Question posted in
Some documentation to get you started can be found here.

Unable to connect server via SSH using Apache

I’ve encountered a problem of connecting to server via ssh.

I have a server A and B. From server A I run .sh script which parses log on server A, then connects to server B and do the same task. In console everything works fine, but not with web-interface.

I connect to server using cgi whith apache2. When I run script on server A, it parses log and returns relult, however it fails to connect server B.

Here is the log of httpd:

[Thu Nov 22 14:09:34 2018] [error] [client 10.1.68.243] Permission denied, please try again.r, referer: http://cab-prod-comp-sd/cgi-bin/example-bash.sh?val_x=RDWH.&val_z=1

server A script:

-rwsrwxr-x 1 sas sas 2217 Nov 22 11:25 /sas/oljas_scripts/find_usage_of_tables.sh

server B script:

-rwxrwxr-x 1 sas      sas    1202 Nov 19 09:16 find_usage_of_tables.sh

the part where I connect to server B:

SAS_RESULTS=$(ssh sas@sas-p1l-comp /sas/oljas_scripts/find_usage_of_tables.sh $table_name)

Appreciate any help.
Thank you!

EDIT:

Do I need to give a permission to user Apache? How to do this?

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Thanks everyone! Problem solved by running apache server from user SAS.


  2. 0

    This is what I assume from your question:

    • system A runs httpd with user “apache”.
    • system B has a user called “sas”.
    • you want user “apache” to connect to system B, using “sas” user.
    • your connect code does not show any password or passphrase being used. You did not mention ssh agent either, so the ssh connection is done via ssh keys.
    • sshd on system B is configured to allow connections without passwords (i.e. use key authentication). From the comments above, see this: https://superuser.com/questions/543626/ssh-permission-denied-on-correct-password-authentication, John Siu’s answer.

    On system A, user “apache”:

    • if it does not already have them, in ~/.ssh you should setup a private and a public ssh key (ssh-keygen, check on the web, well documented).

    On system B, user “sas”:

    • user “sas”, in ~/.ssh, create (if required) a file called authorized_keys.
    • in this file, put the public key of the “apache” user from system A.
    • this will allow user “apache” on system A to connect to system B, with user “sas”.

    Couple traps to avoid, on system B

    • make sure the permissions on user “sas”, ~/.ssh are 700.
    • permissions on user “sas”, ~/.ssh/authorized_keys are 600.
    • permissions on user “sas”, ~ are 700. Here I mean the home directory for “sas”. Ex. ~ for “sas” is /home/sas, then if you ls -al /home you should see directory sas with 700.

    To debug you can do ssh -v -v -v sas@sas-p1l-comp.

    For your question about known_hosts, on system A, when it first connects to system B, if it does not find system B in the file, ssh will add it for you. BUT you have to do it at least once manually. The ssh client will want you to confirm the addition, and this can only be done on the command line. The web interface will not answer the client. So connect once manually, then you will be ok for the web as well.

    Until that works, no point trying to setup httpd on system A. This must work at the command line first.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search