Re: Net::SSH::Perl and su

I was having the same problem myself with a project I'm working on. The following excerpt from the Net::SSH::Perl documentation may be pertinent...

"..if you're running in an interactive session and you've not provided a password, you'll be prompted for one..."

But what is interactive mode? It appears to be through the use of Net::SSH::Perl->shell(), which "Opens up an interactive shell on the remote machine and connects it to your STDIN. This is most effective when used with a pseudo tty; otherwise you won't get a command line prompt, and it won't look much like a shell. For this reason--unless you've specifically declined one--a pty will be requested from the remote machine, even if you haven't set the use_pty argument to new..."

It sounds like the only way to connect interactively is to use shell() or grab the password, handing it off to login() beforehand. Hope this helps.

-fuzzyping

UPDATE:

The problem is not what I described above... you're simply missing the interactive option with login. Your code should look something like...

#!/usr/local/bin/perl -w

use strict;
use Net::SSH::Perl;
use Data::Dumper;

my $ssh = Net::SSH::Perl->new( "localhost", debug => 1, protocol => 2,
+ interactive => 1, use_pty => 1 );

$ssh->login();

my ($out, $err, $exit ) = $ssh->cmd('su - root -c "touch /var/tmp/sill
+y3"', '*******');
print "out = $out\nerr = $err\nexit = $exit\n";
[download]

FWIW, I'm still getting STDIN/tty errors to $err, but it is running interactively and asking for my password. It appears to be a limitation of su, requiring local tty control(?). There are others here who would be better qualified to answer that one. I have no problem running non-su commands, though. Good Luck!

-fuzzyping

Comment on Re: Net::SSH::Perl and su Download Code

Replies are listed 'Best First'.
Re: Re: Net::SSH::Perl and su by rob_au (Abbot) on Mar 08, 2002 at 22:45 UTC
FWIW, I'm still getting STDIN/tty errors to $err, but it is running interactively and asking for my password. It appears to be a limitation of su, requiring local tty control(?). There are others here who would be better qualified to answer that one. I have no problem running non-su commands, though. Good Luck! I think the best solution for mikfire with this problem would be to investigate the use of sudo - This command allows administrators to grant permissions to users to execute priviledged commands without having to `su` to root. The advantage with this command offers in this scenario however is that, when configured as such, it allows priviledged commands to be executed by users without prompting for a password. `perl -e 's&&rob@cowsnet.com.au&&&split/[@.]/&&s&.com.&_&&&print'`	[reply] [d/l]
Re: Re: Re: Net::SSH::Perl and su by hossman (Prior) on Mar 08, 2002 at 23:52 UTC
something I really don't get is: "Why ssh to a remote machine (as a regular user), THEN su to root?" Assuming the user is "hossman" on both machines, you're doing this... hossman@client =ssh=> hossman@server =su=> root@server Why not do this instead... hossman@client =ssh=> root@server (sudo is nice because it eliminates the need for hossman to know the root password on server, but the same thing could be accomplished using ssh keys.)	[reply]
Re: Re: Re: Re: Net::SSH::Perl and su by Juerd (Abbot) on Mar 08, 2002 at 23:59 UTC
"Why ssh to a remote machine (as a regular user), THEN su to root?" Because many ssh servers block direct root logins, so you need at least two passwords to get a root shell. (in general) 44696420796F7520732F2F2F65206F 7220756E7061636B3F202F6D736720 6D6521203A29202D2D204A75657264	[reply]
Re^4: Net::SSH::Perl and su by Anonymous Monk on Aug 19, 2015 at 16:48 UTC
Root user not allowed to log in directly. You only log in as regular user then su to root.	[reply]
Re: Re: Re: Net::SSH::Perl and su by mikfire (Deacon) on Mar 09, 2002 at 01:42 UTC
Alas, if only it were that easy. I can't use sudo for two main reason. First, the command I want to run is going to change. Second, due to some serious security concerns, there is no way I could convince them to allow me to use the NOPASSWD option in sudo. mikfire	[reply]
Re: Re: Re: Re: Net::SSH::Perl and su by rob_au (Abbot) on Mar 09, 2002 at 04:01 UTC
... due to some serious security concerns, there is no way I could convince them to allow me to use the NOPASSWD option in sudo. To my mind, it is of greater concern that fact that you are looking to store the root and a user password into a remote script. All one would have to to is view the source of your script and they would have both a login and the root account on the remote system - A restricted shell with sudo access rights to a small selection of administrative commands would be a better choice to my mind by far. `perl -e 's&&rob@cowsnet.com.au&&&split/[@.]/&&s&.com.&_&&&print'`	[reply]
Re: Re: Net::SSH::Perl and su by mikfire (Deacon) on Mar 09, 2002 at 01:39 UTC
I have tried this. I doesn't work for me. I am beginning to think this problem is with respect to my version of Solaris and SSH ( Solaris 8 and SSH 3.1p1 ( you have patched your ssh, haven't you?) ). I have tried the example code ( which, having finally read, gave some fairly good examples on setting up callbacks ) and that doesn't work for me either. :/ Thanks for the help, though. mikfire	[reply]
Re: Re: Re: Net::SSH::Perl and su by oubiwann (Sexton) on Mar 15, 2002 at 19:36 UTC
You might want to investigate the usage of keys with ssh. Although many say that this is less secure than asking for a password everytime, if you are thinking about storing passwords in plain text, this would be a great alternative.	[reply]


Perl Monk, Perl Meditation
	PerlMonks