wwinfrey has asked for the wisdom of the Perl Monks concerning the following question:
Encrypting the connection with SSL is not an option. The remote MySQL server that I am connecting to is not configured to accept SSL-encrypted connections and I cannot change this without extensive, intrusive bootstrapping on the remote appliance (bootstrapping that I am trying to avoid at all costs).
While Perl is installed on the appliance I am connecting to (it's running CentOS 5.5), the perl-DBD-MySQL package is not installed on the remote appliance, so using DBD::Gofer(*) or other similar approaches to proxy the connection over SSH isn't an option without bootstrapping the appliance to some degree, which, as I mentioned, I would like to avoid.
(*) At least, I don't think it's an option; my experience with DBD::Gofer is limited.
The client application needs to be as portable as possible, and I would like to forego any dependencies on external applications. Put another way, I'm OK with compiling libssh2 into a module, but would like to avoid using an ssh client binary, socat, or the like. At least, what I don't want to be doing is creating tunnels using exec() calls to these binaries.
Just so we're clear as to what kind of SSH environment is configured on the remote appliance, the ssh environment is the same as one might find in a default CentOS 5.5 install.
Now, I have tunneled MySQL connections over SSH in the past plenty of times and am fairly familiar with SSH tunneling in general, but I cannot seem to figure out how to do this in a "pure Perl" manner.
I've read a couple different threads here on PerlMonks (most notably: here, here and here) that broach the subject, but don't seem to even point in the general direction of an answer. I've also looked for similar questions about tunneling in general, and have looked at say, the Tunnels section of the Net::OpenSSH perldoc, but can't wrap my head around how I would create a driver handle that connects over the pipes created by Net::OpenSSH's open_ex method...
I've also looked at modules like IO::Select and IO::Socket::INET, but can't really seem to wrap my head around how I might use them in furtherance of my afore-stated goals.
Any suggestions?
Update I was looking for a Perl module that would allow for SSH port forwards without the use of external apps such as /usr/bin/ssh or plink.
There are two modules that implement SSH client functionality completely "in" the module (that is to say, without acting as a wrapper for external binaries): Net::SSH::Perl/Net::SSH::W32Perl and Net::OpenSSH.
Net::SSH::Perl, as Krambambuli points out does not support SSH's "LocalForward" option. Net::OpenSSH supports SSH tunneling, but this is not the same as port forwarding, which is what I really wanted, and since the module I'm writing will need to support Windows, Net::OpenSSH is not an option here anyway.
In summary, as far as I can tell, there is no way to do SSH port forwarding using only Perl modules and without external binaries, not just in Windows, but on any platform. There are plenty of good options for accomplishing SSH port forwarding using external binaries, options that will likely suffice for most users, however, for my purposes, using external binaries wasn't an option.
As far as the solution to my own problem went, I got permission from the higher-ups to do a moderate amount of boostrapping on the target appliance so that the appliance's MySQL server will support SSL-encrypted connections, thereby eliminating my need to do any SSH port forwarding.
|
---|