ssh2_auth_pubkey_file身份验证始终失败 [英] ssh2_auth_pubkey_file authentication always fails

问题描述

我正在尝试使用PHP的ssh2函数连接到另一台计算机.我知道ssh密钥已经创建，没有密码，并且分配正确，我可以在计算机的终端中ssh user@host到服务器.

I'm trying to connect to another machine using PHP's ssh2 functions. I know the ssh keys have been created with no passwords and are distributed correctly, I can ssh user@host in the terminal on my machine to the server.

PHP函数尝试使用ssh密钥文件连接到IP地址:-

The PHP function tries to connect to a ip address using an ssh key file:-

 function minnerConnect($miner_serial) {

    $port = '7822';
    $miner_ip = $this->getMinerIp($miner_serial);

    $methods = array(
        'kex' => 'diffie-hellman-group1-sha1',
        'hostkey' => 'ssh-dss',
        'client_to_server' => array(
            'crypt' => '3des-cbc',
            'mac' => 'hmac-md5',
            'comp' => 'none'),
        'server_to_client' => array(
            'crypt' => '3des-cbc',
            'mac' => 'hmac-md5',
            'comp' => 'none'));
    $connection = ssh2_connect($miner_ip, $port, $methods);
    if (ssh2_auth_pubkey_file($connection, 'root',
        '/root/.ssh/id_dsa.pub',
        '/root/.ssh/id_dsa','')) {
      echo "Public Key Authentication Successful\n";
    } else {
      echo "Public Key Authentication Failed";
    }

但显示的错误是:-

(！)警告:ssh2_auth_pubkey_file():使用公钥对根进行身份验证失败:在第95行的/var/www/application/models/miner_model.php中回调返回错误

( ! ) Warning: ssh2_auth_pubkey_file(): Authentication failed for root using public key: Callback returned error in /var/www/application/models/miner_model.php on line 95

第95行是'/root/.ssh/id_dsa','')) {.

有人可以提出修复建议吗?

Can anybody suggest a fix?

推荐答案

这种情况下的错误是密钥是由root用户生成的，但是Web服务器组/所有者www-data需要访问它们.

The error in this case was that the keys were generated by the root user, but they need to be accessible by the web server group/owner www-data.

我不喜欢将Web文件夹中的ssh密钥保持对www-data打开的想法，因此我将密钥文件移动到新用户的主目录(/home/keyuser/)，然后使它们可供www-data访问.身份验证成功.

I didn't like the idea of keeping ssh keys in a web folder open to www-data, so I moved the key files to a new user's home directory (/home/keyuser/) then made them accessible to www-data. Authentication was successful.

即使最初的错误是说它找到了文件，也无法读取文件.

Even though the original error was saying it found the file, it couldn't read the file.

一种更好的调试方法是尝试通过php读取文件:

A better debug method is to try reading the file via php:

$prv_key = file_get_contents('/var/www/application/files/id_dsa');
print "<pre>";
var_export($prv_key);
print "</pre>";

这篇关于ssh2_auth_pubkey_file身份验证始终失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！