Net::SSH::Perl and Passwd

u235sentinel has asked for the wisdom of the Perl Monks concerning the following question:

I've spent quite a bit of time getting into coding with Net:SSH:Perl and have come across an interesting problem. The examples provided for that module suggest I can remotely change my password over SSH however neither example will work even after modifying it. Here is my sample ssh code:

#!/usr/bin/perl
 
use warnings;
use strict;
use Net::SSH::Perl;
 
my $srvr = "testserver";
my $username = "test";
my $oldpasswd = "test";
my ($stdout, $stderr, $exit);
my $cmd = ('passwd');
 
 
my $ssh = Net::SSH::Perl->new($srvr, protocol => 2, debug => 1);


$ssh->register_handler("stderr", sub {
                my($channel, $buffer) = @_;
                print "** Standard Error - I received this:\n", $buffe
+r->bytes;
        });

# This trigger works perfectly
# 
$ssh->register_handler("stdout", sub {
                my($channel, $buffer) = @_;
                print "** Standard Out - I received this:\n", $buffer-
+>bytes;
        });
 
$ssh->login($username, $oldpasswd);
 
$ssh->cmd($cmd);
 
print "** Ran Command ". $cmd ."\n";
[download]

the code runs fine if I put a command such as 'ls' or 'hostname' (for example) in variable $cmd. If I put 'passwd' then the register_trigger for stderr comes back with the following error message

chqpvul8108: channel 1: new client-session
chqpvul8108: Requesting channel_open for channel 1.
chqpvul8108: Entering interactive session.
chqpvul8108: Sending command: passwd
chqpvul8108: Requesting service exec on channel 1.
chqpvul8108: channel 1: open confirm rwindow 0 rmax 16384
chqpvul8108: channel 1: rcvd eof
chqpvul8108: channel 1: output open -> drain
chqpvul8108: input_channel_request: rtype exit-status reply 0
chqpvul8108: channel 1: rcvd close
chqpvul8108: channel 1: input open -> closed
chqpvul8108: channel 1: close_read
** Standard Error - I received this:
Unexpected failure. Password file/table unchanged.
chqpvul8108: channel 1: obuf empty
chqpvul8108: channel 1: output drain -> closed
chqpvul8108: channel 1: close_write
chqpvul8108: channel 1: send close
chqpvul8108: channel 1: full closed
** Ran Command passwd

Any thoughts on what I'm missing here? I've googled and checked out the net::ssh::perl forum and haven't figured out why It's giving me heartburn. Has anyone been successful in issuing passwd with this module? This is running on a Suse Linux server and the client is a Solaris 9 Sparc. The reason I'm doing this is I'm writing a program to connect via SSH and change my password on a number of Unix/Linux servers (don't ask). Thanks!

Comment on Net::SSH::Perl and Passwd Download Code

Replies are listed 'Best First'.
Re: Net::SSH::Perl and Passwd by helphand (Pilgrim) on Jan 19, 2006 at 03:56 UTC
Doesn't the passwd command require user input? I see nothing in your code that would be passing along the old password, new password to the passwd program. In fact, I see nowhere that a new password is even captured or stored. My suspicion is that you probably would be better off using expect for what you want to accomplish. Scott	[reply]
Re^2: Net::SSH::Perl and Passwd by u235sentinel (Hermit) on Jan 19, 2006 at 05:29 UTC
Doesn't the passwd command require user input? I see nothing in your code that would be passing along the old password, new password to the passwd program. In fact, I see nowhere that a new password is even captured or stored. My suspicion is that you probably would be better off using expect for what you want to accomplish. The purpose of the program was to demonstrate that passwd doesn't even prompt you via stderr for a password. Either old or new. I'm considering using expect rather than doing it this way however if passwd doesn't provide any prompts I suspect expect will have similar difficulties. FYI... the full program I've built does provide a couple of routines asking for old/new password. Once I have it working properly I hope to make it available so people would know how to do this in Perl.	[reply]
Re^3: Net::SSH::Perl and Passwd by eldapo (Initiate) on Oct 22, 2008 at 18:52 UTC
Yes. The passwd utility is interactive. The chpasswd utility, on the other hand, will accept command line input. Syntax like this: `echo username:newpassword \| /usr/sbin/chpasswd` chpasswd is available all most Linux distros as far as I know. On Red Hat it comes in the shadow-utils base system package. It's also supposed to be available on AIX 5.x and the BSD's. Inexplicably, it's missing from Solaris. Here's a snippet that shows how it could be used in conjunction with Net::SSH::Perl as part of a mass password resetting script (FH is the handle for a file that contains target system and user data, including the new password -- to save space I've also removed error-checking code): `while (<FH>) { chomp; my ( $target, $username, $userpass ) = ( &parse_line(',',0,$_)); my $userstr = $username . "\:" . $userpass; print $target, " ", $userstr, "\n"; my $ssh = Net::SSH::Perl->new($target); $ssh->login($adminuser, $adminpass); my $cmd = "echo $userstr \\| /usr/sbin/chpasswd"; my ($stdout, $stderr, $exit) = $ssh->cmd($cmd); }` [download]	[reply] [d/l] [select]
Re: Net::SSH::Perl and Passwd by samwyse (Scribe) on Aug 19, 2009 at 14:57 UTC
A couple of things... First, I think that the passwd command opens /dev/tty to make sure that no one has hijacked stdin/stdout/stderr. Second, the SSH protocol supports changing a password without using an external command. If you look at RFC 4252, the SSH_MSG_USERAUTH_REQUEST packet has an optional field to hold a new password. I found this node while looking to see if anyone's done this before; I'll be implementing it myself if I can't find anything.	[reply]
Re^2: Net::SSH::Perl and Passwd by salva (Canon) on Aug 19, 2009 at 18:21 UTC
Quoting OpenSSH SSH server source code... `if (change) logit("password change not supported");` [download] So even if it is in the RFC, the reality is that most server implementations are probably not supporting that feature :-(	[reply] [d/l]


Syntactic Confectionery Delight
	PerlMonks