ssh2_auth_pubkey_file : Can't Get To Work PART 2
I recently posted a question titled “ssh2_auth_pubkey_file: Can't Get To Work”. I found a solution and posted an answer.
The PHP file in that article was invoked from the command line. This time I'm trying (unsuccessfully) to invoke it from a web form. The file is mostly the same, and both files I'm using are at the same level on the same server. The following message appears in /var/log/apache2/error.log
*...PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for <my username> using public key: Unable to open public key file in /var/www/html/test.php on line 12, referer: http://<my server's IP#>/test.htm *
I'm guessing the problem has to do with owners or permissions somewhere, but I can't get that worked out. Anyone have an idea of why authentication fails from web page invoking? Thanks for any assistance. Code from files ….
Simple HTML form - test.htm.
<!DOCTYPE html>
<html lang="en-US">
<head>
<title>Test</title>
</head>
<body>
<form method="post" action="test.php">
<p><button type="submit" >Submit</button> <button type="reset" >Reset</button></p>
</form>
</body>
</html>
Simple PHP file - test.php
<?php
$host = "receiving server IP";
$port = 22;
$conn = ssh2_connect($host, $port);
$username = "my username";
$pub_key = "/home/my username/.ssh/id_rsa.pub";
$pri_key = "/home/my username/.ssh/id_rsa";
if(ssh2_auth_pubkey_file(
$conn,
$username,
$pub_key,
$pri_key))
{
echo "Authentication succeeded";
}
else
{
echo "Authentication failed";
}
// eventual scp code here to send file to receiving server.
?>
Additionally, the sending server's (which test.php is on) public Key is installed in the receiving server's authorized keys.
I'll take a stab at this.
id_rsa.pub and id_rsa are owned by you. The web service can't use those credentials, as SSH will only use them if they are owned by the user who is accessing them (www-data in this case).
You have 2 options: make a new key pair that the www-data can own, or copy these.
If you want to copy these, use this handy script (change my-user to your username)
This isn't the greatest option, but it should work.
That did it! Leaned something new about www-data. Good explanation. Hope this post gets to rank high.
I haven't tried making the /opt/www-files/ directory, yet. I did change the owner, of the sending server's .ssh, idrsa, and idrsa.pub files, from my username to www-data. The .htm page invokes the .php file and authentication is successful.
Thanks again.
PS - I miss Bender.
Leela
Vyolet
[Bender laughs and the empathy chip beeps]
Bender
We all miss Bender. I'll leave you with this one:
"I am Bender, please insert girder."
Couldn't resist.
Hermes on the top ledge of Planet Express: "I'm going to jump!"
The group below: "No! No!"
Bender: "Do a flip !"