http://qs1969.pair.com?node_id=537552

perlknight has asked for the wisdom of the Perl Monks concerning the following question:

All, I am trying to get net sftp to work without password authentication. I want it to use a pub keys. By default it uses id_dsa or identity file. I have a pub with different name. I try this: 
 $sftp = Net::SFTP->new("myhost" ,  user=>"me", ssh_args => ( identify
+_files => [ "PATH/.ssh/id_rsa" ,"PATH/.ssh/myid_file"],debug => '1', 
+options => {"RhostsAuthenication no"} ) );

[download]
Any idea, why it's not using the identify file, but each time it tried using id_dsa instead? Thanks.

Replies are listed 'Best First'.
Re: net sftp help
by fizbin (Chaplain) on Mar 17, 2006 at 21:07 UTC
    Try this syntax: 
    $sftp = Net::SFTP->new("myhost" ,  user=>"me", 
  ssh_args => [ identity_files => [ "PATH/.ssh/id_rsa" ,"PATH/.ssh/myi
+d_file"],
                debug => '1', options => ["RhostsAuthenication no"] ] 
+);

    [download]

    Note that I used [], not parentheses around ssh_args; I also used brackets for "options". Also notice that I said identity_files, not identify_files.

    --
    @/=map{[/./g]}qw/.h_nJ Xapou cets krht ele_ r_ra/;
map{y/X_/\n /;print}map{pop@$_}@/for@/

    [download]
[reply]
[d/l]
[select]
      Thanks. This seems to work for me.
[reply]
Re: net sftp help
by Argel (Prior) on Mar 17, 2006 at 21:20 UTC
    FYI, I believe the identify file is for SSH protocol 1 only which means you do not want to use it.

    Is there some reason you cannot use DSA? You already know it appears to be checking for that so wouldn't that make it the path of least resistance? If you have to use RSA then have you tried creating an RSA2 key? See below for DSA and RSA2.

    Other possiblity is a name/IP address lookup issue -- ssh will do a reverse loookup on the IP address of the client and compare that to the hostname the client claims it is coming from. Keep in mind an entry in /etc/hosts on the client that does not exist in /etc/hosts on the server can further confuse things (Solaris admins should be familiar with this).

    And if you have multi-homed systems then routing can also be a factor (i.e. make sure traffic comes in and goes out through the same interface). 

    ssh-keygen -t dsa
ssh-keygen -t rsa

    [download]
[reply]
[d/l]
      the file id_dsa is used, I have another file which call something else for something I am doing?
[reply]
        I'm sorry but I'm not sure I understand your question. What other file? If you are usign RSA2 then it will look for id_rsa.
[reply]
Re: net sftp help
by Plankton (Vicar) on Mar 17, 2006 at 20:33 UTC
    Make sure you followed the steps shown here. Then check things with "ssh -v you@whatever" from the command-line.

    Snakehandlers.net
[reply]

Back to Seekers of Perl Wisdom