Net::SFTP cipher problem

mrguy123 has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks,
I have a bit of a tricky situation. One of my product's customers is not able to ftp files using NET::SFTP (he can ftp OK from command line) . Every time he tries to to run the program that is supposed to transfer files he gets this message:

No matching cipher found: client DES3 server aes128-cbc,3des-cbc,blowf
+ish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysato
+r.liu.se,aes128-ctr,aes192-ctr,aes256-ctr at /exlibris/product/perl-5
+.8.8/lib/site_perl/5.8.8/Net/SSH/Perl/SSH2.pm line 87
[download]

Which means that he is missing some key ciphers. This is a code snippet that recreates the problem on his server (basically just using Net::SFTP but its always good to show some code)

#!/usr/bin/perl
use strict;
use warnings;
use Net::SFTP;
##All the credentials have been changed for privacy reasons
my %args = (user=>'aaa', password=>'bbb');
my $ftp = new Net::SFTP('http://www.test.com',%args);
($get_code) = $ftp->get('temp1', 'temp2');
[download]

The best solution of course would to be re-install all the NET modules (SFTP, SSH) and make them use the correct ciphers, or to look at the SSH module and try to add a cipher.
The problem is this (sounds a bit like a riddle): this customer is super sensitive about security and won't let me take a look at any code. I can give him any program I want or tell him what to do, but I can't poke around. Very annoying!! The question is, what can I do?
One option I thought about is to give a more simple SFTP module than NET::SFTP (which is a bit complicated to install) and let him install it (or just give him the *.pm file).
Another option is to somehow give him a correct cipher, but I'm not sure where to put it. Anyhow, I'm really stuck and open to suggestions here.
Thanks a lot
Guy Naamati

I remember you well in the Chelsea Hotel
---L. Cohen

Comment on Net::SFTP cipher problem Select or Download Code

Replies are listed 'Best First'.
Re: Net::SFTP cipher problem by zentara (Cardinal) on Mar 26, 2008 at 12:54 UTC
See if he can get Net::SSH2 installed. It does it all, see A little demo for Net::SSH2 I'm not really a human, but I play one on earth. Cogito ergo sum a bum	[reply]
Re: Net::SFTP cipher problem by ww (Archbishop) on Mar 26, 2008 at 11:39 UTC
I suspect your question will prompt answers from Monks knowledgeable about Net::SFTP and, more generally, about ciphers (/me is definitely not), but a non-perlish solution may be worth considering if you don't get a silver bullet here: Fire the customer! Life is too short to deal with customers who don't trust their experts.	[reply]
Re: Net::SFTP cipher problem by almut (Canon) on Mar 26, 2008 at 14:19 UTC
I agree with zentara that using Net::SSH2 would be the way to go. However, if for some reason (like not being able to get libssh2 installed) you want/need to use Net::SSH::Perl, you could try forcing SSH protocol 2, i.e. `my %args = (user=>'aaa', password=>'bbb', ssh_args => [ protocol => 2 +]); my $ftp = new Net::SFTP('http://www.test.com',%args); ...` [download] This suggestion is based on: `client DES3 server aes128-cbc,3des-cbc,...` [download] Somehow, the client side seems to be under the false impression it's supposed to use SSH protocol 1 — at least that's what I would infer from it proposing the protocol 1 cipher name 'DES3' (the corresponding protocol 2 name would be '3des-cbc'), while the server is only offering protocol 2 cipher names to choose from. OTOH, as Net::SSH::Perl is proposing DES3, you apparently already have the respective Crypt:: module installed. IOW, you (or your customer) should in theory be able to use '3des-cbc' without installing additional modules, once you get client and server to agree on using that cipher... Just an idea (untested).	[reply] [d/l] [select]
Re^2: Net::SFTP cipher problem by mrguy123 (Hermit) on Mar 26, 2008 at 15:57 UTC
Thanks, I'll give it a try	[reply]
Re: Net::SFTP cipher problem by Khen1950fx (Canon) on Mar 27, 2008 at 19:41 UTC
I couldn't get your script to work, so I followed salva's advice. This worked: `#!/usr/bin/perl use strict; use warnings; use diagnostics; use Net::SFTP::Foreign::Compat ':supplant'; my %args = (password => 'yourpassword', user => 'yourusername'); warn "Starting SFTP...\n"; my $sftp = Net::SFTP::Foreign::Compat->new('localhost', %args); print 'done', "\n"; warn "Starting Command...\n"; $sftp->get('/root/Desktop/pdf.pl', '/home/Desktop/tmp1/pdf.pl'); print 'done', "\n"; undef $sftp;` [download]	[reply] [d/l]
Re: Net::SFTP cipher problem by salva (Canon) on Mar 26, 2008 at 22:49 UTC
Try using Net::SFTP::Foreign::Compat from Net::SFTP::Foreign instead. For most scripts using Net::SFTP, all that's required is to replace the `use Net::SFTP` sentence by... `use Net::SFTP::Foreign::Compat ':supplant';` [download] For password authentication to work, Expect also has to be installed.	[reply] [d/l] [select]