Re: Is Net::SSH::Perl broken for login via explicit user/password?

Net::SSH::Perl operates in two modes:

batch mode
interactive mode

Interactive mode is off by default and must be turned on explicitly:

my $ssh = Net::SSH::Perl->new($ssh_box, interactive => 1);
[download]

Passwords and passphrases are read only in interactive mode, and always from the tty. In batch mode, all passwords are ignored.

Thus batch mode works only with public/private key pairs (rsa or dsa mode), which is IMHO The Right Thing. Storing passwords as plaintext in config files or scripts is unwise at it's best.

The documentation of Net::SSH::Perl is misleading on this behalf, as the method

$ssh->login($user, $pass);
[download]

will never work - by design!

Searching a bit further, I found the following in Net::SSH::Perl::Auth::KeyboardInt:

The authenticate method will enter into a dialog with the server. For keyboard-interactive authentication, this entails sending a request to authenticate the user using this form of authentication, then waiting for any number of prompts for authentication. These prompts are then presented to the user, who enters his/her responses; the responses are then sent back to the server, which either allows or denies the user's credentials.
The fact that this authentication method requires responses to interactive prompts requires that you only use this method in an interactive SSH connection.

Net::SSH::Perl appearently supports - besides user/password pairs - also challenge/response authentication methods; the authentication can involve multiple methods with would not fit into a simple user/pass schema.

I recall that this question is asked often; the manual page of Net::SSH::Perl is outdated and inaccurate and should be fixed. But it has a link for reporting bugs ;-)

If Net::SSH::Perl operates in batch mode, it disables the keyboard-interactive authentication method. You can verify this by commenting out line 116 of $perllib/Net/SSH/AuthMgr.pm:

# in sub auth_failure:
    for my $meth ( split /,/, $authlist ) {
        ...
        # next unless $auth->enabled;  # <--  line 116 in v1.29
        ...
    }
[download]

If you run your code with this modification, keyboard-interactive is tried in batch mode as well, and you are prompted for a password - the password you supplied to $ssh->login(); is just ignored.

</update>

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Comment on Re: Is Net::SSH::Perl broken for login via explicit user/password? Select or Download Code

Replies are listed 'Best First'.
Re^2: Is Net::SSH::Perl broken for login via explicit user/password? by tphyahoo (Vicar) on Dec 19, 2006 at 09:57 UTC
Seems like what I really should have done is look in the /eg dir of the distribution, as the docu suggests somewhere that eluded my first scan. This has http://search.cpan.org/src/DBROBINS/Net-SSH-Perl-1.30/eg/cmd.pl which seems to accomplish what I want without `interactive => 1` in the constructor. (But I haven't actually tried if it works yet ;) ) UPDATE: Well, I tried it and YOU ARE RIGHT. You need `interactive => 1` The sample script they give there is busted. I guess it is time to fire up rt :)	[reply] [d/l] [select]
Re^3: Is Net::SSH::Perl broken for login via explicit user/password? by shmem (Chancellor) on Dec 19, 2006 at 10:10 UTC
Well... running that code confirms what I wrote. Log follows. Read more... (3 kB) and with line 116 in Net::SSH::Perl::AuthMgr commented out: Read more... (4 kB) --shmem _($_=" "x(1<<5)."?\n".q·/)Oo. G°\ / /\_¯/(q / ---------------------------- \__(m.====·.(_("always off the crowd"))."· ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}	[reply] [d/l] [select]


No such thing as a small change
	PerlMonks