我的服务器配置如下:运行Nginx的CentOS 5.8(最终版).
我正在使用Wordpress的插件安装程序的SSH2功能.
我已经安装了lib2ssh并且它正在工作(WordPress承认它存在).
我提供给wordpress的用户(称为playwithbits)是chrooted,其主目录为/ home / nginx / domains / playwithbits /
公钥和私钥位于/ home / nginx / domains / playwithbits / keys /目录中,分别命名为id_rsa.pub和id_rsa.
我已将id_rsa.pub的内容复制到位于/home/nginx/domains/playwithbits/.ssh/中的authorized_keys文件中
我没有为密钥文件设置密码.但是Wordpress不断返回错误:
Public and Private keys incorrect for playwithbits
我已向Wordpress提供以下信息
Hostname: localhost Username: playwithbits Password: Blank Public key: /keys/id_rsa.pub //I have also tried the paths from server root Private key: /keys/id_rsa
以下是我在相关文件夹和文件上设置的权限:
drwx------ 2 playwithbits playwithbits 4096 Jun 8 11:25 .ssh drwx------ 2 playwithbits playwithbits 4096 Jun 8 13:27 keys -rw------- 1 playwithbits playwithbits 414 Jun 8 11:21 authorized_keys -rw------- 1 playwithbits playwithbits 1.7K Jun 6 02:17 id_rsa -rw-r--r-- 1 playwithbits playwithbits 414 Jun 6 02:17 id_rsa.pub
我也试图在调试模式下连接,我得到以下输出:
Connection from 127.0.0.1 port 56674 debug1: Client protocol version 2.0; client software version libssh2_0.18 PHP debug1: no match: libssh2_0.18 PHP debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.8 debug1: permanently_set_uid: 74/74 debug1: list_hostkey_types: ssh-rsa,ssh-dss debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: client->server aes256-cbc hmac-sha1 none debug1: kex: server->client aes256-cbc hmac-sha1 none debug1: expecting SSH2_MSG_KEXDH_INIT debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: KEX done Received disconnect from 127.0.0.1: 11: PECL/ssh2 (http://pecl.php.net/packages/ssh2) debug1: do_cleanup debug1: do_cleanup
有谁知道为什么我不能使用公钥和私钥访问?如果我使用帐户的密码,则wordpress可以登录并执行更新.
编辑:在我的sshd_config文件中,我有以下规则:
Match group web-root-locked ChrootDirectory /home/nginx/domains/%u X11Forwarding no AllowTcpForwarding no ForceCommand internal-sftp AuthorizedKeysFile /home/nginx/domains/%u/.ssh/authorized_keys
playwithbits是web-root-locked的成员
解决方法
通过一些试验和错误找到了答案.密钥需要由Web服务器拥有,而不是我尝试登录的用户.
chown nginx:nginx id_rsa chown nginx:nginx id_rsa.pub
现在它像梦一样工作.