Programming

Linux/Windows: generate a SSH key for the http (Apache) user

I recently added a feature to a PHP web application, requiring to run an independent bash script, which connects remotely to another machine through SSH.

When I tested the bash script in command line, it was running with my credentials and used my ~/.ssh/id_rsa.pub to authenticate itself to the remote machine. But when the script was launched by PHP, itself launched by Apache, those credentials were not available. I tried ssh -i but obviously (everything seems logical afterwards ;-) it couldn't use my private key.

The solution is to have Apache create its own private/public key pair:

$ sudo -u http ssh-keygen -t rsa
$ sudo -u http ssh-copy-id username@servername

We use sudo -u to execute ssh-keygen as http user. On Arch Linux, this is the "name" of Apache. It may be different on your system.

Source

On Windows Server, Apache runs by default as NT_AUTHORITY/SYSTEM. The trick here is to run it under another existing user account. To set that option, open Administrative Tools > Services. In the Services window, select Apache2.x > right click > Properties > Log On tab > check "This account" and enter/browse the account of your choice (or create one first) > Apply and restart the service:

Screenshot of the Apache service window on Windows Server 2012

Back


Comments

No comment yet.

A remark, a suggestion? Do not hesitate to express yourself below. Just be courteous and polite, please.

If this field is left blank, you will appear as Anonymous.