Bug #57166 for Net-SFTP-Foreign: sftp foreign genearting DSA key error

Mon May 03 08:55:46 2010 djsateesh [...] kodiaknetworks.com - Ticket created

Subject:	sftp foreign genearting DSA key error
Date:	Mon, 3 May 2010 18:20:44 +0530
To:	<bug-Net-SFTP-Foreign [...] rt.cpan.org>
From:	"Sateesh D J" <djsateesh [...] kodiaknetworks.com>

Hi I am facing problem while uploading file using SFTP::Foreign module Please do the needful #15652 1272889310.00000 _init_transport: ssh cmd: ssh -o NumberOfPasswordPrompts=1 -o PreferredAuthentications=keyboard-interactive,password OpenSSH_4.3p2, OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 debug1: Reading configuration data /etc/ssh/ssh_config^M debug1: Applying options for *^M debug1: Connecting to 192.168.3.240 [192.168.3.240] port 22.^M debug1: Connection established.^M debug1: permanently_set_uid: 0/0^M debug1: identity file /root/.ssh/identity type -1^M debug1: identity file /root/.ssh/id_rsa type 1^M debug1: identity file /root/.ssh/id_dsa type -1^M debug1: loaded 3 keys^M debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2^M debug1: match: OpenSSH_3.6.1p2 pat OpenSSH_3.*^M debug1: Enabling compatibility mode for protocol 2.0^M debug1: Local version string SSH-2.0-OpenSSH_4.3^M debug1: SSH2_MSG_KEXINIT sent^M debug1: SSH2_MSG_KEXINIT received^M debug1: kex: server->client aes128-cbc hmac-md5 none^M debug1: kex: client->server aes128-cbc hmac-md5 none^M debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent^M debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP^M debug1: SSH2_MSG_KEX_DH_GEX_INIT sent^M debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY^M #15652 1272889310.00000 _conn_lost: _conn_lost #15652 1272889310.00000 _set_status: _set_status code: 6, str: No connection #15652 1272889310.00000 _set_error: _set_err code: 37, str: the authenticity of the target host can not be established, connect from the command line first #15652 1272889310.00000 _rel2abs: '/home/kodiak/smsbp' --> '/home/kodiak/smsbp' #15652 1272889310.00000 _rel2abs: '/home/kodiak/smsbp' --> '/home/kodiak/smsbp' #15652 1272889310.00000 _queue_msg: queueing msg len: 39, code:3, id:0 ... [1] 00 00 00 27 03 00 00 00 00 00 00 00 12 2f 68 6f 6d 65 2f 6b 6f 64 69 61 6b 2f 73 6d 73 62 70 00 | ...'........./home/kodiak/smsbp. 00 00 1a 00 00 00 04 00 00 01 e8 | ........... #15652 1272889310.00000 _get_msg: waiting for message... [1] #15652 1272889310.00000 _do_io: _do_io connected: 0 #15652 1272889310.00000 _conn_lost: _conn_lost #15652 1272889310.00000 _set_status: _set_status code: 7, str: Connection lost #15652 1272889310.00000 _set_error: _set_err code: 37, str: Connection to remote server stalled #15652 1272889310.00000 open: new remote file '/home/kodiak/smsbp' open, rid: #15652 1272889310.00000 _rel2abs: '/home/kodiak' --> '/home/kodiak' #15652 1272889310.00000 _rel2abs: '/home/kodiak' --> '/home/kodiak' #15652 1272889310.00000 _queue_msg: queueing msg len: 21, code:11, id:1 ... [2] 00 00 00 15 0b 00 00 00 01 00 00 00 0c 2f 68 6f 6d 65 2f 6b 6f 64 69 61 6b | ............./home/kodiak #15652 1272889310.00000 _get_msg: waiting for message... [2] #15652 1272889310.00000 _do_io: _do_io connected: 0 #15652 1272889310.00000 _conn_lost: _conn_lost #15652 1272889310.00000 opendir: new remote dir '/home/kodiak' open, rid: unable to retrieve directory: Connection to remote server stalled at FileUPLoad.pl line 113. Please check Server is running, IPAddress, UserID, Password is correct. #15652 1272889310.00000 DESTROY: Net::SFTP::Foreign=HASH(0x7fdbe80)->DESTROY called (current pid: 15652, disconnect_by_pid: ) #15652 1272889310.00000 disconnect: Net::SFTP::Foreign=HASH(0x7fdbe80)->disconnect called (ssh pid: 15658) #15652 1272889310.00000 _conn_lost: _conn_lost Thanks And Regards D.J.Sateesh Software Engineer, Kodiak Networks, #401, 4th flr,Prestige Sigma, 3,Vittal Mallya rd, Bangalore - 1 Ph - 22227960 x 215 URL - www.kodiaknetworks.com <http://www.kodiaknetworks.com/>

Message body is not shown because it is too large.

Mon May 03 11:20:56 2010 salva [...] cpan.org - Taken

Mon May 03 11:26:23 2010 salva [...] cpan.org - Correspondence added 10 min

It looks like the SSH client you are using has some interoperability problem with the remote server. If you can, upgrade the SSH software in the server to something newer (3.x.x is quite old and may have know security bugs). Anyway, could you rerun your test program increasing the verbosity level (passing '-vvv' instead of '-v') and send me the output? A capture at the OS level (with strace, truss, ktrace, etc), would also be very helpful, though, note that passwords would be visible there. Regards

Mon May 03 11:26:24 2010 The RT System itself - Status changed from 'new' to 'open'

Tue May 04 01:24:14 2010 djsateesh [...] kodiaknetworks.com - Correspondence added

Subject:	RE: [rt.cpan.org #57166] sftp foreign genearting DSA key error
Date:	Tue, 4 May 2010 10:49:21 +0530
To:	<bug-Net-SFTP-Foreign [...] rt.cpan.org>
From:	"Sateesh D J" <djsateesh [...] kodiaknetworks.com>

Hi When we connect the sftp using command line it works fine When we do it for once from command line,then the script works fine I think if dsa host key present in the /home/kodiak/.ssh/known_hosts then the script works fine If it not present then it then script fails So every time I need to run the script I need to put the key in the /home/kodiak/.ssh/known_hosts file Connecting to 192.168.3.240... The authenticity of host '192.168.3.240 (192.168.3.240)' can't be established. RSA key fingerprint is 09:95:c2:53:aa:5d:f0:79:a6:87:1c:4b:92:71:5b:6d. Are you sure you want to continue connecting (yes/no)? In our script it asks for yes/no that's wat I think it is waiting for the reply debug1: SSH2_MSG_KEX_DH_GEX_INIT sent^M debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY^M but I cant give key every time it is automated script please do the needful When I used -w it gives this output #6622 1272947769.00000 _init_transport: ssh cmd: ssh -o NumberOfPasswordPrompts=1 -o PreferredAuthentications=keyboard-interactive,password -l kodiak -w 192.168.3.240 -s sftp Uploading to SFTP Site : SFTP Server: 192.168.3.240 File: smsbp Date: Tue May 4 10:06:09 IST 2010 --------------------- SFTP Log Start ------------------------------------- Bad tun device '192.168.3.240' #6622 1272948009.00000 _conn_lost: _conn_lost #6622 1272948009.00000 _set_status: _set_status code: 6, str: No connection #6622 1272948009.00000 _set_error: _set_err code: 37, str: Password not requested as expected: 0 #6622 1272948009.00000 _rel2abs: '/home/kodiak/smsbp' --> '/home/kodiak/smsbp' #6622 1272948009.00000 _rel2abs: '/home/kodiak/smsbp' --> '/home/kodiak/smsbp' #6622 1272948009.00000 _queue_msg: queueing msg len: 39, code:3, id:0 ... [1] 00 00 00 27 03 00 00 00 00 00 00 00 12 2f 68 6f 6d 65 2f 6b 6f 64 69 61 6b 2f 73 6d 73 62 70 00 | ...'........./home/kodiak/smsbp. 00 00 1a 00 00 00 04 00 00 01 e8 | ........... #6622 1272948009.00000 _get_msg: waiting for message... [1] #6622 1272948009.00000 _do_io: _do_io connected: 0 #6622 1272948009.00000 _conn_lost: _conn_lost #6622 1272948009.00000 _set_status: _set_status code: 7, str: Connection lost #6622 1272948009.00000 _set_error: _set_err code: 37, str: Connection to remote server stalled #6622 1272948009.00000 open: new remote file '/home/kodiak/smsbp' open, rid: #6622 1272948009.00000 _rel2abs: '/home/kodiak' --> '/home/kodiak' #6622 1272948009.00000 _rel2abs: '/home/kodiak' --> '/home/kodiak' #6622 1272948009.00000 _queue_msg: queueing msg len: 21, code:11, id:1 ... [2] 00 00 00 15 0b 00 00 00 01 00 00 00 0c 2f 68 6f 6d 65 2f 6b 6f 64 69 61 6b | ............./home/kodiak #6622 1272948009.00000 _get_msg: waiting for message... [2] #6622 1272948009.00000 _do_io: _do_io connected: 0 #6622 1272948009.00000 _conn_lost: _conn_lost #6622 1272948009.00000 opendir: new remote dir '/home/kodiak' open, rid: unable to retrieve directory: Connection to remote server stalled at FileUPLoad.pl line 113. Thanks And Regards D.J.Sateesh Software Engineer, Kodiak Networks, #401, 4th flr,Prestige Sigma, 3,Vittal Mallya rd, Bangalore - 1 Ph - 22227960 x 215 URL - www.kodiaknetworks.com Show quoted text

-----Original Message----- From: Salvador Fandino Garcia via RT [mailto:bug-Net-SFTP-Foreign@rt.cpan.org] Sent: Monday, May 03, 2010 8:56 PM To: Sateesh D J Subject: [rt.cpan.org #57166] sftp foreign genearting DSA key error <URL: https://rt.cpan.org/Ticket/Display.html?id=57166 > It looks like the SSH client you are using has some interoperability problem with the remote server. If you can, upgrade the SSH software in the server to something newer (3.x.x is quite old and may have know security bugs). Anyway, could you rerun your test program increasing the verbosity level (passing '-vvv' instead of '-v') and send me the output? A capture at the OS level (with strace, truss, ktrace, etc), would also be very helpful, though, note that passwords would be visible there. Regards

Tue May 04 06:01:00 2010 salva [...] cpan.org - Correspondence added 10 min

On Tue May 04 01:24:14 2010, djsateesh@kodiaknetworks.com wrote: Show quoted text

> Hi > > When we connect the sftp using command line it works fine > When we do it for once from command line,then the script works fine > > I think if dsa host key present in the /home/kodiak/.ssh/known_hosts > then the script works fine > > If it not present then it then script fails > So every time I need to run the script I need to put the key in the > /home/kodiak/.ssh/known_hosts file

This is how SSH works, the key from the remote server has to be placed inside "known_hosts". The "ssh" command has some options that allow to disable that check, you can read the manual page for the details. Cheers

Tue May 04 06:01:01 2010 salva [...] cpan.org - Status changed from 'open' to 'rejected'

Tue May 04 06:13:56 2010 djsateesh [...] kodiaknetworks.com - Correspondence added

Subject:	RE: [rt.cpan.org #57166] sftp foreign genearting DSA key error
Date:	Tue, 4 May 2010 15:39:01 +0530
To:	<bug-Net-SFTP-Foreign [...] rt.cpan.org>
From:	"Sateesh D J" <djsateesh [...] kodiaknetworks.com>

Hi, SSH works as per your reply. We agree and accept it. Is there any way/workaround in SFTP::Foreign module to forcefully generate the key in local machine if the key doesn't exist. When manually connecting through sftp it prompts as below Connecting to 192.168.3.240... The authenticity of host '192.168.3.240 (192.168.3.240)' can't be established. RSA key fingerprint is 09:95:c2:53:aa:5d:f0:79:a6:87:1c:4b:92:71:5b:6d. Are you sure you want to continue connecting (yes/no)? Can the SFTP::Foreign module provide input as yes and proceed. We were earlier using Net::SFTP and it works fine even when the key is not present in known_hosts file. It looks like Net::SFTP supports that by default. Can we make the SFTP::Foreign also to work in the same way as Net::SFTP Thanks for your reply and expecting your continued support. Thanks And Regards D.J.Sateesh Software Engineer, Kodiak Networks, #401, 4th flr,Prestige Sigma, 3,Vittal Mallya rd, Bangalore - 1 Ph - 22227960 x 215 URL - www.kodiaknetworks.com Show quoted text

-----Original Message----- From: Salvador Fandino Garcia via RT [mailto:bug-Net-SFTP-Foreign@rt.cpan.org] Sent: Tuesday, May 04, 2010 3:31 PM To: Sateesh D J Subject: [rt.cpan.org #57166] sftp foreign genearting DSA key error <URL: https://rt.cpan.org/Ticket/Display.html?id=57166 > On Tue May 04 01:24:14 2010, djsateesh@kodiaknetworks.com wrote:

> Hi > > When we connect the sftp using command line it works fine > When we do it for once from command line,then the script works fine > > I think if dsa host key present in the /home/kodiak/.ssh/known_hosts > then the script works fine > > If it not present then it then script fails > So every time I need to run the script I need to put the key in the > /home/kodiak/.ssh/known_hosts file

This is how SSH works, the key from the remote server has to be placed inside "known_hosts". The "ssh" command has some options that allow to disable that check, you can read the manual page for the details. Cheers

Tue May 04 06:13:57 2010 The RT System itself - Status changed from 'rejected' to 'open'

Tue May 04 06:30:56 2010 salva [...] cpan.org - Correspondence added 5 min

Look for StrictHostKeyChecking in ssh_config(5) man page You can pass it to the constructor as follows: $sftp = Net::SFTP::Foreign->new(..., more => [-o => 'StrictHostKeyChecking=no']); Anyway, this is a not a support forum but a bug tracker. Don't post questions here, please. You can use http://perlmonks.org, Stack Overflow or the CPAN Forum for that.

Tue May 04 06:30:59 2010 salva [...] cpan.org - Status changed from 'open' to 'rejected'

Tue May 04 09:38:54 2010 djsateesh [...] kodiaknetworks.com - Correspondence added

Subject:	RE: [rt.cpan.org #57166] sftp foreign genearting DSA key error
Date:	Tue, 4 May 2010 19:03:58 +0530
To:	<bug-Net-SFTP-Foreign [...] rt.cpan.org>
From:	"Sateesh D J" <djsateesh [...] kodiaknetworks.com>

Hi Thank you very much for providing the solution. Look for StrictHostKeyChecking in ssh_config(5) man page You can pass it to the constructor as follows: $sftp = Net::SFTP::Foreign->new(..., more => [-o => 'StrictHostKeyChecking=no']); Unfortunately, the solution is not working for 32 bit Linux. When we use the option in 64 bit Linux the solution works. Our application has to support both 32 and 64 bit. Can you please provide us solution so that it will work in 32 bit card also Appreciate your timely help and expecting the same for 32 bit also. Thanks And Regards D.J.Sateesh Software Engineer, Kodiak Networks, #401, 4th flr,Prestige Sigma, 3,Vittal Mallya rd, Bangalore - 1 Ph - 22227960 x 215 URL - www.kodiaknetworks.com Show quoted text

-----Original Message----- From: Salvador Fandino Garcia via RT [mailto:bug-Net-SFTP-Foreign@rt.cpan.org] Sent: Tuesday, May 04, 2010 4:01 PM To: Sateesh D J Subject: [rt.cpan.org #57166] sftp foreign genearting DSA key error <URL: https://rt.cpan.org/Ticket/Display.html?id=57166 > Look for StrictHostKeyChecking in ssh_config(5) man page You can pass it to the constructor as follows: $sftp = Net::SFTP::Foreign->new(..., more => [-o => 'StrictHostKeyChecking=no']); Anyway, this is a not a support forum but a bug tracker. Don't post questions here, please. You can use http://perlmonks.org, Stack Overflow or the CPAN Forum for that.

Tue May 04 09:38:55 2010 The RT System itself - Status changed from 'rejected' to 'open'

Tue May 04 10:54:54 2010 salva [...] cpan.org - Status changed from 'open' to 'rejected'