April 26, 2014 3k views
Hello, all. I know this question has been asked before, but I've been trying to secure my WordPress installation with SSH keys (so it's a little bit safer). I followed the tutorial located here: However, now when I go into my admin area and try to update or install a theme or plugin, it's now asking me for my "wp-user" FTP credentials, instead of just auto-updating. I followed the tutorial to the letter, but I can't make heads or tails of the "troubleshooting" section at the end. Everything looks like it's absolutely set up correctly, but it seems the wp-user isn't viewed as the "owner" of WordPress somehow (even though the ls -l command shows that it definitely is). Is there something else I should attempt? I did try doing "sudo chown wp-user:www-data /var/www" (WordPress is installed in the root - and it's not a 1-click install, it's running LAMP and I manually installed it) but that didn't do anything. Any help would be appreciated, thanks!
4 Answers
Whoops - looks like something weird happened, and it put my email address in the "title" field - because that's NOT what I put there - sorry about that!
i think I've narrowed it down - in the tutorial, it gives three reasons this wouldn't b working. I've already determined that two (improper permissions and improper file formatting) are ruled out.

I think the last one is what the issue is: improper file ownership. It says:

"These same keys need to be owned by the correct parties. Between owner and group-owner, this is often a mixture of the user being logged in and the web process user. In our example, the wp-user owns both the private and public keys, while the www-data group is the group-owner."

when I do an ls -l on the public key and authorized_keys files, the public key seems to be owned correctly (wp-user:www-data), but the authorized_keys are different - thy are owned by wp-user:wp-user. Shouldn't that also be owned by wp-user:www-data? If so, how do I change that? (or am I way off here in my understanding of the paragraph from the tutorial?)
Got it :)

The tutorial was followed perfectly, but it forgets one thing: you need to set the group-owner of the .ssh file as www-data, not wp-user.

sudo chgrp www-data /home/wp-user/.ssh

did that, and BAM. all was working just fine.
Thanks for taking the time to provide the answer.
Have another answer? Share your knowledge.