Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

Problem executing command via ssh

by mgalindez (Initiate)
on Aug 23, 2019 at 15:45 UTC ( #11104905=perlquestion: print w/replies, xml ) Need Help??

mgalindez has asked for the wisdom of the Perl Monks concerning the following question:


I need to execute a program in a remote machine, that takes its input from STDIN.

I created a user in such remote machine, and set my program as the shell for that account (so I don't need to provide shell access).

On my local node, I have this program:

#!/usr/bin/perl use IPC::Open3; use POSIX; $inputfile= $ARGV[0]; open(FILE, '<', "$ARGV[0]") or die $!; $command= "ssh user\"; $pid = open3('<&FILE', '>&STDOUT', '>&STDERR', $command); $ret=waitpid( $pid, 0 );

What I expect is that I pass the name of the file as arguments of this program ($ARGV[0]), and the contents of this file is fed as STDIN of the child I've spawn with open3. This should be received as STDIN of my remote program, and the results of the remote program would be printed on STDOUT.

This works well. However, my program only reads the first line, and then terminates.

If I do a manual test, and do ssh, and type multiple lines of input, then things work as expected.

Any clues?


Replies are listed 'Best First'.
Re: Problem executing command via ssh
by haukex (Chancellor) on Aug 23, 2019 at 21:05 UTC

    If you're on a *NIX system, I would definitely recommend using Net::OpenSSH instead. See its open2 and open3 methods.

Re: Problem executing command via ssh
by jcb (Hermit) on Aug 23, 2019 at 23:12 UTC

    As haukex mentioned, you probably should be using a module for the SSH connection. Two recent questions suggest that Net::SSH::Perl might be useful and give both some pitfalls and solutions.

    Further, the SSH configuration you describe does not do what you seem to think that it does — the user account that you have created can get a shell with "ssh /bin/sh". You need to use the "forced command" option with the public key registered on the remote machine to ensure that that key can only be used to run your program, and you really need to read perlsec if that remote program is written in Perl and make sure that it cannot be abused to gain a shell if you do not want shell access to be available.

    Lastly, one big difference between running ssh on a terminal and on pipes is whether SSH sets up a pty on the remote machine by default. Try "ssh -tt" instead if you insist on using IPC::Open3 for this.

      Two recent questions suggest that Net::SSH::Perl might be useful

      On Windows maybe, but on *NIX systems, IMHO Net::OpenSSH is really the best, it supports a ton of functionality and builds on the native ssh. No messing around with IPC::Open3 necessary :-)

      Doing: ssh /bin/sh does not get me /bin/sh, but the default shell for the corresponding user. Am I missing something? Thanks!

        It is possible that /bin/sh may be a special case in newer versions of the SSH server or you have some other configuration acting as a "safety net" in your case. I still would not recommend depending on this; you should be using the "forced command" option on the public key to ensure that it can only be used to run your program and you still need to read perlsec and make sure that your program cannot be exploited into a shell-equivalent if this is an actual security issue.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://11104905]
Approved by marto
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (7)
As of 2019-09-17 22:10 GMT
Find Nodes?
    Voting Booth?
    The room is dark, and your next move is ...

    Results (218 votes). Check out past polls.