Question

Connecting to droplet pragmatically via ssh2_auth_pubkey_file

I am using the DigitalOcean API to create Droplets with the Wordpress Ubuntu Image preinstalled - when I create the Droplet I need to activate the Wordpress install by logging in via SSH.

I want a fully automated process where I can create a full install without any manual work. The DO API stuff is straightforward and working but I am having an issue connecting to my droplet via ssh2_auth_pubkey_file.

The steps I have taken:

Generated a key via PuTTY Key Generator Added the public key to my DO account under ‘Settings’ Exported a OpenSSH Key via PuTTY Key Generator

I have a test setup using XAMPP on Windows - current code is:

<?php $host = “xxx.xx.xxxx”; $port = 22; $conn = ssh2_connect($host, $port); $username = “root”; $pub_key = “/etc/ssh/ssh_host_rsa_key.pub”; $pri_key = “id_rsa”; if(ssh2_auth_pubkey_file( $conn, $username, $pub_key, $pri_key)) { echo “Authentication succeeded”; } else { echo “Authentication failed”; } ?>

In the same folder I have the private key I generated from PuTTY Key Generator in a file called id_rsa.

I get the following error when trying to connect: Warning: ssh2_auth_pubkey_file(): Authentication failed for root using public key: Username/PublicKey combination invalid in /var/www/html/test/test.php on line 8 Authentication failed

In the id_rsa file I have:

-----BEGIN RSA PRIVATE KEY----- KEY HERE -----END RSA PRIVATE KEY-----

Can anyone see a reason why this isn’t working? It should in theory be pretty straight forward.

P.S. I have also tried saving the public key locally into a file called id_rsa.pub and using that in the $pub_key variable.


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

@dowsoninc

The function name is actually ssh2_connect. In your code, you’re using ssh2connect – also ssh2_auth_pubkey_file instead of ssh2authpubkeyfile. It may be a formatting issue with your post, but just for clarity :-).

As for the connection, I’m using a slightly modified version of what you have right now and it works.

<?php
$host   = 'ip_or_hostname';
$port   = 22;
$user   = 'username';
$pass   = 'passphrase';
$pubkey = '/path/to/key.pub';
$prikey = '/path/to/privkey';

$conn   = ssh2_connect( $host, $port );
$auth   = ssh2_auth_pubkey_file( $conn, $user, $pubkey, $prikey, $pass );

if ( $auth )
{
    echo 'Public Key Authentication Successful.' . PHP_EOL;
}
else
{
    echo 'Public Key Authentication Failed.' . PHP_EOL;
}

In the code above:

$host should be the IP of the Droplet, or Hostname;

$port should be the port you connect to SSH on;

$user should be the username of the user you’re connecting as (i.e. root, for example);

$pubkey should be the path to the public key file;

$prikey should be the path to the private key file;

We initialize the connection by assigning the function call to $conn, then assign the authentication function call to $auth. This keeps the function calls out of the if/else statement and keeps things clean.

If $auth returns true (which it should only ever return true or false), we echo out that the connection was a success. If it returns false, we echo out that the connection was a failure.

If you’re not using a passphrase on your SSH Key Pair, you can remove $pass from line 5 and also from , $pass from line 10.

I would recommend using a passphrase for security, though removing those two instances would be how to handle authentication without a passphrase.

If that doesn’t work, then you need to check your keys. PuTTy uses and entirely different format for keys that isn’t compatible with standard SSH (OpenSSH), so trying to use keys that PuTTy creates won’t work unless you export them as OpenSSH keys specifically.

@dowsoninc But have you connected the key with a droplet, when you create the droplet? Try to login with PuTTY and the key, does that work?