On a previous post I explained how to build SVN updater script in PHP. This works fine on hosts that allow the webserver runas user to access the subversion binaries, such as Dreamhost.
What if not?
Our favorite hosting provider Webdrive allows our ssh-user access to subversion but not the apache runas user.
What can we do?
In order to avoid being asked to update the working files for website xyz.com every change someone made -> we need a script that executes the command “svn up” via ssh on a remote server!
This script will be hosted locally and the access will be restricted.
Sounds good what are the problems?
Everyone, who ever tried to build a script that connects via SSH to a remote machine in PHP, knows the big question:
“How can I send the password?”
The answer is: “Not“
thanks to ssh key authentication.
Step by step (on Ubuntu 8.04 LTS) server:
- log in to your local webserver [local-server] (the one that will runs the updater script)
- find out what user apache runs as ‘ps aux | grep apache‘ -> [www-data]
- log in as this user: ‘su www-data‘
- create a ssh-key pair: ‘ssh-keygen‘
- copy the public key to the remote server: ‘ssh-copy-id user@remote-server.com‘
- enter your password when prompted
- login to the remote server: ‘ssh user@remote-server.com‘ – you should not be asked for the password anymore -> if not make sure the file “~/.ssh/authorized_keys” has 644 permissions and try again
Thats it!
now all we need is the script:
<?php exec("ssh user@remote-server.com svn up /home/user/xyz.com");
You can also make the site a parameter-variable by using
<?php exec("ssh user@remote-server.com svn up /home/user/{$_GET['site']}");
This script should be password protected to avoid having the wrong people playing with it!
This should be easy to adapt for other Source Control systems, such as GIT, Mercurial, Bazaar etc…