Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re^5: Does Net::SFTP::Foreign support identity file and user password?

by salva (Abbot)
on Sep 26, 2012 at 10:51 UTC ( #995742=note: print w/ replies, xml ) Need Help??


in reply to Re^4: Does Net::SFTP::Foreign support identity file and user password?
in thread Does Net::SFTP::Foreign support identity file and user password?

It seems that Net::SFTP::Foreign is requesting to use just password authentication.

Could you activate debug mode to see exactly how it is calling ssh?

$Net::SFTP::Foreign::debug = ~(8|16|1024|2048);

Show me also your script code.

When I try it myself ssh gets the right preferred authentications list:

debug3: preferred publickeys,password,keyboard-interactive
May you be clobering the more argument passing a second one with the '-vvv flags?


Comment on Re^5: Does Net::SFTP::Foreign support identity file and user password?
Select or Download Code
Re^6: Does Net::SFTP::Foreign support identity file and user password?
by Tanoti (Initiate) on Sep 26, 2012 at 13:54 UTC
    Script is very simple:
    #!/usr/bin/perl -w use strict; use Net::SFTP::Foreign; my $sftp_obj = Net::SFTP::Foreign->new( '10.22.64.27', more => [ '-oIdentityFile=/opt/tools/keys/ssh/sftp-test', '-oPreferredAuthentications=password,keyboard-interactive,publ +ickey', '-vvv', ], user => 'sftp-test', timeout => 120, port => '10023', password => 'password', ); print '[' . $sftp_obj->error . "]\n";
    Debug output:
    #3536 1348667124.00000 new: This is Net::SFTP::Foreign 1.73 #3536 1348667124.00000 new: Loaded from /usr/lib/perl5/vendor_perl/5.8 +.5/Net/SFTP/Foreign.pm #3536 1348667124.00000 new: Running on Perl for linux #3536 1348667124.00000 new: debug set to 4294964199 #3536 1348667124.00000 new: ~0 is 4294967295 #3536 1348667124.00000 new: Using backend Net::SFTP::Foreign::Backend: +:Unix 1.73 #3536 1348667124.00000 _init_transport: ssh cmd: ssh -p 10023 -o Numbe +rOfPasswordPrompts=1 -o PreferredAuthentications=keyboard-interactive +,password -l sftp-test -oIdentityFile=/opt/tools/keys/ssh/sftp-test - +oPreferredAuthentications=password,keyboard-interactive,publickey -vv +v 10.22.64.27 -s sftp #3536 1348667124.00000 _init_transport: starting password authenticati +on #3536 1348667124.00000 _init_transport: checking timeout, max: 120, el +lapsed: 9.05990600585938e-06 #3536 1348667124.00000 _init_transport: waiting for data from the pty +to become available OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: /etc/ssh/ssh_config line 2: Deprecated option "RhostsAuthentic +ation" debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.22.64.27 [10.22.64.27] port 10023. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug3: Not a RSA1 key file /opt/tools/keys/ssh/sftp-test. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /opt/tools/keys/ssh/sftp-test type -1 debug1: Remote protocol version 2.0, remote software version sftp serv +er debug1: no match: sftp server debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-h +ellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cb +c,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ct +r,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cb +c,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ct +r,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripe +md160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripe +md160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-g +roup-exchange-sha1 debug2: kex_parse_kexinit: ssh-rsa debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,3des-cbc debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,3des-cbc debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-sha1 debug1: kex: server->client 3des-cbc hmac-sha1 none debug2: mac_init: found hmac-sha1 debug1: kex: client->server 3des-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 180/384 debug2: bits set: 524/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/fred/.ssh/known_hosts debug3: check_host_in_hostfile: match line 37 debug1: Host '10.22.64.27' is known and matches the RSA host key. debug1: Found key in /home/fred/.ssh/known_hosts:37 debug2: bits set: 522/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: rsa-key-20090319 (0x966ca78) debug2: key: /opt/tools/keys/ssh/sftp-test ((nil)) debug3: input_userauth_banner WARNING - COMPUTER MISUSE ACT 1990 You will commit a criminal offence if you act outside your authority i +n relation to this computer debug1: Authentications that can continue: password,publickey debug3: start over, passed a different list password,publickey debug3: preferred keyboard-interactive,password debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password #3536 1348667124.00000 _init_transport: 45 bytes readed from pty: <<REDACTED>> #3536 1348667124.00000 _init_transport: looking for user/password prom +pt #3536 1348667124.00000 _init_transport: sending password #3536 1348667124.00000 _init_transport: checking timeout, max: 120, el +lapsed: 0.245731115341187 #3536 1348667124.00000 _init_transport: waiting for data from the pty +to become available #3536 1348667124.00000 _init_transport: 2 bytes readed from pty: debug3: packet_send2: adding 40 (len 82 padlen 6 extra_pad 64) debug2: we sent a password packet, wait for reply 0d 0a + | .. #3536 1348667124.00000 _init_transport: looking for password ok #3536 1348667124.00000 _init_transport: password authentication done #3536 1348667124.00000 _queue_msg: queueing msg len: 5, code:1, id:3 . +.. [1] #3536 1348667124.00000 _get_msg: waiting for message... [1] #3536 1348667124.00000 _do_io: _do_io connected: 1 #3536 1348667124.00000 _do_io: _do_io select(-,-,-, 120) #3536 1348667124.00000 _do_io: _do_io write queue: 9, syswrite: 9, max +: 65536, $!: #3536 1348667124.00000 _do_io: _do_io select(-,-,-, 120) Authenticated with partial success. debug1: Authentications that can continue: password,publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (password,publickey). #3536 1348667124.00000 _do_io: _do_io read sysread: 0, total read: 0, +$!: #3536 1348667124.00000 _conn_lost: _conn_lost #3536 1348667124.00000 _set_status: _set_status code: 7, str: Connecti +on lost #3536 1348667124.00000 _set_error: _set_err code: 37, str: Connection +to remote server is broken #3536 1348667124.00000 _conn_lost: _conn_lost [Connection to remote server is broken] #3536 1348667124.00000 DESTROY: Net::SFTP::Foreign=HASH(0x9d25494)->DE +STROY called (current pid: 3536, disconnect_by_pid: ) #3536 1348667124.00000 disconnect: Net::SFTP::Foreign=HASH(0x9d25494)- +>disconnect called (ssh pid: 3537) #3536 1348667124.00000 _conn_lost: _conn_lost
    Sorry, I have had to redact the password prompt response from the remote server as it contained a real user name from our customer (all the other logs I sent have had the customer and user names replaced with sftp-test).
      The hack that allows PreferredAuthentications to be set from more requires it to be passed in two arguments as follows:
      ... more => [ '-o', 'IdentityFile=/opt/tools/keys/ssh/sftp-test', '-o', 'PreferredAuthentications=password,keyboard-interactiv +e,publickey', '-vvv' ];

      I know, this is quite ugly... I have to think about how to do that functionality accessible as a constructor argument without requiring going through the more back door.

        Many thanks, that worked! Making it a constructor argument would be great but for now we can get the solution to work with the customer.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://995742]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (9)
As of 2015-07-04 15:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (60 votes), past polls