Posted April 26, 2014 3.5k views
Hello, all. I know this question has been asked before, but I've been trying to secure my WordPress installation with SSH keys (so it's a little bit safer). I followed the tutorial located here: However, now when I go into my admin area and try to update or install a theme or plugin, it's now asking me for my "wp-user" FTP credentials, instead of just auto-updating. I followed the tutorial to the letter, but I can't make heads or tails of the "troubleshooting" section at the end. Everything looks like it's absolutely set up correctly, but it seems the wp-user isn't viewed as the "owner" of WordPress somehow (even though the ls -l command shows that it definitely is). Is there something else I should attempt? I did try doing "sudo chown wp-user:www-data /var/www" (WordPress is installed in the root - and it's not a 1-click install, it's running LAMP and I manually installed it) but that didn't do anything. Any help would be appreciated, thanks!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
4 answers
Whoops - looks like something weird happened, and it put my email address in the "title" field - because that's NOT what I put there - sorry about that!
i think I've narrowed it down - in the tutorial, it gives three reasons this wouldn't b working. I've already determined that two (improper permissions and improper file formatting) are ruled out.

I think the last one is what the issue is: improper file ownership. It says:

"These same keys need to be owned by the correct parties. Between owner and group-owner, this is often a mixture of the user being logged in and the web process user. In our example, the wp-user owns both the private and public keys, while the www-data group is the group-owner."

when I do an ls -l on the public key and authorized_keys files, the public key seems to be owned correctly (wp-user:www-data), but the authorized_keys are different - thy are owned by wp-user:wp-user. Shouldn't that also be owned by wp-user:www-data? If so, how do I change that? (or am I way off here in my understanding of the paragraph from the tutorial?)
Got it :)

The tutorial was followed perfectly, but it forgets one thing: you need to set the group-owner of the .ssh file as www-data, not wp-user.

sudo chgrp www-data /home/wp-user/.ssh

did that, and BAM. all was working just fine.
Thanks for taking the time to provide the answer.