in reply to Re^2: Net::SSH2 not base64 encoded
in thread Net::SSH2 not base64 encoded

This sounds like it is an authentication error from the remote end. Somehow, the remote end thinks that "you" ($ENV{USER}) are not the one connected to the public+private keypair.

Maybe $ENV{USER} is different from your expectations, or your program does something wrong.

I would look at what ssh does by connecting using ssh -i ~/.ssh/the-new-private-key -v -v -v and comparing that with my expectations, and very closely comparing that with the output of your program with $ssh2->trace(-1);.

Replies are listed 'Best First'.
Re^4: Net::SSH2 not base64 encoded
by averlon (Sexton) on Dec 12, 2024 at 12:33 UTC

    It looks like, libssh2 is compiled without trace. So there is no trace information when running the script. Anyhow. The shell output says:

    OpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.c
+onf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/ava
+dmin/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/av
+admin/.ssh/known_hosts2'
debug2: resolving "f42240te" port 22
debug3: resolve_host: lookup f42240te:22
debug3: ssh_connect_direct: entering
debug1: Connecting to f42240te [192.168.1.100] port 22.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: Connection established.
debug1: identity file .ssh/t_zertifikat_t_test_openssh.key type 0
debug1: identity file .ssh/t_zertifikat_t_test_openssh.key-cert type -
+1
debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
debug1: Remote protocol version 2.0, remote software version lancom
debug1: compat_banner: no match: lancom
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to f42240te:22 as 'newroot'
debug3: record_hostkey: found key type ED25519 in file /home/avadmin/.
+ssh/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/avadmin/.ss
+h/known_hosts:6
debug3: load_hostkeys_file: loaded 2 keys from f42240te
debug1: load_hostkeys: fopen /home/avadmin/.ssh/known_hosts2: No such 
+file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
+ directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file o
+r directory
debug3: order_hostkeyalgs: have matching best-preference key type ssh-
+ed25519-cert-v01@openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org
+,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x2
+5519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-h
+ellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-gr
+oup14-sha256,ext-info-c,kex-strict-c-v00@openssh.com
debug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sh
+a2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh
+.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01
+@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512
+-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,e
+cdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed2
+5519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-
+sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-
+ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-
+ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hm
+ac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-e
+tm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256
+,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hm
+ac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-e
+tm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256
+,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: diffie-hellman-group14-sha256,diffie-hellman-g
+roup16-sha512,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256
+,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org,c
+urve25519-sha256,curve448-sha512,sntrup761x25519-sha512@openssh.com,e
+xt-info-s,kex-strict-s-v00@openssh.com
debug2: host key algorithms: ssh-ed448,ssh-ed25519,ecdsa-sha2-nistp256
+,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: aes256-gcm@openssh.com,aes128-gcm@openssh.com,ch
+acha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: ciphers stoc: aes256-gcm@openssh.com,aes128-gcm@openssh.com,ch
+acha20-poly1305@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
debug2: MACs ctos: hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@opens
+sh.com,hmac-sha2-256-etm@openssh.com
debug2: MACs stoc: hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@opens
+sh.com,hmac-sha2-256-etm@openssh.com
debug2: compression ctos: none,zlib
debug2: compression stoc: none,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug3: kex_choose_conf: will use strict KEX ordering
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC:
+ <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC:
+ <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:tp83MDA3OfhZO/mehm31fDcjuJ
+XaZJm8u7qt6SjC7lM
debug3: record_hostkey: found key type ED25519 in file /home/avadmin/.
+ssh/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/avadmin/.ss
+h/known_hosts:6
debug3: load_hostkeys_file: loaded 2 keys from f42240te
debug1: load_hostkeys: fopen /home/avadmin/.ssh/known_hosts2: No such 
+file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or
+ directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file o
+r directory
debug1: Host 'f42240te' is known and matches the ED25519 host key.
debug1: Found key in /home/avadmin/.ssh/known_hosts:5
debug3: send packet: type 21
debug1: ssh_packet_send2_wrapped: resetting send seqnr 3
debug2: ssh_set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: ssh_packet_read_poll2: resetting read seqnr 3
debug1: SSH2_MSG_NEWKEYS received
debug2: ssh_set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: .ssh/t_zertifikat_t_test_openssh.key RSA SHA
+256:Gh84ZfAUIrNexMSF34KZghpRkM2Gj9P6K8d+IUlgoXU explicit
debug2: pubkey_prepare: done
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed448,ssh-ed25519,ecd
+sa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512
+,rsa-sha2-256>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: password,keyboard-interacti
+ve,publickey
debug3: start over, passed a different list password,keyboard-interact
+ive,publickey
debug3: preferred gssapi-with-mic,publickey,keyboard-interactive
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: .ssh/t_zertifikat_t_test_openssh.key RSA 
+SHA256:Gh84ZfAUIrNexMSF34KZghpRkM2Gj9P6K8d+IUlgoXU explicit
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: .ssh/t_zertifikat_t_test_openssh.key RSA S
+HA256:Gh84ZfAUIrNexMSF34KZghpRkM2Gj9P6K8d+IUlgoXU explicit
debug3: sign_and_send_pubkey: using publickey with RSA SHA256:Gh84ZfAU
+IrNexMSF34KZghpRkM2Gj9P6K8d+IUlgoXU
debug3: sign_and_send_pubkey: signing using rsa-sha2-512 SHA256:Gh84Zf
+AUIrNexMSF34KZghpRkM2Gj9P6K8d+IUlgoXU
debug3: send packet: type 50
debug3: receive packet: type 52
Authenticated to f42240te ([192.168.1.100]:22) using "publickey".
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug3: send packet: type 90
debug1: Entering interactive session.
debug1: pledge: filesystem
debug3: receive packet: type 91
debug2: channel_input_open_confirmation: channel 0: callback start
debug2: fd 3 setting TCP_NODELAY
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug2: client_session2_setup: id 0
debug2: channel 0: request pty-req confirm 1
debug3: send packet: type 98
debug1: Sending environment.
debug3: Ignored env SHELL
debug3: Ignored env HISTCONTROL
debug3: Ignored env HISTSIZE
debug3: Ignored env PWD
debug3: Ignored env LOGNAME
debug3: Ignored env XDG_SESSION_TYPE
debug3: Ignored env MOTD_SHOWN
debug3: Ignored env HOME
debug1: channel 0: setting env LANG = "de_DE.UTF-8"
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
debug3: Ignored env LS_COLORS
debug3: Ignored env SSH_CONNECTION
debug3: Ignored env XDG_SESSION_CLASS
debug3: Ignored env TERM
debug3: Ignored env LIBVIRT_DEFAULT_URI
debug3: Ignored env USER
debug3: Ignored env SHLVL
debug3: Ignored env XDG_SESSION_ID
debug3: Ignored env XDG_RUNTIME_DIR
debug3: Ignored env PS2
debug3: Ignored env PS1
debug3: Ignored env SSH_CLIENT
debug3: Ignored env PS4
debug3: Ignored env XDG_DATA_DIRS
debug3: Ignored env PATH
debug3: Ignored env HISTFILESIZE
debug3: Ignored env DBUS_SESSION_BUS_ADDRESS
debug3: Ignored env SSH_TTY
debug3: Ignored env OLDPWD
debug3: Ignored env _
debug2: channel 0: request shell confirm 1
debug3: send packet: type 98
debug2: channel_input_open_confirmation: channel 0: callback done
debug2: channel 0: open confirm rwindow 65280 rmax 16384
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: PTY allocation request accepted on channel 0
debug3: receive packet: type 99
debug2: channel_input_status_confirm: type 99 id 0
debug2: shell request accepted on channel 0

    [download]

    Although - this does not tell me very much! Probably there is something incompatible others can identify!

    Regards Kallewirsch
[reply]
[d/l]

      If ->trace is not available, maybe ->debug helps?

      From the output you show, I see the following:

      Authenticating to f42240te:22 as 'newroot'

      [download]

      Is this what your script gets in $ENV{USER}, and what you expect?

      If you have one thing that works and another thing that fails, you will have to check all your assumptions and compare what you can see between the two sides.

      If you only show one side, you have to do the investigation and comparison yourself.

[reply]
[d/l]
[select]

        I missed one output from the debug:

        Net::SSH2::KnownHosts::DESTROY

        This comes from:

        $av_obj_SSH->check_hostkey('ask');

        Question is why!?

        Regards Kallewirsch
[reply]
[d/l]
[select]

        Thanks for your advice

        "newroot" ist the user on the target system. It is not the user the script runs uns the client system. Ich changed this since I was sure $ENV{USER} was the wrong setting!

        I will see if debug will do the trick

        Regards Kallewirsch
[reply]

In Section Seekers of Perl Wisdom