I have the following code (of course I replaced myremoteserver.com):
use Modern::Perl;
use Net::SSH::Perl;
use Data::Dumper;
my $ssh = Net::SSH::Perl->new('myremoteserver.com', debug => 1, port => 2999);
$ssh->login('root');
print Dumper $ssh->cmd('uptime');
On a keyless environment, I'm running it both on perl 5.12 and 5.14.
On perl 5.12 it seems to work:
$ perl5.12 /tmp/sshtest.pl
ko.local: Reading configuration data /Users/david/.ssh/config
ko.local: Reading configuration data /etc/ssh_config
ko.local: Connecting to myremoteserver.com, port 2999.
ko.local: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3
Math::BigInt: couldn't load specified math lib(s), fallback to Math::BigInt::Calc at /opt/local/lib/perl5/site_perl/5.12.3/Crypt/DH.pm line 6
ko.local: Net::SSH::Perl Version 1.34, protocol version 2.0.
.o.local: No compat match: OpenSSH_5.8p1 Debian-1ubuntu3
ko.local: Connection established.
ko.local: Sent key-exchange init (KEXINIT), wait response.
ko.local: Algorithms, c->s: 3des-cbc hmac-sha1 none
ko.local: Algorithms, s->c: 3des-cbc hmac-sha1 none
ko.local: Entering Diffie-Hellman Group 1 key exchange.
ko.local: Sent DH public key, waiting for reply.
ko.local: Received host key, type 'ssh-dss'.
ko.local: Host 'myremoteserver.com' is known and matches the host key.
ko.local: Computing shared secret key.
ko.local: Verifying server signature.
ko.local: Waiting for NEWKEYS message.
ko.local: Send NEWKEYS.
ko.local: Enabling encryption/MAC/compression.
ko.local: Sending request for user-authentication service.
ko.local: Service accepted: ssh-userauth.
ko.local: Trying empty user-authentication request.
ko.local: Authentication methods that can continue: publickey.
ko.local: Next method to try is publickey.
ko.local: Publickey: testing agent key '/Users/david/.ssh/github_rsa'
ko.local: Authentication methods that can continue: publickey.
ko.local: Next method to try is publickey.
Permission denied at /tmp/sshtest.pl line 9
But on perl 5.14:
$ perl5.14 /tmp/sshtest.pl
ko.local: Reading configuration data /Users/david/.ssh/config
ko.local: Reading configuration data /etc/ssh_config
ko.local: Connecting to myremoteserver.com, port 2999.
ko.local: Remote protocol version 2.0, remote software version OpenSSH_5.8p1 Debian-1ubuntu3
ko.local: Net::SSH::Perl Version 1.34, protocol version 2.0.
.o.local: No compat match: OpenSSH_5.8p1 Debian-1ubuntu3
ko.local: Connection established.
ko.local: Sent key-exchange init (KEXINIT), wait response.
ko.local: Algorithms, c->s: 3des-cbc hmac-sha1 none
ko.local: Algorithms, s->c: 3des-cbc hmac-sha1 none
ko.local: Entering Diffie-Hellman Group 1 key exchange.
ko.local: Sent DH public key, waiting for reply.
ko.local: Received host key, type 'ssh-dss'.
ko.local: Host 'myremoteserver.com' is known and matches the host key.
ko.local: Computing shared secret key.
ko.local: Verifying server signature.
Key verification failed for server host key at /opt/local/lib/perl5/site_perl/5.14.1/Net/SSH/Perl/SSH2.pm line 92
The only difference I see is Math::BigInt returns a warning on perl 5.12.
Some debugging info:
~ $ perl5.12 -MNet::SSH::Perl -e 'print $Net::SSH::Perl::VERSION, "\n";'
1.34
~ $ perl5.14 -MNet::SSH::Perl -e 'print $Net::SSH::Perl::VERSION, "\n";'
1.34
~ $ perl5.12 -MMath::BigInt -e 'print $Math::BigInt::VERSION, "\n";'
1.997
~ $ perl5.14 -MMath::BigInt -e 'print $Math::BigInt::VERSION, "\n";'
1.997
Any idea what the problem here is?
There was a change to the default value for a configuration option that controlled how https validation was performed (specifically, the PERL_LWP_SSL_VERIFY_HOSTNAMES environment variable), when LWP::Protocol::https was pulled out of the main LWP library - now hostname checking is on by default, where it was off previously. It is possible that your perl 5.14 library picked up these new changes, and 5.12 is using the old versions.
There is also more information in "Now you need LWP::Protocol::https".
Related
I am getting below error while running my script, I am on AIX
Reading configuration data /ecmsq1vg1/home1/aradmin/.ssh/config
Reading configuration data /etc/ssh_config
Connecting to www.mftcatapp.firstdataclients.com, port 22.
Remote version string: SSH-2.0-Sun_SSH_1.1.8
Remote protocol version 2.0, remote software version Sun_SSH_1.1.8
Net::SSH::Perl Version 2.14, protocol version 2.0.
No compat match: Sun_SSH_1.1.8.
Connection established.
Sent key-exchange init (KEXINIT), waiting for response.
No matching mac found: client hmac-sha2-512-etm#openssh.com,hmac-sha2-256-etm#openssh.com,hmac-sha2-512,hmac-sha2-256 server hmac-sha1 at /apps/perl/lib/site_perl/5.18.1/aix-thread-multi/Net/SSH/Perl/SSH2.pm line 273
Can anyone help me out why i am facing the above error?
perldoc Net::SSH::Perl:
Integrity checking is performed by the hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-etm#openssh.com, or hmac-sha2-512-etm#openssh.com algorithms. The deprecated hmac-sha1 or hmac-md5 algorithms are available but not enabled by default. Many older SSH server installations still use hmac-sha1 as the main accepted MAC algorithm. To enable this, use the following options parameter:
options => [ "MACs +hmac-sha1" ]
So either configure your server not to use hmac-sha1 for integrity checking or tell your script to accept hmac-sha1.
I am just starting to use Net::SSH::Perl and it seems that I ranning into something weird. If I set the interactive flag to 1 and input my password I am am to login remotely to the machine via ssh but if I leave the interactive flag off or set it to 0 the login fails. I confirm that I am able to use Net::SSH::Perl to log into my local machine so it must be something that I am doing wrong for this particular remote machine, which the under laying OS is SuSE. I also confirmed that I am able to ssh to the remote machine from a terminal window.
use Net::SSH::Perl;
my $cmd = 'uptime';
my $ssh = Net::SSH::Perl->new($host, interactive=> 0, debug => 1);
$ssh->login($user, $pass);
my($stdout, $stderr, $exit) = $ssh->cmd($cmd);
print $stdout;
Below is the logs that are output from debug when the interactive flag is set to 0.
localhost.localdomain: Reading configuration data /home/user/.ssh/config
localhost.localdomain: Reading configuration data /etc/ssh_config
localhost.localdomain: Connecting to 1.1.1.1, port 22.
localhost.localdomain: Remote version string: SSH-2.0-OpenSSH_5.1
localhost.localdomain: Remote protocol version 2.0, remote software version OpenSSH_5.1
localhost.localdomain: Net::SSH::Perl Version 1.38, protocol version 2.0.
localhost.localdomain: No compat match: OpenSSH_5.1
.
localhost.localdomain: Connection established.
localhost.localdomain: Sent key-exchange init (KEXINIT), wait response.
localhost.localdomain: Algorithms, c->s: 3des-cbc hmac-sha1 none
localhost.localdomain: Algorithms, s->c: 3des-cbc hmac-sha1 none
localhost.localdomain: Entering Diffie-Hellman Group 1 key exchange.
localhost.localdomain: Sent DH public key, waiting for reply.
localhost.localdomain: Received host key, type 'ssh-dss'.
localhost.localdomain: Host '1.1.1.1' is known and matches the host key.
localhost.localdomain: Computing shared secret key.
localhost.localdomain: Verifying server signature.
localhost.localdomain: Waiting for NEWKEYS message.
localhost.localdomain: Send NEWKEYS.
localhost.localdomain: Enabling encryption/MAC/compression.
localhost.localdomain: Sending request for user-authentication service.
localhost.localdomain: Service accepted: ssh-userauth.
localhost.localdomain: Trying empty user-authentication request.
localhost.localdomain: Authentication methods that can continue: publickey,keyboard-interactive.
localhost.localdomain: Next method to try is publickey.
localhost.localdomain: Publickey: testing agent key 'user#localhost.localdomain'
localhost.localdomain: Authentication methods that can continue: publickey,keyboard-interactive.
localhost.localdomain: Next method to try is publickey.
localhost.localdomain: Publickey: testing agent key 'user'
localhost.localdomain: Authentication methods that can continue: publickey,keyboard-interactive.
localhost.localdomain: Next method to try is publickey.
Permission denied at /home/user/workspace/perl-random/avamar_ssh.pl line 4.
I am guessing I am doing something wrong, so if someone could point in the right direction that would be awesome.
Thanks.
This part:
localhost.localdomain: Authentication methods that can continue: publickey,keyboard-interactive.
means that the server is allowing two methods for authenticating:
publickey — public-key authentication
You mention in a comment that this not an option for you.
keyboard-interactive — where you enter a password
It should hardly come as a surprise that this only works in interactive mode.
So, what you're trying to do is not possible.
The good news is, this sounds like the X-Y Problem. If you give us more details about your real problem, we may be able to suggest a better approach.
I want to gain access to an AWS Instance using Perl. I can access the instance from commandline like this:
ssh -i my-key-pair.pem ubuntu#ec2-**-***-***-***.us-west-2.compute.amazonaws.com
but my code doesn't work:
#! usr/bin/perl
use Net::SSH::Perl;
$user = "ubuntu";
$host = "ec2-**-***-***-***.us-west-2.compute.amazonaws.com";
#KEYFILE = "my-key-pair.pem";
$ssh = Net::SSH::Perl->new($host, debug=>1, identity_files=>\#KEYFILE);
$ssh->login($user);
As I mentioned I'm new to this concept, it might be a simple solution, I couldn't find a solution online, hopefully you can help me.
the output is this:
atakanarikan#atakanarikanhplaptop:~/Desktop$ perl remotecomp
atakanarikanhplaptop: Reading configuration data /home/atakanarikan/.ssh/config
atakanarikanhplaptop: Reading configuration data /etc/ssh_config
atakanarikanhplaptop: Connecting to ec2-**-***-***-***.us-west-2.compute.amazonaws.com, port 22.
atakanarikanhplaptop: Remote version string: SSH-2.0-OpenSSH_6.6p1 Ubuntu-2ubuntu1
atakanarikanhplaptop: Remote protocol version 2.0, remote software version OpenSSH_6.6p1 Ubuntu-2ubuntu1
atakanarikanhplaptop: Net::SSH::Perl Version 1.37, protocol version 2.0.
.takanarikanhplaptop: No compat match: OpenSSH_6.6p1 Ubuntu-2ubuntu1
atakanarikanhplaptop: Connection established.
atakanarikanhplaptop: Sent key-exchange init (KEXINIT), wait response.
atakanarikanhplaptop: Algorithms, c->s: 3des-cbc hmac-sha1 none
atakanarikanhplaptop: Algorithms, s->c: 3des-cbc hmac-sha1 none
atakanarikanhplaptop: Entering Diffie-Hellman Group 1 key exchange.
atakanarikanhplaptop: Sent DH public key, waiting for reply.
atakanarikanhplaptop: Received host key, type 'ssh-dss'.
atakanarikanhplaptop: Host 'ec2-**-***-***-***.us-west-2.compute.amazonaws.com' is known and matches the host key.
atakanarikanhplaptop: Computing shared secret key.
atakanarikanhplaptop: Verifying server signature.
atakanarikanhplaptop: Waiting for NEWKEYS message.
atakanarikanhplaptop: Send NEWKEYS.
atakanarikanhplaptop: Enabling encryption/MAC/compression.
atakanarikanhplaptop: Sending request for user-authentication service.
atakanarikanhplaptop: Service accepted: ssh-userauth.
atakanarikanhplaptop: Trying empty user-authentication request.
atakanarikanhplaptop: Authentication methods that can continue: publickey.
atakanarikanhplaptop: Next method to try is publickey.
atakanarikanhplaptop: Trying pubkey authentication with key file 'my-key-pair.pem'
atakanarikanhplaptop: Will not query passphrase for 'my-key-pair.pem' in batch mode.
atakanarikanhplaptop: Loading private key failed.
Permission denied at remotecomp line 8.
These two lines
atakanarikanhplaptop: Will not query passphrase for 'my-key-pair.pem' in batch mode.
atakanarikanhplaptop: Loading private key failed.
seem to point to the issue. Your private key is protected by a passphrase, and when you try to use it, it wants to ask you for it, but can't in batch mode.
I think you're going to have to remove the passphrase from your private key to use this module. There are many tools, including OpenSSL, that can do that for you. Just search the documentation for removing a passphrase from a key.
I'm using Net::SFTP to transfer files. However, whenever I try to create a new object like so:
my $sftp = Net::SFTP->new('ip', user=>'user', password=>'pass');
It just hangs and does nothing. Does anyone know why this is? Am I doing something wrong? Thanks!
Update
Here is the debug output:
dev1.com: Reading configuration data /home/user/.ssh/config
dev1.com: Reading configuration data /etc/ssh_config
dev1.com: Connecting to 50.56.91.91, port 22.
dev1.com: Remote protocol version 2.0, remote software version OpenSSH_4.3
dev1.com: Net::SSH::Perl Version 1.34, protocol version 2.0.
dev1.com: No compat match: OpenSSH_4.3.
dev1.com: Connection established.
dev1.com: Sent key-exchange init (KEXINIT), wait response.
dev1.com: Algorithms, c->s: 3des-cbc hmac-sha1 none
dev1.com: Algorithms, s->c: 3des-cbc hmac-sha1 none
dev1.com: Entering Diffie-Hellman Group 1 key exchange.
dev1.com: Sent DH public key, waiting for reply.
dev1.com: Received host key, type 'ssh-dss'.
dev1.com: Host 'ip_here' is known and matches the host key.
dev1.com: Computing shared secret key.
dev1.com: Verifying server signature.
dev1.com: Waiting for NEWKEYS message.
dev1.com: Send NEWKEYS.
dev1.com: Enabling encryption/MAC/compression.
dev1.com: Sending request for user-authentication service.
dev1.com: Service accepted: ssh-userauth.
dev1.com: Trying empty user-authentication request.
dev1.com: Authentication methods that can continue: publickey,gssapi-with mic,password.
dev1.com: Next method to try is publickey.
dev1.com: Trying pubkey authentication with key file '/home/user/.ssh/id_rsa2'
In addition to the user and password options, set debug => 1. You will get some diagnostic output that may tell you what the problem is.
Search if your connection data is correct. Use a simple code like that showed in Net::SFTP::Foreign .
SOLUTION BELOW
We have an ETL system that extracts data into a CSV, uploads it to another server, and then needs to connect to the other server and call a java jar to load the csv into memcache. I've got a script that can perform every step of this but loses the SSH connection for the final step. The process on the remote machine continues and completes.
I'm using Net::SSH::Perl for this and it receives a "Connection failed: Connection reset by peer" error after running for a short time. I've boiled the script down to this and replicated the results:
#!/usr/bin/perl
use strict;
use Net::SSH::Perl;
use Log::Log4perl;
my ($stdout, $stderr, $exit, $ssh);
$ssh = Net::SSH::Perl->new('sshost',
identity_files => ['/path/to/key.rsa'],
protocol => 2,
debug => 1);
$ssh->login('user');
my $cmd = "java -Xms4096m -Xmx4096m -DetlDate=20120427 -DmemcacheHosts=host1,host2 -cp etl-0.1-SNAPSHOT.jar com.nnn.platform.service.etl";
$ssh->register_handler("stdout", sub {
my($channel, $buffer) = #_;
print "STDOUT: ", $buffer->bytes;
});
$ssh->register_handler("stderr", sub {
my($channel, $buffer) = #_;
print "STDERR: ", $buffer->bytes;
});
$ssh->cmd("cd /usr/local/loader; $cmd");
The SSH debug info I get is:
localhost: Reading configuration data /home/user/.ssh/config
localhost: Reading configuration data /etc/ssh_config
localhost: Connecting to sshost, port 22.
localhost: Remote protocol version 2.0, remote software version OpenSSH_4.3
localhost: Net::SSH::Perl Version 1.34, protocol version 2.0.
localhost: No compat match: OpenSSH_4.3.
localhost: Connection established.
localhost: Sent key-exchange init (KEXINIT), wait response.
localhost: Algorithms, c->s: 3des-cbc hmac-sha1 none
localhost: Algorithms, s->c: 3des-cbc hmac-sha1 none
localhost: Entering Diffie-Hellman Group 1 key exchange.
localhost: Sent DH public key, waiting for reply.
localhost: Received host key, type 'ssh-dss'.
localhost: Host 'sshost' is known and matches the host key.
localhost: Computing shared secret key.
localhost: Verifying server signature.
localhost: Waiting for NEWKEYS message.
localhost: Send NEWKEYS.
localhost: Enabling encryption/MAC/compression.
localhost: Sending request for user-authentication service.
localhost: Service accepted: ssh-userauth.
localhost: Trying empty user-authentication request.
localhost: Authentication methods that can continue: publickey,gssapi-with-mic.
localhost: Next method to try is publickey.
localhost: Trying pubkey authentication with key file '/path/to/key.rsa'
localhost: Login completed, opening dummy shell channel.
localhost: channel 0: new [client-session]
localhost: Requesting channel_open for channel 0.
localhost: channel 0: open confirm rwindow 0 rmax 32768
localhost: Got channel open confirmation, requesting shell.
localhost: Requesting service shell on channel 0.
localhost: channel 1: new [client-session]
localhost: Requesting channel_open for channel 1.
localhost: Entering interactive session.
localhost: Sending command: cd /usr/local/loader; java -Xms4096m -Xmx4096m -DetlDate=20120427 -DmemcacheHosts=host1,host2 -cp etl-0.1-SNAPSHOT.jar com.nnn.platform.service.etl
localhost: Sending command: cd /usr/local/loader; java -Xms4096m -Xmx4096m -DetlDate=20120427 -DmemcacheHosts=host1,host2 -cp etl-0.1-SNAPSHOT.jar com.nnn.platform.service.etl
localhost: Requesting service exec on channel 1.
localhost: channel 1: open confirm rwindow 0 rmax 32768
The jar's output is then printed to STDERR and I see it returned. After 9 seconds it stops and I eventually get the connection reset by peer error. The STDERR handler is working as expected.
I'm not sure if this is an issue with Net::SSH::Perl handling commands that take awhile to run/return only over STDERR or something more. I've been considering switching to Net::SSH2 as it seems like a fuller featured library, but I'd really like to know why this is failing.
SOLUTION
The problem was with the output only going to STDERR. I edited my command to add 2>&1 and thereby redirect STDERR to STDOUT and suddenly everything worked as expected.
Net::SSH::Perl is not maintained anymore and has a long list of known unsolved bugs. Nowadays there are better modules available from CPAN as Net::SSH2 or Net::OpenSSH.
For instance:
my $ssh = Net::OpenSSH->new($sshost,
user => $user,
key_path => '/path/to/key.rsa');
my ($out, $err) = $ssh->capture2($cmd);
The problem was with the output only going to STDERR. I edited my command to add 2>&1 and thereby redirect STDERR to STDOUT and suddenly everything worked as expected.
my $cmd = "java -Xms4096m -Xmx4096m -DetlDate=20120427 -DmemcacheHosts=host1,host2 -cp etl-0.1-SNAPSHOT.jar com.nnn.platform.service.etl 2>&1";