3

I've been trying to sftp with the package Net::SFTP and an RSA key. I can manually sftp without password to my sftp server but when using the package it doesn't work. I'm running out of idea.

my $ftp = Net::SFTP->new($HOST, user => $USER, ssh_args => { identity_files => [ "/Users/user/.ssh/id_rsa" ] }, debug => 3 );

It gives me the following error:

Trying pubkey authentication with key file '/Users/tom/.ssh/id_rsa'

FATAL: rsa import failed: Invalid input packet. at /Library/Perl/5.18//Crypt/PK/RSA.pm line 123.

Any help would be much appreciated, Thanks!

toolic
  • 57,801
  • 17
  • 75
  • 117
martinjack
  • 51
  • 6
  • How sure are you that that key is valid and in a supported format? – hobbs Jan 31 '17 at 18:37
  • I generated the key using ssh-keygen and could connect manually passwordless with: sftp user@server – martinjack Jan 31 '17 at 18:39
  • Are you sure that the contents of `$HOST` and `$USER` are the same with your manual connection, which also matches the ones in id_rsa? – ilke444 Jan 31 '17 at 19:14
  • Yep, I just double checked again for the HOST and USER. What do you mean if matches the ones in id_rsa? id_rsa contains just the RSA PRIVATE KEY: -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-............. – martinjack Jan 31 '17 at 19:34
  • 1
    try using [Net::SFTP::Foreign](https://metacpan.org/pod/Net::SFTP::Foreign) instead. – salva Feb 01 '17 at 08:02

1 Answers1

3

I just ran into this myself.

The problem is that my (and your) private keys are encrypted, as you noted in your comment. An encrypted private key requires you to enter the password before it can be used, and it seems the perl module doesn't support this.

You claimed that you didn't need a password when using this key, but perhaps that was because sftp was using your ssh agent? i.e. where you enter the password once and then the key remains in memory for use by all ssh-family of tools? It would appear that the perl module doesn't support the agent, either, but @salva's suggestion to use Net::SFTP::Foreign should solve that.

It's worth noting that I got this exception while running code that used to work just fine on my workstation, but on a new install of perl. I think what happened is that the Net::SSH::Perl module added support for reading private keys or changed the failure to read a private key into a fatal error rather than just ignoring the key. My code wasn't using a key anyway, but now won't work with that encrypted key around. This is fixed with:

my $sftp= Net::SFTP->new(
   ...
   ssh_args => [ identity_files => [] ]
);

and of course you could add a list of specific (unencrypted) identity files that you want it to use rather than the default user's RSA id.

If the code isn't easily edited, you could also avoid the problem by setting the environment variable $HOME to something that doesn't have a key in it.

M Conrad
  • 183
  • 8