Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in Net::SFTP::Foreign
Brought to you by:
dbrobins
Menu
▾
▴
Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in Net::SFTP::Foreign
|
From: Salvador F. <sfa...@ya...> - 2010-10-27 16:48:49
|
----- Original Message ----
> From: Russ Brewer <us...@gm...>
> To: Salvador Fandino <sfa...@ya...>
> Cc: ssh...@li...
> Sent: Wed, October 27, 2010 6:20:27 PM
> Subject: Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in
>Net::SFTP::Foreign
>
> On Wed, Oct 27, 2010 at 11:42 AM, Salvador Fandino <sfa...@ya...>
wrote:
> >
> >
> > ----- Original Message ----
> >> From: Russ Brewer <us...@gm...>
> >> To: Ssh...@li...
> >> Sent: Wed, October 27, 2010 5:17:47 PM
> >> Subject: [Ssh-sftp-perl-users] Need help using passphrase with key pairs
> >> in Net::SFTP::Foreign
> >>
> >> I have Net::SFTP::Foreign working fine when my key pairs have an empty
> >> passphrase. But I have been directed to no longer use key pairs that
> >> are not protected by a passphrase.
> >>
> >> In the code below I successfully use "Expect" to pass the passphrase,
> >> complete the login and even list the contents of the remote directory.
> >>
> >> But I can not then get Net::SFTP::Foreign to to utilize the
> >> connection that Expect has established ($conn). Documentation implies
> >> that transport => $conn should do the trick but it is not working in
> >> the example below.
> >>
> >> Any help will be gratefully appreciated.
> >
> > Net::SFTP::Foreign supports authenticating using passphrase protected keys
> > natively. Have you tried it?
> >
> > $ssh = Net::SFTP::Foreign->new($host,
> > user => $user,
> > ssh_cmd => $tectia_ssh_client,
> > passphrase => $passphrase);
> > $ssh->error and die "unable to connect to $host: ". $ssh->error;
> >
> >
> > - Salva
> >
> >
> >
>
> Salva,
>
> Thank you for your prompt response.
>
> Yes, I did try to use passphrase => $passphrase but it did not work.
>
> Please look at the code below. When the script runs, I see the login
> banner on the remote server and I see the the prompt for the
> passphrase. After several minutes, the script times out. I turned
> to Expect because my try with the script below was not working.
>
> I have tested the key pairs and the passphrase works fine from the
> command line. I have no trouble logging in from the command line when
> I type the passphrase by hand. I have no problem using expect to
> automate the login. So it appears that passphrase => $passphrase in
> the following code is not being recognized.
>
>
>
> #!/usr/bin/perl
>
> use Net::SFTP::Foreign;
>
>
> my $tectia_ssh_client = "/opt/tectia/bin/sshg3";
> $feed_server{server} = "server01";
> $feed_server{directory} = "/export/home/tuser";
> @sshargs = ('-v');
> $passphrase = "some group of words";
> $user = "tuser";
>
>
> my $sftp = Net::SFTP::Foreign->new
> (
> host => $feed_server{server},
> user => $user,
> ssh_cmd=>$tectia_ssh_client,
> timeout=>20,
> passphrase => $passphrase,
> more => [@sshargs]
> );
>
> if (($sftp->error) || ($sftp->status)) {
> print "\n";
> print "Login Problem on host: $feed_server{server} using key
> pairs -- exiting perl script $0\n";
> print "sftp error: ".$sftp->error."\n";
> print "sftp status: ".$sftp->status."\n";
> } else {
> print "Got a connection without errors\n";
> }
>
> eval {
> $files_in_directory = $sftp->ls("$feed_server{directory}") or
> die "Trapped DIE: Failed directory list for $feed_server{directory} on
> server $feed_server{server}";
> };
>
> if (($@) || ($sftp->error)) {
> # reset $sig_die_alarm in preparation for some future
> # call to subroutine sig_die_alarm
> $sig_die_alarm = "false";
> print "sftp--> error: ".$sftp->error."\n";
> print "\n";
> print "Directory Listing Problem on host: $feed_server{server} --
> exiting perl script $0\n";
> print "Directory = $feed_server{directory}\n";
> print "ERROR = $@\n";
> } else {
> print "File in directorty: \n";
>
> foreach (@$files_in_directory) {
> $longlist = $_->{longname};
> $shortname = $_->{filename};
> print $longlist;
> }
> }
> #====================================================================
>
>
> When the script is run, here is what I see:
>
> SSH Tectia Client: Evaluation period will end in 12 days.
> Product: SSH Tectia Client
> Evaluation period will end in 12 days.
> This server is running on an evaluation license.
> It will expire after 16 days.
> ========================== WARNING! ====================================
>
> This is a private computing system! Access to this system is limited
> to approved individuals authorized by Intelligent Decisions Inc.
> Any attempted or unauthorized access, use, or modification is expressly
> prohibited. Unauthorized users may face criminal or civil penalties.
> The use of this system may be monitored and recorded. If the monitoring
> reveals any possible evidence of criminal activity, the company can
> provide the records to law enforcement. By continuing to
> access this system you consent to said monitoring and you agree that you
> you have no expectation of a right to privacy while using this system.
>
> ========================== WARNING! ====================================
>
>
> Key label: 1024-bit dsa, tuser@controlzone, Tue Oct 26 2010 15:05:04 -0400
> File name: /export/home/tuser/.ssh2/id_dsa_1024_a
> Passphrase for the private key:
>
>
>
>
> ## ---- A long pause until timeout occurs right here, then I get the
> following error messages
>
>
> Login Problem on host: server01 using key pairs -- exiting perl script
> ./test_basic_passphrase.pl
> sftp status: No connection
> sftp status: No connection
> sftp--> error: Passphrase not requested as expected: 0
Maybe the tectia client is not opening /dev/tty for interaction with the user
but just using stderr.
Could you trace your script at the OS level with ktrace, truss, strace or
similar and send my the output (your keys and passphrases may be visible in the
output, so don't use the real ones). Use the required options to include child
processes in the tracing.
Cheers,
- Salva
|
