Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Net::OpenSSH key authentication

by Jarek (Novice)
on Nov 17, 2009 at 09:49 UTC ( [id://807641]=perlquestion: print w/replies, xml ) Need Help??

Jarek has asked for the wisdom of the Perl Monks concerning the following question:

Hi everyone, I've got a problem with key authentication using Net::OpenSSH. The problem is I have read the documentation and simply I couldn't find anything about it there. I tried to do it in normal way, as with ssh so I created a pair of keys, copied public to the remote server, tried login from CLI, worked. When did it from script it says "unable to establish master SSH connection: ssh master exited unexpectedly". 
$ENV{HOME} = "/var/www/scripts/new";
use Net::OpenSSH;
use Date::Simple ('date', 'today');
use warnings;
my $ssh;

$ssh = Net::OpenSSH->new('root@localhost', master_opts => [-o => "User
+KnownHostsFile=/dev/null", -o => "StrictHostKeyChecking=no"], timeout
+ => 10, ctl_dir => $ENV{HOME}) or
$ssh->error and die "Couldn't establish SSH connection: ". $ssh->error
+;
my $cmd = "ls -l";
my (@out, $err) = $ssh->capture({ timeout => 10 }, $cmd);
$ssh->error;
print $ssh->error;
foreach (@out)
{
print $out[$i]. "<BR>";
$i++;
}

[download]
Obviously when I put the password in it works. It also works from the command line. Directory /var/www/scripts/new contains .ssh/ directory with id_rsa and id_rsa.pub now even with 777 to avoid a mistake in user rights. I'm running that script from other .cgi by system function. And also here when I put password everything works. Thank you for your all answers. Regards, Jarek

Replies are listed 'Best First'.
Re: Net::OpenSSH key authentication
by salva (Canon) on Nov 17, 2009 at 10:28 UTC
    Have you followed the troubleshooting guide included on the module docs?
    "unable to establish master SSH connection: ssh master exited unexpectedly"

    That means that the ssh command is failing to authenticate, probably due to bad permissions settings.

    The first thing you should do is to ensure that you can connect to the remote host from the CGI environment using public key authentication.

    Replace your script with the following: 

    #!/bin/sh
ssh -vvv root@localhost echo "hello world" >/tmp/ssh.out 2>&1
echo rc: $? >>/tmp/ssh.out

    [download]
    Run it from the CGI, check /tmp/ssh.out for errors and solve them (or if you are unable to do it by yourself post the output file here).

    Once you get that simplified script working, Net::OpenSSH should just work (otherwise, go to step 4 on the troubleshooting guide).

    BTW, using UserKnownHostsFile=/dev/null and StrictHostKeyChecking=no is very insecure, you are opening the door for man-in-the-middle attacks.

[reply]
[d/l]
[select]
Re: Net::OpenSSH key authentication
by tirwhan (Abbot) on Nov 17, 2009 at 10:28 UTC

    I'd guess that your script is looking for the key in the wrong place when you're calling it as cgi. Turn on debugging ($Net::OpenSSH::debug |= 16;), it should tell you the exact ssh line it is trying to call. Try that manually and see whether you find the problem that way.


    All dogma is stupid.
[reply]
[d/l]
[select]
Re: Net::OpenSSH key authentication
by gmargo (Hermit) on Nov 17, 2009 at 13:33 UTC

    id_rsa and id_rsa.pub now even with 777

    ssh(1) will definitely fail if id_rsa is not 600 or 400. (man page says: "ssh will simply ignore a private key file if it is accessible by others.") That applies to this module as well since it uses ssh under the hood.

[reply]
[d/l]
[select]
      Hi, Thanks for your help. You're right what I thought but I didn't know how to check it. Script looked for the keys in wrong directory. And script given by salva showed me what directory it should be. From some reason it looked files in directory /var/www/scripts/ not /var/www/scripts/new/ even if everything happens in /var/www/scripts/new and $ENV{HOME} is set to /var/www/scripts/new too. Weird. Thank you for help again. Regards, Jarek
[reply]
        Hi everyone, i'm trying to use key authentication using Net::OpenSSH. can someone please help me to understand the issue with my script 
        use Net::OpenSSH;
use warnings;

my $path = "/export/home/tenfold2/.ssh/";

  $Net::OpenSSH::debug |= 16;
  my $t =  Net::OpenSSH->new('ildep@sxm0019', master_opts => [-o => "U
+serKnownHostsFile=/dev/null", -o => "StrictHostKeyChecking=no"], time
+out => 10, ctl_dir => $path);
  $t->error and SendMail "unable to connect to remote host: ". $t->err
+or;
  my $cmd = "ls -l";

        [download]
        When i run the script it gives below message: 
        x  Connecting to sxm0019
command-line: line 0: Bad configuration option: ServerAliveInterval
unable to connect to remote host: unable to establish master SSH conne
+ction: master process exited unexpectedly

        [download]
        ssh -vvv ildep@sxm0019 echo "hello world" >/tmp/ssh.out 2>&1 
        /tmp/ssh.out:
debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /export/home/tenfold2/.ssh/identity
debug3: no such identity: /export/home/tenfold2/.ssh/identity
debug1: Trying public key: /export/home/tenfold2/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: xx hint 1
debug2: input_userauth_pk_ok: xx
debug3: sign_and_send_pubkey
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey)
debug1: fd 6 setting O_NONBLOCK
debug2: fd 7 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug1: send channel open 0
debug1: Entering interactive session.
debug2: callback start
debug1: ssh_session2_setup: id 0
debug1: Sending command: echo hello world
debug1: channel request 0: exec
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 198560
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug3: channel 0: will not send data after close
hello world
debug3: channel 0: will not send data after close
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug3: channel_free: status: The following connections are open:
  #0 client-session (t4 r0 i3/0 o3/0 fd -1/-1)

debug3: channel_close_fds: channel 0: r -1 w -1 e 7
debug1: fd 1 clearing O_NONBLOCK
debug2: fd 2 is not O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.1 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
rc: 0

        [download]
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://807641]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others admiring the Monastery: (7)
As of 2024-04-25 08:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found