dcivera

Oh, the sweet sound of victory (???)/

I haven’t found a post that sums it all up, so here is the solution for my setup (Debian 12, PHP 8.2).

## Use the right type of key

It’s clear that there’s a bug somewhere in libssh2 or PHP or Debian, because not all keys work as they should. In many instances, with keys that worked perfectly fine, I got an error message in sshd saying that the type wasn’t found in PubkeyAcceptedAlgorithms although listing all types with ssh -Q key showed that they were. So please, when creating a key that will be used by libssh2 on this OS and this version of PHP, please use

ssh-keygen -m PEM -t ssh-ed25519

## Change your home folder’s ownership

This is the one that threw me for a loop. From memory, home folders are readable by others on Ubuntu. Not so on Debian. That create a problem for WordPress. Even if your keys have the right permissions, if your home folder is unreadable, the keys might as well be on the moon.

I set the permission of the home folder to 755. It’s a user I created specifically for that purpose, and it doesn’t have sudo privileges.

sudo chmod 755 /home/username/

## Change ownership and permissions for the keys

Make sure that the user is in the same group as the Apache or Nginx

sudo usermod -a -G www-data sadkoflj

And make sure the public and private keys are readable. It’s not a big deal for the public key that’s readable by all, but the private key isn’t if generated by ssh-keygen. Hence, for the sake of consistency, I made both keys part of the www-data group, and set the permission of the private key to 640.

sudo chown sadkoflj:www-data filename

sudo chmod 640 privatekeyfile

## Note on wp-config.php

One thing to note when setting up wp-config is that instead of the server’s IP, you ought to use localhost.

define('FTP_HOST','localhost:12345');

## Final consideration

What really helped me was using the little script I shared earlier. Run it with different users and different locations, and try to access it from the web server. And please, let me know if you think I’ve made a mistake somewhere or you disagree.

Here’s a follow up, which makes me thing the issue is in WP, but I can’t figure out what…

Here’s a copy of the php script I wrote to test php-ssh2 and see if it was working

<?php
$user                   = 'username';
$host                   = 'xx.xx.xxx.xx';
$port                   = '12345';
$private_key    = '/home/username/.ssh/id_wordpress';
$public_key     = '/home/username/.ssh/id_wordpress.pub';

if(!is_readable($private_key) || !is_readable($public_key)){
        echo "RSA keys not found\n";
}

/*Show debug messages*/
function ssh2_debug($message, $language, $always_display) {
   printf("%s %s %s\n",$message,$language,$always_display);
}


/* Notify the user if the server terminates the connection */
function my_ssh_disconnect($reason, $message, $language) {
  printf("Server disconnected with reason code [%d] and message: %s\n", $reason, $message);
}

$methods = array('hostkey' => 'ssh-rsa,ssh-ed25519');


$callbacks = array('disconnect' => 'my_ssh_disconnect', 'debug' => 'ssh2_debug' );

echo 'private key: '.file_get_contents($private_key)."\n";
echo 'public key: '.file_get_contents($public_key)."\n";
echo "host: $host\n";
echo "port: $port\n";
echo "user: $user\n";

#if(!$session = ssh2_connect($host, $port)){
#       echo "Could not connect to '$host'\n";
#}
#
#if(!ssh2_auth_pubkey_file($session, $user, $public_key, $private_key)){
#       echo "Could not authenticate to '$host'\n";
#}

$session = ssh2_connect($host, $port, $methods, $callbacks);

ssh2_auth_pubkey_file($session, $user, $public_key, $private_key);

$stream = ssh2_exec($session, 'free -m');
stream_set_blocking($stream, true);
$stream_out = ssh2_fetch_stream($stream, SSH2_STREAM_STDIO);
echo stream_get_contents($stream_out);
?>

Since my first post, I also made sure to run this program from another user on the server. I even put the file on the web server where WP is located and It ran fine when I visited the URL in my web browser.

Here’s the output

private key: -----BEGIN OPENSSH PRIVATE KEY-----
b3...
-----END OPENSSH PRIVATE KEY-----

public key: ssh-ed25519 AA...Rm username@hostname

host: xx.xxx.xx.xx
port: 12345
user: username
/home/username/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding  0
/home/username/.ssh/authorized_keys:1: key options: agent-forwarding port-forwarding pty user-rc x11-forwarding  0
               total        used        free      shared  buff/cache   available
Mem:            3871        1467        1709           4         941        2404
Swap:              0           0           0

Unless I’m missing something, the keys are accessible. The script runs from within the web server, but WP still gives me the same error message about keys.

Thank you so much Donncha,

I am scratching my head though because looking into it with a calmer state of mind, I now see that what I thought was version 1.10 was actually 1.11.

Please find attached a version of the logs in WordPress that describes what happened. As you can see, I did install version 1.10 and did disable auto-update. However, what I didn’t realize was that in between those two operations, it had auto-updated the plugin to 1.11.

So, while reverting to 1.10 did fix my issue, my problem wasn’t 1.11 since I was running it unknowingly even after the redirection problem was fixed. So, it must have been something on my machine that got corrected by deleting the plugin. Before that, I had tried just to deactivate and reactive the plugin, but that didn’t fix the issue (see 2nd screenshot).

Reverting to version 1.10 fixed the issue in the meantime.

Well, the recording proved useful, but for me, not so much for you ??

Good news: 2.1.2 seems to work great.

Video: https://cloud.civera.ca/RBumkdob

In the video, you’ll see what I was talking about. At 2:50, you see the website before activating Object Cache and at 2.55, you see what it looks like after. There are issues. However, they all disappear after a few refreshes on Safari.

Similarly, at 3:30, you see that the CMS has issues. However, after a refresh at 3:45, all is well again.

I’ve also kept using the plugin for a while, and the issues seen above have not reappeared.

Thank you so much for your patience.

No it doesn’t, but then again, technically, it doesn’t look like an error. It looks like the plugin changes certain properties. For instance, standard blog posts become video posts once activated.

Would you like me to record a screencast?

Ok, some things work well but I’m experiencing strange behaviors. Push notifications with the One Signal plugin work again and I don’t get an error message when I’m experiencing strange behaviors.

1. For example, when the object cache is enabled, I cannot choose two categories for a blog post at the same time. It only keeps one.

2. When enabled, all blog posts become video blog posts (under format). Activating Object Cache literally changes all blog posts’ format to “Video”. Deactivating reverts back to “Standard”.

Trying. I made a mistake previously

• This reply was modified 2 years, 7 months ago by dcivera.

Status: Connected
Client: PhpRedis (v5.1.1)
Drop-in: Valid
Disabled: No
Ping: 1
Errors: []
PhpRedis: 5.1.1
Relay: Not loaded
Predis: Not loaded
Credis: Not loaded
PHP Version: 7.4.3
Plugin Version: 2.1.1
Redis Version: 5.0.7
Multisite: No
Metrics: Enabled
Metrics recorded: 135
Filesystem: Working
Global Prefix: "wp_"
Blog Prefix: "wp_"
WP_REDIS_HOST: "127.0.0.1"
WP_REDIS_DATABASE: 1
WP_REDIS_PREFIX: "wp"
WP_CACHE_KEY_SALT: "wp"
WP_REDIS_PASSWORD: ????????
Global Groups: [
    "blog-details",
    "blog-id-cache",
    "blog-lookup",
    "global-posts",
    "networks",
    "rss",
    "sites",
    "site-details",
    "site-lookup",
    "site-options",
    "site-transient",
    "users",
    "useremail",
    "userlogins",
    "usermeta",
    "user_meta",
    "userslugs",
    "redis-cache",
    "blog_meta"
]
Ignored Groups: [
    "counts",
    "plugins",
    "themes",
    "WPForms_Entry_Handler"
]
Unflushable Groups: []
Groups Types: {
    "blog-details": "global",
    "blog-id-cache": "global",
    "blog-lookup": "global",
    "global-posts": "global",
    "networks": "global",
    "rss": "global",
    "sites": "global",
    "site-details": "global",
    "site-lookup": "global",
    "site-options": "global",
    "site-transient": "global",
    "users": "global",
    "useremail": "global",
    "userlogins": "global",
    "usermeta": "global",
    "user_meta": "global",
    "userslugs": "global",
    "redis-cache": "global",
    "counts": "ignored",
    "plugins": "ignored",
    "themes": "ignored",
    "blog_meta": "global",
    "WPForms_Entry_Handler": "ignored"
}
Drop-ins: [
    "advanced-cache.php v by ",
    "Query Monitor Database Class (Drop-in) v3.9.0 by John Blackbourn",
    "Redis Object Cache Drop-In v2.1.1 by Till Krüss"
]

Ok, Till solved the issue. I was using the rename-command feature to rename commands in /etc/redis and it was creating issues. Now, please note that this is really hard to detect because it doesn’t show up in the Redis error logs and WordPress doesn’t tell you squat.

Thanks a million to Till. It’s no wonder his plugin is so popular. His support is really appreciated.

Here’s a link to the HAR file.

https://share.getcloudapp.com/8LujzbyO

I started recording just before entering the password and stop as soon as I’m back to the login screen again.

I assumed the double 302 was because I have the 2FA plugin, so I enter the login/pass, then the one-time token. I had this plugin deactivated since starting this thread (even before actually). I just reactivated it now, because I’m pretty sure it’s not the reason for the issue.

In case you have an epiphany, here’ the Apache log when I’m trying to login:

MY_IP_ADDRESS - - [20/May/2020:19:15:02 -0400] "POST /wp-admin/admin-ajax.php HTTP/2.0" 200 418 "https://domain.tld/wp-login.php?redirect_to=https%3A%2F%2Fdomain.tld%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15"
MY_IP_ADDRESS - - [20/May/2020:19:15:06 -0400] "POST /wp-login.php HTTP/2.0" 302 0 "https://domain.tld/wp-login.php?redirect_to=https%3A%2F%2Fdomain.tld%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15"
MY_IP_ADDRESS - - [20/May/2020:19:15:06 -0400] "GET /wp-admin/ HTTP/2.0" 302 0 "https://domain.tld/wp-login.php?redirect_to=https%3A%2F%2Fdomain.tld%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15"
MY_IP_ADDRESS - - [20/May/2020:19:15:07 -0400] "GET /wp-login.php?redirect_to=https%3A%2F%2Fdomain.tld%2Fwp-admin%2F&reauth=1 HTTP/2.0" 200 2054 "https://domain.tld/wp-login.php?redirect_to=https%3A%2F%2Fdomain.tld%2Fwp-admin%2F&reauth=1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Safari/605.1.15"

• This reply was modified 4 years, 9 months ago by dcivera.

Thanks again. Unfortunately, that didn’t work either.

If it is the SSL, the silver lining is that once we go live, we’ll move the site to Cloudflare, get rid of the current certificate, and so I’m hoping that it will fix the issue. Otherwise, I have no idea how I’m going to do persistent object caching. I really wanted to use your plugin.

Again, I really appreciated your help in this. I have to give you 5 stars just for sticking with this ??

Thanks again for your perseverance.

Before contacting you, I had enabled troubleshooting mode, but after your suggestion, I manually deactivated all plugins, but unfortunately, the issue is still there.

Should I try to remove the SSL certificate and Certbot?

Just tried it and nothing. Cleared all cache and cookies from the browser. Set WP_REDIS_DATABASE=8. I also added WP_REDIS_SELECTIVE_FLUSH=true (it wasn’t set before), but that didn’t do anything either, so I removed it.

Thank you so much for sticking with me on this. I’m sure I must be an edge case, so I greatly appreciated it.

Just one thought, could the fact that the domain isn’t publically available cause the issue? It’s a staging server at the moment, so /etc/hosts on my machine and the server’s is pointing the server’s IP. I don’t see why, but I’m at a loss.

Thanks again for your help.

P.S I’m encountering the issue on Safari, Chrome, and Firefox

• This reply was modified 4 years, 9 months ago by dcivera.
• This reply was modified 4 years, 9 months ago by dcivera.