* Expected behaviour
'php-ssh2' that depends on 'libssh2' authenticates with public key successfully with OpenSSH server.
* Actual behaviour
'php-ssh2' fails to authenticate with OpenSSH server using RSA public key. When used with manually compiled 'libssh2' with OpenSSL, authentication works fine.
* Problem description
I found that when 'php-ssh2' is used with 'libssh2 1.8.0-2.1build1' it fails to authenticate with an OpenSSH server.
Here's my test code:
-----------------8<-------------------------------------------------------------
<?php
When I try to run the code, it exists with the following error:
-----------------8<-------------------------------------------------------------
PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for avp using public key: Callback returned error [...]
-----------------8<-------------------------------------------------------------
The error I see in the sshd logs is the following:
-----------------8<-------------------------------------------------------------
апр 26 11:38:43 desktop sshd[12466]: debug1: no match: libssh2_1.8.0 PHP
[...]
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_answer_keyallowed: publickey authentication test: ED25519 key is allowed
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_request_send entering: type 23
апр 26 11:38:44 desktop sshd[12466]: debug3: send packet: type 60 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: user_specific_delay: user specific delay 0.000ms [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: ensure_minimum_time_since: elapsed 7.440ms, delaying 1.005ms (requested 8.445ms) [preauth]
апр 26 11:38:44 desktop sshd[12466]: Postponed publickey for avp from 127.0.0.1 port 39858 ssh2 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: receive packet: type 1 [preauth]
апр 26 11:38:44 desktop sshd[12466]: Received disconnect from 127.0.0.1 port 39858:11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) [preauth]
-----------------8<-------------------------------------------------------------
To trace down the error, I downloaded 'php-ssh2' sources, added some debug traces, built it and tried to run my test code again. It turns out that 'libssh2_userauth_publickey_fromfile_ex' from 'libssh2' returns code -19 (LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED).
After some investigation I tried to build different versions of 'libssh2' from sources. It turned out that when I build 'libssh' version 1.9.0 with OpenSSH, the errors are gone:
-----------------8<-------------------------------------------------------------
$ git clone https://github.com/libssh2/libssh2.git
$ cd libssh2
$ git checkout libssh2-1.9.0
$ mkdir build
$ cd build
$ cmake -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=OpenSSL ../
$ make -j4
-----------------8<-------------------------------------------------------------
On the other hand, when I build 'libssh2' versions 1.8.0, 1.8.1, 1.8.2 from sources with OpenSSL, I see the "Postponed publickey" error again.
Furthermore, if I try to use 1.9.0 with Libgcrypt, I see the error too.
My conclusion is that 'php-ssh2' in Ubuntu 19.10 does not work properly with the default packaged version of 'libssh2' (and probably other packages that depend on 'libssh2' as well.)
If I missed something, please feel free to correct me.
* My system
------- ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- --- ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- ---
$ lsb_release -rd
Description: Ubuntu 19.10
Release: 19.10
-------
* Package version
------- ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- --- ru.archive. ubuntu. com/ubuntu eoan/universe amd64 Packages dpkg/status ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- ---
$ apt-cache policy libssh2-1
libssh2-1:
Installed: 1.8.0-2.1build1
Candidate: 1.8.0-2.1build1
Version table:
*** 1.8.0-2.1build1 500
500 http://
100 /var/lib/
-------
* Expected behaviour
'php-ssh2' that depends on 'libssh2' authenticates with public key successfully with OpenSSH server.
* Actual behaviour
'php-ssh2' fails to authenticate with OpenSSH server using RSA public key. When used with manually compiled 'libssh2' with OpenSSL, authentication works fine.
* Problem description
I found that when 'php-ssh2' is used with 'libssh2 1.8.0-2.1build1' it fails to authenticate with an OpenSSH server.
Here's my test code: ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- ---
-------
<?php
$ssh_connection = ssh2_connect( "localhost" , "22");
ssh2_auth_ pubkey_ file($ssh_ connection, "avp",
"./test- key.pub" ,
"./test- key");
?> ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- ---
-------
When I try to run the code, it exists with the following error: ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- --- pubkey_ file(): Authentication failed for avp using public key: Callback returned error [...] ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- ---
-------
PHP Warning: ssh2_auth_
-------
The error I see in the sshd logs is the following: ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- --- keyallowed: publickey authentication test: ED25519 key is allowed delay: user specific delay 0.000ms [preauth] minimum_ time_since: elapsed 7.440ms, delaying 1.005ms (requested 8.445ms) [preauth] pecl.php. net/packages/ ssh2) [preauth] ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- ---
-------
апр 26 11:38:43 desktop sshd[12466]: debug1: no match: libssh2_1.8.0 PHP
[...]
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_answer_
апр 26 11:38:44 desktop sshd[12466]: debug3: mm_request_send entering: type 23
апр 26 11:38:44 desktop sshd[12466]: debug3: send packet: type 60 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug2: userauth_pubkey: authenticated 0 pkalg ssh-ed25519 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: user_specific_
апр 26 11:38:44 desktop sshd[12466]: debug3: ensure_
апр 26 11:38:44 desktop sshd[12466]: Postponed publickey for avp from 127.0.0.1 port 39858 ssh2 [preauth]
апр 26 11:38:44 desktop sshd[12466]: debug3: receive packet: type 1 [preauth]
апр 26 11:38:44 desktop sshd[12466]: Received disconnect from 127.0.0.1 port 39858:11: PECL/ssh2 (http://
-------
To trace down the error, I downloaded 'php-ssh2' sources, added some debug traces, built it and tried to run my test code again. It turns out that 'libssh2_ userauth_ publickey_ fromfile_ ex' from 'libssh2' returns code -19 (LIBSSH2_ ERROR_PUBLICKEY _UNVERIFIED) .
After some investigation I tried to build different versions of 'libssh2' from sources. It turned out that when I build 'libssh' version 1.9.0 with OpenSSH, the errors are gone: ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- --- /github. com/libssh2/ libssh2. git SHARED_ LIBS=ON -DCRYPTO_ BACKEND= OpenSSL ../ ------- ---8<-- ------- ------- ------- ------- ------- ------- ------- ------- ---
-------
$ git clone https:/
$ cd libssh2
$ git checkout libssh2-1.9.0
$ mkdir build
$ cd build
$ cmake -DBUILD_
$ make -j4
-------
On the other hand, when I build 'libssh2' versions 1.8.0, 1.8.1, 1.8.2 from sources with OpenSSL, I see the "Postponed publickey" error again.
Furthermore, if I try to use 1.9.0 with Libgcrypt, I see the error too.
My conclusion is that 'php-ssh2' in Ubuntu 19.10 does not work properly with the default packaged version of 'libssh2' (and probably other packages that depend on 'libssh2' as well.)
If I missed something, please feel free to correct me.
Thanks.