Since a few days now I've been creating ssh keys using the phpseclib library (Branch 2.0) like I've done before..copying the public key over to my server thus connecting without the use of a password....but for some reason I just can't connect like this anymore. When I report the errors using $ssh->getLastError(), it displays:
SSH_MSG_USERAUTH_FAILURE: publickey,password
Does anyone know what could be the problem?
Ensure that your private key is added to authorized_keys on the server. Without that, you'll always get this error. More specifically, in my case it was:
SSH_MSG_USERAUTH_FAILURE:
publickey,gssapi-keyex,gssapi-with-mic,password
Related
I'm trying to correctly setup a pusher server with laravel websockets on production, I can connect to websockets server from the client but when I try to fire to broadcast an event I get the following:
"message\": \"Pusher error: .\",
\"exception\": \"Illuminate\\\\Broadcasting\\\\BroadcastException\",
\"file\": \"C:\\\\xampp\\\\htdocs\\\\wooloveapp.com\\\\vendor\\\\laravel\\\\framework\\\\src\\\\Illuminate\\\\Broadcasting\\\\Broadcasters\\\\PusherBroadcaster.php\",
\"line\": 128
As you see error message appears empty, I think this might be related to ssl certificates(Lets Encrypt), when I look into the folder they are placed the certificates appear red.
https://i.imgur.com/0bnEh36.png
Also I'm not sure I'm using the correct paths/certificates for pusher/laravel-websockets
LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT=/etc/letsencrypt/live/laravelapp.com/fullchain.pem
LARAVEL_WEBSOCKETS_SSL_LOCAL_PK=/etc/letsencrypt/live/laravelapp.com/privkey.pem
Maybe I should use privkey1.pem instead? why are the names on red?
I want to integrate PGP encryption into my web application, after looking for what to use(extensions, libraries, etc.) I decided to go with the gnupg extension for php. Now, I do have a PGP key in one of my desktop folders and I've tried to use it's fingerprint as a string for addencryptkey, the error I receive is get_key failed which I don't understand why, my PGP key is valid.
There are two very similar questions on SO:
php gnupg get_key failed error ,
gnupg get_key failed in php ,
Based on these, I've updated my code somewhat to no success, here's what it currently looks like:
putenv("GNUPGHOME=/home/user/Desktop/Keys/.gnupg/");
$pgp = new gnupg();
$pgp->addencryptkey("F0E2DF9C82ECE67935171F4939D8599A923820D9");
echo $pgp->geterror();
In the folder specified in putenv, I have my public key saved in a .asc file. I can't see what the problem really is, unless it only works with keys stored on the server?
I just wanted to share my fix for this issue. Given that this is one of the more recent questions on this topic I thought it best to share it here.
At the time I was able to encrypt messages fine (PHP 7.4 with the GNUPG PECL extension).
To address the get_key_failed error, after setting up/importing my keys I copied my entire .gnupg directory to the root of my webserver (/var/www/html in my case) and updated its permissions so that it was accessible by the webserver.
putenv("GNUPGHOME=/var/www/html/.gnupg");
I assumed that this would fix it, however I then encountered a new error when attemping to decrypt a message:
Uncaught Exception: decrypt failed
The only way I could resolve this was by ensuring my key pair did not have a passphrase. Some comments on the PHP GNUPG docs suggest that that passphrase which is the second argument on adddecryptkey() is ignored regardless. However, in my case decryption only worked with a private key that didn't have a passphrase set.
This worked on my local instance (Ubuntu 18) and when deployed to an EC2 instance running Amazon Linux 2.
I am using phpseclib to do some SFTP stuff. At the moment I can't login, and I am trying to find out why. In the docs, it states I should do something like this
set_include_path(get_include_path() . PATH_SEPARATOR . 'phpseclib');
include 'Net/SFTP.php';
define('NET_SFTP_LOGGING', NET_SFTP_LOG_COMPLEX);
$sftp = new NET_SFTP('***');
if(!$sftp->login('***', '***')) {
print_r($sftp->getSFTPErrors());
}
So, I need to define the type of logging in order to print out the SFTPErrors.
I am doing things differently than the above because I am using composer. So as usual, I load autoload.php. Instead of include, I make use of use e.g.
use phpseclib\Net\SFTP;
I then proceed to do something like the following
define('NET_SFTP_LOGGING', NET_SFTP_LOG_COMPLEX);
$sftp = new SFTP($config::SFTP_SERVER);
if(!$sftp->login($config::SFTP_USER, $config::SFTP_PASSWORD)) {
print_r($sftp->getSFTPErrors());
exit('Login Failed');
}
If I do this however, I get the output
Notice: Use of undefined constant NET_SFTP_LOG_COMPLEX - assumed 'NET_SFTP_LOG_COMPLEX' in ...
Array
(
)
Login Failed
So it appears that with composer, I cant define a constant in the same way, and the print out of the errors produces an empty array.
So, how can I define this constant in my composer project?
Thanks
A few of things.
If you're using the namespaced version of PHP (as evidenced by your use phpseclib\Net\SFTP;) then you're using the 2.0 branch. The documentation on the website is for the 1.0 branch. For the 2.0 branch you need to do as FĂ©lix Saparelli suggested - SSH2::LOG_COMPLEX.
That said, logging isn't going to show SFTP errors. Logging shows you the raw packets. Here's an example of what the logs produce:
http://phpseclib.sourceforge.net/ssh/log.txt
You get these logs by doing $ssh->getLogs().
For the errors you don't need to enable anything - it places any errors it receives from the server into an array that it's returning to you. phpseclib does this automatically and this behavior cannot be disabled.
Also, $sftp->getSFTPErrors() is great for SFTP errors but at the login process you might be getting SSH errors and not SFTP errors. You'd get SSH errors by doing $sftp->getErrors(). The thing is... SFTP operates in a higher layer than SSH. SSH won't succeed if TCP/IP can't make a connection and SFTP won't succeed if SSH can't make a connection. So per that you ought to be checking all the layers.
Finally, it's quite possible the failure is happening for reasons for which errors would not be returned. Maybe the server requires compression, which phpseclib doesn't support. eg.
http://www.frostjedi.com/phpbb3/viewtopic.php?p=221481#p221481
I also don't know if you'd get an error if the key or password you were using was simply invalid.
Really, there could be any number of causes for an inability to connect. You could be using selinux which, by default, disables outbound connections from PHP scripts running on port 80, there could be a routing issue, etc (all of these affect fsockopen, but, in all, there are just a lot of potential causes for failure).
Overall, I'd say you're on the right track with the logs. But do $sftp->getLog() instead of $sftp->getSFTPErrors() and then include the logs in your post.
If I have pkey, csr (generated from pkey), bundle certificate and domain certificate files. How can I validate if both certificates are made for pkey?
Also is that the right way to validate ssl certificates. Any suggestions?
I would like to avoid using openssl cli tool and use php openssl library or any third party php library.
#HannoBinder was close but it was a bit trickier. Apparently in PHP openssl one must get resource variables from certificate (tested also on certificate bundle file containing domain certificate for nginx) and private key file.
You can get certificate resource with openssl_pkey_get_public. But for private key you must get it with openssl_pkey_get_private. Its not to clearly written in documentation since probably these functions are quite universal.
Also i could not at first understand how to get public key from those resources. Apparently openssl_pkey_get_details can do that.
So in the end I resolved it this way.
$certPubKeyResource = openssl_pkey_get_public(file_get_contents($cert));
$publicKey1 = trim(openssl_pkey_get_details($certPubKeyResource)['key']);
$private_key = openssl_pkey_get_private(file_get_contents($pkey));
$publicKey2 = trim(openssl_pkey_get_details($private_key)['key']);
echo (!strcmp($publicKey1, $publicKey2) ? 'OK' : 'FAIL') . PHP_EOL;
I hope someone will have use for this since I could not find this particular case.
Also If someone will give more in depth answer with maybe some references to useful materials about SSL in PHP I could mark it as a correct answer instead of mine since im quite interested into getting full picture of this topic.
I have the TwitterOAuth class and demonstration running on a local development server and I cannot get it to authorize. I have entered the new CONSUMER_KEY and CONSUMER_SECRET in the config.php. I have also synced the server time to NTP. I get the error message: 'Could not connect to Twitter. Refresh the page or try again later.'
var_dump($connection->http_code);
results:
int 0
ANY help or advise would be appreciated.
I am running PHP 5.3
When I try to ping the api server I can't.
C:\Users\Owner>ping api.twitter.com
Ping request could not find host api.twitter.com. Please check the name and try
again.
could this be the problem ?
I had some issues with this process as well. I don't exactly recall what resolved this error, but I followed This Tutorial (albeit a bit out of date) and made sure I explicitly set the callback URL in the twitter panel for my app. Also, and I believe this one also caused the int 0 return for me, make sure that if you are going with a hosting provider they allow CURL requests.
step 1: https://apps.twitter.com/app or go to your app setting
step 2: Unchecked the (Enable Callback Locking (It is recommended to enable callback locking to ensure apps cannot overwrite the callback url)) This box..
save and exit and check..
ThankYou..!