通过 php 进行 ssh 连接失败

tag-icon tag-icon php ssh web-server
通过 php 进行 ssh 连接失败

通过 php 进行 ssh 连接失败

尝试使用 php 脚本通过 Web 服务器连接到 ssh。我在 MacOsX 上工作。我将 apache 的用户和组 (_www:_www) 更改为我自己的用户和组 ()。我使用的命令如下(我更改了连接详细信息):

ssh -v -p 2222 -i /Users/myname/.ssh/id_dsa_mykey -l myuser 10.1.12.10 2>&1

从终端来看,没有问题,它连接并给出以下输出:

OpenSSH_5.9p1, OpenSSL 0.9.8y 5 Feb 2013
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 54: Applying options for *
debug1: Connecting to 10.1.12.10 [10.1.12.10] port 2222.
debug1: Connection established.
debug1: identity file /Users/myname/.ssh/id_dsa_mykey type 2
debug1: identity file /Users/myname/.ssh/id_dsa_mykey-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 0c:bd:4e:da:17:28:d2:a6:20:b9:11:a3:de:91:f0:ce
debug1: Host '[10.1.12.10]:2222' is known and matches the RSA host key.
debug1: Found key in /Users/myname/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /Users/myname/.ssh/id_dsa_mykey
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: Authentication succeeded (publickey).
Authenticated to 10.1.12.10 ([10.1.12.10]:2222).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
...

但是,从 php 脚本来看,它给出以下输出:

OpenSSH_5.9p1, OpenSSL 0.9.8y 5 Feb 2013
Pseudo-terminal will not be allocated because stdin is not a terminal.
debug1: Reading configuration data /etc/ssh_config
debug1: /etc/ssh_config line 54: Applying options for *
debug1: Connecting to 10.1.12.10 [10.1.12.10] port 2222.
debug1: Connection established.
debug1: identity file /Users/myname/.ssh/id_dsa_mykey type 2
debug1: identity file /Users/myname/.ssh/id_dsa_mykey-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-4
debug1: match: OpenSSH_6.0p1 Debian-4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 0c:bd:4e:da:17:28:d2:a6:20:b9:11:a3:de:91:f0:ce
debug1: Host '[10.1.12.10]:2222' is known and matches the RSA host key.
debug1: Found key in /Users/myname/.ssh/known_hosts:6
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering DSA public key: /Users/myname/.ssh/id_dsa_mykey
debug1: Server accepts key: pkalg ssh-dss blen 434
debug1: key_parse_private_pem: PEM_read_PrivateKey failed
debug1: read PEM private key done: type
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: Device not configured
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
Permission denied (publickey,password).

我认为问题出在那一行之后:

debug1: Server accepts key: pkalg ssh-dss blen 434

通过终端可以连接:

debug1: Authentication succeeded (publickey).

但是从 php 来看它失败了:

debug1: key_parse_private_pem: PEM_read_PrivateKey failed

我不知道为什么,因为当我在终端上执行命令时,Web服务器具有与我相同的用户和组。

由 HBruijn 解决

于是我创建了一个新的 ssh 密钥对,然后...成功了。哈哈哈哈,我现在太厉害了!

答案1

问题在于此:debug1: read_passphrase: can't open /dev/tty: Device not configured

您的私有 ssh 密钥由密码保护,我猜这在控制台上不是问题,因为您的控制台会话可以访问您的 ssh 密钥链,但 apache 却不能。由于您不是从终端运行 ssh 命令,而是从 PHP 运行 ssh,因此 ssh 也无法提示输入密码(也无法提示输入常规密码)。

答案2

您说将 Apache 的用户更改为您自己的用户是什么意思?您的意思是您以自己的身份运行 Apache 吗?还是说您更改了 _www 的 UID 以匹配您自己的 UID?

进行这些更改后,您是否重新启动了 Apache?尝试id从 php 内部执行以查看当前有效 ID 是什么。

您的错误听起来像是在描述无法打开,这对于除或/Users/myname/.ssh/id_dsa_mykey之外的任何人来说都是很正常的行为rootmyname

相关内容