ssh2_auth_pubkey_file : Can't Get To Work PART 2

Posted July 4, 2015 8.9k views

I recently posted a question titled “ssh2_auth_pubkey_file: Can't Get To Work”. I found a solution and posted an answer.

The PHP file in that article was invoked from the command line. This time I’m trying (unsuccessfully) to invoke it from a web form. The file is mostly the same, and both files I’m using are at the same level on the same server. The following message appears in /var/log/apache2/error.log

*…PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for <my username> using public key: Unable to open public key file in /var/www/html/test.php on line 12, referer: http://<my server’s IP#>/test.htm *

I’m guessing the problem has to do with owners or permissions somewhere, but I can’t get that worked out. Anyone have an idea of why authentication fails from web page invoking? Thanks for any assistance. Code from files ....

Simple HTML form - test.htm.

<!DOCTYPE html> 
<html lang="en-US"> 
<form method="post" action="test.php"> 
<p><button type="submit" >Submit</button>&nbsp;<button type="reset" >Reset</button></p> 

Simple PHP file - test.php

$host = "receiving server IP"; 
$port = 22; 
$conn = ssh2_connect($host, $port); 
$username = "my username"; 
$pub_key = "/home/my username/.ssh/"; 
$pri_key = "/home/my username/.ssh/id_rsa"; 
   echo "Authentication succeeded"; 
   echo "Authentication failed"; 
// eventual scp code here to send file to receiving server.
  • Additionally, the sending server’s (which test.php is on) public Key is installed in the receiving server’s authorized keys.

  • I’ll take a stab at this. and id_rsa are owned by you. The web service can’t use those credentials, as SSH will only use them if they are owned by the user who is accessing them (www-data in this case).

    You have 2 options: make a new key pair that the www-data can own, or copy these.

    If you want to copy these, use this handy script (change my-user to your username)

    sudo mkdir /opt/www-files/
    sudo cp /home/my-user/.ssh/id_rsa* /opt/www-files/
    sudo chown www-data:www-data /opt/www-files/
    sudo chmod 600 /opt/www-files/*
    sudo chmod 700 /opt/www-files/

    This isn’t the greatest option, but it should work.

  • That did it! Leaned something new about www-data. Good explanation. Hope this post gets to rank high.

    I haven’t tried making the /opt/www-files/ directory, yet. I did change the owner, of the sending server’s .ssh, idrsa, and files, from my username to www-data. The .htm page invokes the .php file and authentication is successful.

    Thanks again.

    PS - I miss Bender.

  • Leela

    I’m a virgin.


    Nice try, Leela, but we’ve all seen Zapp Branagin’s web page.

    [Bender laughs and the empathy chip beeps]


    Aw, I just made myself feel bad.

    We all miss Bender. I’ll leave you with this one:

    “I am Bender, please insert girder.”

  • Couldn’t resist.

    Hermes on the top ledge of Planet Express: “I’m going to jump!”
    The group below: “No! No!”
    Bender: “Do a flip !”

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

This question was answered.