ssh2_auth_pubkey_file : Can't Get To Work PART 2

July 4, 2015 4.9k views
PHP Ubuntu
sams.folk
By:
sams.folk

I recently posted a question titled “ssh2_auth_pubkey_file: Can't Get To Work”. I found a solution and posted an answer.

The PHP file in that article was invoked from the command line. This time I'm trying (unsuccessfully) to invoke it from a web form. The file is mostly the same, and both files I'm using are at the same level on the same server. The following message appears in /var/log/apache2/error.log

*...PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for <my username> using public key: Unable to open public key file in /var/www/html/test.php on line 12, referer: http://<my server's IP#>/test.htm *

I'm guessing the problem has to do with owners or permissions somewhere, but I can't get that worked out. Anyone have an idea of why authentication fails from web page invoking? Thanks for any assistance. Code from files ….

Simple HTML form - test.htm.

<!DOCTYPE html> 
<html lang="en-US"> 
<head> 
<title>Test</title> 
</head> 
<body> 
<form method="post" action="test.php"> 
<p><button type="submit" >Submit</button>&nbsp;<button type="reset" >Reset</button></p> 
</form> 
</body> 
</html>

Simple PHP file - test.php

<?php 
$host = "receiving server IP"; 
$port = 22; 
$conn = ssh2_connect($host, $port); 
$username = "my username"; 
$pub_key = "/home/my username/.ssh/id_rsa.pub"; 
$pri_key = "/home/my username/.ssh/id_rsa"; 
if(ssh2_auth_pubkey_file( 
    $conn, 
    $username, 
    $pub_key, 
    $pri_key)) 
{ 
   echo "Authentication succeeded"; 
} 
else 
{ 
   echo "Authentication failed"; 
} 
// eventual scp code here to send file to receiving server.
?>
5 comments
  • sams.folk July 5, 2015

    Additionally, the sending server's (which test.php is on) public Key is installed in the receiving server's authorized keys.

  • JonsJava July 9, 2015

    I'll take a stab at this.

    id_rsa.pub and id_rsa are owned by you. The web service can't use those credentials, as SSH will only use them if they are owned by the user who is accessing them (www-data in this case).

    You have 2 options: make a new key pair that the www-data can own, or copy these.

    If you want to copy these, use this handy script (change my-user to your username)

    sudo mkdir /opt/www-files/
sudo cp /home/my-user/.ssh/id_rsa* /opt/www-files/
sudo chown www-data:www-data /opt/www-files/
sudo chmod 600 /opt/www-files/*
sudo chmod 700 /opt/www-files/

    This isn't the greatest option, but it should work.

  • sams.folk July 9, 2015

    That did it! Leaned something new about www-data. Good explanation. Hope this post gets to rank high.

    I haven't tried making the /opt/www-files/ directory, yet. I did change the owner, of the sending server's .ssh, idrsa, and idrsa.pub files, from my username to www-data. The .htm page invokes the .php file and authentication is successful.

    Thanks again.

    PS - I miss Bender.

  • JonsJava July 9, 2015

    Leela

    I'm a virgin.

    Vyolet

    Nice try, Leela, but we've all seen Zapp Branagin's web page.

    [Bender laughs and the empathy chip beeps]

    Bender

    Aw, I just made myself feel bad.

    We all miss Bender. I'll leave you with this one:

    "I am Bender, please insert girder."

  • sams.folk July 9, 2015

    Couldn't resist.

    Hermes on the top ledge of Planet Express: "I'm going to jump!"
    The group below: "No! No!"
    Bender: "Do a flip !"

Log In to Comment
1 Answer
sams.folk July 26, 2015

This question was answered.

Reply
Have another answer? Share your knowledge.

Related Questions