Public and Private keys incorrect error in Wordpress with SSH auth

Written by - 0 comments

Published on - Listed in Internet PHP CMS Wordpress

There are several ways of making a Wordpress installation more secure. One possibility is to ditch FTP and use a safe authentication, like SSH.

In Wordpress 4.1 there is embedded support for SSH authentication active - as long as the ssh2 php extension is loaded.

In Debian Wheezy this can be installed with the library libssh2-php:

apt-get install libssh2-php

After the installation, a restart of Apache activates the extension (which is defined in /etc/php5/conf.d/ssh2.ini):

service apache2 restart

However, no matter what I did, I couldn't get it to work in Wordpress.
I adapted file permissions, create a key pair with and without a password, verified manual ssh login with the key file, ... whatever I did, I always got this error:

Public and Private keys incorrect for wpuser

Where wpuser is the user I defined and which owns the wordpress folder.

There are several good howtos available which mention this error and which give potential resolutions:

But unfortunately, none of them could resolve the problem.

On the SSH layer I saw, that a connection came in, but the key authentication never happened. The connection was always terminated from the pecl side before the authentication could happen (in the preauth phase):

sshd[80647]: Connection from port 36144
sshd[80647]: Found matching RSA key: aa:bb:cc:dd:ee:ff:gg:hh:ii:jj:kk:ll:mm:nn:oo:pp
sshd[80647]: Postponed publickey for wpuser from port 36144 ssh2 [preauth]
sshd[80647]: Received disconnect from 11: PECL/ssh2 ( [preauth]

Could it be a bug in the Wordpress core? Or maybe is the libssh2-php version too old/buggy? After a frustrating and non-successful research about possible bugs, I tried it with an alternative, a plugin called "SSH SFTP Updater Support". And finally I got lucky!
Once I manually installed (unzipped and activated) the plugin, I was able to use the private/public key pair as authentication method. With or without password-protected private key, both setups worked.

In the SSH log, the successful authentication (and sftp download of a theme) is logged like this:

sshd[84084]: Accepted publickey for wpuser from port 43559 ssh2
sshd[84084]: pam_unix(sshd:session): session opened for user wpuser by (uid=0)
sshd[84086]: subsystem request for sftp by user wpuser
sshd[84086]: Received disconnect from 11:
sshd[84084]: pam_unix(sshd:session): session closed for user wpuser

Great WP plugin, well done and well working! Thanks to the author TerraFrost!

Add a comment

Show form to leave a comment

Comments (newest first)

No comments yet.

RSS feed

Blog Tags:

  AWS   Android   Ansible   Apache   Apple   Atlassian   BSD   Backup   Bash   Bluecoat   CMS   Chef   Cloud   Coding   Consul   Containers   CouchDB   DB   DNS   Database   Databases   Docker   ELK   Elasticsearch   Filebeat   FreeBSD   Galera   Git   GlusterFS   Grafana   Graphics   HAProxy   HTML   Hacks   Hardware   Icinga   Icingaweb   Icingaweb2   Influx   Internet   Java   KVM   Kibana   Kodi   Kubernetes   LVM   LXC   Linux   Logstash   Mac   Macintosh   Mail   MariaDB   Minio   MongoDB   Monitoring   Multimedia   MySQL   NFS   Nagios   Network   Nginx   OSSEC   OTRS   Office   PGSQL   PHP   Perl   Personal   PostgreSQL   Postgres   PowerDNS   Proxmox   Proxy   Python   Rancher   Rant   Redis   Roundcube   SSL   Samba   Seafile   Security   Shell   SmartOS   Solaris   Surveillance   Systemd   TLS   Tomcat   Ubuntu   Unix   VMWare   VMware   Varnish   Virtualization   Windows   Wireless   Wordpress   Wyse   ZFS   Zoneminder   

Update cookies preferences