joey2250

I have no problem providing the keys. id rather not do it publicly in these comments, but I can email them to you.

I’d be willing to grant you access to my server if you cannot find out from that what the issue is.

And as far as I know, the keys are not encrypted & for sure, they do not have a passcode on them.

Also, this is on Ubuntu 18.04, phpfpm-73, nginx 1.17.2, OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017, wordpress-4.9.10

• This reply was modified 5 years, 6 months ago by joey2250.
• This reply was modified 5 years, 6 months ago by joey2250.
• This reply was modified 5 years, 6 months ago by joey2250.

I am using version 0.8.2.

The private key starts with:
—–BEGIN RSA PRIVATE KEY—–

The php user and the webserver are both using the custom user deploy, which has group access to read the /home/wpsshupdate/.ssh/wp_rsa file. This is a duplicate of the id_rsa file, but with more open permissions. The reason for that is the ssh server will not accept id_rsa for testing with group read permissions for the deploy user on it. I suppose I might get around this by having the deploy user be the ssh user, but I purposely set it up so that the deploy user cannot connect via ssh.

• This reply was modified 5 years, 6 months ago by joey2250.

I bet whatever it’s using for ssh then isn’t compatible with the more secure algorithms I have the SSH server limited to. That or it just doesn’t want to read a 4096-bit key.

No problem. I use the standard rsa_4096 key generated by ssh-keygen. It is the same one I used to test internally with ssh, but as a different file with more open permissions so the webserver has permissions to access it.

I used the wp-config.php to define it, I even copied the private key and pasted it in the wordpress text area to test and it didn’t work.

define(‘FS_METHOD’, ‘ssh2’);
define(‘FTP_BASE’, ‘/var/www/wp-directory’);
define(‘FTP_PUBKEY’,’/home/wpsshupdate/.ssh/wp_rsa.pub’);
define(‘FTP_PRIKEY’,’/home/wpsshupdate/.ssh/wp_rsa’);
define(‘FTP_USER’,’wpsshupdate’);
define(‘FTP_PASS’,’******************hidden*******’);
define(‘FTP_HOST’,’localhost’);

I thought it did, the error message is being pulled from the section of code around Line 91 from https://github.com/wp-plugins/ssh-sftp-updater-support/blob/master/class-wp-filesystem-ssh2.php.

$rsa->loadKey($this->options['private_key']);

Is what lead me to believe this plugin supported SSH keys.

Also, I only allow the following:

KexAlgorithms [email protected],diffie-hellman-group-exchange-sha256
Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr,aes128-ctr
MACs [email protected],[email protected],[email protected],hmac-sha2-512,hmac-sha2-256,[email protected]

But since its ssh’ing to itself, you’d think it would work since the user itself can without issue.

• This reply was modified 5 years, 6 months ago by joey2250.

I do not get those auth.log entries when I ssh localhost from the wpsshupdate user. It just works & uses the ssh-keys correctly.

• This reply was modified 5 years, 6 months ago by joey2250.