ansaurus

Question

How do you proxy though a server using ssh (socks…) using php’s CURL?

Answer 1

+2 A:

according to manpage the -D does create a socks proxy.

-D [bind_address:]port
             Specifies a local ``dynamic'' application-level port forwarding.
             This works by allocating a socket to listen to port on the local
             side, optionally bound to the specified bind_address.  Whenever a
             connection is made to this port, the connection is forwarded over
             the secure channel, and the application protocol is then used to
             determine where to connect to from the remote machine.  Currently
             the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
             as a SOCKS server.  Only root can forward privileged ports.  Dy-
             namic port forwardings can also be specified in the configuration
             file.

Dyno Fu 2010-02-05 09:48:47

mmm, you have a good point there, didn’t think of it that way.Though this means I need to run the linux command before running the php script…Would there be a way to do it all in a php script? (and disconnect from the ssh/socks when the script is done)

Mint 2010-02-05 10:16:23

i donnot think it is a good idea to setup/teardown the proxy for each request (at least you might run into problem like port conflict). i would recommend to make the proxy (ssh -D) as part of your env setup. and use it as a normal socket proxy server.

Dyno Fu 2010-02-05 15:16:58

Answer 2

A:

You could use ssh2 module and ssh2_tunnel function to create ssh tunnel throu remote server. Examples available: http://www.php.net/manual/en/function.ssh2-tunnel.php

Qwerty 2010-02-14 18:55:05

Could you give me an example of a CURL request going thought the ssh proxy?

Mint 2010-02-17 08:50:44

Curl is not meant to be use used along with SSH. Even if you do manage to set it up, it will require some root permissions to enable the port to be forwarded. Both cURL and SSH both serve the purpose of connecting to a remote host, but they function differently. Trying to use them together would be highly awkward and probably doubly slow. Which leads me to another question: Do you have root privileges on the server you are executing the PHP commands from. If so, you can just launch putty from within the server with PHP

Stanislav Palatnik 2010-02-17 20:43:32

Stanislav Palatnik, 1) port forwading does not require root. And it does not require special setup on the server side. 2) I'm not saying about using CURL with ssh2_tunnel here at all. My point is to use ssh2_tunnel instead of CURL

Qwerty 2010-02-17 22:10:20

Answer 3

A:

See my comment on Qwerty's proposed solution. I think you are looking in the wrong direction to try to solve this question. Instead, you should just use cURL and create a personal certificate for yourself. You say you want to use SSH for safety, but why not a certificate instead?

This site will let you easily create one http://www.cacert.org/

Since it's just for you, you can add an exception to your browsers so they won't complain of a bad certificate. No need for ssh!

Stanislav Palatnik 2010-02-17 20:58:01

My browser never sees the php page, it's run via php-cgi -f /script.php so how would a certificate help? (I'v already created my own cert for https setup in lighttpd…I don't quite understand what you are all saying here, please explain some more :)

Mint 2010-02-17 22:50:39

Answer 4

A:

To open the SSH tunnel only for the duration of your script, you probably would need to use PHP forks. In one process, open the SSH tunnel (-D - you need to do some work to make sure you're not colliding on ports here), and in the other process, use CURL with socks proxy config. When your transfer is done, signal the ssh fork to terminate so the connection gets torn down.

Keep in mind that while the tunnel is open, other users on the same machine can also proxy on that port if they wanted to. With that in mind, it might be a better idea to use the -L 1234:remotehost:80 flag, and just get the URL http://localhost:1234/some/uri

If things go wrong with this, you may find orphaned SSH tunnels on your server though, so I would call this somewhat fragile.

MightyE 2010-02-19 18:43:54

Answer 5

+2 A:

You can use both libssh2 and curl from within a PHP script.

First you need to get the ssh2 library from the PECL site. Alternatively, the PEAR package has SSH2 support too.
After installing you can then read the ssh2 documentation on setting up a tunnel.
In your script you can then set up the tunnel.
After the tunnel is set up in the script you can specify the CURL proxy.
Perform your CURL operation.
Release the tunnel resource and close the connection in your script.

I'm not a PHP expert, but here's a rough example:

<?php
$connection = ssh2_connect(ip-address-of-ssh-server, 22);
ssh2_auth_pubkey_file($connection, 'username', 'id_dsa.pub', 'id_dsa');
$tunnel = ssh2_tunnel($connection, '127.0.0.1', 9999);
curl_setopt($ch, CURLOPT_PROXY, ‘127.0.0.1:9999'); 
// perform curl operations

// The connection and tunnel will die at the and of the session.
?>

The simplest option

Another option to consider is using sftp (ftp over ssh) instead of CURL... this is probably the recommended way to copy a file from one server to another securely in PHP...

Even simpler example:

<?php
$connection = ssh2_connect(ip-address-of-ssh-server, 22);
ssh2_auth_password($connection, 'username', 'password');
ssh2_scp_send($connection, '/local/filename', '/remote/filename', 0644);
?>

John Weldon 2010-02-21 02:40:05

ansaurus

tags:

views:

answers:

How do you proxy though a server using ssh (socks…) using php’s CURL?

The simplest option

related questions