RE: SCP help
From: John Pretti (john_at_web-connected.com)
To: "'Wiggins d Anconia'" <email@example.com>, <firstname.lastname@example.org> Date: Wed, 26 May 2004 14:31:20 -0500
From: Wiggins d Anconia [mailto:email@example.com]
Sent: Wednesday, May 26, 2004 2:09 PM
To: John Pretti; firstname.lastname@example.org
Subject: Re: SCP help
> I have developed a CGI that will take information from a CGI based
> SCP a specific file to a remote server. I am having some troubles and I
> think I need to escape something. Anyone have any ideas? Snippet of
> as follows:
> # SCP commands
> my $scp_cmd = "/usr/bin/scp";
> my $scp_opts = "-i /root/.ssh/identity ";
> # Promote the file to merlin
> system(`$scp_cmd $scp_opts $src_dir/*
> Wed May 26 13:47:47 2004] promote.cgi: Execution of
> /www/web/cgi-sec/merlin/promote.cgi aborted due to compilation errors.
> Warning: Identity file /root/.ssh/identity does not exist.
> Host key verification failed.
> lost connection
> [Wed May 26 13:48:55 2004] [error] [client 188.8.131.52] Premature
> script headers: /www/web/cgi-sec/merlin/promote.cgi
> If I do the above command from the command line all works perfectly.
> in advance.
This appears to be two requests. The first failed because of
compilation, I am assuming it is unrelated, otherwise the script
couldn't work from the command line? The second just indicates that you
are not printing a header (or printing it first).
Additionally you are using backticks within the system as your quotes,
which doesn't make sense and may be the cause of the problem, I am not
sure what Perl will do with that. It will either do the very Perlish
thing of letting most characters act as a quote, or the very Perlish
thing of using the return value from backticks (the output) as arguments
to 'system'. Neither would surprise me.
I am assuming the reason why it fails though is because of the host key
issue and the fact that /root/.ssh/identity wasn't found.
When you run it command line, are you executing it as the user the web
server is running as? Is the script setuid? How is it able to read
root's private key to do authentication, assuming the web server isn't
running as root (yikes)?
Alternatively to shelling out you might consider using the Net::SFTP
module, I have had good luck with it.
Thanks for the quick response. I have solved my own problem and realized
that I was running my scp commands from the command line as root, which has
access to that file; however the script runs as apache, which does not have
access to that file. Su to apache and use the correct file and it works.
Sorry to bother you all, but thank you for the quick insight.