php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58573 unable to connect using the ssh2_auth_pubkey_file method
Submitted: 2009-03-03 09:54 UTC Modified: 2017-10-24 06:50 UTC
Votes:93
Avg. Score:4.5 ± 0.9
Reproduced:84 of 88 (95.5%)
Same Version:15 (17.9%)
Same OS:18 (21.4%)
From: pablo dot piti at gmail dot com Assigned:
Status: Open Package: ssh2 (PECL)
PHP Version: 5.2.4 OS: ubuntu 8.04
Private report: No CVE-ID: None
 [2009-03-03 09:54 UTC] pablo dot piti at gmail dot com
Description:
------------
trying to connect to a remote server using a pubkey file.

this does work when connecting from a gutsy server ( ubuntu 7.10, PHP 5.2.3, libssh2 0.14 and ssh2 0.10 beta )
but not on a hardy 8.04 ( PHP 5.2.4, libssh2 0.18 and ssh2 0.11.0-dev )
I'd tried to obtain more explicit output, but was able to retreive more debugging symbols when executing the script.

Reproduce code:
---------------
<?php
$connection = ssh2_connect ( 'machine.domain.tld', 22);
if( $a = ssh2_auth_pubkey_file($connection, "user", "path/to/pubkey",
    "/path/to/privkey", "passphrase")) {
    print "Pubkey auth successful"; 
} else {
    print "Pubkey auth Sux";
}
?>

Expected result:
----------------
Pubkey auth successful

Actual result:
--------------
Warning: ssh2_auth_pubkey_file() [function.ssh2-auth-pubkey-file]: Authentication failed for server1 using public key in /var/www/tests/ssh.php on line xx
Pubkey auth Sux

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-06-01 10:32 UTC] mlich dot lubomir at cpost dot cz
Same problem. Moreover I tried generate key with empty 
passphrase and that worked:

Ubuntu 10.4
Apache 2.2.14-5ubuntu8
PHP 5.3.2-1ubuntu4.2
libssh2-php 0.11.0-2.1

so this is working: ssh2_auth_pubkey_file($con, 
"mlich",$publickey,$privatekey)
and this isn't: ssh2_auth_pubkey_file($con, 
"mlich",$publickey,$privatekey,"passphrase")

i used ssh-keygen from package openssh-client 1:5.3p1-
3ubuntu3 whit syntax:

ssh-keygen -t rsa
 [2011-05-30 09:40 UTC] o dot mares at rebuy dot de
Any news on this bug? I have the same issue. Adding a key with 
a password results in the message that the authentication 
failed.

Tested on ubuntu 11.04, with php 5.3.5
 [2011-06-06 15:16 UTC] pontikis at gmail dot com
THe same bug in Ubuntu Maverick. Passphrase is not working.
 [2012-02-08 18:46 UTC] landeholm at gmail dot com
Having the same problem. Getting the error:

"PHP Warning:  ssh2_auth_pubkey_file(): Authentication failed for ubuntu using public key: Callback returned error in /test.php on line 5"

I can successfully connect when my private key is not encrypted, but when it is I get the above message. I have tried several types of encryptions (aes256/128 etc) but ssh2_auth_pubkey_file is simply broken for encrypted private keys. It forces me to store the private key in plain text.

My OS:

Linux - 3.0.0-14-virtual #23-Ubuntu SMP Mon Nov 21 21:09:11 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux

Ubuntu Oneiric
 [2012-05-16 13:43 UTC] jeff58 at free dot fr
exactly the same problem using ssh2_auth_pubkey_file() :

"Authentication failed for 'login' using public key: Callback returned error [line 303 of /usr/share/php/phing/tasks/ext/ScpTask.php]"

I can login to the server by "ssh" command line without any problem.

the script is executed in php-cli (it's a phing task)

version : ssh2-0.11.3 (installed with pecl)
libssh2-1 : 1.2.8-1
OS : Linux Mint 12

note : I switched from windows XP to linux mint, this phing script worked well before on windows XP on the same machine (using XAMPP install + some ssh2 dll extension found on the web + some install/tweek on "openssl lib' i can't remember now).
 [2012-06-22 08:33 UTC] langemeijer@php.net
ssh2_auth_pubkey_file() is broken when the public key file is protected with a 
password AND libssh2 is compiled with libgcrypt, which is what debian/ubuntu and 
probably others do.

I'm working on a solution for this bug, but if you need this working rebuild 
libssh2 yourself with OpenSSL.
 [2012-06-22 08:33 UTC] langemeijer@php.net
-Status: Open +Status: Verified -Assigned To: +Assigned To: langemeijer
 [2013-03-18 19:35 UTC] sergi at ulabox dot com
What is the status of this issue?
 [2013-04-10 21:19 UTC] joshua dot en at gmail dot com
I am having the same issue. I'm using Centos 6.3 with PHP 5.3.3 installed.
 [2013-06-24 09:55 UTC] m dot karoly at martondesign dot com
I have this problem too: php5.4.17RC1 @ ubuntu 12.04.2 x64
 [2013-07-01 13:35 UTC] tom at worley dot co dot uk
Likewise, I can verify this issue on php 5.4.9 on Ubuntu 13.04
 [2013-07-26 14:47 UTC] syn at li dot ru
Actually, guys, you can workaround this bug without rebuilding anything.

Just convert your private key file to PEM encoding (which libgcrypt supports).

Tested this on a Debian Wheezy PHP 5.4.4-14+deb7u2
 [2013-12-23 10:10 UTC] hujuice at inservibile dot org
Please, can you provide some more hint about the workaround?

I generated the key pair with
ssh-keygen -t dsa -m PEM -C www-data@webserver_hostname
but I'm running in the same problem.

PHP 5.4.4-14+deb7u7 on Raspbian here.
 [2013-12-23 10:20 UTC] syn at li dot ru
@hujuice at inservibile dot org: from what I got reading man ssh-keygen, -m optionb specifies "a key format for the -i (import) or -e (export) conversion". Which is not the case when generating a new key.

Use openssl to convert your key as I suggested at http://stackoverflow.com/questions/3407503/trying-to-connect-using-ssh2-auth-pubkey-file/17884385#17884385
 [2013-12-23 12:58 UTC] hujuice at inservibile dot org
Thank you syn at li dot ru.
I was a bit confused and I read too fast.
Regards
 [2015-03-26 15:22 UTC] tom at worley dot co dot uk
Hi guys,
This bug has been open for 6 years now, and I'm still getting the same issue in the latest, up to date, long term stable Ubuntu (14.04.2 LTS).

Is there a workaround that doesn't involve re-keying the SSH key without a password, or recompiling libssh (which therefore wouldn't be kept up to date with Ubuntu's packages for security updates).

OS: Ubuntu 14.0.2 LTS 64bit server
Libssh2: 1.4.3-2
PHP: 5.5.9

Thanks.
 [2015-12-23 20:14 UTC] pear dot user at gmail dot com
You could just use phpseclib (http://phpseclib.sourceforge.net). Not only does it not have this issue - it supports more key formats than PHP's SSH extension - PuTTY, PKCS8, PKCS1, XML, passwords, no passwords, etc. There are a number of other advantages it provides over PHP's SSH2 extension as well:

http://phpseclib.sourceforge.net/ssh/compare.html
 [2017-10-24 05:22 UTC] kalle@php.net
-Status: Verified +Status: Assigned
 [2017-10-24 06:50 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: langemeijer +Assigned To:
 [2020-03-11 19:51 UTC] 1034686760 at qq dot com
Hello everyone, I also found this problem in the evening, and I have solved it and it works, It is caused by the incorrect key format. You can try to convert "BEGIN OPENSSH PRIVATE KEY" to RSA, just use cmd "ssh-keygen -m PEM -t rsa -b 4096"  to create keys.
  Communicate any problem at any time
  1034686760@qq.com
  Wechat:chenyu16899
 [2023-12-07 01:56 UTC] ikechianya1 at gmail dot com
I solved this issue by authorizing my public key in cPanel.

Go to cPanel->SSH Access->Go to your Public key(not .pub key)->Manage

and follow the process to authorize.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 23:01:28 2024 UTC