Perl“Net::SFTP”模块的 SFTP 连接失败

Posted 2023-03-23

【中文标题】Perl“Net::SFTP”模块的 SFTP 连接失败

【英文标题】：SFTP connection failure with Perl "Net::SFTP" module

【发布时间】：2019-09-23 03:21:45

【问题描述】：

我正在尝试使用 Perl 连接到 SFTP 服务器，但出现以下连接错误：Permission denied at /app/perl-5.24.3/lib/site_perl/5.24.3/Net/SFTP.pm line 63.

我的连接代码'sftp_test2.pl'：

use strict;
use warnings;

use Net::SFTP;

my $server   = 'downloads-server';
my $user     = 'user';
my $port     = "10022";
my $password = '';

my %args = (
     user => "$user",
     port => "$port",
     ssh_args => 
         user => "$user",
         identity_files => [ 'path/sftp_download'],
         port => "$port",
         protocol=>'2,1',
         debug => 1,
     
);

my $sftp=Net::SFTP->new($server, %args) or die "could not open connection to $server\n";

执行：

$>perl sftp_test2.pl
Reading configuration data path/home/.ssh/config
Reading configuration data /etc/ssh_config
Connecting to downloads-server, port 10022.
Remote version string: SSH-2.0-CrushFTPSSHD
Remote protocol version 2.0, remote software version CrushFTPSSHD
Net::SSH::Perl Version 2.14, protocol version 2.0.
No compat match: CrushFTPSSHD.
Connection established.
Sent key-exchange init (KEXINIT), waiting for response.
Using diffie-hellman-group-exchange-sha256 for key exchange
Host key algorithm: ssh-rsa
Algorithms, c->s: aes256-ctr hmac-sha2-512-etm@openssh.com none
Algorithms, s->c: aes256-ctr hmac-sha2-512-etm@openssh.com none
Entering Diffie-Hellman Group Exchange.
SSH2_MSG_KEX_DH_GEX_REQUEST(2048<4096<8192) sent
Sent DH Group Exchange request, waiting for reply.
Received 4096 bit DH Group Exchange reply.
Generating new Diffie-Hellman keys.
Entering Diffie-Hellman key exchange.
Sent DH public key, waiting for reply.
Received host key, type 'ssh-rsa'.
Host 'downloads-server' is known and matches the host key.
Verifying server signature.
Send NEWKEYS.
Waiting for NEWKEYS message.
Enabling encryption/MAC/compression.
Sending request for user-authentication service.
Service accepted: ssh-userauth.
Trying empty user-authentication request.
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Trying password authentication.
Will not query passphrase in batch mode.
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Trying password authentication.
Will not query passphrase in batch mode.
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Trying password authentication.
Will not query passphrase in batch mode.
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Next method to try is publickey.
Publickey: testing agent key 'my-server'
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Next method to try is publickey.
Publickey: testing agent key 'path/home/.ssh/id_rsa'
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Next method to try is publickey.
Trying pubkey authentication with key file 'path/sftp_download'
Authentication methods that can continue: password,publickey,keyboard-interactive.
Next method to try is password.
Next method to try is publickey.
Permission denied at /app/perl-5.24.3/lib/site_perl/5.24.3/Net/SFTP.pm line 63.

我以为和我的私钥有关，但是我可以通过unix命令连接：

sftp -oPort=10022 -oIdentityFile=path/sftp_download user@downloads-server 正在连接到下载服务器... sftp>

我尝试在很多文章中找到解决方案，也尝试了一些代码变体，但没有成功。

我做错了吗？ 这是一个已知的错误吗？任何解决方法？ 我如何调试它才能找到原因（我对SSH/FTP不太熟悉）。

编辑： 我怀疑这可能与使用密码的多次连接失败尝试有关，因此我从文件“app/perl-5.24.3/lib/site_perl/5.24.3/x86_64-linux/Net”中的“%AUTH_MAP”中删除了密码身份验证/SSH/Perl/AuthMgr.pm" 并按预期连接！ 有没有办法强制使用 only/first key 身份验证？

提前致谢！ 迈克

【问题讨论】：

显示sftp -vvv -oPort=10022 -oIdentityFile=path/sftp_download user@downloads-server的输出

我正在与 IT 核实是否允许提供此信息。我怀疑这可能与使用密码尝试多次连接失败有关。有没有办法强制只使用密钥身份验证？

【参考方案1】：

禁用密码验证（仅验证密钥）的代码是：

ssh_args => 
  user    => $user,
  options => [ 'PasswordAuthentication no' ],
  identity_files => [ 'path/sftp_download'],
  port     => $port,
  protocol =>'2,1',
  debug    => 1,