Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

Executing a Linux programs from PHP web server

This is a small web automation project I created to execute remote Linux command through web server. The web language I used in this project is PHP (It is little similar to PowerShell so I was able to grasp it quickly and code the way I want). 

Using this tool users without having access to Linux server or without sharing credentials/Password, they can check information or you can enforce them to execute command they want on remote Linux. Here is the example of web page. You need to provide your Domain username and password and the remote Linux server host or IP and it will execute uptime command.

Microsoft IIS PHP AD authentication and SSH login php automated login and task execution on linux server with active directory credentials ssh host IP domain username password.png

Download this PHP_SSH_LDAP.zip project here or it is also available on github.com.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
<?php
    // Start the session
    session_start();
?>
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <title>AD Authentication and SSH</title>
        <!-- Bootstrap CSS -->
        <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
        <!-- Bootstrap Icons CSS -->
        <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons/font/bootstrap-icons.css">

        <style>
            .centerimg {
                display: block;
                margin-left: auto;
                margin-right: auto;
                width: 10%;
              }
        </style>
    </head>
    <body>
        <div class="container custom-container">
            <div class="card">
                <div class="card-body">
                    <img class="centerimg" src="loremlogo.jpg" alt="loremlogo"> <!-- Image above the text -->
                    <?php
                        // LDAP server settings
                        $ldapServer = '192.168.34.11'; //'ldap.vcloud-lab.com';
                        $ldapPort = 389; // Default LDAP port

                        //Encrypt SSH Password
                        //[guid]::NewGuid()
                        //C:\xampp\php> php -r "$key = 'dce45e93-c278-4727-bad2-95df27cfbbf0'; $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); echo base64_encode(openssl_encrypt('Computer@123', 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv)) . ':::' . base64_encode($iv);"

                        // Decrypt SSH Password
                        // Encrypted data and IV received from the client from above command
                        $encryptedDataWithIV = 'LPUKPDQEs3wUewq6OCweZA==:::lXZQ8KFkLa8nTkdLbDrjJw==';

                        // Separate the encrypted data and IV
                        list($encryptedData, $iv) = explode(':::', $encryptedDataWithIV);

                        // Load the encryption key securely from a file or environment variable
                        $key = file_get_contents('extras/key'); // Example: 'dce45e93-c278-4727-bad2-95df27cfbbf0' //path/to/secure/key

                        // Decode the IV and the encrypted data from base64
                        $decodedIV = base64_decode($iv);
                        $decodedEncryptedData = base64_decode($encryptedData);

                        // Decrypt the data using openssl_decrypt
                        $decryptedData = openssl_decrypt($decodedEncryptedData, 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $decodedIV);

                        //echo $decryptedData;

                        // SSH server settings
                        $sshUsername = 'ubuntu'; //'ssh_username'; // SSH username (replace with actual username)
                        $sshPassword = $decryptedData; //'ssh_password'; // SSH password (replace with actual password)

                        // Get LDAP username, password, and SSH IP from form submission
                        $ldapUsername = isset($_POST['ldapUsername']) ? $_POST['ldapUsername'] : '';
                        $ldapPassword = isset($_POST['ldapPassword']) ? $_POST['ldapPassword'] : '';
                        $sshHost = isset($_POST['sshHost']) ? $_POST['sshHost'] : '';

                        if ($ldapPassword !== '')
                        {
                            // Attempt to connect to LDAP server
                            $ldapConnection = @ldap_connect($ldapServer, $ldapPort);
                        }

                        // Check if connection was successful
                        if ($ldapConnection) {
                            // Attempt to bind to LDAP server with provided credentials
                            $ldapBind = @ldap_bind($ldapConnection, $ldapUsername, $ldapPassword);

                            // Check if bind was successful
                            if ($ldapBind) {
                                //echo "LDAP bind successful<br>";
                                echo '<h5 class="mt-4 d-flex justify-content-center align-items-center"> <i class="bi bi-check2-circle" style="color:lime;"></i> &nbsp;Credential verification successful</h5>';

                                // Attempt to connect to SSH server
                                $connection = @ssh2_connect($sshHost, 22);

                                // Check if SSH connection was successful
                                if ($connection) {
                                    // Authenticate with SSH server
                                    if (@ssh2_auth_password($connection, $sshUsername, $sshPassword)) {
                                        //echo "SSH authentication successful<br>";
                                        echo '<h5 class="mt-4 d-flex justify-content-center align-items-center"> <i class="bi bi-check2-circle" style="color:lime;"></i> &nbsp;SSH authentication successful</h5>';

                                        // SSH command to execute
                                        //$command = 'ls -la';
                                        $command = 'sudo uptime';

                                        // Execute SSH command
                                        $stream = ssh2_exec($connection, $command);

                                        if ($stream) {
                                            // Read command output
                                            stream_set_blocking($stream, true);
                                            $output = stream_get_contents($stream);
                                            fclose($stream);

                                            // Output command output
                                            //echo "Command output:<br>$output";
                                            echo "<h6 class='mt-4 d-flex justify-content-center align-items-center'/><br><br>Command output:</h6>";
                                            echo "<h6 class='mt-4 d-flex justify-content-center align-items-center'/>$output</h6>";

                                        } else {
                                            //echo "Failed to execute command";
                                            echo '<h6 class="mt-4 d-flex justify-content-center align-items-center"> <i class="bi bi-exclamation-triangle" style="color:crimson;"></i> &nbsp;Failed to execute command</h6>';
                                        }
                                    } else {
                                        //echo "SSH authentication failed";
                                        echo '<h5 class="mt-4 d-flex justify-content-center align-items-center"> <i class="bi bi-exclamation-triangle" style="color:crimson;"></i> &nbsp;SSH authentication failed</h5>';
                                    }

                                    // Close SSH connection
                                    ssh2_disconnect($connection);
                                } else {
                                    //echo "Failed to connect to SSH server";
                                    echo '<h5 class="mt-4 d-flex justify-content-center align-items-center"> <i class="bi bi-exclamation-triangle" style="color:crimson;"></i> &nbsp;Failed to connect to SSH server</h5>';
                                }
                            } else {
                                //echo "LDAP bind failed: " . ldap_error($ldapConnection);
                                // echo "<h5 class='mt-4 d-flex justify-content-center align-items-center'><i class='bi bi-exclamation-triangle' style='color:crimson;'></i> &nbsp;Domain connection failed: . ldap_error($ldapConnection)</h5>";
                                echo '<h5 class="mt-4 d-flex justify-content-center align-items-center"> <i class="bi bi-exclamation-triangle" style="color:crimson;"></i> &nbsp;Username or Password incorrect</h5>';
                            }

                            // Close LDAP connection
                            ldap_close($ldapConnection);
                        } else {
                            //echo "Unable to connect to LDAP server: " . ldap_error($ldapConnection);
                            echo '<h5 class="mt-4 d-flex justify-content-center align-items-center"> <i class="bi bi-exclamation-triangle" style="color:crimson;"></i> &nbsp;Username or Password incorrect</h5>';
                        }
                        echo '<button onclick="window.location.href=\'index.html\'" class="btn btn-primary mt-4 d-flex justify-content-center align-items-center">Go Back to Site</button>';
                    ?>
                </div>
            </div>
        </div>
        <?php
            // remove all session variables
            session_unset();

            // destroy the session
            session_destroy();
        ?>
    </body>
</html>

Once users credentials is verified and authenticated against LDAP/ Active Directory, It will execute uptime command program mentioned inside PHP code web page on remote Linux server. If everything is good you will see 2 green checkboxes with command output.

If AD domain credential fails - You see message Username and Password is incorrect or invalid. If incase you have put incorrect or non-reachable IP or not able to connect to SSH, AD authentication will succeed but it will fail to connect Linux SSH server.

xampp IIS internet information services php web server active directory ssh connect ldap connect ad domain controller remote program commands execution linux credentials ssh authentication successful failure remote ssh commands php.png

How to setup this project for testing?

I used Apache server to host this project on Windows System, I have downloaded XAMPP server from https://www.apachefriends.org/download.html and installed it. XAMPP is installed at location C:\xampp.

From location C:\xampp\php open file php.ini and enable LDAP extension library by remove ; colon comment before the line. This LDAP extension will allow you to connect to AD ldap server to test the domain credentials provided. Basically it allows you to use ldap_connect() command script in PHP.

;extension=ldap  
to
extension=ldap

Micrsofot IIS PHP web server extension php.ini extension ldap curl ftp gd gettext enable for to remote execute command on linux server computer configuration and installation.png

Next to connect Linux server via SSH from PHP, since I am using windows I will require to download the related version of php_ssh2.dll library extension to the similar matching of PHP version. My PHP version on XAMPP is 8.2.x.x. To verify your version of PHP run c:\xampp\php\php.exe -v command in PowerShell or cmd.

After checking PHP version and accordingly copy correct version of php_ssh2.dll file to C:\xampp\php\ext from by downloading  https://github.com/jhanley-com/php-ssh2-windows/blob/master/PHP_8.2/vs16-x64-ts/php_ssh2.zip. Extract the file. Next modify php.ini file under c:\xampp\php add below extension command in the last line. This will allow you to use ssh2_connect() command to connect Linux via SSH protocol through PHP.

[ssh2]
extension=php_ssh2.dll

xampp php extension php_ssh2.dll sqlite application extension php.ini mssql linux project devops to connect to ldap activedirectory and ssh server to execute command remotely linux.png

Download  this entire HTML+PHP project PHP_SSH_LDAP.zip project here or it is also available on github.com and copy in the C:\xampp\htdocs. Next modify PHP code script file ad_ssh_auth.php. On the line number 32 add your LDAP server hostname/IP. In my case it is Active Directory Domain Controller IP. Against this LDAP server typed users credentials will be authenticated and validated whether user provided correct username and password. 

Since user don't know the credentials of Linux SSH server. On line number 59 provide SSH username and on line number 41 ssh password is added in encrypted form. To encrypt SSH password use below command on PowerShell or command prompt on Microsoft Windows. Generate new GUID and replace in the key section line no 41. 

Copy paste the generated new GUID to extras/key file inside PHP project.

[guid]::NewGuid() 
cd C:\xampp\php
.\php.exe -r "$key = 'change this guid dce45e93-c278-4727-bad2-95df27cfbbf0'; $iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc')); echo base64_encode(openssl_encrypt('Computer@123', 'aes-256-cbc', $key, OPENSSL_RAW_DATA, $iv)) . ':::' . base64_encode($iv);"

On the line number 95 mention the command you want to execute on remote Linux server.

xamp ssh php ldap connect ssh2 connect demo key encryption password base64_encode openssl_raw_data cipher pseduo_bytes key guid powershell.png

All the setup and configuration is completed. Start web server with going to C:\xampp folder. Launch xampp-control.exe program to open XAMPP control panel. On the Apache module click start button in the actions. Open the your hostname/Ip or localhost in the browser to check and test this web server.

xampp-control xampp start stop window php server apache ldap_connect ssh2_connect configuration devops remote execute linux commands from php web server html.png

Useful Articles
Executing PowerShell script from PHP HTML web server
Send system disk space utilization HTML report Email using PowerShell
Send Email using PowerShell with .net object System.Net.Mail.MailMessage
PowerShell XML OperationStopped: No coercion operator is defined between types 'System.Object&' and 'System.Object'
Powershell Create new file if not exist, if exist Rename file
PowerShell Create XML document with XmlWriter .net object
PowerShell save export data to XML file
Bulk change multiple file names with OneLiner PowerShell command
Resolved PowerShell Visual studio code stuck with 'Starting up PowerShell' in status bar
Building basic simple Web Server using PowerShell
Running Your First PowerShell Scripts With Jenkins and Git
Git clone or push Missing or invalid credentials fatal authentication failed
PowerShell How to find file and folders in Azure Storage Account Blobs and Containers

Go Back

Comment

Blog Search

Page Views

12278686

Follow me on Blogarama