I'm using phpseclib and need to make a couple of php functions that enable someone to programmatically ssh into their server and change the root password and also change the password of a user that may have forgotten their password (so have to be logged in as root).
I tried using libssh2, but found it a bit nasty to use. I'm now looking at phpseclib which seems more robust. But when I tried to use the 'su' command like so:
echo $ssh->exec('su');
I get the reply:
su: must be run from a terminal
and when I try to use sudo:
echo $ssh->exec('sudo passwd root');
I get the error:
sudo: no tty present and no askpass program specified
Anyway, it turns out that su is disabled for direct ssh access, but after having a look at this article, it turns out you can do it with the following command:
ssh -t -t -l 'username' 'host' 'su -'
That's what finally worked for me anyway when entering into a terminal from my laptop (running ubuntu), and then I entered my password and then the root password to finish off.
Quoting from the site linked to above:
Ssh commands (using -t) the remote sshd to establish a 'pseudo-terminal' pipe to the worker process when -t is given.
. ssh does this as long as its stdin is a terminal.
. But if ssh's stdin is a non-terminal, ssh won't direct sshd to establish a
pseudo-terminal unless TWO -t's are given:echo password | ssh -t -t -l username remote_host
. So with -t -t (from ssh) sshd sets up a pseudo-terminal to the client process.
. The client, whether it be 'tty' or 'su' cannot tell it is connected to a ficticious >terminal:
echo dummystr | ssh -t -t -l username host.com -c ''tty'
echo password | ssh -t -t -l username host.com -c 'su -'
So there is the answer. Use double -t if you are 'su root'ing' on a linux box through an >interactive client ssh like the one from OpenBSD.
So, it actually worked from the terminal as I said above using:
ssh -t -t -l 'username' 'host' 'su -'
but I really want to be able to execute this command using phpseclib. Only thing is I don't know how to put in any flags into the exec() function. Specifically, I need to put in the -t flags (twice).
I've looked for ages and can't find anything. Be really grateful for some help on this. Sorry about the length of this post as well. :)
Cheers
Joe