I am trying to connect to F5 load balancer through perl module Net::SSH2. I am unable to authentication error, whereas with the same credentials I am able to ssh to the device through putty. I have shared the Code and the error below for reference. Could somebody please help me with this.
use Net::SSH2;
$deviceipF5 = "x.x.x.x";
$username = "xx";
$encrPass = "xx";
my #deviceipF5List = split(',',$deviceipF5);
if(#deviceipF5List ne 0)
{
foreach my $deviceipF5(#deviceipF5List)
{
my #deviceipF5List1 = split (':', $deviceipF5);
my $ssh2 = Net::SSH2->new();
$ssh2->debug(0);
$ssh2->connect($deviceipF5List1[0]) or die $!;
$ssh2->auth(username => $username, password => $encrPass) or die "Unable to login \n".$ssh2->die_with_error;
print "Connected to '$deviceipF5List1[0]' as '$username' \n";
my $channel = $ssh2->channel() or do { print "Unable to create channnel ssh channel to Device $deviceipF5List[0]";$ssh2->disconnect(); last;};
$channel->blocking(0);
$channel->shell() ;
print "SSH Success \n";
sleep(2);
I have even tried to use auth_password instead of auth but no Luck.
Below is the error I am getting:
Bad file descriptor at line 16
I tried removing $! from line number 16 but it lead to another error:
Died at line 16
Related
I have a script, which does SSH to the server and execute some command (In this script, for demonstration I am running Perl print statement with Hello message).
Here is my script:
#!/usr/bin/perl
use strict; use warnings;
use Net::OpenSSH;
$Net::OpenSSH::debug = ~0;
BEGIN {
open my $out, '>', '/tmp/debug.txt' or warn $!;
$Net::OpenSSH::debug_fh = $out;
$Net::OpenSSH::debug = -1;
}
my #hosts = ("ipaddress1","ipaddress2");
my $ssh;
my $command = "perl -e 'print \"Hello..\"'";
foreach my $n (#hosts) {
#Here if connection to the host($n) fails, is it possible to retry again
$ssh = Connect($n, "user", "passwd");
$ssh->capture($command);
print "Done execution in Host: $n\n";
}
undef $ssh;
print "**End**\n";
sub Connect {
my ( $host, $user, $passwd ) = #_;
my $ssh = Net::OpenSSH->new($host, user=>$user, password=>$passwd);
$ssh->error and die "Couldn't establish SSH connection: " . $ssh->error;
return $ssh;
}
Whenever I execute this script, sometimes it successfully prints below message:
Done execution in Host: ipaddress1
Done execution in Host: ipaddress2
**End**
But sometimes cannot do ssh to host (either ipaddress1 or ipaddress2) and gives following message:
Couldn't establish SSH connection: unable to establish master SSH connection: master process exited unexpectedly at script.pl ....
Its being get died in Connect subroutine (cause I couldn't trace, opened question here).
So, is there any way if I cannot connect(ssh) to the host, retry can be done after certain period of time (for n number times) instead of printing error message and make the script die?
OpenSSH provides a nice interface for errors. I'd start by looking at the examples on the cpan page. Try the following
foreach my $n (#hosts) {
#Here if connection to the host($n) fails, is it possible to retry again
$ssh = Connect($n, "user", "passwd", 3);
$ssh->capture($command);
print "Done execution in Host: $n\n";
}
undef $ssh;
print "**End**\n";
sub Connect {
my ( $host, $user, $passwd , $retry_limit ) = #_;
my $timeout = 10;
my $con;
while ( $retry_limit-- > 0 )
{
$con = Net::OpenSSH->new($host,
user=>$user,
password=>$passwd,
timeout=> $timeout,
);
last unless $con->error();
}
die "unable to connect ".$con->error() if retry_limit <0;
return $con;
}
I have built a script which should get a file from remote machine to local machine.
#!/usr/bin/perl
use strict;
use warnings;
use Net::OpenSSH;
use Data::Dumper;
my $local_dir = "/LOCAL/DIR/LOCATION/"
print "[LOCAL DIR]-> $local_dir\n";
my $remote_dir = "/REMOTE/DIR/LOCATION/";
print "[REMOTE DIR]-> $remote_dir\n";
my ($host, $user, $password) = ("remote.machine.ip.address", "userid", "password");
my $ssh = Net::OpenSSH->new($host,
user => $user,
password => $passwd,
master_opts => [-o => "StrictHostKeyChecking=no"]
);
$ssh->error and die "Couldn't establish SSH connection: ". $ssh->error;
my #file = $ssh->capture("cd $remote_dir && ls -1tr | grep Report | tail -1");
print "[FILE]:\n".Dumper(\#file);
$ssh->scp_get({glob => 1}, "$remote_dir$file[0]", $local_dir)
or die "scp failed: " . $ssh->error;
undef $ssh;
In the above code its able to print the Dumper value for #file but unable to get the file in local system.
Here is the error it throws at the end:
[FILE]:
$VAR1 = [
'Report_Managable_20200705.csv
'
];
scp: /REMOTE/DIR/LOCATION/Report_Managable_20200705.csv
protocol error: expected control record
scp failed: scp failed: child exited with code 1 at file_get_test.pl line 22.
Can anybody help me to fix this issue. TIA.
The list returned by $ssh->capture() has new lines at the end of each item. Try use chomp #file to remove the newlines.
I am trying to achieve a bind with an SMSC but I keep getting a timeout error. The connection to the SMSC is via a VPN tunnel. I confirm I can telnet to the SMSC from command line but get a timeout error from the perl script below:
#!/usr/bin/perl
use Net::SMPP;
use warnings;
$host = 'xx.xx.xx.xx';
$port = "2038";
$system_id = "SSEMA";
$password = "SSEMA";
my $smpp = Net::SMPP->new_transmitter($host, Port=>$port,
system_id => $system_id,
password => $password,
enquire_interval => 1500000) or die "Could not connect to $host : [$port] : $!";
if($smpp){ print "Connected ok! \n"; }
root#heisenberg:/var/www/html/glomagic# perl smpp_client.pl
Could not connect to xx.xx.xx.xx : [2038] : Connection timed out at smpp_client.pl line 14.
What could be the cause of the timeout error?
Finally resolved the issue.
Apparently Net::SMPP->new_transceiver doesn't like it when you supply arguments other than host and port.
The following worked just fine:
#!/usr/bin/perl
use Net::SMPP;
use warnings;
$host = 'xx.xx.xx.xx';
$port = "2038";
$system_id = "SSEMA";
$password = "SSEMA";
my $smpp = Net::SMPP->new_transceiver($host, port => $port)
or die "Could not connect to $host : [$port] : $!";
if($smpp){ print "Connected ok! \n"; }
Strange issue I am running into. I have a few devices with Telnet/SSH issues. When I run my script the results are saying the script was successful. When debug is on I get the follow results..
[ 0.012464] pr finding prompt
[ 0.016593] tr creating Net::Telnet wrapper for telnet
[ 0.017859] tr connecting with: telnet Host 10.xx.xx.xx Port 23
How could I add something to show a error if a promopt is not present or the connection times out?
Thanks
#!/usr/bin/perl
use Net::Appliance::Session;
$file = '1list';
open (FH, "< $file") or die "Can't open $file for read: $!";
my #ios_list = <FH>;
close FH or die "Cannot close $file: $!";
chomp(#ios_list);
my $ios_username = 'xxxx';
my $ios_password = 'xxxx';
DEVICE:
for my $ios_device_ip ( #ios_list ) {
my #version_info;
my $proto = shift;
if (($proto == 43)||($proto == 44)){
$tran = "SSH";
$app="/usr/local/bin/ssh";
}else{
$tran = "Telnet";
$app="/bin/telnet";
}
my $session_obj = Net::Appliance::Session->new(
host => $ios_device_ip,
transport => $tran,
personality => 'ios',
);
#interace
eval {
# try to login to the ios device, ignoring host check
$session_obj->connect(
username => $ios_username,
password => $ios_password,
#SHKC => 0
);
# get our running config
$session_obj->begin_privileged;
$session_obj->cmd('conf t');
$session_obj->cmd('aaa authorization config-commands');
$session_obj->cmd('exit');
$session_obj->end_privileged;
$session_obj->cmd('write memory');
# close down our session
$session_obj->close;
};
#error check
if ($#) {
if ( UNIVERSAL::isa($#, 'Net::Appliance::Session::Exception') ) {
# fault description from Net::Appliance::Session
print "We had an error during our Telnet/SSH session to device : $ios_devi
ce_ip \n";
print $#->message . " \n";
# message from Net::Telnet
print "Net::Telnet message : " . $#->errmsg . "\n";
# last line of output from your appliance
print "Last line of output from device : " . $#->lastline . "\n\n";
}
elsif (UNIVERSAL::isa($#, 'Net::Appliance::Session::Error') ) {
# fault description from Net::Appliance::Session
print "We had an issue during program execution to device : $ios_device_ip
\n";
# print $#->message . " \n";
}
else {
# we had some other error that wasn't a deliberately created exception
print "We had an issue when accessing the device : $ios_device_ip \n";
print "$ios_device_ip The reported error was : $# \n";
}
next DEVICE;
}
print #version_info;
print "$ios_device_ip ok \n";
#end
}
If you're having trouble connecting, it may help to check $# after the eval as there may be an error you're ignoring.
#interace
eval {
# try to login to the ios device, ignoring host check
$session_obj->connect(
username => $ios_username,
password => $ios_password,
#SHKC => 0
);
It's also worth noting that this doesn't do anything:
my $proto = shift;
if (($proto == 43)||($proto == 44)){
$tran = "SSH";
$app="/usr/local/bin/ssh";
}else{
shift is operating on #_ which isn't populated, so $proto will always be undef.
My perl code does not allow more than 10 forks. For the following perl code, whenever I use more than 10 machines in the list of machines read in to the script, the perl script only forks 10 processes for 10 machines and for the rest it dies with error:
SSHProcessError The ssh process was terminated. at serverLogin.pl 44
It dies at the line where it says $ssh->waitfor('The authenticity of host*',15);.
PERL SCRIPT:
#!/usr/bin/perl -w
use Net::SSH::Expect;
use Term::ReadKey;
print "please enter filename:\n";
$filename = ReadLine;
chomp $filename;
print "please enter user ID:\n";
$userID = ReadLine;
chomp $userID;
print "please enter password:\n";
ReadMode 'noecho';
$passwordforuser = ReadLine 0;
chomp $passwordforuser;
ReadMode 'normal';
open READFILE,"<","$filename" or die "Could not open file listofmachines\n";
my #listofmachines = <READFILE>;
foreach $machine (#listofmachines)
{
my $pid=fork();
if ($pid){
push(#childprocs,$pid);
}
elsif ( $pid == 0 ) {
my $ssh = Net::SSH::Expect->new (
host => "$machine",
user => "$userID",
password=> "$passwordforuser",
timeout => 25,
raw_pty => 1,
);
my $login_output = $ssh->run_ssh or die "Could not launch SSH\n";
$ssh->waitfor('The authenticity of host*',15);
#print "This output for machine $machine\n";
$ssh->send("yes");
$ssh->waitfor('password: ', 15);
$ssh->send("$passwordforuser");
$ssh->waitfor('$ ', 10);
my #commresult=$ssh->exec("uptime");
print $login_output;
print #commresult;
exit 0;
}
else {
die "Could not Fork()\n";
}
}
foreach(#childprocs){
waitpid($_, 0)
}
Please help. Thanks, nblu.
Your script using Net::OpenSSH::Parallel instead of Net::SSH::Expect.
The number of simultaneous connections is limited to 10 to overcome any resource exhaustion problem as happening in your script (probably PTYs):
#!/usr/bin/perl -w
use Net::OpenSSH::Parallel;
use Term::ReadKey;
print "please enter filename:\n";
$filename = ReadLine;
chomp $filename;
print "please enter user ID:\n";
$userID = ReadLine;
chomp $userID;
print "please enter password:\n";
ReadMode 'noecho';
$passwordforuser = ReadLine 0;
chomp $passwordforuser;
ReadMode 'normal';
open READFILE,"<","$filename" or die "Could not open file listofmachines\n";
my #listofmachines = <READFILE>;
chomp #listofmachines;
my $pssh = Net::OpenSSH::Parallel->new(connections => 10);
$pssh->add_host($_,
user => $userID, password => $passwordforuser,
master_opts => [-o => 'StrictHostKeyChecking=no'])
for #listofmachines;
sub do_ssh_task {
my ($host, $ssh) = #_;
my $output = $ssh->capture('uptime');
print "$host: $output";
}
$pssh->all(parsub => \&do_ssh_task);
$pssh->run;
for my $host (#listofmachines) {
if (my $error = $pssh->get_error($host)) {
print STDERR "remote task failed for host $host: $error\n";
}
}
By default, the remote ssh daemon limits the number of concurrent ssh connections to something like 10 per userid. If that is a problem for you, you will need to change the server configuration...
Perhaps you have a limit to the number of processes you can create? Can you create 30 or more processes in a loop where the children just sleep(60)?
If in fact you have a limit of how many you can do at once, try using Parallel::ForkManager.
If this is from hitting a limit on pseudoterminals, how you set that depends on kernel version; what does uname -a say? also depends on whether the code is using BSD or SysV/UNIX98 ptys. If you see it opening files like /dev/ptyXY where X is one of a-e or p-z, it's the former, and you will have a hard limit of 256 systemwide.
You can change passwords without a pseudoterminal using usermod instead of passwd, but this momentarily exposes the crypted password in the process list; that may be acceptable in your case.