me to log in again from a second tab in my Web browser. The second login attempt would just log in immediately to the same session as the first tab. To get around this, I had to run another Web browser with a different profile. This tactic can be handy to keep in mind if you accidentally start something and need to kill it from a second login.

If PHP has the proc_open() function listed in disabled_functions in /etc/php.ini then you won't be able to use PHP Shell at all. If PHP is running in safe mode then there are restrictions on what you can do from the shell; you can only cd into directories that you own, wildcards do not work, and you may execute programs only from a directory listed in safe_mode_exec_dir. See the PHP Shell security file for exact details.

PHP Shell could be just the tool you are looking for if you want to expand a tarball or rename a few files on a cheap LAMP host from a command line but do not want to pay for the privilege of SSH access. Just remember to keep in mind not to run any interactive tool; firing up vi or emacs will render your PHP Shell session useless.

Ben Martin has been working on filesystems for more than 10 years. He completed his Ph.D. and now offers consulting services focused on libferris, filesystems, and search solutions.

Share    Print    Comments   

Comments

on PHP Shell, for secure remote access when SSH isn't available

Note: Comments are owned by the poster. We are not responsible for their content.

PHP Shell, for secure remote access when SSH isn't available

Posted by: Anonymous [ip: 62.90.10.53] on February 19, 2008 04:22 PM

PHP Shell, for secure remote access when SSH isn't available

Posted by: Anonymous [ip: 87.196.249.77] on February 20, 2008 05:49 AM
This is the worse idea ever!

Stuff like that is typically used as a web backdoor...it shouldn't be used as an administrative tool!

#

PHP Shell, for secure remote access when SSH isn't available

Posted by: Anonymous [ip: 24.248.89.66] on February 20, 2008 07:08 PM
If they don't offer SSH access, I think they are going to be pretty angry when they see that you've put in a PHP back door onto their server.

#

Why Bother?

Posted by: Anonymous [ip: 67.173.12.114] on February 21, 2008 03:42 PM
You could just leave a popular PHP app unpatched, I'm sure someone will install that remote shell for you.

#

PHP Shell, for secure remote access when SSH isn't available

Posted by: Anonymous [ip: 59.96.47.252] on February 26, 2008 05:19 AM
Articles and content in this section of the website are really amazing. From http://www.rosesandgifts.com

#

This story has been archived. Comments can no longer be posted.



 
Tableless layout Validate XHTML 1.0 Strict Validate CSS Powered by Xaraya