Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: Perl terminal access to linux server

by Corion (Patriarch)
on Sep 22, 2021 at 08:12 UTC ( [id://11136944]=note: print w/replies, xml ) Need Help??


in reply to Perl terminal access to linux server

Depending on how interactive you want things to be, Net::SSH2 and/or Net::SSH::Any allow you to run anything from a script.

As a general approach, why use a suid script when you can configure special SSH keys together with a premade command so that you can trigger a specific command directly as root? See the authorized_keys manpage on the command= entry.

Replies are listed 'Best First'.
Re^2: Perl terminal access to linux server
by Polyglot (Chaplain) on Sep 22, 2021 at 09:53 UTC
    Thank you for the helpful response. I do appreciate it. Reading the man page you linked, however, I am struggling to understand it--maybe it's above my level.

    How exactly is the Net::SSH2 protocol qualitatively different from an ordinary remote login via SSH? I'm not interested in passing things through Perl just for the sake of it, but rather to have a different interface and/or useraccess option.

    Okay, I'll give an example to help illustrate the motivation for the question.

    Occasionally, something seems to glitch and/or hangup on the server end with respect to the SSH daemon. When this happens, the server is still running fine, but SSH logins will not complete. The virtual server (VM) sometimes needs to be restarted in order to reopen access to the server. But if a Perl script could give some form of non-SSH-dependent access to commands on the server, the SSH daemon could be restarted without a VM reboot.

    I once, years ago, had a script that I tweaked to provide basic access to tools like ls, chmod, pico, etc. to have some basic server access in the event of a problem with the SSH entry. Unfortunately, the SSH issues ended up being more than could be handled by my minimal Perl-script functionality. That's the sort of functionality I'm contemplating once again.

    Blessings,

    ~Polyglot~

      Oh - sorry, then I completely misunderstood your answer. I thought you wanted to do it the other way around, automating things through ssh , but you want to issue commands through a secondary way.

      I would first look at where the problem stems from and whether running a second sshd on a different port allows you to do the management through that one. If the server is unresponsive due to network/io/ram congestion, that won't help you though.

      Complete tangent to your original request, but I solved a similar problem by running dropbear sshd on a different port, with dropbear configured not to use PAM and pointed at a special /etc/passwd file that only lists the root user and with password logins disabled, so that the only way to use this ssh daemon is by connecting with a known private key. I use a locally-encrypted private key. Also the root user’s shell of this login is set to busybox’s sh, so none of the bash profile stuff runs and most shell commands run as builtins. Then, I set the oom priority of the dropbear sshd to the lowest possible value and give it high io and cpu scheduling priority.

      This creates a really secure and resilient second method to access the server. It allows me to log in in the middle of a forkbomb, or log in after OOM killer trashed everything, and even sometimes log in when the root volume is dead and everything that touches disk gets permanently paused.

      also a tangent: this idea was mentioned once at the cb, not sure by whom: add something to the cron of the remote host (the one whose sshd sometimes needs to be restarted) which will regularly check the sshd and if needs to be restarted, or simply restarting the sshd when nobody connected (do a who). Or even reboot the system (with all the caveats for current sessions).

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11136944]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (4)
As of 2024-03-29 07:28 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found