| Re: How to etablish an SSH2 tunnel with php ? [message #177491 is a reply to message #177479] |
Mon, 02 April 2012 13:04   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 4/2/2012 2:26 AM, Une Bévue wrote:
> Le 02/04/2012 03:19, Jerry Stuckle a écrit :
>
>>
>> Does your www-data user have access to the key files? They need to be
>> readable by www-data (but you shouldn't have to create a new key for the
>> web user).
>>
>
> not for the time being :
> .-(~)-------------------------------------(yt@D620)-
> `--> lal .ssh
> total 28
> drwxr-xr-x 2 yt yt 4096 2012-01-03 17:06 .
> drwxr-xr-x 91 yt yt 4096 2012-04-02 08:11 ..
> -rw------- 1 yt yt 998 2012-02-04 09:32 authorized_keys
> -rw------- 1 yt yt 137 2012-02-07 13:09 config
> -rw------- 1 yt yt 751 2011-12-20 09:50 id_dsa
> -rw-r--r-- 1 yt yt 597 2011-12-20 09:50 id_dsa.pub
> -rw-r--r-- 1 yt yt 1548 2012-01-25 08:17 known_hosts
> .-(~)--------------------------------------(yt@D620)-
> `-->
>
> afaik, i can't let them readable by all user because otherwise ssh won't
> work (?).
>
> I'll try to change that one for id_dsa from -rw------ to -rw-r---- or
> even -rw-r--r--
>
> with the latest, i got :
> Warning: ssh2_auth_password(): Authentication failed for yt using
> password in /home/yt/Sites/landp_public/ssh2.php on line 49
>
> then, with passphrase :
> Warning: ssh2_auth_pubkey_file(): Authentication failed for yt using
> public key in /home/yt/Sites/landp_public/ssh2.php on line 46
>
>
> same errors when all the files in my .ssh folder are readable for all
> people.
>
> even with those pems change on .ssh, I'm still able to connect directly
> by :
> $ ssh yt@iMac
>
> thanks for your answer.
They have to be readable by the www-data user to be able to be used in
authentication. You don't, however, have to make them readable by all;
they can be owned by www-data, for instance. Or you should be able to
make copies of them (I don't like to do this) and have those copies
available to www-data (warning - do NOT place them in your web directory!).
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]