Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re^2: Does Net::SFTP::Foreign support identity file and user password?

by Tanoti (Initiate)
on Sep 25, 2012 at 08:33 UTC ( #995510=note: print w/ replies, xml ) Need Help??


in reply to Re: Does Net::SFTP::Foreign support identity file and user password?
in thread Does Net::SFTP::Foreign support identity file and user password?

Sadly that did not work. We can see the password being asked for and sent but the remote server is then denying access:

# looking for user/password prompt # matching against (?i-xsm:(user|name|login)?[:?]\s*$) # sending password # checking timeout, max: 120, ellapsed: 0.291105031967163 # waiting for data from the pty to become available # 2 bytes readed from pty: debug3: packet_send2: adding 40 (len 82 padlen 6 extra_pad 64) debug2: we sent a password packet, wait for reply 0d 0a + | .. # looking for password ok # password authentication done Authenticated with partial success. debug1: Authentications that can continue: password,publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (password,publickey).

We will try and get the remote server ssh configuration from the customer in case they are using some strange settings so we can duplicate on our systems.

Thank you for you help and please do include this scenario as an option for the module as it appears to be a security policy in the financial sector.


Comment on Re^2: Does Net::SFTP::Foreign support identity file and user password?
Download Code
Re^3: Does Net::SFTP::Foreign support identity file and user password?
by salva (Monsignor) on Sep 25, 2012 at 08:56 UTC
    Maybe you have to change the order of the PreferredAuthentications tokens to suit the server:
    my $sftp = Net::SFTP::Foreign->new($host, user => $user, password => $password, more => [-o => 'PreferredAuthentica +tions=password,keyboard-interactive,publickey']);

    Could you include the full debugging output from the ssh binary when called from Net::SFTP::Foreign and also when you do it by hand to see what is being done differently?

      Changing the order of the tokens did not make a difference. Below are the two logs as requested. We are using sudo to replicate how the daemon process that will actually be doing the work will connect. Manual Connection:
      $ sudo sftp -vvv -oIdentityFile=/opt/tools/keys/ssh/test-sftp -oPort=1 +0023 sftp-test@10.22.64.27 Connecting to 10.22.64.27... OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: /etc/ssh/ssh_config line 2: Deprecated option "RhostsAuthentic +ation" debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.22.64.27 [10.22.64.27] port 10023. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug3: Not a RSA1 key file /opt/tools/keys/ssh/sftp-test. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /opt/tools/keys/ssh/sftp-test type -1 debug1: Remote protocol version 2.0, remote software version sftp serv +er debug1: no match: sftp server debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-h +ellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cb +c,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ct +r,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cb +c,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ct +r,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripe +md160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripe +md160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-g +roup-exchange-sha1 debug2: kex_parse_kexinit: ssh-rsa debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,3des-cbc debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,3des-cbc debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-sha1 debug1: kex: server->client 3des-cbc hmac-sha1 none debug2: mac_init: found hmac-sha1 debug1: kex: client->server 3des-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 195/384 debug2: bits set: 522/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/fred/.ssh/known_hosts debug3: check_host_in_hostfile: match line 37 debug1: Host '10.22.64.27' is known and matches the RSA host key. debug1: Found key in /home/fred/.ssh/known_hosts:37 debug2: bits set: 519/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: rsa-key-20090319 (0x98e9a48) debug2: key: /opt/tools/keys/ssh/sftp-test ((nil)) debug3: input_userauth_banner WARNING - COMPUTER MISUSE ACT 1990 You will commit a criminal offence if you act outside your authority i +n relation to this computer debug1: Authentications that can continue: password,publickey debug3: start over, passed a different list password,publickey debug3: preferred publickey,keyboard-interactive,password debug3: authmethod_lookup publickey debug3: remaining preferred: keyboard-interactive,password debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering public key: rsa-key-20090319 debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: password,publickey debug1: Trying private key: /opt/tools/keys/ssh/sftp-test debug1: read PEM private key done: type RSA debug3: sign_and_send_pubkey debug2: we sent a publickey packet, wait for reply Authenticated with partial success. debug1: Authentications that can continue: password,publickey debug2: we did not send a packet, disable method debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password sftp-test@10.22.64.27's password: debug3: packet_send2: adding 40 (len 82 padlen 6 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentication succeeded (password). debug2: fd 4 setting O_NONBLOCK debug3: fd 5 is O_NONBLOCK debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug2: callback start debug2: client_session2_setup: id 0 debug1: Sending subsystem: sftp debug2: channel 0: request subsystem confirm 1 debug2: callback done debug2: channel 0: open confirm rwindow 0 rmax 34000 debug2: channel 0: rcvd adjust 131070 debug2: Remote version: 3 debug3: Sent message fd 3 T:16 I:1 debug3: SSH_FXP_REALPATH . -> /
      Module connection:
      OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: /etc/ssh/ssh_config line 2: Deprecated option "RhostsAuthentic +ation" debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.22.64.27 [10.22.64.27] port 10023. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug3: Not a RSA1 key file /opt/tools/keys/ssh/sftp-test. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /opt/tools/keys/ssh/sftp-test type -1 debug1: Remote protocol version 2.0, remote software version sftp serv +er debug1: no match: sftp server debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-h +ellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cb +c,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ct +r,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cb +c,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ct +r,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripe +md160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripe +md160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-g +roup-exchange-sha1 debug2: kex_parse_kexinit: ssh-rsa debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,3des-cbc debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,3des-cbc debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-sha1 debug1: kex: server->client 3des-cbc hmac-sha1 none debug2: mac_init: found hmac-sha1 debug1: kex: client->server 3des-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 196/384 debug2: bits set: 514/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/fred/.ssh/known_hosts debug3: check_host_in_hostfile: match line 37 debug1: Host '10.22.64.27' is known and matches the RSA host key. debug1: Found key in /home/fred/.ssh/known_hosts:37 debug2: bits set: 511/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: rsa-key-20090319 (0x9ee7a78) debug2: key: /opt/tools/keys/ssh/sftp-test ((nil)) debug3: input_userauth_banner WARNING - COMPUTER MISUSE ACT 1990 You will commit a criminal offence if you act outside your authority i +n relation to this computer debug1: Authentications that can continue: password,publickey debug3: start over, passed a different list password,publickey debug3: preferred keyboard-interactive,password debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password debug3: packet_send2: adding 40 (len 82 padlen 6 extra_pad 64) debug2: we sent a password packet, wait for reply Authenticated with partial success. debug1: Authentications that can continue: password,publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (password,publickey). [Connection to remote server is broken]
        It seems that Net::SFTP::Foreign is requesting to use just password authentication.

        Could you activate debug mode to see exactly how it is calling ssh?

        $Net::SFTP::Foreign::debug = ~(8|16|1024|2048);

        Show me also your script code.

        When I try it myself ssh gets the right preferred authentications list:

        debug3: preferred publickeys,password,keyboard-interactive
        May you be clobering the more argument passing a second one with the '-vvv flags?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://995510]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (9)
As of 2014-08-23 17:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (176 votes), past polls