shelly@foolishvisions.com

April 26, 2014 3k views
shelly
By:
shelly
Hello, all. I know this question has been asked before, but I've been trying to secure my WordPress installation with SSH keys (so it's a little bit safer). I followed the tutorial located here: https://www.digitalocean.com/community/articles/how-to-configure-secure-updates-and-installations-in-wordpress-on-ubuntu However, now when I go into my admin area and try to update or install a theme or plugin, it's now asking me for my "wp-user" FTP credentials, instead of just auto-updating. I followed the tutorial to the letter, but I can't make heads or tails of the "troubleshooting" section at the end. Everything looks like it's absolutely set up correctly, but it seems the wp-user isn't viewed as the "owner" of WordPress somehow (even though the ls -l command shows that it definitely is). Is there something else I should attempt? I did try doing "sudo chown wp-user:www-data /var/www" (WordPress is installed in the root - and it's not a 1-click install, it's running LAMP and I manually installed it) but that didn't do anything. Any help would be appreciated, thanks!
Log In to Comment
4 Answers
shelly April 26, 2014
Whoops - looks like something weird happened, and it put my email address in the "title" field - because that's NOT what I put there - sorry about that!
Reply
shelly April 26, 2014
i think I've narrowed it down - in the tutorial, it gives three reasons this wouldn't b working. I've already determined that two (improper permissions and improper file formatting) are ruled out.

I think the last one is what the issue is: improper file ownership. It says:

"These same keys need to be owned by the correct parties. Between owner and group-owner, this is often a mixture of the user being logged in and the web process user. In our example, the wp-user owns both the private and public keys, while the www-data group is the group-owner."

when I do an ls -l on the public key and authorized_keys files, the public key seems to be owned correctly (wp-user:www-data), but the authorized_keys are different - thy are owned by wp-user:wp-user. Shouldn't that also be owned by wp-user:www-data? If so, how do I change that? (or am I way off here in my understanding of the paragraph from the tutorial?)
Reply
shelly April 26, 2014
Got it :)

The tutorial was followed perfectly, but it forgets one thing: you need to set the group-owner of the .ssh file as www-data, not wp-user.

sudo chgrp www-data /home/wp-user/.ssh

did that, and BAM. all was working just fine.
Reply
Colin April 27, 2014
Thanks for taking the time to provide the answer.
Reply
Have another answer? Share your knowledge.