Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

Re^5: Does Net::SFTP::Foreign support identity file and user password?

by salva (Monsignor)
on Sep 26, 2012 at 10:51 UTC ( #995742=note: print w/ replies, xml ) Need Help??


in reply to Re^4: Does Net::SFTP::Foreign support identity file and user password?
in thread Does Net::SFTP::Foreign support identity file and user password?

It seems that Net::SFTP::Foreign is requesting to use just password authentication.

Could you activate debug mode to see exactly how it is calling ssh?

$Net::SFTP::Foreign::debug = ~(8|16|1024|2048);

Show me also your script code.

When I try it myself ssh gets the right preferred authentications list:

debug3: preferred publickeys,password,keyboard-interactive
May you be clobering the more argument passing a second one with the '-vvv flags?


Comment on Re^5: Does Net::SFTP::Foreign support identity file and user password?
Select or Download Code
Re^6: Does Net::SFTP::Foreign support identity file and user password?
by Tanoti (Initiate) on Sep 26, 2012 at 13:54 UTC
    Script is very simple:
    #!/usr/bin/perl -w use strict; use Net::SFTP::Foreign; my $sftp_obj = Net::SFTP::Foreign->new( '10.22.64.27', more => [ '-oIdentityFile=/opt/tools/keys/ssh/sftp-test', '-oPreferredAuthentications=password,keyboard-interactive,publ +ickey', '-vvv', ], user => 'sftp-test', timeout => 120, port => '10023', password => 'password', ); print '[' . $sftp_obj->error . "]\n";
    Debug output:
    #3536 1348667124.00000 new: This is Net::SFTP::Foreign 1.73 #3536 1348667124.00000 new: Loaded from /usr/lib/perl5/vendor_perl/5.8 +.5/Net/SFTP/Foreign.pm #3536 1348667124.00000 new: Running on Perl for linux #3536 1348667124.00000 new: debug set to 4294964199 #3536 1348667124.00000 new: ~0 is 4294967295 #3536 1348667124.00000 new: Using backend Net::SFTP::Foreign::Backend: +:Unix 1.73 #3536 1348667124.00000 _init_transport: ssh cmd: ssh -p 10023 -o Numbe +rOfPasswordPrompts=1 -o PreferredAuthentications=keyboard-interactive +,password -l sftp-test -oIdentityFile=/opt/tools/keys/ssh/sftp-test - +oPreferredAuthentications=password,keyboard-interactive,publickey -vv +v 10.22.64.27 -s sftp #3536 1348667124.00000 _init_transport: starting password authenticati +on #3536 1348667124.00000 _init_transport: checking timeout, max: 120, el +lapsed: 9.05990600585938e-06 #3536 1348667124.00000 _init_transport: waiting for data from the pty +to become available OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: /etc/ssh/ssh_config line 2: Deprecated option "RhostsAuthentic +ation" debug2: ssh_connect: needpriv 0 debug1: Connecting to 10.22.64.27 [10.22.64.27] port 10023. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug3: Not a RSA1 key file /opt/tools/keys/ssh/sftp-test. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug3: key_read: missing whitespace debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /opt/tools/keys/ssh/sftp-test type -1 debug1: Remote protocol version 2.0, remote software version sftp serv +er debug1: no match: sftp server debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.9p1 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-h +ellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cb +c,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ct +r,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cb +c,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ct +r,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripe +md160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripe +md160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1,diffie-hellman-g +roup-exchange-sha1 debug2: kex_parse_kexinit: ssh-rsa debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,3des-cbc debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,3des-cbc debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: hmac-sha1 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-sha1 debug1: kex: server->client 3des-cbc hmac-sha1 none debug2: mac_init: found hmac-sha1 debug1: kex: client->server 3des-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 180/384 debug2: bits set: 524/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/fred/.ssh/known_hosts debug3: check_host_in_hostfile: match line 37 debug1: Host '10.22.64.27' is known and matches the RSA host key. debug1: Found key in /home/fred/.ssh/known_hosts:37 debug2: bits set: 522/1024 debug1: ssh_rsa_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug2: service_accept: ssh-userauth debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: rsa-key-20090319 (0x966ca78) debug2: key: /opt/tools/keys/ssh/sftp-test ((nil)) debug3: input_userauth_banner WARNING - COMPUTER MISUSE ACT 1990 You will commit a criminal offence if you act outside your authority i +n relation to this computer debug1: Authentications that can continue: password,publickey debug3: start over, passed a different list password,publickey debug3: preferred keyboard-interactive,password debug3: authmethod_lookup password debug3: remaining preferred: ,password debug3: authmethod_is_enabled password debug1: Next authentication method: password #3536 1348667124.00000 _init_transport: 45 bytes readed from pty: <<REDACTED>> #3536 1348667124.00000 _init_transport: looking for user/password prom +pt #3536 1348667124.00000 _init_transport: sending password #3536 1348667124.00000 _init_transport: checking timeout, max: 120, el +lapsed: 0.245731115341187 #3536 1348667124.00000 _init_transport: waiting for data from the pty +to become available #3536 1348667124.00000 _init_transport: 2 bytes readed from pty: debug3: packet_send2: adding 40 (len 82 padlen 6 extra_pad 64) debug2: we sent a password packet, wait for reply 0d 0a + | .. #3536 1348667124.00000 _init_transport: looking for password ok #3536 1348667124.00000 _init_transport: password authentication done #3536 1348667124.00000 _queue_msg: queueing msg len: 5, code:1, id:3 . +.. [1] #3536 1348667124.00000 _get_msg: waiting for message... [1] #3536 1348667124.00000 _do_io: _do_io connected: 1 #3536 1348667124.00000 _do_io: _do_io select(-,-,-, 120) #3536 1348667124.00000 _do_io: _do_io write queue: 9, syswrite: 9, max +: 65536, $!: #3536 1348667124.00000 _do_io: _do_io select(-,-,-, 120) Authenticated with partial success. debug1: Authentications that can continue: password,publickey debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (password,publickey). #3536 1348667124.00000 _do_io: _do_io read sysread: 0, total read: 0, +$!: #3536 1348667124.00000 _conn_lost: _conn_lost #3536 1348667124.00000 _set_status: _set_status code: 7, str: Connecti +on lost #3536 1348667124.00000 _set_error: _set_err code: 37, str: Connection +to remote server is broken #3536 1348667124.00000 _conn_lost: _conn_lost [Connection to remote server is broken] #3536 1348667124.00000 DESTROY: Net::SFTP::Foreign=HASH(0x9d25494)->DE +STROY called (current pid: 3536, disconnect_by_pid: ) #3536 1348667124.00000 disconnect: Net::SFTP::Foreign=HASH(0x9d25494)- +>disconnect called (ssh pid: 3537) #3536 1348667124.00000 _conn_lost: _conn_lost
    Sorry, I have had to redact the password prompt response from the remote server as it contained a real user name from our customer (all the other logs I sent have had the customer and user names replaced with sftp-test).
      The hack that allows PreferredAuthentications to be set from more requires it to be passed in two arguments as follows:
      ... more => [ '-o', 'IdentityFile=/opt/tools/keys/ssh/sftp-test', '-o', 'PreferredAuthentications=password,keyboard-interactiv +e,publickey', '-vvv' ];

      I know, this is quite ugly... I have to think about how to do that functionality accessible as a constructor argument without requiring going through the more back door.

        Many thanks, that worked! Making it a constructor argument would be great but for now we can get the solution to work with the customer.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://995742]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (4)
As of 2014-11-28 01:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (191 votes), past polls