[Plugin: SSH SFTP Updater Support] I'm a little confused

Although in theory an SSH / SFTP server could require both password and publickey authentication, in practice, I’ve never in my life seen such a server. If your SSH / SFTP server was configured in this way you’d be out of luck because this plugin doesn’t support that. Not yet at least. It’s something I can certainly make it support but I’d need access to a server that behaved in that way if I were to play around with it.

Does your putty key perchance say “Encryption: aes256-cbc” in it? If so that’d mean that it’s not the SSH / SFTP server that’s requiring the password. Rather, it’s the private key that’s requiring the password. If that’s the case that’s something I can fix a ton easier.

As for the “Public and Private keys incorrect” message… I’ll make a commit shortly to fix it. Thanks for alerting me about it!

Thanks for fast response. yes the file does begin with “Encryption: aes256-cbc” ??

Try it now!

I converted my Vandyke private key to openssh private key but yr prog says public/private key combination incorrect.

My key is RSA1024 & starts:

<snip>
—-BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,F3A……..
…….99XduYgtt
—–END RSA PRIVATE KEY—–
</snip>

And have you actually tried the standard ftp option with a remote wordpress install? It does not work.

Hoping this helps your excellent project,
Nico M
London

Hi

I can now get past the first stage, but now I have another error:

Downloading install package from https://downloads.www.ads-software.com/plugin/nucaptcha.zip…

Unpacking the package…

Could not copy file. /wordpress/wp-content/upgrade/nucaptcha.tmp/

At first I noticed /upgrade didn’t exist, so I created it, and then gave permissions, and still get the error.

Thanks for the help so far.

NicoMorrison – can you keep your replies in the same thread? Making a new post in every new thread makes it harder for me to back reference previous posts and it’s liable to make ElGoorf confused as well. ie. he might see my response and think it’s in response to his question when it’s in fact in response to yours.

And yes – I have tried the standard ftp option with this. It works fine on my server.

You said, in another thread, “yr plug-in it replaced that screen” and that you had to “deactivate yr plug-in and then the standard screen reappeared”. This plugin’s code was copy / pasted directly from WordPress. There were a few lines that were changed but nothing of any relevance to the problem you’re describing and there were no super big cosmetic changes.

Honestly, that makes me wonder if you’re using an older version of WordPress or something.

As for your key… I just committed a change for ElGoorf that adds support for password protected RSA keys (as yours is).

Long story short, I think the best way for me to tackle your problem would be for me to just be given temp access to your WordPress admin panel along with the FTP / SFTP login info.

I’ll be short, V3.2.1 with 16 plug-ins up-to-date. Clean up-to-date Debian server also up-to-date.

I installed SSH SFTP Updater using the integrated WordPress installer which asks if I want to do it automatically and when I say yes, a screen appears asking for ftp credentials.
This is the screen which is replaced by SSH SFTP Updater which is very similar but adds the ssh options.
Should I be pulling this out of subversion somewhere? Maybe I got an earlier version?

Thanks & I’ll stay in this thread,
Nico M ??

Whoopee! I downloaded your latest from svn & although standard FTP faisl, the connection via SSH2 went A1! Read my private keyword fine & downloaded & installed the new plugin.

Thank you for your efforts, great to avoid FTP when possible.

Regards,
Nico Morrison
London UK

[feature request] I would like to have the private key location set and imported automatically & for the plug-in to remember the private key pass phrase.

The program works very well in ssh2, once I downloaded the new(er) files from svn.

But ftp still does not work, though I don’t need it now.

Thank you for a useful & secure little plug-in.

Regards,
Nico M

ElGoorf – Could you update to the latest SVN? In particular, if you could replace your ssh/-sftp-updater/support/phpseclib/Net/SFTP.php file with this one:

https://plugins.trac.www.ads-software.com/export/426522/ssh-sftp-updater-support/trunk/phpseclib/Net/SFTP.php

Next, in class-wp-filesystem-ssh2.php, there should be the following:

//define(‘NET_SFTP_LOGGING’, NET_SFTP_LOG_REALTIME);

If you could uncomment that and then try to install whatever you’re trying to install that’d be great.

This change won’t fix anything but, with any luck, it’ll give me the info I need to diagnose / fix the problem. Thanks!

NicoMorrison – I’m unable to duplicate the FTP problem. If you could give me access to your admin control panel so that I might test it out on your server that’d be very helpful.

As for your feature requests… the saving of the private key location should be do’able enough. As for remembering the private key pass phrase… seems to me that you’d be best off just removing password protection offline and uploading it. I mean, I suppose, in theory, having the key on the filesystem and the password for the key in the DB could provide slightly better protection than just having a non-password protected key but I dunno… it’s something that I think ought to be discouraged none-the-less.

You can remove the password protection by using puttygen.

TerraFrost apologies but I won’t give FTP access, I run a bunch of sites under this username …

My understanding is that if the private key does not have a password, it is not encrypted…

Anyway it works in ssh2 which is what I need.

Best,
Nico M
London

NicoMorrison – that’s true, but if someone can read and write files on the server space they can probably create a PHP script to read the password in the SQL DB, which would render any encryption meaningless.

If they only had read access to the files on the server space it’d be tougher for them to get the password, but still… if you’re worried about people being able to read the unencrypted private key than storing the password to decrypt the private key on the server probably isn’t hte best idea. You could encrypt the password, too, I suppose, but then the key to decrypt the password would have to be stored in plaintext too. At some point, you’re either going to just have to enter in a password or you’re going to have to store something that would render the point of encrypting the private key moot.

TerraFrost I want to store the private key password locally, NOT of course on the server. So the program needs to know where my local storage for that is.

I don’t know enough to comment on your other remaarks, I just want to be able to press UPDATE and it finds my private key locally & finds my passphrase locally & generates the inputs to your updater,

Ta,
N

Hmmm. I’ve been thinking about making it so locally stored files can be uploaded instead of having to be copy / pasted but there’s not really going to be any way to make it remember where the private key was stored on subsequent uploads. That’s really more the domain of the browser and there’s not a whole lot WordPress can do about that.