SSH2 not working – won’t accept keys

  • Resolved dcivera

    (@dcivera)


    9 months, 3 weeks ago

    When trying to use SSH2 to install or update plugins, etc…, WordPress tells me (in Site Health)

    Unable to connect to the filesystem. Please confirm your credentials.

    When I try to install a plugin, I get the error message

    Installation failed: Public and Private keys incorrect for username

    Here’s the thing. I put together a php app to test php-ssh2, and all seems to work (see https://github.com/libssh2/libssh2/issues/1392#issuecomment-2123731614). So I’m down to WordPress, but I get no errors in the log.

    Here’s the relevant piece of my wp-config.php file

    define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', true );
define( 'SCRIPT_DEBUG', true );

/* Add any custom values between this line and the "stop editing" line. */

define('FS_METHOD', 'ssh2');

define( 'FTP_BASE', '/var/www/html/domain/public_html/' );
define( 'FTP_CONTENT_DIR', '/var/www/html/domain/public_html/wp-content/' );
define( 'FTP_PLUGIN_DIR ', '/var/www/html/domain/public_html/plugins/' );
define('FTP_PUBKEY','/home/username/.ssh/id_ed25519_wordpress.pub');
define('FTP_PRIKEY','/home/username/.ssh/id_ed25519_wordpress');
define('FTP_USER','username');
#define('FTP_PASS','');
define('FTP_HOST','xx.xx.xxx.xxx:12345');
#define( 'FTP_SSL', true );

    And here are the WP info

    `
### wp-core ###

version: 6.5.3
site_language: en_US
user_language: en_US
timezone: America/Toronto
permalink: /%postname%/
https_status: true
multisite: false
user_registration: 0
blog_public: 1
default_comment_status: open
environment_type: staging
user_count: 3
dotorg_communication: true

### wp-paths-sizes ###

wordpress_path: /var/www/html/domain/public_html
wordpress_size: 54.69 MB (57347863 bytes)
uploads_path: /var/www/html/domain/public_html/wp-content/uploads
uploads_size: 131.80 KB (134963 bytes)
themes_path: /var/www/html/domain/public_html/wp-content/themes
themes_size: 3.20 MB (3353680 bytes)
plugins_path: /var/www/html/domain/public_html/wp-content/plugins
plugins_size: 2.96 MB (3103409 bytes)
database_size: 2.69 MB (2818048 bytes)
total_size: 63.67 MB (66757963 bytes)

### wp-active-theme ###

name: Twenty Twenty-Four (twentytwentyfour)
version: 1.1
author: the WordPress team
author_website: https://www.ads-software.com
parent_theme: none
theme_features: core-block-patterns, post-thumbnails, responsive-embeds, editor-styles, html5, automatic-feed-links, widgets-block-editor, block-templates
theme_path: /var/www/html/domain/public_html/wp-content/themes/twentytwentyfour
auto_update: Enabled

### wp-plugins-active (5) ###

Akismet Anti-spam: Spam Protection: version: 5.3.2, author: Automattic - Anti-spam Team, Auto-updates disabled
Classic Editor: version: 1.6.3, author: WordPress Contributors, Auto-updates disabled
Health Check & Troubleshooting: version: 1.7.0, author: The www.ads-software.com community, Auto-updates disabled
Nginx Helper: version: 2.2.5, author: rtCamp, Auto-updates disabled
WP Crontrol: version: 1.16.3, author: John Blackbourn, Auto-updates disabled

### wp-plugins-inactive (1) ###

SSH SFTP Updater Support: version: 0.8.5, author: TerraFrost, David Anderson + Team Updraft, Auto-updates disabled

### wp-media ###

image_editor: WP_Image_Editor_Imagick
imagick_module_version: 1691
imagemagick_version: ImageMagick 6.9.11-60 Q16 x86_64 2021-01-25 https://imagemagick.org
imagick_version: 3.7.0
file_uploads: 1
post_max_size: 64M
upload_max_filesize: 64M
max_effective_size: 64 MB
max_file_uploads: 20
imagick_limits: 
	imagick::RESOURCETYPE_AREA: 122 MB
	imagick::RESOURCETYPE_DISK: 1073741824
	imagick::RESOURCETYPE_FILE: 768
	imagick::RESOURCETYPE_MAP: 512 MB
	imagick::RESOURCETYPE_MEMORY: 256 MB
	imagick::RESOURCETYPE_THREAD: 1
	imagick::RESOURCETYPE_TIME: 9.2233720368548E+18
imagemagick_file_formats: 3FR, 3G2, 3GP, AAI, AI, APNG, ART, ARW, AVI, AVIF, AVS, BGR, BGRA, BGRO, BIE, BMP, BMP2, BMP3, BRF, CAL, CALS, CANVAS, CAPTION, CIN, CIP, CLIP, CMYK, CMYKA, CR2, CR3, CRW, CUR, CUT, DATA, DCM, DCR, DCX, DDS, DFONT, DNG, DPX, DXT1, DXT5, EPDF, EPI, EPS, EPS2, EPS3, EPSF, EPSI, EPT, EPT2, EPT3, ERF, FAX, FILE, FITS, FRACTAL, FTP, FTS, G3, G4, GIF, GIF87, GRADIENT, GRAY, GRAYA, GROUP4, H, HALD, HDR, HEIC, HISTOGRAM, HRZ, HTM, HTML, HTTP, HTTPS, ICB, ICO, ICON, IIQ, INFO, INLINE, IPL, ISOBRL, ISOBRL6, J2C, J2K, JBG, JBIG, JNG, JNX, JP2, JPC, JPE, JPEG, JPG, JPM, JPS, JPT, JSON, K25, KDC, LABEL, M2V, M4V, MAC, MAGICK, MAP, MASK, MAT, MATTE, MEF, MIFF, MKV, MNG, MONO, MOV, MP4, MPC, MPG, MRW, MSL, MTV, MVG, NEF, NRW, NULL, ORF, OTB, OTF, PAL, PALM, PAM, PATTERN, PBM, PCD, PCDS, PCL, PCT, PCX, PDB, PDF, PDFA, PEF, PES, PFA, PFB, PFM, PGM, PGX, PICON, PICT, PIX, PJPEG, PLASMA, PNG, PNG00, PNG24, PNG32, PNG48, PNG64, PNG8, PNM, POCKETMOD, PPM, PREVIEW, PS, PS2, PS3, PSB, PSD, PTIF, PWP, RADIAL-GRADIENT, RAF, RAS, RAW, RGB, RGBA, RGBO, RGF, RLA, RLE, RMF, RW2, SCR, SCT, SFW, SGI, SHTML, SIX, SIXEL, SPARSE-COLOR, SR2, SRF, STEGANO, SUN, TEXT, TGA, THUMBNAIL, TIFF, TIFF64, TILE, TIM, TTC, TTF, TXT, UBRL, UBRL6, UIL, UYVY, VDA, VICAR, VID, VIDEO, VIFF, VIPS, VST, WBMP, WEBM, WEBP, WMV, WPG, X, X3F, XBM, XC, XCF, XPM, XPS, XV, XWD, YCbCr, YCbCrA, YUV
gd_version: not available
ghostscript_version: 10.00.0

### wp-server ###

server_architecture: Linux 6.1.0-21-cloud-amd64 x86_64
httpd_software: Apache
php_version: 8.2.18 64bit
php_sapi: fpm-fcgi
max_input_variables: 2000
time_limit: 600
memory_limit: 500M
admin_memory_limit: 1000M
max_input_time: 400
upload_max_filesize: 64M
php_post_max_size: 64M
curl_version: 7.88.1 OpenSSL/3.0.11
suhosin: false
imagick_availability: true
pretty_permalinks: true
htaccess_extra_rules: false
current: 2024-05-22T02:12:12+00:00
utc-time: Wednesday, 22-May-24 02:12:12 UTC
server-time: 2024-05-21T22:12:12-04:00

### wp-database ###

extension: mysqli
server_version: 10.11.6-MariaDB-0+deb12u1
client_version: mysqlnd 8.2.18
max_allowed_packet: 16777216
max_connections: 200

### wp-constants ###

WP_HOME: undefined
WP_SITEURL: undefined
WP_CONTENT_DIR: /var/www/html/domain/public_html/wp-content
WP_PLUGIN_DIR: /var/www/html/domain/public_html/wp-content/plugins
WP_MEMORY_LIMIT: 500M
WP_MAX_MEMORY_LIMIT: 1000M
WP_DEBUG: true
WP_DEBUG_DISPLAY: true
WP_DEBUG_LOG: true
SCRIPT_DEBUG: true
WP_CACHE: false
CONCATENATE_SCRIPTS: undefined
COMPRESS_SCRIPTS: undefined
COMPRESS_CSS: undefined
WP_ENVIRONMENT_TYPE: staging
WP_DEVELOPMENT_MODE: undefined
DB_CHARSET: utf8mb4
DB_COLLATE: undefined

### wp-filesystem ###

wordpress: writable
wp-content: writable
uploads: writable
plugins: writable
themes: writable

`
Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter dcivera

    (@dcivera)

    Here’s a follow up, which makes me thing the issue is in WP, but I can’t figure out what…

    Here’s a copy of the php script I wrote to test php-ssh2 and see if it was working

    <?php
$user                   = 'username';
$host                   = 'xx.xx.xxx.xx';
$port                   = '12345';
$private_key    = '/home/username/.ssh/id_wordpress';
$public_key     = '/home/username/.ssh/id_wordpress.pub';

if(!is_readable($private_key) || !is_readable($public_key)){
        echo "RSA keys not found\n";
}

/*Show debug messages*/
function ssh2_debug($message, $language, $always_display) {
   printf("%s %s %s\n",$message,$language,$always_display);
}


/* Notify the user if the server terminates the connection */
function my_ssh_disconnect($reason, $message, $language) {
  printf("Server disconnected with reason code [%d] and message: %s\n", $reason, $message);
}

$methods = array('hostkey' => 'ssh-rsa,ssh-ed25519');


$callbacks = array('disconnect' => 'my_ssh_disconnect', 'debug' => 'ssh2_debug' );

echo 'private key: '.file_get_contents($private_key)."\n";
echo 'public key: '.file_get_contents($public_key)."\n";
echo "host: $host\n";
echo "port: $port\n";
echo "user: $user\n";

#if(!$session = ssh2_connect($host, $port)){
#       echo "Could not connect to '$host'\n";
#}
#
#if(!ssh2_auth_pubkey_file($session, $user, $public_key, $private_key)){
#       echo "Could not authenticate to '$host'\n";
#}

$session = ssh2_connect($host, $port, $methods, $callbacks);

ssh2_auth_pubkey_file($session, $user, $public_key, $private_key);

$stream = ssh2_exec($session, 'free -m');
stream_set_blocking($stream, true);
$stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO);
echo stream_get_contents($stream_out);
?>

    Since my first post, I also made sure to run this program from another user on the server. I even put the file on the web server where WP is located and It ran fine when I visited the URL in my web browser.

    Here’s the output

    private key: -----BEGIN OPENSSH PRIVATE KEY-----
b3...
-----END OPENSSH PRIVATE KEY-----

public key: ssh-ed25519 AA...Rm username@hostname

host: xx.xxx.xx.xx
port: 12345
user: username
/home/username/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding  0
/home/username/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding  0
               total        used        free      shared  buff/cache   available
Mem:            3871        1467        1709           4         941        2404
Swap:              0           0           0

    Unless I’m missing something, the keys are accessible. The script runs from within the web server, but WP still gives me the same error message about keys.

    Thread Starter dcivera

    (@dcivera)

    Oh, the sweet sound of victory (???)/

    I haven’t found a post that sums it all up, so here is the solution for my setup (Debian 12, PHP 8.2).

    ## Use the right type of key

    It’s clear that there’s a bug somewhere in libssh2 or PHP or Debian, because not all keys work as they should. In many instances, with keys that worked perfectly fine, I got an error message in sshd saying that the type wasn’t found in PubkeyAcceptedAlgorithms although listing all types with ssh -Q key showed that they were. So please, when creating a key that will be used by libssh2 on this OS and this version of PHP, please use

    ssh-keygen -m PEM -t ssh-ed25519

      ## Change your home folder’s ownership

      This is the one that threw me for a loop. From memory, home folders are readable by others on Ubuntu. Not so on Debian. That create a problem for WordPress. Even if your keys have the right permissions, if your home folder is unreadable, the keys might as well be on the moon.

      I set the permission of the home folder to 755. It’s a user I created specifically for that purpose, and it doesn’t have sudo privileges.

      sudo chmod 755 /home/username/

      ## Change ownership and permissions for the keys

      Make sure that the user is in the same group as the Apache or Nginx

      sudo usermod -a -G www-data sadkoflj

      And make sure the public and private keys are readable. It’s not a big deal for the public key that’s readable by all, but the private key isn’t if generated by ssh-keygen. Hence, for the sake of consistency, I made both keys part of the www-data group, and set the permission of the private key to 640.

      sudo chown sadkoflj:www-data filename

      sudo chmod 640 privatekeyfile

      ## Note on wp-config.php

      One thing to note when setting up wp-config is that instead of the server’s IP, you ought to use localhost.

      define('FTP_HOST','localhost:12345');

      ## Final consideration

      What really helped me was using the little script I shared earlier. Run it with different users and different locations, and try to access it from the web server. And please, let me know if you think I’ve made a mistake somewhere or you disagree.

    Viewing 2 replies - 1 through 2 (of 2 total)
    • The topic ‘SSH2 not working – won’t accept keys’ is closed to new replies.