codeaken codeaken - 6 months ago 16
PHP Question

Controlling an interactive process with PHP using Symfony Process

I am trying to control the systems ssh-agent by adding new keys to it using ssh-add. For this I'm using the Symfony Process component.

When I run this code from a web site it works perfectly fine but when I run the same code in a shell/console the ssh-add process hangs on

Enter passphrase for <path to key>:


A simplified version of the code looks something like this

use Symfony\Component\Process\Process;

$keyPath = '<path to key>';
$keyPassword = '<password for unlocking the key>';
$socketPath = '<path to ssh-agent socket>';

$sshAdd = new Process(
"ssh-add {$keyPath}",
null,
[
'SSH_AUTH_SOCK' => $socketPath
],
$keyPassword
);
$sshAdd->run();


As you can see in the code above I make a call to
ssh-add
, sets the
SSH_AUTH_SOCK
in the environment so
ssh-add
can talk to the agent and then sends the password in the input. As I said previously, when I run this in a web context it works but it hangs in a shell/console context.

I did an
strace
of when running in the console and the relevant parts looks like this

open("<path to key>", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 3
write(4, "<key password>", <length of password>) = 20
close(4) = 0
wait4(9650, 0x7fff00ab3554, WNOHANG|WSTOPPED, NULL) = 0
select(8, [5 7], [], [], {0, 0}) = 0 (Timeout)
wait4(9650, 0x7fff00ab3554, WNOHANG|WSTOPPED, NULL) = 0
select(8, [5 7], [], [], {0, 0}) = 0 (Timeout)
select(8, [5 7], [], [], {0, 200000}Enter passphrase for <path to key>:) = 0 (Timeout)
select(8, [5 7], [], [], {0, 200000}) = 0 (Timeout)
select(8, [5 7], [], [], {0, 200000}) = 0 (Timeout)
select(8, [5 7], [], [], {0, 200000}) = 0 (Timeout)
select(8, [5 7], [], [], {0, 200000}) = 0 (Timeout)
...


As you can see the write seems to be ignored and the
ssh-add
program starts to block waiting for input.

Answer

Finally found a solution to this problem after reading the source for ssh-add and by reading this very old article from Wez Furlong where he talks about adding PTY support to PHP.

To quote the article:

What this does is similar to creating a pipe to the process, but instead creates master (for your script) and slave (for the process you're running) pty handles using the /dev/ptmx interface of your OS. This allows you to send to, and capture data from, applications that open /dev/tty explicitly--and this is generally done when interactively prompting for a password.

Turns out Symfony Process also supports PTY so the original code only needed a couple of changes. First I need to specify I want to use PTY instead of pipes by calling setPty(true). Then I need to simulate that the user has pressed ENTER after inputting the password simply by appending a line feed to the input.

The final code would look something like this (with comments on the changed lines)

use Symfony\Component\Process\Process;

$keyPath = '<path to key>';
$keyPassword = '<password for unlocking the key>';
$socketPath = '<path to ssh-agent socket>';

$sshAdd = new Process(
    "ssh-add {$keyPath}",
    null,
    [
        'SSH_AUTH_SOCK' => $socketPath
    ],
    $keyPassword . "\n"   // Append a line feed to simulate pressing ENTER
);
$sshAdd->setPty(true);   // Use PTY instead of the default pipes
$sshAdd->run();