http://www.perlmonks.org?node_id=1222158

Aldebaran has asked for the wisdom of the Perl Monks concerning the following question:

Hello Monks,

I lurk on threads that are pitched to my aptitude and needs, with Re^3: Sample REST request & response code being a recent one, and in particular thanos's responses. I had a perl sftp capability that was still using the password and knew that better implementations used key pairs. I followed the methods laid out in english instructions to set up ssh on ubuntu as well as almost the same treatment in russian. ssh goes off really slick now:

$ ssh u6121220@home349357426.1and1-data.host The programs included with the Debian GNU/Linux system are free softwa +re; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. (uiserver):u61210220:~$ pwd /kunden/homepages/9/d349357426/htdocs

Where it goes off the rails for me is the ultimate step in the above links. It amounts to changing the PasswordAuthentication line here:

sudo nano /etc/ssh/sshd_config

Nothing I do seems to make me a superuser. su doesn't prompt for password.

(uiserver):u61210220:~/perlmonks/scripts$ su (uiserver):u61210220:~/perlmonks/scripts$ man su (uiserver):u61210220:~/perlmonks/scripts$ sudo anything -bash: sudo: command not found (uiserver):u61210220:~/perlmonks/scripts (uiserver):u61210220:~$ chmod +w /etc/ssh/sshd_config chmod: changing permissions of ‘/etc/ssh/sshd_config’: Read-only file +system$

I was surprised to see that this server is running ubuntu:

(uiserver):u61210220:~$ lsb_release -r -i -c -d Distributor ID: Debian Description: Debian GNU/Linux 8.11 (jessie) Release: 8.11 Codename: jessie (uiserver):u61210220:~$ uname -a Linux infong972 3.16.0-ui18135.21-uiabi1-infong-amd64 #1 SMP Debian 3. +16.56-1~ui80+1 (2018-05-15) x86_64 GNU/Linux (uiserver):u61210220:~$

Q1) Am I right to think that nothing I do will allow me to write to this file? If so, then is my site as vulnerable to an attack with enumerating passwords as ever?

Q2) Can I write a script that lets me know when there are more than 20 tries/hour at a password entrance?

Here is the script that can now employ the key path for sftp:

$ cat 2.sftp1.pl #!/usr/bin/perl -w use 5.011; use Net::SFTP::Foreign; my $upload_file = shift; my $sftp = get_tiny(); my $server_dir = "perlmonks/scripts"; $sftp->mkdir("/$server_dir") or warn "mkdir1 failed $!\n"; $sftp->setcwd("/$server_dir") or warn "setcwd1 failed $!\n"; $sftp->put($upload_file) or warn "upload put failed $!\n"; my $remote_dir = $sftp->cwd; say "remote dir is $remote_dir"; my $ls = $sftp->ls( $remote_dir); print "$_->{filename}\n" for (@$ls); say "final ref to sftp object is is $sftp"; undef $sftp; sub get_tiny { use 5.011; use warnings; use Net::SFTP::Foreign; use Config::Tiny; use Data::Dumper; my $ini_path = qw( /home/bob/Documents/html_template_data/3.values.i +ni ); say "ini path is $ini_path"; my $sub_hash = "my_sftp"; my $Config = Config::Tiny->new; $Config = Config::Tiny->read( $ini_path, 'utf8' ); say Dumper $Config; # -> is optional between brackets my $domain = $Config->{$sub_hash}{'domain'}; my $username = $Config->{$sub_hash}{'username'}; my $password = $Config->{$sub_hash}{'password'}; my $port = $Config->{$sub_hash}{'port'}; my $key_path = $Config->{$sub_hash}{'key_path'}; #dial up the server say "values are $domain $username $password $port $key_path"; my $sftp = Net::SFTP::Foreign->new( $domain, user => $username, port => $port, # password => $password, key_path => $key_path ) or die "Can't connect: $!\n"; return $sftp; } __END__ $

So I can get scripts to my server conveniently but I really don't know what to do once they are there. Q3) Should I constitute a cpan capability, and if so where?:

(uiserver):u61210220:~$ cd perlmonks/scripts (uiserver):u61210220:~/perlmonks/scripts$ ls 1.eclipse.pl 1.hello.pl 1.upload.pl 1.encodings.txt 1.initialize.pl 2.create.bash (uiserver):u61210220:~/perlmonks/scripts$ ./1.upload.pl Can't locate CGI/Lite.pm in @INC (you may need to install the CGI::Lit +e module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/p +erl/5.20.2 /usr/local/share/perl/5.20.2 /usr/lib/x86_64-linux-gnu/per +l5/5.20 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.20 /usr/sha +re/perl/5.20 /usr/local/lib/site_perl .) at ./1.upload.pl line 8. BEGIN failed--compilation aborted at ./1.upload.pl line 8. (uiserver):u61210220:~/perlmonks/scripts$

Thank you for your comment,