尝试使用 ssh2_auth_pubkey_file() 连接 [英] Trying to connect using ssh2_auth_pubkey_file()

问题描述

我正在尝试制作一个在终端上运行的 php 脚本，该脚本将通过 ssh 连接到远程服务器并检索文件.这是我目前的代码

I am trying to make a php script that runs on the terminal that would connect to a remote server by ssh and retrieve a file. this is my code so far

#!/usr/bin/php -q
<?php
$cwd = dirname(__FILE__).'/';
$filename = 'retrive-this.file';
$host = 'hostip';

$connection = ssh2_connect($host, 22, array('hostkey'=>'ssh-rsa'));
$methods = ssh2_auth_pubkey_file($connection, 'remoteuser',
                                 $cwd.'ssh/id_rsa.pub',
                                 $cwd.'ssh/id_rsa', "it's an inception");
var_dump($methods);

//ssh2_scp_recv($connection, "/remote/server/path/to/$filename", $cwd.$filename);
?>

现在我在使用 ssh2_auth_pubkey_file() 函数时遇到问题，当我运行脚本时它返回:

for now I am having problems with the ssh2_auth_pubkey_file() function, when I run the script it returns this:

PHP Warning:  ssh2_auth_pubkey_file(): Authentication failed for remoteuser using public key in /home/tonyl/Projects/get-file-ssh.php on line 10
bool(false)

密钥文件具有权限 -rw-r--r-- (644).此外，公钥已添加到远程用户的授权密钥中.我可以像往常一样使用 ssh 命令 ssh，所以我认为这不是 ssh 授权问题，但谁知道呢.我是 ssh 和 ssh2 php 库的新手.

The key files have permission -rw-r--r-- (644). Also the public key is already added to the remoteuser's authorized keys. I am able to ssh using the ssh command as normal, so I don't think it is a ssh authorization problem, but who knows. I am new to ssh and the ssh2 php library.

如果我在远程 sshd_config 文件中启用它，我可以使用 ssh2_auth_password() 进行连接，但我不想这样做，因为它会降低安全传输.

I can connect using ssh2_auth_password() if I enable it in the remote sshd_config file, but I don't want to do that since it decreases security tranfer.

关于我能做什么的任何想法.

Any ideas of what I can do.

推荐答案

这是 php 中的一个已知错误:密码保护的私钥不能用于某些组合.

This is a known bug in php: password protected private key cannot be used on certain combinaisons.

参见:https://bugs.php.net/bug.php?id=58573

ssh2_auth_pubkey_file() 在公钥文件受密码保护并且 libssh2 是用 libgcrypt 编译时被破坏，这是 debian/ubuntu 和可能其他人所做的.我正在研究这个错误的解决方案，但如果你需要这个工作，请使用 OpenSSL 自己重建 libssh2.

ssh2_auth_pubkey_file() is broken when the public key file is protected with a password AND libssh2 is compiled with libgcrypt, which is what debian/ubuntu and probably others do. I'm working on a solution for this bug, but if you need this working rebuild libssh2 yourself with OpenSSL.

解决方法可能是存储未加密的私钥.解密密钥:

A workaround may be to store the private key unencrypted. To decrypt the key:

openssl rsa -in id_rsa -out id_rsaNOPASSWORD

然后使用文件 id_rsaNOPASSWORD 而不提供第五个参数密码".它有效，但您必须小心解密的密钥文件.无论如何，安全级别并没有真正受到严重影响，因为即使使用加密密钥，您仍然需要将未加密的密码短语传递给 ssh2_auth_pubkey_file 函数......

and then use the file id_rsaNOPASSWORD without supplying the fifth parameter 'passphrase'. It works, but you'll have to be careful with your decrypted key file. Anyway, the level of security is not really terribly affected, because even with an encrypted key, you would still need to pass the passphrase unencrypted to the ssh2_auth_pubkey_file function ...

希望有帮助.

这篇关于尝试使用 ssh2_auth_pubkey_file() 连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！