Search code examples
perlsftpfile-transfernet-sftp

Trying to implement Dual Authentication in SFTP

As per my client's requirement, I am trying to implement dual authentication (password, key) in SFTP file transfer and the preferred authentication must be in an order of password, public key, keyboard-interaction.

I have tried to achieve this in two ways :

1) Using NET::SFTP::Foreign But this module has default preferred authentication as public key, password and doesn't allow me to override the same with a password, public key even if I am explicitly mentioning in command.

$sftp=Net::SFTP::Foreign->new("xyz.com",
                              user=> pqr,                            
                              password=>1234,
                              port=>2222,                                 
                              key_path=>/home/ddd/.ssh/id_rsa,
                              more=>[-vo=>'StrictHostKeyChecking=no',
                                     -o=>"ProxyCommand=/usr/bin/ssh " .
                                         "-o UserKnownHostsFile=/dev/null ".
                                         "-o StrictHostKeyChecking=no ".
                                         "-oPreferredAuthentications=password,publickey,keyboard-interactive " .
                                         "-oNumberOfPasswordPrompts=1 " .
                                         "-i /home/nnn/.ssh/flsftp " .
                                         "-l flsftp proxyserver.com " .
                                         "nc xyz.com 2222"]);

2) Using SFTP command I am able to make the connection manually using SFTP command and enter the password when it prompts but to automate it through Perl I am not able to find a way to pass the password in the command line. I came to know some ways like sshpass or expect but due to security reasons, I can not use either.

sftp -o UserKnownHostsFile=/dev/null \
     -o StrictHostKeyChecking=no \
     -i /home/ddd/.ssh/id_rsa \
     -o PreferredAuthentications=password,publickey,keyboard-interactive \
     -o NumberOfPasswordPrompts=1 \
     -o 'ProxyCommand=/usr/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i /home/nnn/.ssh/flsftp -l flsftp proxyserver.com nc xyz.com 2222' \
     [email protected]
Solution

  • Net::SFTP::Foreign tries to detect the case where you set PreferredAuthentications yourself in order to let it pass unchanged. Just that the detection code is not very sophisticated and sometimes it fails. Try doing it as follows:

    $sftp=Net::SFTP::Foreign->new("xyz.com",
                              user => "pqr",                            
                              password => "1234",
                              port => 2222,                                 
                              key_path => "/home/ddd/.ssh/id_rsa",
                              more => ['-v',
                                       -o => 'StrictHostKeyChecking=no',
                                       -o => 'UserKnownHostsFile=/dev/null',
                                       -o => 'PreferredAuthentications=password,publickey,keyboard-interactive']);