|Using knockd to do stuff | Sending TCP/UPD Requests via PHP||#1|
I was wondering, whether knockd http://www.zeroflux.org/cgi-bin/cvstrac.cgi/knock/wiki would be a good was to be able to restart apache without logging into ssh. But my programming question was whether there is a way to send tcp/udp packages via PHP so I can knock via a webclient.
I am aware that this is not the safest way of doing it, but I will only want to do things like update the svn, restart apache without having any passwords in it like with using ssh to do that.
posted date: 2008-12-27 06:53:00
|Re: Using knockd to do stuff | Sending TCP/UPD Requests via PHP||#3|
Why not have a PHP script that calls "svn update"? As long as the files are writeable by the user Apache runs as, it works great. Just hit that URL to update the website
posted date: 2008-12-27 07:59:00
|Re: Using knockd to do stuff | Sending TCP/UPD Requests via PHP||#4|
For SVN you have whole PHP api, try search SVN on php.net
posted date: 2008-12-27 12:14:00
|Re: Using knockd to do stuff | Sending TCP/UPD Requests via PHP||#5|
Seriously, you do not want to do what your trying to do.You should look into calling your remote server through some sort of secure protocol, like SSH. And on the client side, have a small PHP utility application/script that executes remote SSH commands (preferably with a keyfile only based authentication mechanism).
posted date: 2008-12-27 19:26:00
|Re: Using knockd to do stuff | Sending TCP/UPD Requests via PHP||#6|
You may use fsockopen() functions... but what you are doing(and the way you are doing it) is very risky from a security standpoit.. as it had been said, ssh is the way:)If you really want to restart the apache server by using remote access (non-ssh) you can create a small php-daemon, that just watches for a specific file,(ex: /tmp/restart.apache) and when that file appears run exec("/etc/init.d/apache restart") (or whatever the command is for your distribution). This daemon should run as root... and the thing is that the whole security thing is up to you this way, you have to make sure this cannot get arbitrarly executed...Your portknock ideea... a simple port scanner may restart your apache by mistake:) portknock is recommented to be used in conjunction with a ssh auth , not directly with apache:)
posted date: 2008-12-28 17:18:00
|select page: « 1 »|