EidolonHost Posted December 9, 2013 Report Posted December 9, 2013 So, I'm working on creating a VestaCP module. Now, first and foremost, I already know to a large degree how I'd work with the module. That's via the CLI, as VestaCP is made of primarily shell scripts that do various things. My question then is: How can I safely use the CLI method both locally and remotely? I've been looking at this, using the CLI interface particular documentation as well as the Creating a Plugin documentation. There's a bit of an eek factor to this, as using the Admin user for managing the server does have risks in getting that server compromised, but then... the risk is the same for the other modules using root-level sort of things, as the SolusVM and cPanel users do. I also checked out the cPanel modules for an idea of how I might want to do this. SO, while I'm researching this, I foresee the module being comprised of two interfaces while developing this. 1. Server interface. This is where the admin handles everything related to the server, ie adding clients, deleting clients, setting packages, permissions, etc. 2. Client interface. This is where the client gets some details of their package. Debating on whether or not to include more than just a Quick Login to the client area for the client or providing some degree of management from the client area, as SolusVM might do. So, first and foremost, I need to integrate a method for the module to SSH out to any remote server because I don't think there is a set of APIs that can be used via HTTP. Edit: To clarify, I mean from VestaCP's end, not Blesta's. /edit How would one create that method to SSH out to any remote server? Or for that matter, locally? PHP-CLI? Quote
Tanel Posted December 9, 2013 Report Posted December 9, 2013 Using SSH to connect to the remote server from your module is a bad idea. If you really want to go that route, set up key based authentication. I would suggest making your own VestaCP module to provide this API interface for the functionality you need, perhaps implement the REST interface - there are lots of examples around. Ken 1 Quote
EidolonHost Posted December 9, 2013 Author Report Posted December 9, 2013 Using SSH to connect to the remote server from your module is a bad idea. If you really want to go that route, set up key based authentication. I would suggest making your own VestaCP module to provide this API interface for the functionality you need, perhaps implement the REST interface - there are lots of examples around. We use key-based authentication internally. Dunno about the others, though... but that said... I'm still researching this, so I may yet change how exactly I'd do either the Blesta or VestaCP module. One or the other... perhaps both, to complement each other and to reduce the possibility of additional compromise. Right now, this is mostly in the planning and research stage, so I wanted a bit of input on how I might create a secure Blesta for VestaCP module within Blesta itself. Quote
Tanel Posted December 9, 2013 Report Posted December 9, 2013 There is a ssh2 extension for PHP which you can use to make the actual connection and execute commands, see http://www.php.net/manual/en/book.ssh2.php . Quote
Max Posted December 10, 2013 Report Posted December 10, 2013 There is a ssh2 extension for PHP which you can use to make the actual connection and execute commands, see http://www.php.net/manual/en/book.ssh2.php . There is also a pure PHP implementation that does not require installing a serverwide PHP extension. Makes things easier if you plan to share your module with others, who may not have the extension installed. http://phpseclib.sourceforge.net/ Quote
EidolonHost Posted December 10, 2013 Author Report Posted December 10, 2013 There is a ssh2 extension for PHP which you can use to make the actual connection and execute commands, see http://www.php.net/manual/en/book.ssh2.php . I was thinking about using this as I continued to research. There is also a pure PHP implementation that does not require installing a serverwide PHP extension. Makes things easier if you plan to share your module with others, who may not have the extension installed. http://phpseclib.sourceforge.net/ Hmm. This does sound like a better option for people who might not have root access to the server to enable a server-wide PHP extension. I think I'd go with this over the SSH2 option, to be honest, at least for the ability to not need to throw new requirements at the end-user who wants to get this set up. Quote
Paul Posted December 10, 2013 Report Posted December 10, 2013 phpseclib is included with Blesta, in the vendors directory, so you won't need to include this library with your module unless for some reason you need a different version. Quote
EidolonHost Posted December 10, 2013 Author Report Posted December 10, 2013 phpseclib is included with Blesta, in the vendors directory, so you won't need to include this library with your module unless for some reason you need a different version. Awesome. So I'd simply call phpseclib as a requirements from Blesta then? Quote
Paul Posted December 10, 2013 Report Posted December 10, 2013 Awesome. So I'd simply call phpseclib as a requirements from Blesta then? Cody or Tyson should be able to better explain how to best to utilize phpseclib within your module. Quote
Tyson Posted December 10, 2013 Report Posted December 10, 2013 You may want to take a look at what is included in /vendors/phpseclib/, but I presume you'd like to make use of SSH2 in /vendors/phpseclib/Net/. The Security component wraps phpseclib, so you can simply use that to instantiate an SSH2 object: Loader::loadComponents($this, array("Security")); $this->Net_SSH = $this->Security->create("Net", "SSH2"); ... Quote
EidolonHost Posted December 10, 2013 Author Report Posted December 10, 2013 You may want to take a look at what is included in /vendors/phpseclib/, but I presume you'd like to make use of SSH2 in /vendors/phpseclib/Net/. The Security component wraps phpseclib, so you can simply use that to instantiate an SSH2 object: Loader::loadComponents($this, array("Security")); $this->Net_SSH = $this->Security->create("Net", "SSH2"); ... I am indeed taking a look at it. Still charting out a course for this. I think I've got the bare beginnings of the module down. I might be able to test whether or not the module fully installs and uninstalls itself successfully later this week. I've got the idea of how I want to do this down... it's just actually implementing said ideas that'll take time. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.