2

I am trying to connect via php curl on an SFTP destination, with key authentication.

I manage to connect outside of curl, with openSSH: ( it work )

sftp -i myPrivateKey sftp://myusername@destination.com

however, I cannot reproduce this connection in curl, I have an authentication failure error. how is that possible?

    $dest = 'sftp://myusername@mydestination:22';

    $curlHandler = curl_init();
    curl_setopt($curlHandler, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curlHandler, CURLOPT_SSL_VERIFYHOST, false);
    curl_setopt($curlHandler, CURLOPT_URL, $dest);
    curl_setopt($curlHandler, CURLOPT_PROTOCOLS, CURLPROTO_SFTP);
    curl_setopt($curlHandler, CURLOPT_VERBOSE, true);
    curl_setopt($curlHandler, CURLOPT_SSH_PUBLIC_KEYFILE, mypublickey);
    curl_setopt($curlHandler, CURLOPT_SSH_PRIVATE_KEYFILE,myprivatekey);

    $resp = curl_exec($curlHandler);

log:

* SSH public key authentication failed: Callback returned error
* Failure connecting to agent
* Authentication failure
* Closing connection 0

I am sure of the validity of the keys, I checked the fingerprints with the remote server, and I manage to connect outside of php-curl.

I also checked that my keys were in restricted access and accessible

Sacha Durand
  • 473
  • 1
  • 5
  • 11
  • the first thing you can do is to validate the return of curl_setopt(), which returns bool(false) on error, does any of your curl_setopt's return false? – hanshenrik Jan 27 '23 at 17:45
  • after testing each curl_setopt, each of these field returns me a valid true – Sacha Durand Jan 30 '23 at 08:34

1 Answers1

1

Finally, it turns out that ubuntu LTS 14 uses the libgcrypt utility, which creates SSH keys with private keys starting with" ----BEGIN OPENSSH ---" and in the case of SFTP, we need a .pem starting with "-----BEGIN RSA PRIVATE KEY-----", so I converted my private key, and it worked

ssh-keygen -f id_rsa -m pem -p
Sacha Durand
  • 473
  • 1
  • 5
  • 11