Header RSS Feed
 
If you only want to see the articles of a certain category, please click on the desired category below:
ALL Android Backup BSD Database Hacks Hardware Internet Linux Mail MySQL Monitoring Network Personal PHP Proxy Shell Solaris Unix Virtualization VMware Windows Wyse

Public and Private keys incorrect error in Wordpress with SSH auth
Monday - Feb 2nd 2015 - by - (0 comments)

There are several ways of making a Wordpress installation more secure. One possibility is to ditch FTP and use a safe authentication, like SSH.

In Wordpress 4.1 there is embedded support for SSH authentication active - as long as the ssh2 php extension is loaded.

In Debian Wheezy this can be installed with the library libssh2-php:

apt-get install libssh2-php

After the installation, a restart of Apache activates the extension (which is defined in /etc/php5/conf.d/ssh2.ini):

service apache2 restart

However, no matter what I did, I couldn't get it to work in Wordpress.
I adapted file permissions, create a key pair with and without a password, verified manual ssh login with the key file, ... whatever I did, I always got this error:

Public and Private keys incorrect for wpuser

Where wpuser is the user I defined and which owns the wordpress folder.

There are several good howtos available which mention this error and which give potential resolutions:

But unfortunately, none of them could resolve the problem.

On the SSH layer I saw, that a connection came in, but the key authentication never happened. The connection was always terminated from the pecl side before the authentication could happen (in the preauth phase):

sshd[80647]: Connection from 123.45.67.89 port 36144
sshd[80647]: Found matching RSA key: aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp
sshd[80647]: Postponed publickey for wpuser from 123.45.67.89 port 36144 ssh2 [preauth]
sshd[80647]: Received disconnect from 123.45.67.89: 11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth]

Could it be a bug in the Wordpress core? Or maybe is the libssh2-php version too old/buggy? After a frustrating and non-successful research about possible bugs, I tried it with an alternative, a plugin called "SSH SFTP Updater Support". And finally I got lucky!
Once I manually installed (unzipped and activated) the plugin, I was able to use the private/public key pair as authentication method. With or without password-protected private key, both setups worked.

In the SSH log, the successful authentication (and sftp download of a theme) is logged like this:

sshd[84084]: Accepted publickey for wpuser from 123.45.67.89 port 43559 ssh2
sshd[84084]: pam_unix(sshd:session): session opened for user wpuser by (uid=0)
sshd[84086]: subsystem request for sftp by user wpuser
sshd[84086]: Received disconnect from 123.45.67.89: 11:
sshd[84084]: pam_unix(sshd:session): session closed for user wpuser

Great WP plugin, well done and well working! Thanks to the author TerraFrost!

 

Add a comment

Show form to leave a comment

Comments (newest first):

No comments yet.

Go to Homepage home
Linux Howtos how to's
Nagios Plugins nagios plugins
Links links

Valid HTML 4.01 Transitional
Valid CSS!
[Valid RSS]

7667 Days
until Death of Computers
Why?