I've been trying to sftp with the package Net::SFTP and an RSA key. I can manually sftp without password to my sftp server but when using the package it doesn't work. I'm running out of idea.
my $ftp = Net::SFTP->new($HOST, user => $USER, ssh_args => { identity_files => [ "/Users/user/.ssh/id_rsa" ] }, debug => 3 );
It gives me the following error:
Trying pubkey authentication with key file '/Users/tom/.ssh/id_rsa'
FATAL: rsa import failed: Invalid input packet. at
/Library/Perl/5.18//Crypt/PK/RSA.pm line 123.
Any help would be much appreciated,
Thanks!
I just ran into this myself.
The problem is that my (and your) private keys are encrypted, as you noted in your comment. An encrypted private key requires you to enter the password before it can be used, and it seems the perl module doesn't support this.
You claimed that you didn't need a password when using this key, but perhaps that was because sftp was using your ssh agent? i.e. where you enter the password once and then the key remains in memory for use by all ssh-family of tools? It would appear that the perl module doesn't support the agent, either, but #salva's suggestion to use Net::SFTP::Foreign should solve that.
It's worth noting that I got this exception while running code that used to work just fine on my workstation, but on a new install of perl. I think what happened is that the Net::SSH::Perl module added support for reading private keys or changed the failure to read a private key into a fatal error rather than just ignoring the key. My code wasn't using a key anyway, but now won't work with that encrypted key around. This is fixed with:
my $sftp= Net::SFTP->new(
...
ssh_args => [ identity_files => [] ]
);
and of course you could add a list of specific (unencrypted) identity files that you want it to use rather than the default user's RSA id.
If the code isn't easily edited, you could also avoid the problem by setting the environment variable $HOME to something that doesn't have a key in it.
Related
I have been trying to import a RSA key container from aspnet_regiis. Steps are as follows.
Run the command prompt as administrator
cd C:\windows\Microsoft.NET\Framework\v2.0.50727
aspnet_regiis -pi myrsakey E:\keyfile.xml
When followed the above steps I get the error as follows
**
Importing RSA Keys from file.. Keyset as registered is invalid.
<Exception from HRESULT: 0x8009001A> Failed!
**
For this "Keyset as registered is invalid" error almost every web result says to try renaming RSA file in the path C:\Users\myuser\AppData\Roaming\Microsoft\Crypto to RSA.old and reboot. If that does not work try renaming Crypto folder as Crypto.old. Eventhough I tried these steps it did not resolve the above issue. I am even running the cmd as administrator. So I was not sure what I am missing in here. Would you be help me to find a solution or a workaround for this issue.
Thanks in advance
Okay I found the answer.
As I was installing this RSA as a machine level key I should have renamed the RSA to RSA.old in the path C:\ProgramData\Microsoft\Crypto
After rename and I reboot the system. And then did the above mentioned steps again in the cmd. This time it succeded.
Previously I was renaming the RSA folder in the wrong place which is in my personal area (C:\Users\myuser\AppData\Roaming\Microsoft\Crypto).
I would like to find a way to store encrypted file in my github repository that Heroku can decrypt on-the-fly (it's not env var but plain old .csv files).
I used git-crypt successfully on my machine but it seems that I cannot add a gpg key to heroku.
When I connect to heroku-cli and I try to create a gpg key usingheroku run gpg --gen-key I got the following error:
gpg: signing failed: Inappropriate ioctl for device
Anyhow, I'm not even sure git-crypt is the right way to go, so feel free to gave me any other alternative solution.
I'm trying to connect to a MS SQL Server trough PHP 5.6 with an Ubuntu 16.04 server. I'm forced to use this version of PHP, in order to assure compatibility with an 'ancient' application.
I installed PHP 5.6 and its modules (pdo, pdo_mysql, readline, etc.) trough ondrej's PPA without any trouble, but I wasn't able to find and install the 'mssql.so' module package needed for the application I'm trying to make work.
That's why I decided I would use ODBC (and PDO_ODBC) drivers in order to connect to the database.
In order to do so, I installed freetds with unixodbc and configured my files like this :
'odbcinst.ini' file :
'odbc.ini' file :
and finally the 'freetds.conf' file :
Ok, I guess all my files are well configured, but the next part starts to be a bit weird, let me explain you : when I try to connect to the MS SQL database using tsql and not giving the password in option but typing it when asked, the connexion works :
But when I try to give the same password as an option (-P), it doesn't work (I tried it at least 10 times with the correct password) !!!
--> tsql failed to open a session for the user 'WIPSOS-PHP'
The same problem happens when I try to use isql with one of my connectors I configured in the 'odbc.ini' file :
It seems to be related to the password, but I can't find the problem, can you please help me ?
I found a partial answer, and it was effectively related to the password: it seems like special characters are not well interpreted when present in the password given for the -P option of the tsql command.
Therefore, depending on you shell, you have to escape these characters in the string which completes an option. In my case, using bash, I had to use the '\' to escape the special character :
tsql -S hostname -D Database -U User -P pa\$\$word
And it now works!
But when I try to escape the special characters with '\' in the 'odbc.ini' file, it still doesn't seem to work :
My next question is : 'How to escape a special character in a '.ini' file ?' or 'Is there something wrong in my configuration ?'
EDIT: I know it was a long time ago, but I had a configuration problem related to the hostname in the "freetds.conf" file. In fact, I was using the server's local network DNS name instead of its IP adress(which works).
I hope my issue will at least help some people, it isn't easy to deal with TSQL and FreeTDS...
I am trying to login to the multiple UNIX servers using SSH one by one and then need to be executed the commands without prompt the username and password.
Is there any chance to do this from Perl?
Yes, this can be done, and if you do, it's best to use a module for it, e.g. Net::OpenSSH.
But this is probably a bad idea. You will need to specify the username and password in plaintext in a place where your Perl script can read them (e.g. in its source code). Anyone who can read your script can also read the username and password, and execute any remote command that using them permits.
So you might as well create a different piece of information that can be read by anyone who can read the Perl script, and use that to authenticate: a passwordless SSH key.
Create one and add its public key to the authorized keys on the host(s) you want to execute your remote command on. Use that key to execute the remote command. This is as least as safe as hardcoding the username and password in a place where the Perl script can read them.
In fact, it is safer: you can restrict the use of that key to the command you want to execute.
And you won't need a Perl script to execute the remote command.
I setup public key access to my server via ssh. I have a .ssh folder on my local windows computer. I configured ssh to add the private key using the ssh-add <directory> command. I am able to successfully connect to my server using windowspowershell. The chmod and Chown of the .ssh directory and authorized file are configured correctly on my server. sshd_config is configured correctly and points to the correct key.
The connection works perfectly with shell so there is no problem on my server. But with Eclipse, and its plugin in particular, Egit, I keep getting a Unable to use key file <directory of the key file I loaded into eclipse the same one used by ssh error every time I try to push my revision commits to my git repository on the server. I went to Pref > General > Network > SSH2 and added the right private key, the ssh2 home directory is set correctly too, in fact the public an private key were both generated using the key management tab and loaded into my server.
My windows permissions on that folder and those keys is set to allow all users to do everything just for good measure.
Now one clue is, the known hosts tab has a host fingerprint that does not match the fingerprint of my key. My key is something like f1:19: etc and the hosts fingerprint is different. I hope I can fix this soon. Any suggestions would be great.
ssh-add -l = two private keys that I am using. So its not this.
Another clue is, after going into my putty program and changes the private key that it ses suddenly is i try to connect to ssh with a key acces in eclipse the error it throws shows reflects the same key that I just changed in putty!! Somehow eclipse seems to be using putty for public key access. How do I stop this?!
Okay here's the solution. For whatever reason Egit uses putty to connect to ssh using the configuration putty is set to use to access a server with a public key. The way you fix this is to make sure putty is able to connect to the server using a public key. If it can't then try this:
Download puttygen
Generate a rsa key using either ssh shell or the key management tab on eclipse. Do not generate a key using puttygen. For whatever reason it never worked for me.
Load the private key you generated (not generated with puttygen) into puttygen and then save as a putty private key (.ppk)
Go to eclipses key management tab and set it to recognize the new .ppk private key file
Finally go to putty, and create your servers profile by assigning the address and then go to auth and load the .ppk file. DISABLE pageant.
Save and attempt to connect to server using the key and if successful then congratulations Egit and Eclipse will now be able to make connections using keys.