I'm using Net::SFTP to transfer files. However, whenever I try to create a new object like so:
my $sftp = Net::SFTP->new('ip', user=>'user', password=>'pass');
It just hangs and does nothing. Does anyone know why this is? Am I doing something wrong? Thanks!
Update
Here is the debug output:
dev1.com: Reading configuration data /home/user/.ssh/config
dev1.com: Reading configuration data /etc/ssh_config
dev1.com: Connecting to 50.56.91.91, port 22.
dev1.com: Remote protocol version 2.0, remote software version OpenSSH_4.3
dev1.com: Net::SSH::Perl Version 1.34, protocol version 2.0.
dev1.com: No compat match: OpenSSH_4.3.
dev1.com: Connection established.
dev1.com: Sent key-exchange init (KEXINIT), wait response.
dev1.com: Algorithms, c->s: 3des-cbc hmac-sha1 none
dev1.com: Algorithms, s->c: 3des-cbc hmac-sha1 none
dev1.com: Entering Diffie-Hellman Group 1 key exchange.
dev1.com: Sent DH public key, waiting for reply.
dev1.com: Received host key, type 'ssh-dss'.
dev1.com: Host 'ip_here' is known and matches the host key.
dev1.com: Computing shared secret key.
dev1.com: Verifying server signature.
dev1.com: Waiting for NEWKEYS message.
dev1.com: Send NEWKEYS.
dev1.com: Enabling encryption/MAC/compression.
dev1.com: Sending request for user-authentication service.
dev1.com: Service accepted: ssh-userauth.
dev1.com: Trying empty user-authentication request.
dev1.com: Authentication methods that can continue: publickey,gssapi-with mic,password.
dev1.com: Next method to try is publickey.
dev1.com: Trying pubkey authentication with key file '/home/user/.ssh/id_rsa2'
In addition to the user and password options, set debug => 1. You will get some diagnostic output that may tell you what the problem is.
Search if your connection data is correct. Use a simple code like that showed in Net::SFTP::Foreign .
Related
I am trying to connect to SFTP server using Perl but I get the following connection error: Permission denied at /app/perl-5.24.3/lib/site_perl/5.24.3/Net/SFTP.pm line 63.
My connection code 'sftp_test2.pl':
use strict;
use warnings;
use Net::SFTP;
my $server = 'downloads-server';
my $user = 'user';
my $port = "10022";
my $password = '';
my %args = (
user => "$user",
port => "$port",
ssh_args => {
user => "$user",
identity_files => [ 'path/sftp_download'],
port => "$port",
protocol=>'2,1',
debug => 1,
}
);
my $sftp=Net::SFTP->new($server, %args) or die "could not open connection to $server\n";
execution:
$>perl sftp_test2.pl
Reading configuration data path/home/.ssh/config
Reading configuration data /etc/ssh_config
Connecting to downloads-server, port 10022.
Remote version string: SSH-2.0-CrushFTPSSHD
Remote protocol version 2.0, remote software version CrushFTPSSHD
Net::SSH::Perl Version 2.14, protocol version 2.0.
No compat match: CrushFTPSSHD.
Connection established.
Sent key-exchange init (KEXINIT), waiting for response.
Using diffie-hellman-group-exchange-sha256 for key exchange
Host key algorithm: ssh-rsa
Algorithms, c->s: aes256-ctr hmac-sha2-512-etm#openssh.com none
Algorithms, s->c: aes256-ctr hmac-sha2-512-etm#openssh.com none
Entering Diffie-Hellman Group Exchange.
SSH2_MSG_KEX_DH_GEX_REQUEST(2048<4096<8192) sent
Sent DH Group Exchange request, waiting for reply.
Received 4096 bit DH Group Exchange reply.
Generating new Diffie-Hellman keys.
Entering Diffie-Hellman key exchange.
Sent DH public key, waiting for reply.
Received host key, type 'ssh-rsa'.
Host 'downloads-server' is known and matches the host key.
Verifying server signature.
Send NEWKEYS.
Waiting for NEWKEYS message.
Enabling encryption/MAC/compression.
Sending request for user-authentication service.
Service accepted: ssh-userauth.
Trying empty user-authentication request.
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Trying password authentication.
Will not query passphrase in batch mode.
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Trying password authentication.
Will not query passphrase in batch mode.
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Trying password authentication.
Will not query passphrase in batch mode.
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Next method to try is publickey.
Publickey: testing agent key 'my-server'
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Next method to try is publickey.
Publickey: testing agent key 'path/home/.ssh/id_rsa'
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Next method to try is publickey.
Trying pubkey authentication with key file 'path/sftp_download'
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Next method to try is publickey.
Permission denied at /app/perl-5.24.3/lib/site_perl/5.24.3/Net/SFTP.pm line 63.
I thought that it is related to my private key, but I can connect via unix command:
sftp -oPort=10022 -oIdentityFile=path/sftp_download user#downloads-server
Connecting to downloads-server...
sftp>
I tried to find a solution in many articles and also tried few code variations, but without a success.
Am I doing something wrong?
Is it a known bug? any workaround?
How can I debug it to find the reason (I am not very well familiar with SSH/FTP).
EDIT:
I suspected that it may be related to multiple connection failing attempts with password so I removed the password authentication from "%AUTH_MAP" in the file "app/perl-5.24.3/lib/site_perl/5.24.3/x86_64-linux/Net/SSH/Perl/AuthMgr.pm" and it connected as expected!
Is there a way to force using only/first key authentication?
Thanks in advance!
Mike
The code to disable password authentication (only authentication key) is:
ssh_args => {
user => $user,
options => [ 'PasswordAuthentication no' ],
identity_files => [ 'path/sftp_download'],
port => $port,
protocol =>'2,1',
debug => 1,
}
I am getting below error while running my script, I am on AIX
Reading configuration data /ecmsq1vg1/home1/aradmin/.ssh/config
Reading configuration data /etc/ssh_config
Connecting to www.mftcatapp.firstdataclients.com, port 22.
Remote version string: SSH-2.0-Sun_SSH_1.1.8
Remote protocol version 2.0, remote software version Sun_SSH_1.1.8
Net::SSH::Perl Version 2.14, protocol version 2.0.
No compat match: Sun_SSH_1.1.8.
Connection established.
Sent key-exchange init (KEXINIT), waiting for response.
No matching mac found: client hmac-sha2-512-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512,hmac-sha2-256 server hmac-sha1 at /apps/perl/lib/site_perl/5.18.1/aix-thread-multi/Net/SSH/Perl/SSH2.pm line 273
Can anyone help me out why i am facing the above error?
perldoc Net::SSH::Perl:
Integrity checking is performed by the hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm#openssh.com, or hmac-sha2-512-etm#openssh.com algorithms. The deprecated hmac-sha1 or hmac-md5 algorithms are available but not enabled by default. Many older SSH server installations still use hmac-sha1 as the main accepted MAC algorithm. To enable this, use the following options parameter:
options => [ "MACs +hmac-sha1" ]
So either configure your server not to use hmac-sha1 for integrity checking or tell your script to accept hmac-sha1.
I am just starting to use Net::SSH::Perl and it seems that I ranning into something weird. If I set the interactive flag to 1 and input my password I am am to login remotely to the machine via ssh but if I leave the interactive flag off or set it to 0 the login fails. I confirm that I am able to use Net::SSH::Perl to log into my local machine so it must be something that I am doing wrong for this particular remote machine, which the under laying OS is SuSE. I also confirmed that I am able to ssh to the remote machine from a terminal window.
use Net::SSH::Perl;
my $cmd = 'uptime';
my $ssh = Net::SSH::Perl->new($host, interactive=> 0, debug => 1);
$ssh->login($user, $pass);
my($stdout, $stderr, $exit) = $ssh->cmd($cmd);
print $stdout;
Below is the logs that are output from debug when the interactive flag is set to 0.
localhost.localdomain: Reading configuration data /home/user/.ssh/config
localhost.localdomain: Reading configuration data /etc/ssh_config
localhost.localdomain: Connecting to 1.1.1.1, port 22.
localhost.localdomain: Remote version string: SSH-2.0-OpenSSH_5.1
localhost.localdomain: Remote protocol version 2.0, remote software version OpenSSH_5.1
localhost.localdomain: Net::SSH::Perl Version 1.38, protocol version 2.0.
localhost.localdomain: No compat match: OpenSSH_5.1
.
localhost.localdomain: Connection established.
localhost.localdomain: Sent key-exchange init (KEXINIT), wait response.
localhost.localdomain: Algorithms, c->s: 3des-cbc hmac-sha1 none
localhost.localdomain: Algorithms, s->c: 3des-cbc hmac-sha1 none
localhost.localdomain: Entering Diffie-Hellman Group 1 key exchange.
localhost.localdomain: Sent DH public key, waiting for reply.
localhost.localdomain: Received host key, type 'ssh-dss'.
localhost.localdomain: Host '1.1.1.1' is known and matches the host key.
localhost.localdomain: Computing shared secret key.
localhost.localdomain: Verifying server signature.
localhost.localdomain: Waiting for NEWKEYS message.
localhost.localdomain: Send NEWKEYS.
localhost.localdomain: Enabling encryption/MAC/compression.
localhost.localdomain: Sending request for user-authentication service.
localhost.localdomain: Service accepted: ssh-userauth.
localhost.localdomain: Trying empty user-authentication request.
localhost.localdomain: Authentication methods that can continue: publickey,keyboard-interactive.
localhost.localdomain: Next method to try is publickey.
localhost.localdomain: Publickey: testing agent key 'user#localhost.localdomain'
localhost.localdomain: Authentication methods that can continue: publickey,keyboard-interactive.
localhost.localdomain: Next method to try is publickey.
localhost.localdomain: Publickey: testing agent key 'user'
localhost.localdomain: Authentication methods that can continue: publickey,keyboard-interactive.
localhost.localdomain: Next method to try is publickey.
Permission denied at /home/user/workspace/perl-random/avamar_ssh.pl line 4.
I am guessing I am doing something wrong, so if someone could point in the right direction that would be awesome.
Thanks.
This part:
localhost.localdomain: Authentication methods that can continue: publickey,keyboard-interactive.
means that the server is allowing two methods for authenticating:
publickey — public-key authentication
You mention in a comment that this not an option for you.
keyboard-interactive — where you enter a password
It should hardly come as a surprise that this only works in interactive mode.
So, what you're trying to do is not possible.
The good news is, this sounds like the X-Y Problem. If you give us more details about your real problem, we may be able to suggest a better approach.
I want to gain access to an AWS Instance using Perl. I can access the instance from commandline like this:
ssh -i my-key-pair.pem ubuntu#ec2-**-***-***-***.us-west-2.compute.amazonaws.com
but my code doesn't work:
#! usr/bin/perl
use Net::SSH::Perl;
$user = "ubuntu";
$host = "ec2-**-***-***-***.us-west-2.compute.amazonaws.com";
#KEYFILE = "my-key-pair.pem";
$ssh = Net::SSH::Perl->new($host, debug=>1, identity_files=>\#KEYFILE);
$ssh->login($user);
As I mentioned I'm new to this concept, it might be a simple solution, I couldn't find a solution online, hopefully you can help me.
the output is this:
atakanarikan#atakanarikanhplaptop:~/Desktop$ perl remotecomp
atakanarikanhplaptop: Reading configuration data /home/atakanarikan/.ssh/config
atakanarikanhplaptop: Reading configuration data /etc/ssh_config
atakanarikanhplaptop: Connecting to ec2-**-***-***-***.us-west-2.compute.amazonaws.com, port 22.
atakanarikanhplaptop: Remote version string: SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1
atakanarikanhplaptop: Remote protocol version 2.0, remote software version OpenSSH_6.6p1 Ubuntu-2ubuntu1
atakanarikanhplaptop: Net::SSH::Perl Version 1.37, protocol version 2.0.
.takanarikanhplaptop: No compat match: OpenSSH_6.6p1 Ubuntu-2ubuntu1
atakanarikanhplaptop: Connection established.
atakanarikanhplaptop: Sent key-exchange init (KEXINIT), wait response.
atakanarikanhplaptop: Algorithms, c->s: 3des-cbc hmac-sha1 none
atakanarikanhplaptop: Algorithms, s->c: 3des-cbc hmac-sha1 none
atakanarikanhplaptop: Entering Diffie-Hellman Group 1 key exchange.
atakanarikanhplaptop: Sent DH public key, waiting for reply.
atakanarikanhplaptop: Received host key, type 'ssh-dss'.
atakanarikanhplaptop: Host 'ec2-**-***-***-***.us-west-2.compute.amazonaws.com' is known and matches the host key.
atakanarikanhplaptop: Computing shared secret key.
atakanarikanhplaptop: Verifying server signature.
atakanarikanhplaptop: Waiting for NEWKEYS message.
atakanarikanhplaptop: Send NEWKEYS.
atakanarikanhplaptop: Enabling encryption/MAC/compression.
atakanarikanhplaptop: Sending request for user-authentication service.
atakanarikanhplaptop: Service accepted: ssh-userauth.
atakanarikanhplaptop: Trying empty user-authentication request.
atakanarikanhplaptop: Authentication methods that can continue: publickey.
atakanarikanhplaptop: Next method to try is publickey.
atakanarikanhplaptop: Trying pubkey authentication with key file 'my-key-pair.pem'
atakanarikanhplaptop: Will not query passphrase for 'my-key-pair.pem' in batch mode.
atakanarikanhplaptop: Loading private key failed.
Permission denied at remotecomp line 8.
These two lines
atakanarikanhplaptop: Will not query passphrase for 'my-key-pair.pem' in batch mode.
atakanarikanhplaptop: Loading private key failed.
seem to point to the issue. Your private key is protected by a passphrase, and when you try to use it, it wants to ask you for it, but can't in batch mode.
I think you're going to have to remove the passphrase from your private key to use this module. There are many tools, including OpenSSL, that can do that for you. Just search the documentation for removing a passphrase from a key.
I have the following code (of course I replaced myremoteserver.com):
use Modern::Perl;
use Net::SSH::Perl;
use Data::Dumper;
my $ssh = Net::SSH::Perl->new('myremoteserver.com', debug => 1, port => 2999);
$ssh->login('root');
print Dumper $ssh->cmd('uptime');
On a keyless environment, I'm running it both on perl 5.12 and 5.14.
On perl 5.12 it seems to work:
$ perl5.12 /tmp/sshtest.pl
ko.local: Reading configuration data /Users/david/.ssh/config
ko.local: Reading configuration data /etc/ssh_config
ko.local: Connecting to myremoteserver.com, port 2999.
ko.local: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3
Math::BigInt: couldn't load specified math lib(s), fallback to Math::BigInt::Calc at /opt/local/lib/perl5/site_perl/5.12.3/Crypt/DH.pm line 6
ko.local: Net::SSH::Perl Version 1.34, protocol version 2.0.
.o.local: No compat match: OpenSSH_5.8p1 Debian-1ubuntu3
ko.local: Connection established.
ko.local: Sent key-exchange init (KEXINIT), wait response.
ko.local: Algorithms, c->s: 3des-cbc hmac-sha1 none
ko.local: Algorithms, s->c: 3des-cbc hmac-sha1 none
ko.local: Entering Diffie-Hellman Group 1 key exchange.
ko.local: Sent DH public key, waiting for reply.
ko.local: Received host key, type 'ssh-dss'.
ko.local: Host 'myremoteserver.com' is known and matches the host key.
ko.local: Computing shared secret key.
ko.local: Verifying server signature.
ko.local: Waiting for NEWKEYS message.
ko.local: Send NEWKEYS.
ko.local: Enabling encryption/MAC/compression.
ko.local: Sending request for user-authentication service.
ko.local: Service accepted: ssh-userauth.
ko.local: Trying empty user-authentication request.
ko.local: Authentication methods that can continue: publickey.
ko.local: Next method to try is publickey.
ko.local: Publickey: testing agent key '/Users/david/.ssh/github_rsa'
ko.local: Authentication methods that can continue: publickey.
ko.local: Next method to try is publickey.
Permission denied at /tmp/sshtest.pl line 9
But on perl 5.14:
$ perl5.14 /tmp/sshtest.pl
ko.local: Reading configuration data /Users/david/.ssh/config
ko.local: Reading configuration data /etc/ssh_config
ko.local: Connecting to myremoteserver.com, port 2999.
ko.local: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3
ko.local: Net::SSH::Perl Version 1.34, protocol version 2.0.
.o.local: No compat match: OpenSSH_5.8p1 Debian-1ubuntu3
ko.local: Connection established.
ko.local: Sent key-exchange init (KEXINIT), wait response.
ko.local: Algorithms, c->s: 3des-cbc hmac-sha1 none
ko.local: Algorithms, s->c: 3des-cbc hmac-sha1 none
ko.local: Entering Diffie-Hellman Group 1 key exchange.
ko.local: Sent DH public key, waiting for reply.
ko.local: Received host key, type 'ssh-dss'.
ko.local: Host 'myremoteserver.com' is known and matches the host key.
ko.local: Computing shared secret key.
ko.local: Verifying server signature.
Key verification failed for server host key at /opt/local/lib/perl5/site_perl/5.14.1/Net/SSH/Perl/SSH2.pm line 92
The only difference I see is Math::BigInt returns a warning on perl 5.12.
Some debugging info:
~ $ perl5.12 -MNet::SSH::Perl -e 'print $Net::SSH::Perl::VERSION, "\n";'
1.34
~ $ perl5.14 -MNet::SSH::Perl -e 'print $Net::SSH::Perl::VERSION, "\n";'
1.34
~ $ perl5.12 -MMath::BigInt -e 'print $Math::BigInt::VERSION, "\n";'
1.997
~ $ perl5.14 -MMath::BigInt -e 'print $Math::BigInt::VERSION, "\n";'
1.997
Any idea what the problem here is?
There was a change to the default value for a configuration option that controlled how https validation was performed (specifically, the PERL_LWP_SSL_VERIFY_HOSTNAMES environment variable), when LWP::Protocol::https was pulled out of the main LWP library - now hostname checking is on by default, where it was off previously. It is possible that your perl 5.14 library picked up these new changes, and 5.12 is using the old versions.
There is also more information in "Now you need LWP::Protocol::https".