Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Net::SFTP::Foreign Password Authentication Hangs

by dano63 (Initiate)
on Oct 18, 2017 at 20:42 UTC ( [id://1201618]=perlquestion: print w/replies, xml ) Need Help??

dano63 has asked for the wisdom of the Perl Monks concerning the following question:

Greetings Monks,

I'm using Net::SFTP::Foreign (which I've used elsewhere for years) as part of a new on-prem file movement service and am running into a problem where it's simply hanging when it gets to password authentication. Doing a manual sftp works so this is something else. I have even stripped down my code to only the relevant lines and it's doing the same thing.

My OS is Fedora 25, the perl is "(v5.26.1) built for x86_64-linux-thread-multi" and Net::SFTP::Foreign is 1.87 and everything is patched and up to date. Thanks for any help you can provide!

Dano. 

$Net::SFTP::Foreign::debug = 1;
my $sftp = Net::SFTP::Foreign->new( $Server,
                                    user => $User,
                                    password => $Pass,
                                    more => '-vvv' );

[download]
With the results: 
debug1: Authentications that can continue: password,keyboard-interacti
+ve,publickey
debug3: start over, passed a different list password,keyboard-interact
+ive,publickey
debug3: preferred keyboard-interactive,password
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug3: send packet: type 50
debug2: we sent a keyboard-interactive packet, wait for reply
debug3: receive packet: type 60
debug2: input_userauth_info_req
Password authentication
debug2: input_userauth_info_req: num_prompts 1
#  queueing msg len: 5, code:1, id:3 ... [1]
#  waiting for message... [1]
debug3: send packet: type 61
debug3: receive packet: type 51
debug1: Authentications that can continue: password,keyboard-interacti
+ve,publickey
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

[download]
The hang is after the last line above. Perhaps not helpful but I also did an strace and got (at the end of much more output): 
Password authentication
debug2: input_userauth_info_req: num_prompts 1
) = 1 (in [3], left {tv_sec=0, tv_usec=780618})
read(3, "Password: ", 4096)             = 10
write(3, "AintTellin\n", 10)            = 10
wait4(21851, 0x7ffe1ea64784, WNOHANG, NULL) = 0
select(8, [3], NULL, NULL, {tv_sec=1, tv_usec=0}) = 1 (in [3], left {t
+v_sec=0, tv_usec=999989})
read(3, "\r\n", 4096)                   = 2
close(4)                                = 0
close(3)                                = 0
fcntl(5, F_GETFL)                       = 0 (flags O_RDONLY)
fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK)  = 0
fcntl(8, F_GETFL)                       = 0x1 (flags O_WRONLY)
fcntl(8, F_SETFL, O_WRONLY|O_NONBLOCK)  = 0
write(2, "#  queueing msg len: 5, code:1, "..., 45#  queueing msg len:
+ 5, code:1, id:3 ... [1]
) = 45
write(2, "#  waiting for message... [1]\n", 30#  waiting for message..
+. [1]
) = 30
rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=
+0}, 8) = 0
rt_sigprocmask(SIG_BLOCK, [PIPE], [], 8) = 0
rt_sigaction(SIGPIPE, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=SA_RES
+TORER, sa_restorer=0x7f688564a5d0}, {sa_handler=SIG_DFL, sa_mask=[], 
+sa_flags=0}, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
select(16, [5], [8], NULL, NULL)        = 1 (out [8])
write(8, "\0\0\0\5\1\0\0\0\3", 9)       = 9
select(8, [5], NULL, NULL, NULLdebug3: send packet: type 61
debug3: receive packet: type 51
debug1: Authentications that can continue: password,keyboard-interacti
+ve,publickey
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password

[download]
Again with the hang at the last line.

Replies are listed 'Best First'.
Re: Net::SFTP::Foreign Password Authentication Hangs
by salva (Canon) on Oct 19, 2017 at 08:01 UTC
    It seems the password is not being accepted by the remote server.

    The debugging output shows that the script hangs because the remote server accepts both password and keyboard-interactive authentication, a case where Net::SFTP::Foreign can't handle correctly failed password authentication.

    A possible workaround is to force the authentication method to be either password or keyboard-interactive, for instance: 

    my $sftp = Net::SFTP::Foreign->new(...,
                                   more => [-o => 'PreferredAuthentica
+tions=keyboard-interactive']);

    [download]

    Another possibility is to connect to the remote host via Net::OpenSSH which has a more sophisticated login algorithm, able to detect errors that Net::SFTP::Foreign doesn't: 

    my $ssh = Net::OpenSSH->new(...);
my $sftp = $ssh->sftp;

    [download]
[reply]
[d/l]
[select]
Re: Net::SFTP::Foreign Password Authentication Hangs (UPDATED)
by thanos1983 (Parson) on Oct 18, 2017 at 22:13 UTC

    Hello dano63,

    Welcome to the Monastery.

    I would suggest to add this line after your connect to see the actual die error:

    $sftp = Net::SFTP::Foreign->new($host);
$sftp->error and die "unable to connect to remote host: " . $sftp->err
+or;

    [download]

    Why you do not use SSH keys which is more secure and not required to apply to send the psw? Sample:

    my %args = ( host     => "localhost",
         user     => "user",
         port     => "22",
         # psw    => "psw",
         key_path => "/home/user/.ssh/id_rsa" );

my $sftp = Net::SFTP::Foreign->new(%args);
$sftp->die_on_error("Unable to establish SFTP connection");

    [download]

    Update: Fellow Monk salva provided you with an answer to your problem. In case you want to get a running sample of code using ssh keys in a relevant question Re: Generate temporary file and FTP upload.

    Hope this helps, BR.

    Seeking for Perl wisdom...on the process of learning...not there...yet!
[reply]
[d/l]
[select]
Re: Net::SFTP::Foreign Password Authentication Hangs
by dano63 (Initiate) on Oct 19, 2017 at 14:11 UTC

    To both thanos1983 and salva, thank you for your replies. Your suggestions were very helpful as I worked to diagnose the problem. However, it turned out to be two things. First, the awful username they assigned contains an at sign '@' which I resolved by escaping it with a backslash. This alone merely changed what I was seeing but it still wasn't working. The second thing was that, completely without explanation, my code started working. Undoubtedly, something on the SFTP server end changed and, while I've asked what happened, I'm not very hopeful for full disclosure from their end.

    Finally, thank you for the excellent Net::SFTP::Foreign module - it has been invaluable to our operations for many years.

    Cheers! Dano.

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1201618]
Approved by haukex
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2024-04-20 12:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found