Build and install SSH2 libraries
Depending on your linux distribution you might need to use different method. On my Debian, I had to use the following to install:
# wget http://downloads.sourceforge.net/project/libssh2/libssh2-1.2.1.tar.gz?use_mirror=kent # tar zxf libssh2-1.2.1.tar.gz # cd libssh2-1.2.1 # ./configure # make # make install
What’s important here is that I had to build libssh2 from sources manually. However I hate doing this, it was apparently the only way. Aptitude was only offering me an older (0.12) version of the library, which failed to build PHP ssh2 extension.
Build and install PHP SSH2 extension
Now again, for some reason simple command failed to work for me… So I had to specify beta channel to install PHP SSH2 extension. Fear not though, just try this
# pecl install ssh2
And if it doesn’t work, then do this
# pecl install channel://pecl.php.net/ssh2-0.11.0
Simple, isn’t it?
Generate SSH public and private keys
You need to generate both public and private keys that are going to be used to connect to your server (even if it is the same server your connecting from!). Go to your home directory:
$ cd .ssh $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/user/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_rsa. Your public key has been saved in /home/user/.ssh/id_rsa.pub. The key fingerprint is: fe:3b:5d:94:53:1e:d3:9f:87:45:73:ab:8d:9f:d7:cc user@server $ cp id_rsa.pub authorized_keys
Private key is used to decrypt the data, whereas public key is used by the remote host to encrypt the data. You also need to create authorized_keys file, so that server knows your key is trusted and allows you to login without using actual user account password.
There is one annoying bit though. Apache user needs to be able to read both private and public keys. Normally they are kept secure in user’s .ssh/ directory, which is readable by user only, and allowing all to see it, is not a particularly good idea. So I had to copy both files to /etc/wordpress/ and make them readable to www-data group:
# cd /etc # mkdir wordpress # cp /home/user/.ssh/id_rsa* wordpress/ # chgrp www-data wordpress/* # chmod 640 wordpress/*
Configure WordPress to use public keys automatically
Add the following lines to your wp-config.php file, so you’re not asked any passwords or server names during the upgrade:
define('FTP_PUBKEY','/etc/wordpress/id_rsa.pub'); define('FTP_PRIKEY','/etc/wordpress/id_rsa'); define('FTP_USER','user'); define('FTP_PASS',''); define('FTP_HOST','localhost:22');
Related posts: