Public and Private Keys are Incorrect for user

For some time, I'm getting the error Public and Private keys incorrect for wp-user when I try to update a plug-in.

I've a CentOS 7 VPS setup with a LAMP stack. I've installed and configured my Wordpress installation which works fine except that I can't update plug-ins or make image uploads via the Wordpress control panel.

I let Wordpress access to my server using SSH. I've followed this tutorial to do so. Basically there is a specific user in my system created for this task(making Wordpress connect via SSH) and it has the SSH keys. According to the tutorial, the permissions of various files are all okay(I've double-checked) but nevertheless Wordpress does not perform the operation.

What other configuration do I need?

Some other information:

  • the user for the Wordpress SSH operation has a password so it can log-in via Ssh and it's specifically allowed in ssh_config

Topic ssh Wordpress

Category Web

1
answered at

This is an old topic, but I was never able to find the answer that worked for us anywhere.

The root cause for us was a library does not work with OpenSSH RSA keys. I don't know exactly which has the issue; we were using Ubuntu 20.04's packages of libssh2 and php7.4-ssh2. This seems to have been an issue since PHP 5 days and is still ongoing in 2021.

You can easily test if your private RSA key is an OpenSSH RSA key if it starts with the following line:

-----BEGIN OPENSSH PRIVATE KEY-----

Unfortunately, that's the default output when running ssh-keygen on many popular web servers.

If it starts with the following, it should work assuming everything else is set up properly:

-----BEGIN RSA PRIVATE KEY-----

That type of key can be created by running ssh-keygen -m PEM -t rsa. It also seemed that other key types worked, too.

If you aren't using an OpenSSH-format RSA key, I'd suggest checking the system auth logs (for example, /var/log/auth.log). Also, try SSH-ing as the user you're trying (for example, sudo -u www-data ssh ubuntu@localhost -i ~/.ssh/id_rsa). Any error messages provided by those should be much more helpful than the one encountered here.

Note, incorrect file permissions can also result in this same error message. We kept all website files owned by the SFTP user so the web server cannot write any files except through SFTP. We set the access keys are owned by root:www-data so both the SSH user and web server—both members of the www-data group—could use the keys.

Lastly, make sure the keys are in the authorized keys file (~/.ssh/authorized_keys).

Good luck to anyone that comes across this!

1
answered at

I had the same error message.

In my case I had created the ssh key with a passphrase. But the codex site says "It is recommended to use a private key that is not pass-phrase protected. There have been numerous reports that pass phrase protected private keys do not work properly."

It worked once I recreated they key without a passphrase.

1
answered at

I solved it! Finally after a lot of frustrating days.

In the tutorial page, deep down in the comments, someone suggested removing/commenting the following line:

define('FTP_PRIKEY','/home/wp-user/');

I did this and immediately the error message disappeared and things started getting updated.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.