in reply to Re^6: Net::SSH2 not base64 encoded
in thread Net::SSH2 not base64 encoded

Looking through Net::SSH2 for knownhost points to LIBSSH2_HOSTKEY_POLICY_STRICT and ->check_hostkey. That method is called when creating a connection.

A next step could be to call  $av_obj_SSH->check_hostkey(...); from your code and explicitly look at the return value.

Maybe the object does not find the appropriate known_hosts file or something.

Without seeing your code, the output, and the various hidden inputs it is quite hard to suggest anything other than looking at the differences between what SSH does and what your script/libssh2 does and verifying at each step that they do the same until you find places where they differ.

Replies are listed 'Best First'.
Re^8: Net::SSH2 not base64 encoded
by averlon (Sexton) on Dec 13, 2024 at 07:09 UTC

    your are naturally right. I should show the code:

    sub av_ssh
{

  $av_obj_SSH->trace(-1);
  $av_obj_SSH->debug(1);

  $av_obj_SSH->connect($av_loc_ROUTER)
    or $av_obj_SSH->die_with_error;

  $av_tmp_STRING = $av_obj_SSH->check_hostkey('ask')
    or $av_obj_SSH->die_with_error;
  
  $av_obj_SSH->auth_publickey("newroot","$ENV{HOME}/.ssh/t_zertifikat_
+t_test_openssh.pub","$ENV{HOME}/.ssh/t_zertifikat_t_test_openssh.key"
+)
    or $av_obj_SSH->die_with_error;
  
  $av_obj_SSH->disconnect();
}


$av_obj_SSH = Net::SSH2->new()
 or die "SSH-Objekt konnte nicht erzeugt werden";

av_ssh();

exit (0);

    [download]

    The known_hosts file was originally filled with one entry by the ssh command!

    la .ssh/
insgesamt 72
drwxrwxr-x  2 fxuser2 fxuser2 4096 Dez 12 15:45 .
drwxr-xr-x 14 fxuser2 fxuser2 4096 Dez 12 15:45 ..
-rw-------  1 fxuser2 fxuser2  381 Aug 31  2021 authorized_keys
-rw-------  1 fxuser2 fxuser2 3434 Aug 31  2021 id_rsa
-rw-r--r--  1 fxuser2 fxuser2  742 Aug 31  2021 id_rsa.pub
-rw-------  1 fxuser2 fxuser2  182 Dez 12 15:46 known_hosts
-rw-------  1 fxuser2 fxuser2 1834 Dez 12 12:59 t_zertifikat_t_test_op
+enssh.key
-rw-------  1 fxuser2 fxuser2  406 Dez 12 12:53 t_zertifikat_t_test_op
+enssh.pub

    [download]
    Regards Kallewirsch
[reply]
[d/l]
[select]

      I don't spot anything in your code that helps debugging this further.

      The error comes from the other end, that the username (newroot) does not match the pubkey/private key pair.

      Maybe look at the remote end, and/or check whether a different username gives a different error.

[reply]
[d/l]

        It looks like I hang on the fact, that the script asks to accept the fingerprint, but I am not able to answer "yes" on my tty.

        perl ./scripts/av_ssh_01.pl
Name "main::LOG4PERLCONF" used only once: possible typo at ./scripts/a
+v_ssh_01.pl line 210.
alle optionen:
libssh2_knownhost_init(ss->session) -> 0x55c49814aa50
The authenticity of host 'f42240ts' can't be established.
Key fingerprint is SHA1:d252c44ef170f176ef2aeb96f059178f52144535.
Are you sure you want to continue connecting (yes/no)?
Use of uninitialized value $yes in pattern match (m//) at /home/fxuser
+2/perl5/lib/perl5/x86_64-linux-gnu-thread-multi/Net/SSH2.pm line 417.
Net::SSH2::KnownHosts::DESTROY
Host key verification failed: user did not accept the key (-46 LIBSSH2
+_ERROR_KNOWN_HOSTS) at ./scripts/av_ssh_01.pl line 161.
Net::SSH2::DESTROY object 0x964c3580

        [download]

        Any hint how I can make the script wait for an answer to type in?

        Regards Kallewirsch
[reply]
[d/l]

In Section Seekers of Perl Wisdom