I think the root of my issues is no clear understanding of how authentication works along with ProxyCommand. In my setup I have public key auth with host that I use in ProxyCommand to run nc. And the destination host needs password auth. So when I supply username/password - which host does it apply to ? One that is serving as a relay and running nc or the final destination ?
Here is relevant part of my code. May be I need properly destroy $ssh before opening new connection too. To not stumble upon remains of the previous failed public key attempt.
while ( GO OVER ALL HOSTS I HAVE ) {
// FIGURE OUT IF CAN BE REACHED DIRECT
my $ssh;
my @pw_opts = (
-o => "CheckHostIP no",
-o => "ConnectionAttempts 1",
-o => "ForwardAgent yes",
-o => "HashKnownHosts no",
-o => "StrictHostKeyChecking=no",
-o => "VerifyHostKeyDNS no",
-o => "UserKnownHostsFile /dev/null",
-o => "ConnectTimeout 5",
-o => "HostbasedAuthentication no",
-o => "ChallengeResponseAuthentication no",
-o => "RhostsRSAAuthentication no",
-o => "GSSAPIAuthentication no",
);
my @pubkey_opts = @pw_opts;
push @pubkey_opts, ( -o => "PasswordAuthentication no");
push @pubkey_opts, ( -o => "PubkeyAuthentication yes");
push @pubkey_opts, ( -o => "PreferredAuthentications publickey
+");
push @pw_opts, ( -o => "PreferredAuthentications=password");
push @pw_opts, ( -o => "NumberOfPasswordPrompts=1");
if( NOT REACHABLE DIRECT ) {
push @pw_opts, (-o => 'ProxyCommand=ssh root@'.$sshgw.
+' nc %h 22');
push @pubkey_opts, (-o => 'ProxyCommand=ssh root@'.$ss
+hgw.' nc %h 22');
}
$ssh = Net::OpenSSH->new(
$user.'@'.$host,
master_opts => \@pubkey_opts,
master_stdout_discard => 1,
master_stderr_discard => 1,
);
if($ssh->error) {
print "SSH key auth didn't work for $host, will try pa
+sswords...\n";
foreach my $pass (@passwords) {
$ssh = Net::OpenSSH->new(
$user.'@'.$host,
password => $pass,
master_opts => \@pw_opts,
kill_ssh_on_timeout => 1,
# master_stdout_discard => 1,
# master_stderr_discard => 1,
);
if(!$ssh->error) {
print "Authenticated with password to
+$host\n" if($debug);
last;
} else {
print "SSH returned : ".$ssh->error."\
+n" if($debug);
}
}
if($ssh->error) {
print "Can not login into $host : ".$ssh->erro
+r."\n";
next;
}
} else {
print "SSH key accepted at $host\n";
}
}