Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re: Is Net::SSH::Perl broken for login via explicit user/password?

by shmem (Canon)
on Dec 18, 2006 at 20:16 UTC ( #590548=note: print w/ replies, xml ) Need Help??


in reply to Is Net::SSH::Perl broken for login via explicit user/password?

Net::SSH::Perl operates in two modes:

  • batch mode
  • interactive mode

Interactive mode is off by default and must be turned on explicitly:

my $ssh = Net::SSH::Perl->new($ssh_box, interactive => 1);

Passwords and passphrases are read only in interactive mode, and always from the tty. In batch mode, all passwords are ignored.

Thus batch mode works only with public/private key pairs (rsa or dsa mode), which is IMHO The Right Thing. Storing passwords as plaintext in config files or scripts is unwise at it's best.

The documentation of Net::SSH::Perl is misleading on this behalf, as the method

$ssh->login($user, $pass);

will never work - by design!

Searching a bit further, I found the following in Net::SSH::Perl::Auth::KeyboardInt:

The authenticate method will enter into a dialog with the server. For keyboard-interactive authentication, this entails sending a request to authenticate the user using this form of authentication, then waiting for any number of prompts for authentication. These prompts are then presented to the user, who enters his/her responses; the responses are then sent back to the server, which either allows or denies the user's credentials.

The fact that this authentication method requires responses to interactive prompts requires that you only use this method in an interactive SSH connection.

Net::SSH::Perl appearently supports - besides user/password pairs - also challenge/response authentication methods; the authentication can involve multiple methods with would not fit into a simple user/pass schema.

I recall that this question is asked often; the manual page of Net::SSH::Perl is outdated and inaccurate and should be fixed. But it has a link for reporting bugs ;-)

<update>

If Net::SSH::Perl operates in batch mode, it disables the keyboard-interactive authentication method. You can verify this by commenting out line 116 of $perllib/Net/SSH/AuthMgr.pm:

# in sub auth_failure: for my $meth ( split /,/, $authlist ) { ... # next unless $auth->enabled; # <-- line 116 in v1.29 ... }

If you run your code with this modification, keyboard-interactive is tried in batch mode as well, and you are prompted for a password - the password you supplied to $ssh->login(); is just ignored.

</update>

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}


Comment on Re: Is Net::SSH::Perl broken for login via explicit user/password?
Select or Download Code
Re^2: Is Net::SSH::Perl broken for login via explicit user/password?
by tphyahoo (Vicar) on Dec 19, 2006 at 09:57 UTC
    Seems like what I really should have done is look in the /eg dir of the distribution, as the docu suggests somewhere that eluded my first scan. This has

    http://search.cpan.org/src/DBROBINS/Net-SSH-Perl-1.30/eg/cmd.pl

    which seems to accomplish what I want without interactive => 1 in the constructor. (But I haven't actually tried if it works yet ;) )

    UPDATE: Well, I tried it and YOU ARE RIGHT.

    You need interactive => 1

    The sample script they give there is busted. I guess it is time to fire up rt :)

      Well... running that code confirms what I wrote. Log follows.

      and with line 116 in Net::SSH::Perl::AuthMgr commented out:

      --shmem

      _($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                                    /\_¯/(q    /
      ----------------------------  \__(m.====·.(_("always off the crowd"))."·
      ");sub _{s./.($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e.e && print}

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://590548]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (12)
As of 2014-12-18 16:21 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (58 votes), past polls