Re^4: Preferred authentication in Net::SFTP::Foreign

I probably don't understand the nuances of ssh with sftp subsystem vs the sftp command but it seems to me that the sftp command somehow knows what needs to happen irrespective of us passing the password automatically or not. It knows when Authentication is complete and when it isn't since it knows when to wait and when to provide a working prompt to the user.

I can't hardcode the PreferredAuthentication since it is host specific and we do have a properly configured .ssh/config file with the appropriate Host specific overrides. It seems to me to get my setup working I will have to read the config file and figure out what the PreferredAuthentication is supposed to be for each Host which somehow feels like a wrong thing to do.

At this point I have no intention of using the password option since keyboard-interactive + publickey seems to cover every scenario that I am encountering - I will see how it goes by using a Unix.pm without the PreferredAuthentication override.

Comment on Re^4: Preferred authentication in Net::SFTP::Foreign

Replies are listed 'Best First'.
Re^5: Preferred authentication in Net::SFTP::Foreign by salva (Canon) on Feb 11, 2016 at 10:01 UTC
I can't hardcode the PreferredAuthentication since it is host specific and we do have a properly configured .ssh/config file with the appropriate Host specific overrides. `PreferredAuthentication` is usually quite unimportant, as long as you include all the authentication schemes that could be required by the server it should work. There is no need to match exactly the server configuration there. What do you get from the following command? `grep -i preferredauthentications ~/.ssh/config \| sort -u` [download] For Net::SFTP::Foreign, the important thing is knowing which servers require password authentication and which one don't.	[reply] [d/l] [select]
Re^6: Preferred authentication in Net::SFTP::Foreign by mithunbh (Novice) on Feb 11, 2016 at 23:42 UTC
`$ grep -i preferredauthentications ~/.ssh/config \| sort -u PreferredAuthentications password PreferredAuthentications publickey,keyboard-interactive,password` [download] More importantly this is the current distribution with a global setting and multiple Host entries with overrides `$ grep PreferredAuthentications ~/.ssh/config PreferredAuthentications publickey,keyboard-interactive,password PreferredAuthentications password PreferredAuthentications password` [download] Agreed it is important to know who needs password and who doesn't and for a really short test period it doesn't seem to have impacted us by removing the PreferredAuthentications override - ssh does seem to honor what is in the config file. Maybe something has changed over time and this functionality might have become redundant - is this something which can be retested ?	[reply] [d/l] [select]