-
-
Notifications
You must be signed in to change notification settings - Fork 878
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not working unless private key is set to publicly read (chmod 0444) #1951
Comments
In-so-far as the permissions go... if phpseclib is running as one user and the key was created by another use then that'd be why phpseclib can't read it with owner read only on they keyfile. To work around this you could do a number of things.
As for phpseclib not being able to read a PuTTY key... it supports both of these styles of keys:
If you have a key that phpseclib can't read you'll need to share it with me so that I might reproduce the problem. If you don't want the world t see the key yo ucan email it to [email protected].
There's nothing phpseclib can do about this. If the user phpseclib is created as didn't create the key and you have it so that only the owner of the key can read it then there's not much phpseclib can do about that. And that's not a phpseclib thing - that's a Linux thing. |
Hey @terrafrost Thanks for that detailed response. Greatly appreciated. I wasn't sure about the users/groups because in all cases for testing and dev I create and run as root user. In prod this isn't a good approach, but obvious dev/testing with root means I can quarantine functionality issues from permission issues. I'm also not entirely sure it was a user/group issues (even though permission settings makes this the obvious suspect) because in my limited understanding, a 440 should've worked instead of 444. However, I will definitely go back and do some more testing with users/groups to see if I can resolve it this way. It might be a few weeks before I can get test and get back to you. Cheers |
Hi
When using local SSH tunnelling with cli, private keys are not accepted unless set to owner read only, 0400.
I'm running phpseclib SSH with a privatekey for an AWS region target.
Phpseclib throws an access to file error unless I set the private file to public read 0444.
I also created a public key for the AWS private key using puttyGen, but phpseclib can't read it.
I don't think a private key should ever be set to be read publicly, so I'm not sure what's going on. Is it the intention of phpseclib to only work with a publicly readable private key?
I'm assuming the reading error of the key occurs because it needs to be loaded with php function file_get_contents(), and this function doesn't work on files that aren't 0444.
I've tried:
Please advise.
The text was updated successfully, but these errors were encountered: