Public and Private keys incorrect error in Wordpress with SSH auth

Written by - 0 comments

Published on February 2nd 2015 - Listed in Internet PHP

There are several ways of making a Wordpress installation more secure. One possibility is to ditch FTP and use a safe authentication, like SSH.

In Wordpress 4.1 there is embedded support for SSH authentication active - as long as the ssh2 php extension is loaded.

In Debian Wheezy this can be installed with the library libssh2-php:

apt-get install libssh2-php

After the installation, a restart of Apache activates the extension (which is defined in /etc/php5/conf.d/ssh2.ini):

service apache2 restart

However, no matter what I did, I couldn't get it to work in Wordpress.
I adapted file permissions, create a key pair with and without a password, verified manual ssh login with the key file, ... whatever I did, I always got this error:

Public and Private keys incorrect for wpuser

Where wpuser is the user I defined and which owns the wordpress folder.

There are several good howtos available which mention this error and which give potential resolutions:

But unfortunately, none of them could resolve the problem.

On the SSH layer I saw, that a connection came in, but the key authentication never happened. The connection was always terminated from the pecl side before the authentication could happen (in the preauth phase):

sshd[80647]: Connection from port 36144
sshd[80647]: Found matching RSA key: aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp
sshd[80647]: Postponed publickey for wpuser from port 36144 ssh2 [preauth]
sshd[80647]: Received disconnect from 11: PECL/ssh2 ( [preauth]

Could it be a bug in the Wordpress core? Or maybe is the libssh2-php version too old/buggy? After a frustrating and non-successful research about possible bugs, I tried it with an alternative, a plugin called "SSH SFTP Updater Support". And finally I got lucky!
Once I manually installed (unzipped and activated) the plugin, I was able to use the private/public key pair as authentication method. With or without password-protected private key, both setups worked.

In the SSH log, the successful authentication (and sftp download of a theme) is logged like this:

sshd[84084]: Accepted publickey for wpuser from port 43559 ssh2
sshd[84084]: pam_unix(sshd:session): session opened for user wpuser by (uid=0)
sshd[84086]: subsystem request for sftp by user wpuser
sshd[84086]: Received disconnect from 11:
sshd[84084]: pam_unix(sshd:session): session closed for user wpuser

Great WP plugin, well done and well working! Thanks to the author TerraFrost!

Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.