Reputation: 45320
PHP SSH2 Authenticiation With Public Keys
We are using the PHP module SSH2 to run commands on remote servers. We are authenticating with public keys (ssh2_auth_pubkey_file()), but the problem is we must copy the id_dsa (private) and id_dsa.pub (public) key into the root directory of our web server (lighttpd) and make them chmod 644, otherwise we get "Authentication failed for root using public key in". This seems like a MAJOR security issue. Is there anyway to keep the permissions on id_dsa chmod 600 and not make it readable by the web server, i.e. owner and group still root:root instead of lighttpd:lighttpd?
Upvotes: 0
Views: 827
Answers (1)
Reputation: 476920
How is the webserver supposed to identify itself if it cannot read the private key? It has to be readable to the webserver's process, but it should also be 0400. Alternatively use suexec or something like that to let the login process be done by some other user.
That said, if there is any way in which the webserver can be commanded to perform some remote admin activity, you'll have to think carefully about the security implications anyway. No matter how safe you keep the key, if anyway can coax the server into performing a remote action you're still in trouble.
Upvotes: 1
Related Questions
- Connect to SFTP using PHP and private key
- ssh2_auth_pubkey_file authentication always fails
- Why does PHP's ssh2_auth_pubkey_file require a public key?
- Is there a way to validate SSH public key in PHP?
- Trying to connect using ssh2_auth_pubkey_file()
- PHP ssh2_auth_pubkey_file(): Authentication failed using public key: Invalid key data, not base64 encoded
- PHP SSH2 ssh2_connect
- ssh connection using php
- PHP ssh2_auth_pubkey_file not working with encrypted private key
- Php ssh2_auth_password authentication failed