Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Trying to connect using ssh2_auth_pubkey_file()

Tags:

php

ssh

I am trying to make a php script that runs on the terminal that would connect to a remote server by ssh and retrieve a file. this is my code so far

#!/usr/bin/php -q
<?php
$cwd = dirname(__FILE__).'/';
$filename = 'retrive-this.file';
$host = 'hostip';

$connection = ssh2_connect($host, 22, array('hostkey'=>'ssh-rsa'));
$methods = ssh2_auth_pubkey_file($connection, 'remoteuser',
                                 $cwd.'ssh/id_rsa.pub',
                                 $cwd.'ssh/id_rsa', "it's an inception");
var_dump($methods);

//ssh2_scp_recv($connection, "/remote/server/path/to/$filename", $cwd.$filename);
?>

for now I am having problems with the ssh2_auth_pubkey_file() function, when I run the script it returns this:

PHP Warning:  ssh2_auth_pubkey_file(): Authentication failed for remoteuser using public key in /home/tonyl/Projects/get-file-ssh.php on line 10
bool(false)

The key files have permission -rw-r--r-- (644). Also the public key is already added to the remoteuser's authorized keys. I am able to ssh using the ssh command as normal, so I don't think it is a ssh authorization problem, but who knows. I am new to ssh and the ssh2 php library.

I can connect using ssh2_auth_password() if I enable it in the remote sshd_config file, but I don't want to do that since it decreases security tranfer.

Any ideas of what I can do.

like image 544
Tony L. Avatar asked Aug 04 '10 16:08

Tony L.

1 Answers

This is a known bug in php: password protected private key cannot be used on certain combinaisons.

See: https://bugs.php.net/bug.php?id=58573

ssh2_auth_pubkey_file() is broken when the public key file is protected with a password AND libssh2 is compiled with libgcrypt, which is what debian/ubuntu and probably others do. I'm working on a solution for this bug, but if you need this working rebuild libssh2 yourself with OpenSSL.

A workaround may be to store the private key unencrypted. To decrypt the key:

openssl rsa -in id_rsa -out id_rsaNOPASSWORD

and then use the file id_rsaNOPASSWORD without supplying the fifth parameter 'passphrase'. It works, but you'll have to be careful with your decrypted key file. Anyway, the level of security is not really terribly affected, because even with an encrypted key, you would still need to pass the passphrase unencrypted to the ssh2_auth_pubkey_file function ...

Hope it helps.

like image 76
megar Avatar answered Nov 16 '22 01:11

megar
Sign in to Comment

Related questions

Cannot push git to remote repository: (SSH error)
which one is better wget or scp to copy files from one server to other? [closed]
Text editor that can edit using sudo over ssh?
Is it possible to do have Capistrano do a checkout over a reverse SSH tunnel?
How can I pipe data to a process started via Net::SSH on stdin?
Cloning a Git repository over SFTP
Mirror rsnapshot backup directory
"yank" does not paste text when using Emacs over SSH
GitLab SSH keys stopped working
seq uses comma as decimal separator
Git on Cygwin: Fails to add the host to the list of known hosts
Jenkins hangs when trying to fetch from Stash
Connecting to gitosis server through an SSH tunnel
How can I use Emacs tramp to ssh to a remote host and edit a file as another user on an ad-hoc basis?
Capturing exit code from sudo-run process
Powershell takes a long time to load on start-up while loading ssh-agent / git
How to connect to SFTP through Paramiko with SSH key - Pageant
Visual studio + explore sftp
run composer and laravel (artisan) commands without ssh access
X Error of failed request: BadValue (integer parameter out of range for operation)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!