A bug exists in PHP that prevents users from connecting to a remote infrastructure using SSH with a passphrase. You are able to connect using the command line, but may encounter problems with the same key pair when connecting using PHP. This can also potentially be a problem if you’re using SSH tunneling for server-side applications.
The version of PHP that is making this connection (whether it’s running locally or on a remote infrastructure) needs the SSH2 PHP extension.
Here’s an example of some PHP you might use to try to connect to an Cloud Platform infrastructure:
<?php
$conn_id = ssh2_connect("srv-NNNN.devcloud.hosting.acquia.com",22, array('hostkey'=>'ssh-rsa'));
if (ssh2_auth_pubkey_file($conn_id, 'username','/Users/usename/.ssh/key.pub','/Users/username/.ssh/key','passphrase')) {
echo "Public Key Authentication Successful\n";
} else {
die('Public Key Authentication Failed');
}
?>
If the key.pub
file requires a passphrase, the connection attempt can fail with this error:
PHP Warning: ssh2_auth_pubkey_file(): Authentication failed for <username>
using public key: Callback returned error in <path_to_script>
line <line_number>
This is still an open bug with PHP. To work around this on Cloud Platform, create a public/private key pair without a passphrase. Then, add it to your Acquia profile using the Cloud Platform interface. You can then use the key, using ssh2_auth_pubkey_file()
(as in the preceding example) without the optional passphrase parameter.
If you get a 'server refused our Key'
error when trying to connect through SSH, ensure that the correct ports are open on your network and verify your SSH key type. You must use an RSA key type for SSH connections. For connection-related issues, confirm that your firewall settings permit port 22 connections and that your SSH configuration permissions are correct. You might also consider contacting your IT team to ensure that your SSH keys are properly deployed and linked to the correct applications.