Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in Net::SFTP::Foreign

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Wed, Oct 27, 2010 at 11:42 AM, Salvador Fandino <sfa...@ya...> wrote:
>
>
> ----- Original Message ----
>> From: Russ Brewer <us...@gm...>
>> To: Ssh...@li...
>> Sent: Wed, October 27, 2010 5:17:47 PM
>> Subject: [Ssh-sftp-perl-users] Need help using passphrase with key pairs
>> in Net::SFTP::Foreign
>>
>> I have Net::SFTP::Foreign working fine when my key pairs have an empty
>> passphrase.  But I have been directed to no longer use key pairs that
>> are not protected by a passphrase.
>>
>> In the code below I successfully use "Expect" to pass the passphrase,
>> complete the login and even list the contents of the remote directory.
>>
>> But I can not then get Net::SFTP::Foreign to to utilize the
>> connection that Expect has established ($conn). Documentation implies
>> that transport => $conn should do the trick but it is not working in
>> the example below.
>>
>> Any help will be gratefully appreciated.
>
> Net::SFTP::Foreign supports authenticating using passphrase protected keys
> natively. Have you tried it?
>
>   $ssh = Net::SFTP::Foreign->new($host,
>                                  user => $user,
>                                  ssh_cmd => $tectia_ssh_client,
>                                  passphrase => $passphrase);
>   $ssh->error and die "unable to connect to $host: ". $ssh->error;
>
>
> - Salva
>
>
>

Salva,

Thank you for your prompt response.

Yes, I did try to use passphrase => $passphrase but it did not work.

 Please look at the code below.  When the script runs, I see the login
banner on the remote server and I see the the prompt for the
passphrase.  After several minutes, the script times out.   I turned
to Expect because my try with the script below was not working.

I have tested the key pairs and the passphrase works fine from the
command line.  I have no trouble logging in from the command line when
I type the passphrase by hand.  I have no problem using expect to
automate the login. So it appears that passphrase => $passphrase in
the following code is not being recognized.

#!/usr/bin/perl

use Net::SFTP::Foreign;

my $tectia_ssh_client = "/opt/tectia/bin/sshg3";
$feed_server{server} = "server01";
$feed_server{directory} = "/export/home/tuser";
@sshargs = ('-v');
$passphrase = "some group of words";
$user = "tuser";

  my $sftp = Net::SFTP::Foreign->new
    (
      host => $feed_server{server},
      user => $user,
      ssh_cmd=>$tectia_ssh_client,
      timeout=>20,
      passphrase => $passphrase,
      more => [@sshargs]
    );

if (($sftp->error) || ($sftp->status)) {
     print "\n";
     print "Login Problem on host: $feed_server{server} using key
pairs -- exiting perl script $0\n";
     print "sftp error: ".$sftp->error."\n";
     print "sftp status: ".$sftp->status."\n";
} else {
   print "Got a connection without errors\n";
}

 eval {
      $files_in_directory = $sftp->ls("$feed_server{directory}") or
die "Trapped DIE: Failed directory list for $feed_server{directory} on
server $feed_server{server}";
  };

   if (($@) || ($sftp->error)) {
    # reset $sig_die_alarm in preparation for some future
    # call to subroutine sig_die_alarm
     $sig_die_alarm = "false";
     print "sftp--> error: ".$sftp->error."\n";
     print "\n";
     print "Directory Listing Problem on host: $feed_server{server} --
exiting perl script $0\n";
     print "Directory = $feed_server{directory}\n";
     print "ERROR = $@\n";
  } else {
       print "File in directorty: \n";

       foreach (@$files_in_directory) {
         $longlist = $_->{longname};
         $shortname = $_->{filename};
         print $longlist;
      }
  }
#====================================================================

When the script is run, here is what I see:

SSH Tectia Client: Evaluation period will end in 12 days.
Product: SSH Tectia Client
Evaluation period will end in 12 days.
This server is running on an evaluation license.
It will expire after 16 days.
========================== WARNING! ====================================

This is a private computing system!  Access to this system is limited
to approved individuals authorized by Intelligent Decisions Inc.
Any attempted or unauthorized access, use, or modification is expressly
prohibited.  Unauthorized users may face criminal or civil penalties.
The use of this system may be monitored and recorded.  If the monitoring
reveals any possible evidence of criminal activity, the company can
provide the records to law enforcement.  By continuing to
access this system you consent to said monitoring and you agree that you
you have no expectation of a right to privacy while using this system.

========================== WARNING! ====================================

Key label: 1024-bit dsa, tuser@controlzone, Tue Oct 26 2010 15:05:04 -0400
File name: /export/home/tuser/.ssh2/id_dsa_1024_a
Passphrase for the private key:

## ---- A long pause until timeout occurs right here, then I get the
following error messages

Login Problem on host: server01 using key pairs -- exiting perl script
./test_basic_passphrase.pl
sftp status: No connection
sftp status: No connection
sftp--> error: Passphrase not requested as expected: 0

Directory Listing Problem on host: server01 -- exiting perl script
./test_basic_passphrase.pl
Directory = /export/home/tuser
ERROR = Trapped DIE: Failed directory list for /export/home/tuser on
server server01 at ./test_basic_passphrase.pl line 40.