Allow PHP Hook Script to Run for Git

Suppose we have a deploy.php script at /var/www/html/deploy.php that is called by a hook from a service such as Github or Bitbucket.

We need to configure our web-server user, in this case it’s www-data, who’s default home directory is /var/www.

Create .ssh directory and set permissions

mkdir /var/www/.ssh
chmod 0700 /var/www/.ssh
chown -R www-data:www-data /var/www/.ssh

Create the SSH keys and restrict permission on the keys, chmod 0700 above allows the server write to the known_hosts file which will be created within this directory also. Although you cannot switch session to the www-data user as it has no bash shell you can execute commands as the user using sudo -u www-data.

sudo -u www-data ssh-keygen -t rsa
chmod 0600 /var/www/.ssh/id_rsa
chmod 0600 /var/www/.ssh/id_rsa.pub

Add the public key to the repository host service, i.e. Github, Bitbucket. Copy key from

cat /var/www/.ssh/id_rsa.pub

Add service to the www-data known_hosts file, in this case Bitbucket

sudo -u www-data ssh -T [email protected]

SSH REMOTE HOST IDENTIFICATION HAS CHANGED

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is

If you receive the above message when attempting a SSH connection it may be down to the host IP changing. If this is expected you can remove your known_hosts file or use:

ssh-keygen -R [hostname/IP address]

to remove the entry from the known_hosts file.

Using OpenSSH on a Linux Server with Filezilla

On your linux server install OpenSSH if not already present.

#debian
apt-get install openssh-server
#redhat
yum install openssh-server

Using Filezilla on a client enter the relavent details using the SSH protocol SFTP and user credentials setup on the server.

Filezilla will ask you if you want to trust the connection and will display the rsa key. SSH keys are generally stored in /etc/ssh/. You can view the rsa key on the server by typing:

ssh-keygen -lf /etc/ssh/ssh_host_rsa_key

For more direct remote management using SSH you can use cross-platfrom tools such as PuTTY or the FireSSH extension for the Firefox web browser