Connecting via SSH with RSA using PHPSECLIB

Question

I am learning how to use the 'phpseclib' library.

I have successfully managed to connect via SSH using the username/password combo.

I want to connect now using a private key, but I can't seem to be able to do it. Let me explain how I have gone about this and hopefully someone can point me to the errors of my way.

<?php

use phpseclib\Net\SSH2;
use phpseclib\Crypt\RSA;

include('vendor/autoload.php');

define('NET_SSH2_LOGGING', SSH2::LOG_COMPLEX);

$ssh = new SSH2('MYIP');
$rsa = new RSA();

$rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_OPENSSH);

extract($rsa->createKey(2048));

file_put_contents('privatekey', $privatekey);

if($rsa->loadKey(file_get_contents('privatekey')))
{
    echo('Key loaded');
} else {
    throw new Exception('Key not loaded');
}


if($ssh->login('chris', $rsa))
{
    echo('Connected');
} else {
    echo $ssh->getLastError();
    throw new Exception('Not Connected');
}

As you can see, I set the public key format to 'openssh' and then create the key. Using the values created by the createKey method I put that key in a file called 'privatekey' (no extension, but unsure if needed as it's just text). Then the normal, loading the key and using it as a value in the login.

I've used the official docs (which aren't great) and Google'd around and I've not had much luck with either.

The output of the getLastError is:

SSH_MSG_USERAUTH_FAILURE: publickey,password

Thanks in advance for any assistance.

score 3 · Accepted Answer · answered Jan 17 '16 at 01:50

You can create key pairs all day on the client side but unless the public part of the key pair you generated is in the /home/user/.ssh/authorized_keys file then it's not going to matter. And if you're creating the keys and trying to connect with them all in the same script... it's unlikely they're going to be in that file.

In this particular case you should load a private key whose corresponding public key is already in the /home/user/.ssh/authorized_keys file. Load that with $rsa->loadKey(...) and /then/ try to use that RSA object in SSH's login method.

Ha, looks like I'd of got it then with this post. While I did figure it out on my own, I shall mark this as correct as it's exactly what I needed to do. Thanks. — Chris Mellor, Jan 17 '16 at 02:07

score 1 · Answer 2 · answered Jan 17 '16 at 02:01

1

I have figured it out myself.

My own stupidity...

I hadn't put the $publickey in the authorized_keys file.

To be fair it's not like their's much recent documentation about this library, sadly.

Thanks to @PoX for your help.

answered Jan 17 '16 at 02:01

Chris Mellor

347
5
15

PoX · Answer 3 · 2016-01-17T01:47:59.427

0

Your code looks correct I think you are getting this error because you don't have ssh server configured right.

Check in sshd_config

RSAAuthentication yes
PubkeyAuthentication yes

Also make sure you have correct privileges on /home/chris/.ssh/ If you are keeping your authorized_keys somewhere else you need to configure that in sshd_config as well

AuthorizedKeysFile %h/.ssh/authorized_keys

and permissions

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

edited Jan 17 '16 at 01:47

answered Jan 17 '16 at 00:47

PoX

1,229
19
32

I do have both of those settings in my `sshd_config` already. My private key file is in my regular 'html' folder with all my other site related stuff - should it be in the '.ssh' folder? Also I changed the permissions of the file to 600, but nothing changed. – Chris Mellor Jan 17 '16 at 01:42
yes they should be under `~/.ssh/` added to my answer as well – PoX Jan 17 '16 at 01:45
Hmmm... so I moved the 'privatekey' file to that location, but it's still showing the same errors. – Chris Mellor Jan 17 '16 at 01:51

Connecting via SSH with RSA using PHPSECLIB

3 Answers3