How do you proxy though a server using ssh (socks…) using php’s CURL?

Question

I want to use ssh, something like this:

ssh -D 9999 username@ip-address-of-ssh-server

But within php CURL, but I don\'t really see how this cou

Answer 1

You could use ssh2 module and ssh2_tunnel function to create ssh tunnel throu remote server. Examples available: http://www.php.net/manual/en/function.ssh2-tunnel.php

Answer 2

See my comment on Qwerty's proposed solution. I think you are looking in the wrong direction to try to solve this question. Instead, you should just use cURL and create a personal certificate for yourself. You say you want to use SSH for safety, but why not a certificate instead?

This site will let you easily create one http://www.cacert.org/

Since it's just for you, you can add an exception to your browsers so they won't complain of a bad certificate. No need for ssh!

Answer 3

according to manpage the -D does create a socks proxy.

-D [bind_address:]port
             Specifies a local ``dynamic'' application-level port forwarding.
             This works by allocating a socket to listen to port on the local
             side, optionally bound to the specified bind_address.  Whenever a
             connection is made to this port, the connection is forwarded over
             the secure channel, and the application protocol is then used to
             determine where to connect to from the remote machine.  Currently
             the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
             as a SOCKS server.  Only root can forward privileged ports.  Dy-
             namic port forwardings can also be specified in the configuration
             file.

Answer 4

You can use both libssh2 and curl from within a PHP script.

• First you need to get the ssh2 library from the PECL site. Alternatively, the PEAR package has SSH2 support too.
• After installing you can then read the ssh2 documentation on setting up a tunnel.
• In your script you can then set up the tunnel.
• After the tunnel is set up in the script you can specify the CURL proxy.
• Perform your CURL operation.
• Release the tunnel resource and close the connection in your script.

I'm not a PHP expert, but here's a rough example:

<?php
$connection = ssh2_connect(ip-address-of-ssh-server, 22);
ssh2_auth_pubkey_file($connection, 'username', 'id_dsa.pub', 'id_dsa');
$tunnel = ssh2_tunnel($connection, '127.0.0.1', 9999);
curl_setopt($ch, CURLOPT_PROXY, ‘127.0.0.1:9999'); 
// perform curl operations

// The connection and tunnel will die at the and of the session.
?>

The simplest option

Another option to consider is using sftp (ftp over ssh) instead of CURL... this is probably the recommended way to copy a file from one server to another securely in PHP...

Even simpler example:

<?php
$connection = ssh2_connect(ip-address-of-ssh-server, 22);
ssh2_auth_password($connection, 'username', 'password');
ssh2_scp_send($connection, '/local/filename', '/remote/filename', 0644);
?>

Answer 5

To open the SSH tunnel only for the duration of your script, you probably would need to use PHP forks. In one process, open the SSH tunnel (-D - you need to do some work to make sure you're not colliding on ports here), and in the other process, use CURL with socks proxy config. When your transfer is done, signal the ssh fork to terminate so the connection gets torn down.

Keep in mind that while the tunnel is open, other users on the same machine can also proxy on that port if they wanted to. With that in mind, it might be a better idea to use the -L 1234:remotehost:80 flag, and just get the URL http://localhost:1234/some/uri

If things go wrong with this, you may find orphaned SSH tunnels on your server though, so I would call this somewhat fragile.