Question

ssh2_auth_pubkey_file : Can't Get To Work PART 2

I recently posted a question titled “ssh2_auth_pubkey_file: Can't Get To Work”. I found a solution and posted an answer.

The PHP file in that article was invoked from the command line. This time I’m trying (unsuccessfully) to invoke it from a web form. The file is mostly the same, and both files I’m using are at the same level on the same server. The following message appears in /var/log/apache2/error.log

*…PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for <my username> using public key: Unable to open public key file in /var/www/html/test.php on line 12, referer: http://<my server’s IP#>/test.htm *

I’m guessing the problem has to do with owners or permissions somewhere, but I can’t get that worked out. Anyone have an idea of why authentication fails from web page invoking? Thanks for any assistance. Code from files ….

Simple HTML form - test.htm.

<!DOCTYPE html> 
<html lang="en-US"> 
<head> 
<title>Test</title> 
</head> 
<body> 
<form method="post" action="test.php"> 
<p><button type="submit" >Submit</button>&nbsp;<button type="reset" >Reset</button></p> 
</form> 
</body> 
</html>

Simple PHP file - test.php

<?php 
$host = "receiving server IP"; 
$port = 22; 
$conn = ssh2_connect($host, $port); 
$username = "my username"; 
$pub_key = "/home/my username/.ssh/id_rsa.pub"; 
$pri_key = "/home/my username/.ssh/id_rsa"; 
if(ssh2_auth_pubkey_file( 
	$conn, 
	$username, 
	$pub_key, 
	$pri_key)) 
{ 
   echo "Authentication succeeded"; 
} 
else 
{ 
   echo "Authentication failed"; 
} 
// eventual scp code here to send file to receiving server.
?>
Subscribe
Share

Leela

I’m a virgin.

Vyolet

Nice try, Leela, but we’ve all seen Zapp Branagin’s web page.

[Bender laughs and the empathy chip beeps]

Bender

Aw, I just made myself feel bad.

We all miss Bender. I’ll leave you with this one:

“I am Bender, please insert girder.”

That did it! Leaned something new about www-data. Good explanation. Hope this post gets to rank high.

I haven’t tried making the /opt/www-files/ directory, yet. I did change the owner, of the sending server’s .ssh, id_rsa, and id_rsa.pub files, from my username to www-data. The .htm page invokes the .php file and authentication is successful.

Thanks again.

PS - I miss Bender.

I’ll take a stab at this.

id_rsa.pub and id_rsa are owned by you. The web service can’t use those credentials, as SSH will only use them if they are owned by the user who is accessing them (www-data in this case).

You have 2 options: make a new key pair that the www-data can own, or copy these.

If you want to copy these, use this handy script (change my-user to your username)

sudo mkdir /opt/www-files/
sudo cp /home/my-user/.ssh/id_rsa* /opt/www-files/
sudo chown www-data:www-data /opt/www-files/
sudo chmod 600 /opt/www-files/*
sudo chmod 700 /opt/www-files/

This isn’t the greatest option, but it should work.

I’ll take a stab at this.

id_rsa.pub and id_rsa are owned by you. The web service can’t use those credentials, as SSH will only use them if they are owned by the user who is accessing them (www-data in this case).

You have 2 options: make a new key pair that the www-data can own, or copy these.

If you want to copy these, use this handy script (change my-user to your username)

sudo mkdir /opt/www-files/
sudo cp /home/my-user/.ssh/id_rsa* /opt/www-files/
sudo chown www-data:www-data /opt/www-files/
sudo chmod 600 /opt/www-files/*
sudo chmod 700 /opt/www-files/

This isn’t the greatest option, but it should work.

Couldn’t resist.

Hermes on the top ledge of Planet Express: “I’m going to jump!” The group below: “No! No!” Bender: “Do a flip !”

Additionally, the sending server’s (which test.php is on) public Key is installed in the receiving server’s authorized keys.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

This question was answered.