|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #59409 ssh2_auth_pubkey_file() requires both public and private keys
Submitted: 2010-09-09 16:20 UTC Modified: 2017-10-24 06:49 UTC
Avg. Score:3.8 ± 1.5
Reproduced:5 of 5 (100.0%)
Same Version:3 (60.0%)
Same OS:2 (40.0%)
From: ron at roncemer dot com Assigned:
Status: Open Package: ssh2 (PECL)
PHP Version: 5.3.2 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: ron at roncemer dot com
New email:
PHP Version: OS:


 [2010-09-09 16:20 UTC] ron at roncemer dot com
Every other ssh client I've ever dealt with, only requires 
the private key to authenticate to a remote server with 

Have a look at the ganymed Java SSH2 library, class name 
ch.ethz.ssh2.Connection, function signature "boolean 
authenticateWithPublicKey(java.lang.String user, pemFile, java.lang.String password)".  All that 
is needed is the private-key pem file in order to 
authenticate.  I've been using this library for years in 
Java, and it works great.

What is the reason for requiring both the public and private 
keys for authenticating, when in reality only the private 
key is required?  The public key should be easily extracted 
from private key, and should be handled silently by PHP.

Also, have a look at ganymed Connection class, function 
signature "boolean 
authenticateWithPublicKey(java.lang.String user, char[] 
pemPrivateKey, java.lang.String password)".  This provides a 
way to pass in the private key as an array of char.  In PHP, 
this would be really useful.  You could store your private 
keys in a secured database and use it for all kinds of 
server authentication, automatic deployment, log file 
collection, automation.  The absence of this functionality 
in PHP actually presents a security risk, because to get it 
to work, you'd actually have to write your private key to a 
temp file, then delete the temp file when done.  Not as
secure as reading it from a string which came from a secure 


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2012-06-14 07:29 UTC]
-Package: PECL bug system +Package: ssh2 -Assigned To: +Assigned To: langemeijer
 [2012-06-14 07:29 UTC]
You are raising an interesting question. It's because libssh2 (the underlying c 
library) requires a public key file. Although the PHP extension could extract the 
public key from the private key, I'd rather see this solved in libssh2. I'll 
raise this issue with the libssh2 guys.
 [2012-06-20 14:53 UTC]
-Type: Bug +Type: Feature/Change Request
 [2012-06-20 14:53 UTC]
It turns out that libssh2 supports this, but it was undocumented.

It's now a feature request I plan to work on.
 [2012-06-22 05:53 UTC] zelnaga at gmail dot com
That'll be a much needed improvement!

In the mean time, you can use phpseclib - a pure PHP SSH implementation - as a 
workaround. eg.


$ssh = new Net_SSH2('www.domain.tld');
$key = new Crypt_RSA();
if (!$ssh->login('username', $key)) {
    exit('Login Failed');

echo $ssh->exec('pwd');
echo $ssh->exec('ls -la');
 [2017-10-24 06:49 UTC]
-Status: Assigned +Status: Open -Assigned To: langemeijer +Assigned To:
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Feb 26 12:01:26 2024 UTC