After upgrading to Debian 12 Bookworm
and PHP 8.2
it’s no longer possible to connect via SSH2 with PHP
I’m using two WORKING privat/public keys…
The PHP script is a cronjob running as root
When connecting via command line everything works fine….!?
ssh remote-server.com
But when connecting with PHP this error is returned
Error
ssh2_auth_pubkey_file(): Authentication failed for root using public key: Username/PublicKey combination invalid .../SSH.php(29)
Code
$user = 'root';
$host = 'remote-server.com';
$private_key = '/root/id_rsa';
$public_key = '/root/id_rsa.pub';
if(!is_readable($private_key) || !is_readable($public_key)){
echo "RSA keys not foundn";
}
echo 'private key: '.file_get_contents($private_key)."n";
echo 'public key: '.file_get_contents($public_key)."n";
echo "host: $hostn";
echo "user: $usern";
if(!$session = ssh2_connect($host)){
echo "Could not connect to '$host'n";
}
if(!ssh2_auth_pubkey_file($session, $user, $public_key, $private_key)){
echo "Could not authenticate to '$host'n";
}
What am I missing?
Key generation
ssh-keygen -t rsa -b 4096
The RSA keys are without passphrase
update
Have now tried to generate the keys like this (still with empty passphrase)
ssh-keygen -m PEM -t rsa
The code outputs
private key: -----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEAqSo3PqyHJ6RlYD3LKPaPATeEDFJ41rc/AW3z+QeKj1TnIDNN
VFMR40HqQxq4wUk72goWCrBQ5T3r4KU5JerunQpmI2xqX5iJreL6P/+Zys2zitgl
mafsukOQTSMlxhNYlTOwfQ7Dbl58GF0Tz5FzBb3QUyLs8lcNToTmyVAC1xrCpmSS
XxA9Q677eyZOPwxDKTdr0k/hyNZorN/pEwfSUTQfRr09jmiDOFf3NpUTiIVJHuRZ
EvZSmVeCCa0US1CByIk1csuDthSCQRdBLEJhATT5yoHO8RjaaPfhnrMwMtbHBtks
xMzbn/eC+g8Arol14HOijJVgAjcXykfcn2L3sBtsU+3OxApd8xiMo/JkK799se8S
4f10L4xzMDMvgwcNsju9E5Ze3lhginxZ5A6jKFHm9a9eyozUB6zFEd/m4cYH343s
NCF6BtQYfOVAk2VcZsTOj+3xzs/xR3ZPbXIBsq7VFVxlJznHeAGTtA+OPzUOrSjn
iHEx4qFw00vXe/43AgMBAAECggGAMDKbf+tnLLfNvICOsFKjhwy6vkoHLOIT/QPH
ZfYsl87wdT+4siRi7dWbedgUuNl1SJfkFNKMkew1FxHsOO35Y1wRotkia69J1vXb
KD3aoyo9k/smp2NtctqKNDgl7IwZipUqHU+GBh28jLKEUPkXhRTCVNWYHioIXA1I
tiXqUUBKIl94RsaZNf4Wn81XsOX9ArLMMSVaZr8UHuFDBo2Ncl5/5MdJURhc/sIt
aOtLn/Od1EPqTxlIinEg10HtjNHYWdItoEc/Z1e917PKAlyq0IzOffnxfm3kc04N
sGtW02U1su0R6m67V9sshADn73d/w0RdEJXQlwGD6bGmt1hDZFN40B2sMnlSCyFa
hyo1WmCO/SLA2OicQK0RbbYxvTIAD1jgbwqAI7Pgta34IYzFoM96fQMHv5gHVtC9
4Xnl0ZWBzG+aB9+JJZG8dpqzFprUXrknZgA3vG7vzwh4KQB34qupKJFSB08ioDP9
MUi69XnCQLGj9N7UgzY/KZAYNglhAoHBANep9Ji0yQvSLoOS09l2k0whIlEBOEP3
YZxRXfwmh0eqrpvCeVLRruNs05O461c3KitLj9ujKRsez75Y6+FiNXypd/dmsf3G
Xbb9QotjWl4cNL4bRgddMgyOJz8XPkd9IlSE3gfPqhZoZdpCIlHBtpAcoxtZLzau
Jn9ZBK923B4LMM/TcDVvlk/hw60HU0AlOPDYmN/BC1Af0Ru9WBCJkqdtmG8SV4nj
PA2wuIFyS6BLvDmpbvIawsCJkRwUVIdAIQKBwQDIzeBqlkqXZ+WWi3iZCzI4H3XZ
Qrx/QHVHtFrCS2kb7K2w4fJxUjA3tk/oO5UwSHurHnw0PdtkEuM9r6K9PEi/62/c
JAMgvpo0pJYJDmytuqDKLg2qcxvuCnn/KsU2FfMpjHSdy6OpSdl5obkr/27N3he/
eL7FIEY3Ugx8U0Q69FPmDSm4thWhnY4YNJsb54Y2ioD0N27qBzAN4sBvJ3lRVTb4
cl26Kv7j1vgKMQCzQswZxHbtnlE3pg/hrFZq01cCgcA8TkQdZ4BIk+95z1b6GlQ6
F5HXAPZQ2x4qbf5QAh4WBj5pQ8pVRFkZM1c+mZkFfGGIVcrWahuWf9krqwXasnGu
eF0Zi1f+VLfj8ZHoFFIyusRs3IeKi57xL9b9p2w85VryM2061fED7xF8JL4gCoEY
b0mU3i17ptsRBT1wK1aF+C8gDkn0R03K7KChA8ldyIrRnl+xQfP95ce9cAbuKOof
c2AKvyBHaIlkcqRFXkaTfloV7bEedik7WbyAE5dHcsECgcEAlOmgSEsGK/vfleH+
YDieWGJ0Sdck5JWPo8pLGBVGcG/3atpUqdcSbO5lmco9292U4JSt9Sv+O9uJ66AJ
Zp6DMNhPTwjhzPGsd+eqYDLzQ27IeMboWYQdrUzVpfY44+ApQKGpha+TwiJDBeF5
6ff2WvMd11+a0aMaj0HognZZfgLdCRiv3QwjRIQL8UVp1aq/rEjQUsudFC6aY2HJ
5WR3omo4ZsyhV0M1XQ95SE2IwGeD5oP80kB66HLdCjV8rKHnAoHAfenT4sisITBM
m26uN+GgwW4LZrkIpms2hs0QuSfL9ss/sYxG9N8rH310XLOKlHtAeT2ocz0ia289
swUUjfOv+0dDPwTgtq1znbrLyruhE5lOiCjZRtnvZ+UhkicnND8wa3nib1Cifhst
k1SgIx/xY3dvCHM9tvxE9amYarq8JSftYDJK6DjEzDa//AljiTvu+w8TaPuZ6WHB
rUoG0jjNwuEpOi2exSkMJ86WGvfmPRB83nlQwVWOU5pPuAlp4YLV
-----END RSA PRIVATE KEY-----
public key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCpKjc+rIcnpGVgPcso9o8BN4QMUnjWtz8BbfP5B4qPVOcgM01UUxHjQepDGrjBSTvaChYKsFDlPevgpTkl6u6dCmYjbGpfmImt4vo//5nKzbOK2CWZp+y6Q5BNIyXGE1iVM7B9DsNuXnwYXRPPkXMFvdBTIuzyVw1OhObJUALXGsKmZJJfED1Drvt7Jk4/DEMpN2vST+HI1mis3+kTB9JRNB9GvT2OaIM4V/c2lROIhUke5FkS9lKZV4IJrRRLUIHIiTVyy4O2FIJBF0EsQmEBNPnKgc7xGNpo9+GeszAy1scG2SzEzNuf94L6DwCuiXXgc6KMlWACNxfKR9yfYvewG2xT7c7ECl3zGIyj8mQrv32x7xLh/XQvjHMwMy+DBw2yO70Tll7eWGCKfFnkDqMoUeb1r17KjNQHrMUR3+bhxgffjew0IXoG1Bh85UCTZVxmxM6P7fHOz/FHdk9tcgGyrtUVXGUnOcd4AZO0D44/NQ6tKOeIcTHioXDTS9d7/jc= root@xxx
host: remote-server.com
user: root
PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for root using public key: Username/PublicKey combination invalid in /root/test_ssh.php on line 21
Warning: ssh2_auth_pubkey_file(): Authentication failed for root using public key: Username/PublicKey combination invalid in /root/test_ssh.php on line 21
Could not authenticate to 'remote-server.com'
2
Answers
The reason could be that you are generating the public/private keys in a wrong format.
try:
ssh-keygen -m PEM -t rsa
I guess the file permissions of your generated key files are not an issue because you are running as root.
If you have access to the server, more logs from the server could help (sshd is going to tell why it refuses to authenticate the client).
The issue is likely related to RSA with SHA1 being deprecated. I saw the same issue but didn’t find a way to work around it using libssh2 1.10 which is shipped with Debian 12.
Without more details, I think your best shot is to generate a key of another type (not
rsa
, e.g.ecdsa
ored25519
), add the public part of the new key to theauthorized_keys
on the server, and use it instead; it will likely just work (or at least it did for me).