Linux/Windows: generate a SSH key for the http (Apache) user
I recently added a feature to a PHP web application, requiring to run an independent bash script, which connects remotely to another machine through SSH.
When I tested the bash script in command line, it was running with my credentials and used my ~/.ssh/id_rsa.pub to authenticate itself to the remote machine. But when the script was launched by PHP, itself launched by Apache, those credentials were not available. I tried
ssh -i but obviously (everything seems logical afterwards ;-) it couldn't use my private key.
The solution is to have Apache create its own private/public key pair:
$ sudo -u http ssh-keygen -t rsa $ sudo -u http ssh-copy-id username@servername
We use sudo -u to execute ssh-keygen as http user. On Arch Linux, this is the "name" of Apache. It may be different on your system.
On Windows Server, Apache runs by default as NT_AUTHORITY/SYSTEM. The trick here is to run it under another existing user account. To set that option, open Administrative Tools > Services. In the Services window, select Apache2.x > right click > Properties > Log On tab > check "This account" and enter/browse the account of your choice (or create one first) > Apply and restart the service:
No comment yet.
A remark, a suggestion? Do not hesitate to express yourself below. Just be courteous and polite, please.