4

I have some php code which works well uploading files using cURL to hosts which are simply using user & password ftp, now I have to upload to a server which only allows public key auth and am getting the error: "* SSH public key authentication failed: Callback returned error"

I had a problem with the keys as they were not in the right format, but have since put them in the correct single line format and this stopped the "not base64 encoded" errors. I can't find much help on this callback error online.

my code is as follows.

$ch = curl_init();
curl_setopt($ch, CURLOPT_VERBOSE, TRUE); 
curl_setopt($ch, CURLOPT_URL, 'sftp://user:@12.12.12.12:22/testfile.gz');
curl_setopt($ch, CURLOPT_PROTOCOLS, CURLPROTO_SFTP);
curl_setopt($ch, CURLOPT_SSH_PUBLIC_KEYFILE,'C:\keys\public.pub');
curl_setopt($ch, CURLOPT_SSH_PRIVATE_KEYFILE,'C:\keys\private.ppk');
curl_setopt($ch, CURLOPT_SSH_HOST_PUBLIC_KEY_MD5,'2acfe24108c37a276a93ac3398a5oe8f');
curl_setopt($ch, CURLOPT_SSH_AUTH_TYPES,CURLSSH_AUTH_PUBLICKEY);
curl_setopt($ch, CURLOPT_UPLOAD, 1);
$fp = fopen($localfile, 'r');
curl_setopt($ch, CURLOPT_INFILE, $fp);
curl_setopt($ch, CURLOPT_INFILESIZE, filesize($localfile));
$sR = curl_exec ($ch);

here is the output from running the test

* About to connect() to 12.12.12.12 port 22 (#0)
*   Trying 12.12.12.12...
* connected
* Connected to 12.12.12.12 (12.12.12.12) port 22 (#0)
* SSH MD5 fingerprint: ebbc61b886c798b25073c912833ffers
* SSH authentication methods available: publickey
* Using ssh public key file C:\keys\public.pub
* Using ssh private key file C:\keys\private.ppk
* SSH public key authentication failed: Callback returned error
* Authentication failure
* Closing connection #0

any help appreciated

l0ft13
  • 710
  • 1
  • 7
  • 11

4 Answers4

8

There are cases (debian-based distros) when your libssh2 is built with libgcrypt. In those, use PEM-encoded private key file:

$ openssl rsa -in ~/.ssh/id_rsa -outform pem > id_rsa.pem
Alexander
  • 883
  • 7
  • 17
  • Thank you for clarifying this and saving me lots of debugging hours with curl & libssh2. I used a key with a passphrase and although every option was correct I kept getting the OP's error. Using a PEM key as described or using a normal ssh key without a passphrase allowed the client to connect. – Elias Kouskoumvekakis Jul 13 '15 at 05:55
  • A PEM key (used for OpenSSL certificates but also for SSH keys) as I understand contains both the key and the passphrase so it's like not having a key at all. libssh2 in Ubuntu LTS 14.04 uses libgcrypt and I found out that it doesn't support passphrases. So again, either use a PEM key or a key without a passphrase. – Elias Kouskoumvekakis Jul 13 '15 at 05:59
3

ppk is a putty putty private key, you need to export it as an open ( using puttygen go Conversations-> export OpenSSH )

Tim Holum
  • 697
  • 1
  • 11
  • 24
0

You might have better luck with phpseclib, a pure PHP SFTP implementation. eg.

<?php
include('Net/SFTP.php');

$sftp = new Net_SFTP('www.domain.tld');
if (!$sftp->login('username', 'password')) {
    exit('Login Failed');
}

// puts a three-byte file named filename.remote on the SFTP server
$sftp->put('filename.remote', 'xxx');
?>
neubert
  • 15,947
  • 24
  • 120
  • 212
0

libssh2 in Debian distributions (e.g Ubuntu LTS 14.04) uses libgcrypt which doesn't support passphrases. Use a key without a passphrase or generate a PEM key as described by Alexander's answer.

More information can be found on the following link: Trying to connect using ssh2_auth_pubkey_file()

Community
  • 1
  • 1
Elias Kouskoumvekakis
  • 416
  • 6
  • 11