ssh2 connection with php

Question

I have tried finding an answer on stackoverflow, but couldn't find my precise answer. So therefore I am asking here.

I am trying to connect from server A to server B with php over ssh.

I have created a key on server A on stored is in /root/.ssh/id.rsa (and id_rsa.pub) I have uploaded the public key to server B and renamed it to 'testomgeving.pub' in the location /root/keys/testomgeving.pub. This because I have multiple connections from multiple users.

I added and doublechecked it was added in /root/.ssh/authorized_keys

regular ssh connection is available.

then I tried using the command from php.net

$connection = ssh2_connect(
    $_ip_adress_without_any_prefix,
    22);

ssh2_auth_pubkey_file(
    $connection,
    $_default_user,
    $_public_key_file,
    $_private_key_file);

ssh2_scp_send(
    $connection,
    'sending filename',
    'receiving filename',
    0644);

However i get errors, that parameter 1 needs to be a resource, but a boolean is given.

From what I understand these errors could be ignored. However, no file is being send.

I suspect it has to do with the keys and how they are managed.

At first I tried with password protected private key (the safest way), but saw it had bugs with it, so started over with a private key that does not have a password.

still no effect. the ssh connection is still avalable, now offcourse without giving a password.

I suspect it has to do with the www-data group not being able to read the private key.

I found on another topic (which is somewhere far away in my browser history) to use the following code to check weither or not it could be read.

$prv_key = file_get_contents($_private_key_file);
print "<pre>";
var_export($prv_key);
print "</pre>";

i have tried using chown www-data /root/.ssh/id_rsa to get acces for www-data, however it only prints out false which I assume means it cannot read the file. I hope I am near finding a solution or maybe I am entirely wrong.

Another thing I am not sure about is what the $_public_key_file and $_private_key_file should be. As private key files are not be shared I assumed that had to be the sending server (server A). the public key I am not sure about. Is it the /root/keys/testomgeving.pub I have on server B. Or is it the /root/.ssh/id_rsa.pub on Server A. Or should I also generate a key-pair on server B and refer to it some way? (This last seems unusual, however, I am stuck in wich option to figure out and how)

I am aware, it seems 'off' renaming the id_rsa after placing it on Server B. However, I am writing a code that is called from multiple servers, therefore from serverA I want a generic name, and to distinguish the names of the public keys on serverB i rename them, add the ones i need to authorized_keys.

I hope anyone can help me to explain this correctly so I can finally connect to the server, overcoming this bottleneck! thanks in advance.

UPDATE ISSUE RESOLVED
thanx to the comments I realised I had to create the ssh key generate for my www-data user.

in a nutshell. the code itself worked.

sudo -u www-data ssh-keygen -t rsa

it created /var/www/.ssh (not in httdocs) which i could refer to as both my public and private key file. The whole thing worked. I got a connection and I got to do things on serverB from my php script on serverA. Love IT! thanks for helping everyone.

Answer 1

Typically, /root is read protected. Even if a user is allowed to read the file, they're not automatically allowed to read the directory.

Root and www-data are distinct users, and I can't think of a compelling reason to put www-data key in /root. Put it somewhere that's accessible to www-data but not in the public htdocs of course. From a cursory overview, everything else seemed good.

If you continue to have errors please dig up your logs. Guessing what the error might be, is not a viable approach to debug! If you have errors messages, always include with the question. If not... Find one!

Good luck.

Answer 2

parameter 1 needs to be a resource, but a boolean is given It seem that $_ip_adress_without_any_prefix doesn't actually exist and the call to ssh2_connect() fails to return a resource

So first step you need to be sure that the connection is ok. After that you can continue the next steps

$connection = ssh2_connect('your_valid_host_name',22);
//note that http or https or www in a valid host name is not normally used

if($connection){
   //your authentication code here
}else{
   //connection fail
}