[Boston.pm] Login error with SFTP
I wrote up some code to perform SFTP file downloads for my company.
It is now working for all but one of our clients that have chosen to use
this method.
But I need to get it working for ALL of them.
For the life of me I cannot figure out why it's not working for this one
machine.
Here's the info:
- I can sftp in perfectly fine from the command line.
- The client has this set right: PasswordAuthentication yes
- The code works for other servers perfectly fine.
Here is the code:
---
my $ftp = undef;
my $errors = undef;
my %args;
$args{'user'} = $user;
$args{'password'} = $pass;
$args{'debug'} = 'true';
# Update where the connection should be looking
# for the SFTP Known Hosts file.
my %ssh_args;
$ssh_args{'options'} = [UserKnownHostsFile .$config::sftp_hosts_file,
RSAAuthentication yes, protocol='2,1'];
$args{'ssh_args'} = \%ssh_args;
# Make SFTP connection.
eval {
$ftp = Net::SFTP-new( $server, %args ) or $errors = 'Cannot connect
to SFTP Server.';
};
$errors = 'Cannot connect to SFTP Server. '.$@ if ($@);
-
I then print out $errors and this is what i get:
Cannot connect to SFTP Server. Permission denied at
/usr/lib/perl5/site_perl/5.8.5/Net/SFTP.pm line 62
Line 62 correlates with the login function in SFTP.pm:
$ssh-login($param{user}, $param{password}, 'supress_shell');
I added the , protocol='2,1' bit per the suggestion of someone on some
forum for a similar problem.
Can anyone think of any other reason why this might be happening?
Thanks.
--Alex
___
Boston-pm mailing list
Boston-pm@mail.pm.org
http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Login error with SFTP
Alex Brelsfoard wrote:
Cannot connect to SFTP Server. Permission denied at
/usr/lib/perl5/site_perl/5.8.5/Net/SFTP.pm line 62
Line 62 correlates with the login function in SFTP.pm:
$ssh-login($param{user}, $param{password}, 'supress_shell');
I'd look at the source for the $ssh object and see where or if it throws
a Permission denied error in its login() method. I'd also look to see
if there is a debug mode for the module providing $ssh.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
Enterprise solutions through open source.
Professional Profile: http://tmetro.venturelogic.com/
___
Boston-pm mailing list
Boston-pm@mail.pm.org
http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Login error with SFTP
On Jul 30, 2008, at 11:19 AM, Alex Brelsfoard wrote: I wrote up some code to perform SFTP file downloads for my company. I found Net::SCP::Expect easier to work with. Could just be a matter of taste rather than one being more reliable that the other. --kag ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Login error with SFTP
Though I have tried turning on the debug mode, I have not gotten any
different results (though I'm not so sure how to USE the debug mode really).
SSH1.pm SSH2.pm each have the following line:
SSH1.pm:$ssh-fatal_disconnect(Permission denied);
SSH2.pm:$ssh-_login or $ssh-fatal_disconnect(Permission denied);
SSH2.pm:
--
sub login {
my $ssh = shift;
$ssh-SUPER::login(@_);
my $suppress_shell = $_[2];
$ssh-_login or $ssh-fatal_disconnect(Permission denied);
$ssh-debug(Login completed, opening dummy shell channel.);
...
sub _login {
my $ssh = shift;
my $kex = Net::SSH::Perl::Kex-new($ssh);
$kex-exchange;
my $amgr = Net::SSH::Perl::AuthMgr-new($ssh);
$amgr-authenticate;
}
---
SSH1.PM:
-
sub _setup_connection {
my $ssh = shift;
$ssh-_connect unless $ssh-sock;
$ssh-_login or
$ssh-fatal_disconnect(Permission denied);
...
-
SSH1.pm has all functions inside the _login function so too much to paste
here.
--Alex
On Wed, Jul 30, 2008 at 1:06 PM, Tom Metro [EMAIL PROTECTED] wrote:
Alex Brelsfoard wrote:
Cannot connect to SFTP Server. Permission denied at
/usr/lib/perl5/site_perl/5.8.5/Net/SFTP.pm line 62
Line 62 correlates with the login function in SFTP.pm:
$ssh-login($param{user}, $param{password}, 'supress_shell');
I'd look at the source for the $ssh object and see where or if it throws a
Permission denied error in its login() method. I'd also look to see if
there is a debug mode for the module providing $ssh.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
Enterprise solutions through open source.
Professional Profile: http://tmetro.venturelogic.com/
___
Boston-pm mailing list
Boston-pm@mail.pm.org
http://mail.pm.org/mailman/listinfo/boston-pm
[Boston.pm] Net::Server::PreFork - How to make dynamic config changes without bouncing a server
I am using Net::Server::PreFork for a server that has a configuration file. I want to be able to send a message to the server to update the configuration as well as have it take effect. I dont want the server bounced for the configuration changes to take effect. The server starts with five children. Before I go ahead and do something screwy, I thought to ask the public what they do in this case. I realize that one of the children would get the message indicating the changes. If it updates the data structure in memory that would do it only for THAT client, right? In other words, what is the best way for all the children to share variables? Thanks all -- __ Ranga Nathan Tel: 714-417-0056 ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
[Boston.pm] Perl 6 and Parrot Essentials still worth reading?
Hi, Would you say it would still be worthwhile to read Perl 6 and Parrot Essentials in its published, paper form? I see that there's a lot of other more up to date material listed here http://www.perlfoundation.org/perl6/index.cgi#first_look_shortcuts but I'd like a book for when my hands or eyes are too sore for computers, or when I'm on a bus or otherwise away from keyboards and monitors. -- Mike Small [EMAIL PROTECTED] ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Net::Server::PreFork - How to make dynamic config changes without bouncing a server
On Wed, Jul 30, 2008 at 11:42 AM, Ranga Nathan [EMAIL PROTECTED] wrote: Before I go ahead and do something screwy, I thought to ask the public what they do in this case. I realize that one of the children would get the message indicating the changes. If it updates the data structure in memory that would do it only for THAT client, right? In other words, what is the best way for all the children to share variables? If you want to guarantee that your application can never scale, then you could use shared memory. If you want your application to be able to run on multiple machines, then I'd suggest that you use memcached. See http://www.danga.com/memcached/, which you can access using the CPAN module Cache::Memcached. Several years ago it had a bug where you couldn't have keys over a certain length. We got around that by just using Digest::MD5 to make short keys to use. I don't know if the limitation is still there or not. Other than that I've never seen a problem with it. But you'll probably want a plain text file to be written out somewhere in the background to preserve data across server restarts. Cheers, Ben ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Net::Server::PreFork - How to make dynamic config changes without bouncing a server
Ben Tilly wrote: But you'll probably want a plain text file to be written out somewhere in the background to preserve data across server restarts. I think the OP is referring to a typical scenario where you update a configuration file, and then send a signal to the process to provoke a re-read of the configuration file. If you want to guarantee that your application can never scale, then you could use shared memory. If you want your application to be able to run on multiple machines, then I'd suggest that you use memcached. Isn't memcached overkill for a handful of config variables that rarely get reloaded? (Assuming I understand the scenario correctly.) Ranga Nathan [EMAIL PROTECTED] wrote: I realize that one of the children would get the message indicating the changes. If it updates the data structure in memory that would do it only for THAT client, right? In other words, what is the best way for all the children to share variables? This concept is certainly common enough in UNIX. Take Apache, for example. But I've never had the need to look into exactly how it is implemented. (The multi-threaded/multi-process services I've written in Perl haven't had the need to reload config files while running.) If a signal directed at the parent process gets propagated to the children (either by the OS or by the parent process), then with a bit of redundant inefficiency, you could have a signal handler in each child reload the configuration and update their local copies of the variables. The parent process could kill off and restart the children, though that probably doesn't meet your criteria of not interrupting the service. If you were using Perl's threads, there's a built-in mechanism for declaring shared variables. Otherwise, I'd investigate the various shared memory and IPC modules on CPAN. There are a few IPC modules in the core distribution. -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Login error with SFTP
Alex Brelsfoard wrote: Though I have tried turning on the debug mode, I have not gotten any different results (though I'm not so sure how to USE the debug mode really). Are you saying nothing is written to STDOUT or STDERR? SSH1.pm SSH2.pm each have the following line: SSH1.pm:$ssh-fatal_disconnect(Permission denied); SSH2.pm:$ssh-_login or $ssh-fatal_disconnect(Permission denied); Are you not sure which SSH protocol version is being used? Try collecting some data about the target host. Run: $ telnet host 22 and you should see something like: Trying 0.0.0.0... Connected to 0. Escape character is '^]'. SSH-2.0-OpenSSH_4.3p2 Debian-9etch2 unless they've obscured the banner, this will tell you what version of the protocol and what software is being used to implement it. That might provide some clues when tracking down an incompatibility with the SSH module. Compare that to the hosts that are working OK. I'd then check rt.cpan.org for bug reports relating to this for the SSH module. If you determine that the SSH module is failing to login only with a specific SSH server implementation, then you should file a bug at rt.cpan.org. Try coding up a simple test that uses the SSH module to login. That'll take the SFTP module out of the picture and make it easier to debug. Try it with both SSH1.pm and SSH2.pm. Try it first with a known working host. -Tom -- Tom Metro Venture Logic, Newton, MA, USA Enterprise solutions through open source. Professional Profile: http://tmetro.venturelogic.com/ ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Net::Server::PreFork - How to make dynamic config changes without bouncing a server
On Wed, Jul 30, 2008 at 3:33 PM, Tom Metro [EMAIL PROTECTED] wrote: Ben Tilly wrote: But you'll probably want a plain text file to be written out somewhere in the background to preserve data across server restarts. I think the OP is referring to a typical scenario where you update a configuration file, and then send a signal to the process to provoke a re-read of the configuration file. It sounded more to me like you send a regular request to the server that causes the server configuration to change. More of a remote control version than what you're describing here. Though, that said, there is little downside to using a different procedure to configure a server application than you use to access it. If you want to guarantee that your application can never scale, then you could use shared memory. If you want your application to be able to run on multiple machines, then I'd suggest that you use memcached. Isn't memcached overkill for a handful of config variables that rarely get reloaded? (Assuming I understand the scenario correctly.) Overkill? Sure. Significant overhead? Not if the processing of a request takes any real work. If your application will ever live on more than one server, then using memcached up front is a very good idea, and using shared memory is a much worse one. Ranga Nathan [EMAIL PROTECTED] wrote: I realize that one of the children would get the message indicating the changes. If it updates the data structure in memory that would do it only for THAT client, right? In other words, what is the best way for all the children to share variables? This concept is certainly common enough in UNIX. Take Apache, for example. But I've never had the need to look into exactly how it is implemented. (The multi-threaded/multi-process services I've written in Perl haven't had the need to reload config files while running.) It can be implemented in multiple ways. One is that you can have it in shared memory (or a shared cache like I suggested) and the child processes regularly read that cache. Another is that you could have each child check in once per request cycle (or once every several) to see if their information is stale. If it is then they could either try to reload information, or else they could just exit and let the parent process respawn. I suspect that Apache with prefork follows the exit and respawn approach, but I don't really know. If a signal directed at the parent process gets propagated to the children (either by the OS or by the parent process), then with a bit of redundant inefficiency, you could have a signal handler in each child reload the configuration and update their local copies of the variables. It would have to be done by the parent process, because the OS doesn't generally do that. But note that signal handling in Perl is fraught with difficulties to think about. Starting with the decision about whether you'd like to catch signals safely (no dumping core please), or in a timely fashion (don't wait until a database query ends before noticing the signal please). For this you probably want to catch it safely. However for a hard shutdown you may want to catch it in a timely fashion. Unfortunately Perl makes you choose. (But at least you can choose - it used to be that you were stuck with whichever one Perl supported, and different versions of Perl made that choice differently.) The parent process could kill off and restart the children, though that probably doesn't meet your criteria of not interrupting the service. That is why I suggest having the change be something the children notice somewhere in their request lifetime rather than being forcibly pushed to them. If you were using Perl's threads, there's a built-in mechanism for declaring shared variables. Otherwise, I'd investigate the various shared memory and IPC modules on CPAN. There are a few IPC modules in the core distribution. Before choosing a caching module look at http://cpan.robm.fastmail.fm/cache_perf.html and see the performance. Cheers, Ben ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
[Boston.pm] Perl 6 and Parrot Essentials still worth reading?
From: Mike Small [EMAIL PROTECTED] Date: Wed, 30 Jul 2008 14:48:27 -0400 Hi, Would you say it would still be worthwhile to read Perl 6 and Parrot Essentials in its published, paper form? I see that there's a lot of other more up to date material listed here ... but I'd like a book for when my hands or eyes are too sore for computers, or when I'm on a bus or otherwise away from keyboards and monitors. -- Mike Small [EMAIL PROTECTED] Much has changed since the second edition was published, so the book is likely to be misleading in some places, and dead wrong in others. But since I only have a copy of the first edition, I'm afraid I can't be more specific. As an alternative for Parrot, you may prefer to start with the documentation in the source repository [1], which is more up-to-date (with some glaring exceptions), though easier to get lost in. For learning about Perl 6 itself, the Synopses [2] are the most up-to-date statements of the language design, and are fairly stable now; I've been grinding my way through them myself, though I find it slow going. If you would like to contribute, then you'll need to get your hands dirty with the living documentation sooner or later. If your interest is casual, then the overview the book provides is probably worth the errors in detail. Out of curiousity, is your interest primarily in Perl 6, Parrot, or both? -- Bob [1] http://svn.perl.org/parrot/trunk/docs/ [2] http://dev.perl.org/perl6/doc/synopsis.html ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
Re: [Boston.pm] Login error with SFTP
Are you not sure which SSH protocol version is being used? You should be absolutely certain whether requesting SSH v 1 (do not use, obsolete, insecure, demonstrably breakable) or SSH v 2, **and** which the counterparty is supporting. Commandline SSH with -v will report all that. Try collecting some data about the target host. Run: $ telnet host 22 ... SSH-2.0-OpenSSH_4.3p2 Debian-9etch2 that will do it too The one failing server might * have a different brand SSH server * or a different version * or different SSH config * have a different Unix (or other!) user auth system * or different PAM settings etc * not allow suppress shell unless they've obscured the banner, this will tell you what version of the and if they *have* obscured it, *that* might wreck havoc with a module if it mis-diagnoses what it's connected to ? I'd then check rt.cpan.org for bug reports relating to this for the SSH always! For scripting, SCP with keys is slicker from [kb]a?sh than Perl. Without keys, with passwords, it's no go without an API, of course, and dubious with one. I don't use unlocked keys across heterogeneous organizations except in special circumstances. In my $DayJob, we only use approved implementations of crypto libs, so a Perl module that neither binds nor wraps the preferred implementation isn't acceptable. I should try Net::SCP::Expect , as I'd probably like that better than ksh/bash expect, and would fit within approvable use (assuming the license is ok). -- Bill [EMAIL PROTECTED] [EMAIL PROTECTED] ___ Boston-pm mailing list Boston-pm@mail.pm.org http://mail.pm.org/mailman/listinfo/boston-pm
