ssh-sftp-perl-users — For users and developers of the Perl SSH and SFTP modules

[Ssh-sftp-perl-users] Permission denied at /usr/lib/perl5/site_perl/5.8.6/Net/SFTP.pm line 62

[elec <ele...@gm...>]

hey guys i have been killing myself over this problem. i am able to scp
regulary but i cant using net::stftp hopefully the below is self
explainatory enough, the remote system is a netscreen firewall. (users/ips
have been changed)

CODE:

print "\t\t\t \[Device $devcount of " . @ip . "\]\n";
print "\t\t-->Grabbing ns_sys_config\n";
# Previous Try
# my $sftp =3D Net::SFTP->new($ip[$x], user=3D>$sshuser, pass=3D>$sshpass,
debug=3D>'true', ssh_args =3D> [ protocol =3D> 2 , options =3D>
['PasswordAuthentication yes','PreferredAuthentications password']]);

my $sftp =3D Net::SFTP->new($ip[$x], user=3D>$sshuser, password=3D>$sshpass=
,
debug=3D>'true');
my $remote =3D "file";
my $local =3D "$scripttmp/$date-$ip[$x]-netscreen.config";
  $sftp->get($remote,$local);




#######################PERL SCRIPT START################
scriptuser@linux:~/$ perl script.pl
Hostname : host
IP: 192.168.x.x
                         [Device 1 of 1]
                -->Grabbing file
linux: Reading configuration data /home/scriptuser/.ssh/config
linux: Reading configuration data /etc/ssh_config
linux: Connecting to 192.168.x.x, port 22.
linux: Remote protocol version 2.0, remote software version NetScreen
linux: Net::SSH::Perl Version 1.29, protocol version 2.0.
Linux: No compat match: NetScreen
linux: Connection established.
linux: Sent key-exchange init (KEXINIT), wait response.
linux: Algorithms, c->s: 3des-cbc hmac-sha1 none
linux: Algorithms, s->c: 3des-cbc hmac-sha1 none
linux: Entering Diffie-Hellman Group 1 key exchange.
linux: Sent DH public key, waiting for reply.
linux: Received host key, type 'ssh-dss'.
linux: Host '192.168.x.x' is known and matches the host key.
linux: Computing shared secret key.
linux: Verifying server signature.
linux: Waiting for NEWKEYS message.
linux: Enabling incoming encryption/MAC/compression.
linux: Send NEWKEYS, enable outgoing encryption/MAC/compression.
linux: Sending request for user-authentication service.
linux: Service accepted: ssh-userauth.
linux: Trying empty user-authentication request.
linux: Authentication methods that can continue: .
Permission denied at /usr/lib/perl5/site_perl/5.8.6/Net/SFTP.pm line 62

#######################PERL SCRIPT STOP#######################

#######################SCP START###########################
scriptuser@linux:~/$ scp -v user@192.168.x.x:file file
Executing: program /usr/bin/ssh host 192.168.x.x, user user, command scp -v
-f file
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /home/scriptuser/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to 192.168.x.x [192.168.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/scriptuser/.ssh/identity type -1
debug1: identity file /home/scriptuser/.ssh/id_rsa type -1
debug1: identity file /home/scriptuser/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version NetScreen
debug1: no match: NetScreen
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client 3des-cbc hmac-sha1 none
debug1: kex: client->server 3des-cbc hmac-sha1 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host '192.168.x.x' is known and matches the DSA host key.
debug1: Found key in /home/scriptuser/.ssh/known_hosts2:14
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
debug1: Next authentication method: publickey
debug1: Trying private key: /home/scriptuser/.ssh/identity
debug1: Trying private key: /home/scriptuser/.ssh/id_rsa
debug1: Trying private key: /home/scriptuser/.ssh/id_dsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
debug1: Next authentication method: password
user@192.168.x.x's password:
debug1: Authentication succeeded (password).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending command: scp -v -f ns_sys_config
Sink: C0644 29836 file
file
100%   29KB  29.1KB/s   00:01
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 0.9 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status -1


#######################SCP STOP##############################

<scriptuser@neteng01-1ne:~/scripts/netscreen$>

<scriptuser@neteng01-1ne:~/scripts/netscreen$>

[Ssh-sftp-perl-users] RE: Creating a new ssh object take more than1 minute

[Bill S. <fri...@op...>]

This begs the question, if it takes a minute to create an SSH object
when using Net::SSH right out of CPAN (or in my case Net::SFTP),
why isn't Math::BigInt::GMP required by Net::SSH?  
Taking a minute to create an SSH object is a bug in my book.
 
I had the same experience as Sander Pool and had to spend time tracking down
the problem and finding the answer here in this forum.   It would have been 
nice if Perl had just installed Match::BigInt::GMP when I installed Net::SFTP, 
which uses Net:SSH.

Bill

-----Original Message-----
From: Rob Verduijn [mailto:rob...@br...] 
Sent: Thursday, December 01, 2005 11:24 PM
To: Sander Pool 
Cc: ssh...@li...
Subject: Re: [Ssh-sftp-perl-users] Creating a new ssh object take more
than1 minute

Hi there,

find this on cpan
Math::BigInt::GMP
install it and the delay will be gone

Next time you might want to dig through the message archives before
asking, that would have saved you some waiting.
This question has been asked before, more than once.

Regards
Rob

[Ssh-sftp-perl-users] Net::SSH2 connections not closing ?

[Michael G. <mic...@bl...>]

Hello,

	I am using latest version of Net:SSH2 from cpan and am having problems 
with ssh connections being stuck in a CLOSE_WAIT state.

My perl app never shuts down, it is a continueous app the runs and calls 
the following function. I am calling channel close and disconnect but 
maybe I am missing something ?


sub restrict {

my $ssh2 = Net::SSH2->new;

&contact_error("Unable to connect to server") unless 
$ssh2->connect($settings->get('filter.host'));

&contact_error("Unable to authenticate") unless 
$ssh2->auth_password($settings->get('filter.user'),$settings->get('filter.pass'));

my $chan = $ssh2->channel;

$chan->exec('sudo ......') or $rtn=1;
my $chan_rtn = $chan->exit_status;

$chan->close;

$ssh2->disconnect;
&logging("BLOCKED IP @_");

return $rtn;

}


Thanks

Michael

[Ssh-sftp-perl-users] problem of remoteinteract2.pl and remoteinteract.pl

[mgt <com...@mg...>]

Everything is fine rather than executing like passwd, needed be interactive.
Things always get stuck on "channel 1: open confirm rwindow 0 rmax 32768".
May somebody tell me how to solve it please?

Here are the outputs:

user@hostname [eg] # perl remoteinteract2.pl
hostname: Reading configuration data /root/.ssh/config
hostname: Reading configuration data /etc/ssh_config
hostname: Allocated local port 1020.
hostname: Connecting to remotehost, port 22.
hostname: Remote protocol version 2.0, remote software version OpenSSH_3.5p1
FreeBSD-20030924
hostname: Net::SSH::Perl Version 1.29, protocol version 2.0.
hostname: No compat match: OpenSSH_3.5p1 FreeBSD-20030924.
hostname: Connection established.
hostname: Sent key-exchange init (KEXINIT), wait response.
hostname: Algorithms, c->s: 3des-cbc hmac-sha1 none
hostname: Algorithms, s->c: 3des-cbc hmac-sha1 none
hostname: Entering Diffie-Hellman Group 1 key exchange.
hostname: Sent DH public key, waiting for reply.
hostname: Received host key, type 'ssh-dss'.
hostname: Host 'remotehost' is known and matches the host key.
hostname: Computing shared secret key.
hostname: Verifying server signature.
hostname: Waiting for NEWKEYS message.
hostname: Enabling incoming encryption/MAC/compression.
hostname: Send NEWKEYS, enable outgoing encryption/MAC/compression.
hostname: Sending request for user-authentication service.
hostname: Service accepted: ssh-userauth.
hostname: Trying empty user-authentication request.
hostname: Authentication methods that can continue:
publickey,password,keyboard-interactive.
hostname: Next method to try is publickey.
hostname: Next method to try is password.
hostname: Trying password authentication.
hostname: Login completed, opening dummy shell channel.
hostname: channel 0: new [client-session]
hostname: Requesting channel_open for channel 0.
hostname: channel 0: open confirm rwindow 0 rmax 32768
hostname: Got channel open confirmation, requesting shell.
hostname: Requesting service shell on channel 0.
hostname: channel 1: new [client-session]
hostname: Requesting channel_open for channel 1.
hostname: Entering interactive session.
hostname: Sending command: passwd
hostname: Requesting service exec on channel 1.
hostname: channel 1: open confirm rwindow 0 rmax 32768

[Ssh-sftp-perl-users] Did not receive identification string Net-SFTP-0.10 on Linux (Gen too)

[Froelke, J. <Joc...@hg...>]

Hi,

I try to establish a sftp connection with the Net-SFTP-0.10 module. For this
purpose I try this here:



.....
use Net::SFTP;
.....

sub check_sftp($$$)
{
	my $host = shift;
	my $user = shift;
	my $pw = shift;
	my $ret = "NOK";
	
	$@ = '';
	eval {
		my $sftp = Net::SFTP->new(
			$host,
			user=>$user,
			password=>$pw,
			debug=>"1"
		);
		
		
		$ret = "OK" if (defined $sftp);
		
	};
	if ($@ ne '') {
		$ret = "NOK";
	}
			
  return($ret);
}

..........

The output looks like this:

new_intranet: Reading configuration data /root/.ssh/config
new_intranet: Reading configuration data /etc/ssh_config
new_intranet: Allocated local port 1023.
new_intranet: Connecting to XXX.XXX.XXX.XXX, port 22.
new_intranet: Remote protocol version 2.0, remote software version
OpenSSH_3.5p1
new_intranet: Net::SSH::Perl Version 1.25, protocol version 2.0.
new_intranet: No compat match: OpenSSH_3.5p1.
new_intranet: Connection established.
new_intranet: Sent key-exchange init (KEXINIT), wait response.
new_intranet: Algorithms, c->s: 3des-cbc hmac-sha1 none
new_intranet: Algorithms, s->c: 3des-cbc hmac-sha1 none
new_intranet: Entering Diffie-Hellman Group 1 key exchange.
new_intranet: Sent DH public key, waiting for reply.
new_intranet: Received host key, type 'ssh-dss'.
new_intranet: Host 'XXX.XXX.XXX.XXX' is known and matches the host key.
new_intranet: Computing shared secret key.
new_intranet: Verifying server signature.
new_intranet: Waiting for NEWKEYS message.
new_intranet: Enabling incoming encryption/MAC/compression.
new_intranet: Send NEWKEYS, enable outgoing encryption/MAC/compression.
new_intranet: Sending request for user-authentication service.
new_intranet: Service accepted: ssh-userauth.
new_intranet: Trying empty user-authentication request.
new_intranet: Authentication methods that can continue: publickey,password.
new_intranet: Next method to try is publickey.
new_intranet: Next method to try is password.
new_intranet: Trying password authentication.
new_intranet: Login completed, opening dummy shell channel.
new_intranet: channel 0: new [client-session]
new_intranet: Requesting channel_open for channel 0.
new_intranet: channel 0: open confirm rwindow 0 rmax 32768
new_intranet: Got channel open confirmation, requesting shell.
new_intranet: Requesting service shell on channel 0.

And stops here..

On the server side I get this message:

Dec  7 12:52:13 www005 sshd[25835]: Accepted password for master from
::ffff:XXX.XXX.XXX.XXX port 24891 ssh2 Dec  7 12:52:13 www005 sshd[25835]:
subsystem request for sftp

Is anyone out there, to help me out of my problem?

Kind regards,


Jochen Froelke


__________________________________________________________________________________________________________________________
Diese E-Mail und ihre Dateianhaenge sind fuer den angegebenen Empfaenger und/oder die Empfaengergruppe bestimmt. Wenn Sie diese E-Mail versehentlich erhalten haben, setzen Sie sich bitte mit dem Absender oder Ihrem Systembetreuer in Verbindung. Diese Fusszeile bestaetigt ausserdem, dass die E-Mail auf bekannte Viren ueberprueft wurde.

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender or the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses.

[Ssh-sftp-perl-users] Net::SFTP problem in Crypt::DH module

[Prabha A. <pr...@ne...>]

Hello All,

I am unable to open a SFTP connection using Net::SFTP - it fails in the =
Crypt::DH module.  I have the private key on my source server and have =
copied the public key to the target server.  I am stumped why Crypt::DH =
tries to generate a random number when a private key is provided. I went =
through the archives of this list and found Rob Verduijn's sample ssh / =
sftp code. I hoped that his "magic line"  would solve my problem, but it =
did not. I saw that Michael Coons had a similar problem earlier but could =
not find a post with the solution that worked for him. The error message I =
get is below and my code follows it. I am using perl 5.8.  Hope someone on =
this list can help.

Thanks,
Prabha

=97----error message-----
my_host_name: Reading configuration data /export/home/voyager/.ssh/config
my_host_name: Reading configuration data /etc/ssh_config
my_host_name: Connecting to target_name, port 22.
my_host_name: Remote protocol version 1.99, remote software version =
OpenSSH_4.0
my_host_name: Net::SSH::Perl Version 1.28, protocol version 2.0.
my_host_name: No compat match: OpenSSH_4.0.
my_host_name: Connection established.
my_host_name: Sent key-exchange init (KEXINIT), wait response.
my_host_name: Algorithms, c->s: 3des-cbc hmac-sha1 zlib
my_host_name: Algorithms, s->c: 3des-cbc hmac-sha1 zlib
Uncaught exception from user code:
        Didn't read all bytes from urandom at /usr/local/perl/5.8/lib/site_=
perl/5.8.7/Crypt/DH.pm line 99, <GEN0> line 1.
 at /usr/local/perl/5.8/lib/site_perl/5.8.7/Crypt/DH.pm line 99
        Crypt::DH::_makerandom(1023) called at /usr/local/perl/5.8/lib/site=
_perl/5.8.7/Crypt/DH.pm line 83
        Crypt::DH::_makerandom_itv(1023, 1, 'Math::BigInt=3DHASH(0xbdecdc)'=
) called at /usr/local/perl/5.8/lib/site_perl/5.8.7/Crypt/DH.pm line 58
        Crypt::DH::generate_keys('Crypt::DH=3DHASH(0xbec0fc)') called at =
/usr/local/perl/5.8/lib/site_perl/5.8.7/Net/SSH/Perl/Kex/DH1.pm line 129
        Net::SSH::Perl::Kex::DH1::_gen_key('Crypt::DH=3DHASH(0xbec0fc)') =
called at /usr/local/perl/5.8/lib/site_perl/5.8.7/Net/SSH/Perl/Kex/DH1.pm =
line 107
        Net::SSH::Perl::Kex::DH1::_dh_new_group1() called at /usr/local/per=
l/5.8/lib/site_perl/5.8.7/Net/SSH/Perl/Kex/DH1.pm line 33
        Net::SSH::Perl::Kex::DH1::exchange('Net::SSH::Perl::Kex::DH1=3DHASH=
(0x99064c)') called at /usr/local/perl/5.8/lib/site_perl/5.8.7/Net/SSH/Perl=
/Kex.pm line 100
        Net::SSH::Perl::Kex::exchange('Net::SSH::Perl::Kex::DH1=3DHASH(0x99=
064c)') called at /usr/local/perl/5.8/lib/site_perl/5.8.7/Net/SSH/Perl/SSH2=
.pm line 87
        Net::SSH::Perl::SSH2::_login('Net::SSH::Perl::SSH2=3DHASH(0x9906ac)=
') called at /usr/local/perl/5.8/lib/site_perl/5.8.7/Net/SSH/Perl/SSH2.pm =
line 66
        Net::SSH::Perl::SSH2::login('Net::SSH::Perl::SSH2=3DHASH(0x9906ac)'=
, 'voyager') called at /export/home/voyager/perl/sftptest2.pl line 39

=97------end error message-------
I have replaced the actual hostname and userid with < > in the the code =
below.=20

#!/usr/local/bin/perl-5.8

use warnings;
use strict;
use diagnostics;
use Net::SSH::Perl;
use Net::SFTP;

# 0 =3D debug off 1 =3D debug on
my $debug=3D"1";
my $host=3D"<my host name>";
my $out;
my $err;
my $exit;
my $iddsafile =3D "<home dir>/.ssh/id_dsa";

my %ssh_args =3D (
                protocol =3D> "2",
                compression =3D> "1",
                debug =3D> $debug,
                interactive =3D> "false",
               );

my %sftp_args =3D (
                user =3D> "<my userid>",
                debug =3D> $debug,
                ssh_args =3D> \%ssh_args,  #<-magic line for key-exchange
                );

# the line with the reference to the %ssh_args imports the settings you
# need to point sftp to the keys needed for key authentication

# set up ssh connection
my $ssh =3D Net::SSH::Perl->new($host, %ssh_args);
$ssh->login("<my userid>") ;

# sending a command to $ssh session
($out, $err, $exit) =3D $ssh->cmd("ls");
# print any output if any
print "STDOUT $out\n" if ($out);
print "STDERR $err\n" if ($err);
print "EXIT $exit\n" if ($exit);
# set up sftp connection
my $sftp =3D Net::SFTP->new($host, %sftp_args);
# sending a file with $sftp
($out, $err, $exit) =3D sftp->put("filesource", "filedestination");

# print any output if any
print "STDOUT $out\n" if ($out);
print "STDERR $err\n" if ($err);
print "EXIT $exit\n" if ($exit);
#end code

RE: [Ssh-sftp-perl-users] Creating a new ssh object take more than1 minute

[Sander P. <San...@da...>]

Hi Rob,

Thanks for the pointer. I had GMP installed but indeed Math::BigInt::GMP
wasn't. Indeed, all is much faster now. And you are right, I should have
searched the archives first, sorry.

	Sander=20

-----Original Message-----
From: Rob Verduijn [mailto:rob...@br...]=20
Sent: Thursday, December 01, 2005 11:24 PM
To: Sander Pool=20
Cc: ssh...@li...
Subject: Re: [Ssh-sftp-perl-users] Creating a new ssh object take more
than1 minute

Hi there,

find this on cpan
Math::BigInt::GMP
install it and the delay will be gone

Next time you might want to dig through the message archives before
asking, that would have saved you some waiting.
This question has been asked before, more than once.

Regards
Rob

Re: [Ssh-sftp-perl-users] Creating a new ssh object take more than 1 minute

[Rob V. <rob...@br...>]

Hi there,

find this on cpan
Math::BigInt::GMP
install it and the delay will be gone

Next time you might want to dig through the message archives before asking,
that would have saved you some waiting.
This question has been asked before, more than once.

Regards
Rob


Op do, 01-12-2005 te 17:23 -0800, schreef Sander Pool :
> Hello,
> 
> Creating a new ssh object takes an enormous amount of time on my system.
> Simply using ssh from the command line works instantly.
> 
> Any idea what could be taking all this time? I turned debug on and I
> noticed that several things took quite a while:
> 
> 'Algorithms, s-c: 3des-cbc hmac-sha1 none'
> 'Computing shared secret key'
> 'Verifying server signature'
> 
> Together the object takes more than a minute to create.
> 
> Then actually logging in also takes another 15 seconds or so.
> 
> Thanks,
> 
> 	Sander
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://ads.osdn.com/?ad_idv37&alloc_id865&op=click
> _______________________________________________
> Ssh-sftp-perl-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users

[Ssh-sftp-perl-users] Creating a new ssh object take more than 1 minute

[Sander P. <San...@da...>]

Hello,

Creating a new ssh object takes an enormous amount of time on my system.
Simply using ssh from the command line works instantly.

Any idea what could be taking all this time? I turned debug on and I
noticed that several things took quite a while:

'Algorithms, s-c: 3des-cbc hmac-sha1 none'
'Computing shared secret key'
'Verifying server signature'

Together the object takes more than a minute to create.

Then actually logging in also takes another 15 seconds or so.

Thanks,

	Sander

[Ssh-sftp-perl-users] Extra packet sent by SFTP, but only sometimes

[M B <mbw...@ho...>]

Perl script runs every minute to connect to a WinSSHD server to download 
files that may be present. Usually it connects and runs just fine. Every few 
hours or so (it seems to be random), during the connection attempt 
(Net::SFTP->new()), SFTP/SSH is sending an extra message that is causing the 
server to terminate the connection. This extra message is sent after 
authentication.

Here are the received messages from the server log:
SSH_MSG_CHANNEL_DATA: 5E00000001000000010A
SSH_MSG_CHANNEL_DATA: 5E0000000100000009000000050100000003

The first message is the extraneous one; on the successful connections, only 
the 2nd message is sent. Below is the log from the perl script. I can't 
really tell at what point in the code/connection process the extra message 
is being sent, or why.

Thanks in advance,
Matt

.
.
.
phil: Login completed, opening dummy shell channel.
phil: channel 0: new [client-session]
phil: Requesting channel_open for channel 0.
phil: channel 0: open confirm rwindow 16384 rmax 35840
phil: Got channel open confirmation, requesting shell.
phil: Requesting service shell on channel 0.
phil: channel 1: new [client-session]
phil: Requesting channel_open for channel 1.
phil: Sending subsystem: sftp
phil: Requesting service subsystem on channel 1.
phil: channel 1: open confirm rwindow 16384 rmax 35840
phil: sftp: Sending SSH2_FXP_INIT
phil: channel 1: rcvd eof
phil: channel 1: output open -> drain
phil: channel 1: rcvd close
phil: channel 1: input open -> closed
phil: channel 1: close_read
phil: channel 1: obuf empty
phil: channel 1: output drain -> closed
phil: channel 1: close_write
phil: channel 1: send close
phil: channel 1: full closed

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

[Ssh-sftp-perl-users] Problem using the Net::SSH::Perl package

[Ryan P. <pe...@gm...>]

Hello, I am trying to open a secure telnet connection.
when i issue this:

  use Net::SSH::Perl;
    my $ssh =3D Net::SSH::Perl->new('10.37.73.20', options =3D> ['Port 2002=
']);
    $ssh->login('system', '*******');
    my($stdout, $stderr, $exit) =3D $ssh->cmd('siloShowMaxFree');
    print $stdout;
    my($stdout, $stderr, $exit) =3D $ssh->cmd('exit');
i recieve this:

Can't locate object method "blocking" via package "IO::Handle" at
C:/Perl/site/lib/Net/SSH/Perl.pm line 212, <GEN0> line 1.

can anyone help me.

thanks
--
-Ryan

[Ssh-sftp-perl-users] Problem with NET::SSH::PERL package installation.

[Bobby J. <bob...@se...>]

Hi All,

I am trying to connect to a Black-Box running debian embedded Linux. The
script is running on WinXP. The package was successfully installed using
PPM3.

use Net::SSH::Perl;
my  $host =3D '192.168.0.179';
my  $user =3D 'root';
my  $pass =3D 'password';
my $ssh =3D Net::SSH::Perl->new ( $host, options =3D> [ "protocol 1,2",
                                                    "Port 22",
                                                    "debug 1",
                                                    "privileged false"
]);
$ssh->login($user, $pass);
my $cmd =3D'cd /etc';
my ($stdout, $stderr, $exit) =3D $ssh -> cmd($cmd);
print "\$pwSha1Sum is $pwSha1Sum\n";


Even though I have installed the Net::SSH:Perl Package and its
dependencies, I get the following error:

Can't locate loadable object for module Math::GMP in @INC (@INC
contains: s:\ctam\qa-tests\lib /ctam/qa-tests/lib C:/Perl/lib
C:/Perl/site/lib .) at C:/Perl/site/lib/Net/SSH/Perl/Util/SSH1MP.pm line
7
Compilation failed in require at
C:/Perl/site/lib/Net/SSH/Perl/Util/SSH1MP.pm line 7, <GEN0> line 1.
BEGIN failed--compilation aborted at
C:/Perl/site/lib/Net/SSH/Perl/Util/SSH1MP.pm line 7, <GEN0> line 1.
Compilation failed in require at C:/Perl/site/lib/Net/SSH/Perl/Util.pm
line 56,<GEN0> line 1.
BEGIN failed--compilation aborted at
C:/Perl/site/lib/Net/SSH/Perl/Key/RSA1.pm line 6, <GEN0> line 1.
Compilation failed in require at C:/Perl/site/lib/Net/SSH/Perl/SSH1.pm
line 13,<GEN0> line 1.
BEGIN failed--compilation aborted at
C:/Perl/site/lib/Net/SSH/Perl/SSH1.pm line
13, <GEN0> line 1.
Compilation failed in require at C:/Perl/site/lib/Net/SSH/Perl.pm line
55, <GEN0> line 1.

Any idea's as to what I have done wrong.=20

Bobby Jafari
Test Engineer
Senetas Security Pty Ltd
Office: +61 3 9868 4529
Mobile: +61 404 089 021
E-Mail: bob...@se...

[Ssh-sftp-perl-users] Can not connect to windows OpenSSH server

[Sander P. <San...@da...>]

Hello,

After a lengthy battle with various dependencies I finally got
net::ssh::perl 1.28 installed. I tried .29 at first but ran into the
IO::blocking problem so reverted to .28. Now the issue is that I can't
get a connection going with OpenSSH running on a Windows XP box under
Cygwin. The error that I get is 'Selected cipher type not supported by
server'. I left both the server and the client at default. Ssh from the
command line (same Linux box) works fine.

Any suggestions? I may try Net::SSH2 and see if that works.

Thanks,

   Sander

[Ssh-sftp-perl-users] Make error on Net-SSH2-0.03

[Randall P. <ran...@ya...>]

 I am trying to make Net-SSH2 under cygwin and I get the following error:
  bash-2.05b$ make
  bash: /c: No such file or directory
  make: *** [blib/lib/Net/.exists] Error 127
  
  I do not understand the .exists file purpose.
  


Randall Paige
Cell # 404 218-0241
		
---------------------------------
 Yahoo! FareChase - Search multiple travel sites in one click.  

Re: [Ssh-sftp-perl-users] Detecting connection closed by server.

[Enrique de A. S. <enr...@pc...>]

I will try the different options you have given me.
Thanks,
Enrique.

Mark A. Fuller wrote:
>>I have next problems, sometimes it's possible that ssh server close SSH
>>connection. Then, requests sent by the client has not response, but it
>>is unable to detect it.
> 
> 
> What happens in that case? Does net::ssh die? Or, does it never timeout?  
> 
> I found a few cases where net::ssh dies. I had to surround my net:ssh activity with an "eval" so I could interrogate $@ to see if it died. I also had to collect Perl warnings because net::ssh may issue one or two prior to dieing and those first one or two would be more meaningful than the message when it dies. I did something like this:
> 
> ==========
> @warnings = (); # empty array
> 
> $SIG{'__WARN__'} = sub { $warnings[$#warnings + 1] = $_[0]; };
> 
> eval {
>   # The net::ssh action which may die
> };
> 
> $SIG{'__WARN__'} = 'DEFAULT';
>  
> 
> #-------------------------------------------------------------------------------
> # Write failure response.
> #-------------------------------------------------------------------------------
> if (($#warnings > -1) or (!defined($sftp) or !$sftp) ) {
> 
>   for (@warnings) {
>     print STDERR $_;
>   } 
> 
>   exit 99;
> 
> }
> ========================
> 
> I posted an exact example a few months ago, but I can't get to the mailing list's archive at the moment. You can search for "eval" and look at the few things I posted. 
> 
> If the problem is that your connection never times out, you can do something like this:
> 
> ==================
> eval {
>         local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required
>         alarm 10;
>         #net::ssh action that may hang
>         alarm 0;
>     };
> if ($@) {
>         die unless $@ eq "alarm\n";   # propagate unexpected errors
>         # timed out
> }
> else {
>         # didn't timeout
> }
> ===================
> 
> You can nest the two evals to protect against either case. But, you want to make sure you don't have a race condition if the command dies and you haven't turned off the alarm yet.
> 
> FWIW, I began using expect.pm to drive my native ssh/sftp/scp binaries. To me it's faster and simpler. The big positive is that if something doesn't work right, I can run the binary and see exactly what my script (using expect.pm) sees. There's no differences between my command line use and what happens in my scripts. I posted an example of how to do this a few months ago too.
> 
> Mark
> 
> 
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App Server. Download
> it for free - -and be entered to win a 42" plasma tv or your very own
> Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
> _______________________________________________
> Ssh-sftp-perl-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users
> 
> 
> 

Re: [Ssh-sftp-perl-users] Net::SSH2 available on CPAN

[<DGe...@wi...>]

David,

I have successfully tested Net::SSH2 as a replacement for Net::SFTP. I 
have installed tested this component on RedHat EL 3.0 and few other Linux 
distributions like Slackware and Gentoo.

I have been using SFTP to collect various report files from server nodes 
on the network. SFTP proved to be complicated to configure and control. 
Particularly annoying part was that it would
try user authentication with empty password even if I tried to force it to 
use public key authentication. 
The second disadvantage of using SFTP was its speed. On slow test 
machines, Pentium III with 256 MB RAM, it would take forever just to 
complete the authentication part of the transaction.

On the same Pentium III machine SSH2 excelled and completed the file 
transfer in a half of a second.

I am missing in SSH2 debug output similar to ssh -v. SFTP has option 
called debug that enables me to turn off/on this feature. I found it very 
useful when debugging issues. I don't know, maybe it is there I just 
couldn't find it.

And at the end I'll mention a problem in using SSH2. If my script tries to 
get the list of authentication methods before the authentication takes 
place, the authentication would fail and error method is not returning any 
message/code back.

This code produces the following:
Authentication failed with my.network.server
Errors 0 

#!/usr/bin/perl
use Net::SSH2;

my $ssh2 = Net::SSH2->new();

$ssh2->connect('my.network.server');
my $alist = $ssh2->auth_list();

if ($ssh2->auth_publickey ( 'cntlserv', 
'/my-rsa-public-key-location/id_rsa.pub', 
'/my-rsa-private-key-location/id_rsa'))
  {
                print "Authentication OK with my.network.server\n";

                $ssh2->scp_get('sar_data.xml');
 }
  else
  {
                print "Authentication failed with my.network.server \n";
                my @erors = $ssh2->error;
                print "Errors @erors \n";
  }

I am still learning to use SSH2 so there is always the possibility I 
missed something.

Thanks,

Dimitar 




David Robins <dbr...@cp...> 
Sent by: ssh...@li...
11/03/2005 02:03 AM

To
ssh...@li...
cc

Subject
[Ssh-sftp-perl-users] Net::SSH2 available on CPAN






As promised, I've created Net::SSH2, based on the excellent libSSH2 
library (http://www.libssh2.org).  Version 0.03 is up on CPAN (although it 
may not be indexed yet); see http://search.cpan.org/~dbrobins/Net-SSH2.

It has several advantages over Net::SSH::Perl:

-       Fewer dependencies: it only requires libSSH2, which only requires 
OpenSSL (http://www.openssl.org), which is likely to be installed most 
places.
-       No SSH1 baggage (downside: no SSH1 support).  This means it's able 
to offer new features and architecture.
-       SFTP and SCP support.
-       Supports many authentication and encryption methods (see list on 
libSSH2 home page).
-       Object-oriented: channel, SFTP, file, directory, and listener 
objects.
-       Win32 support (not tested, but libSSH2 works on Windows, so 
Net::SSH2 should too).
-       Channels can be reused (this should help the Cisco router folks).
-       Very fast C implementation.
-       Tied handle interface to make it possible to use getline/<> on 
remote files and channels.
- Polling interface for channels and listeners.

I will continue to maintain Net::SSH::Perl, but for certain issues (such 
as channels) I will refer people to Net::SSH2.

What's needed now is people to test the new module and to comment on the 
architecture; changes certainly can and will be made at this point.

Sample code illustrating several ways to read /etc/passwd:

use Net::SSH2;
use IO::Scalar;

my $ssh2 = Net::SSH2->new;
die "can't connect" unless $ssh2->connect('localhost');
# use an interactive authentication method with default callback
# (if a password is provided here, it will forward it without prompting)
die "can't authenticate"
 unless $ssh2->auth(username => scalar getpwuid($<), interact => 1);

sub _read {
    my $handle = shift;
    while (my $line = <$handle>) {
        chomp $line;
        $line =~ s/:.*$//;
        print "found user '$line'\n";
    }
}

# (a) read using SCP
my $passwd = IO::Scalar->new;
die "can't fetch /etc/passwd" unless
 $ssh2->scp_get('/etc/passwd', $passwd);
$passwd->seek(0, 0);
_read($passwd);

# (b) read a line at a time with SFTP
my $sftp = $ssh2->sftp;
my $file = $sftp->open('/etc/passwd') or die;
_read($file);

# (c) type it over a channel
$chan = $ssh2->channel;
$chan->exec('cat /etc/passwd') or die;
_read($chan);

-- 
David Robins


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. 
Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Ssh-sftp-perl-users mailing list
Ssh...@li...
https://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users

Re: [Ssh-sftp-perl-users] Detecting connection closed by server.

[Mark A. F. <mar...@ea...>]

> I have next problems, sometimes it's possible that ssh server close SSH
> connection. Then, requests sent by the client has not response, but it
> is unable to detect it.

What happens in that case? Does net::ssh die? Or, does it never timeout?  

I found a few cases where net::ssh dies. I had to surround my net:ssh activity with an "eval" so I could interrogate $@ to see if it died. I also had to collect Perl warnings because net::ssh may issue one or two prior to dieing and those first one or two would be more meaningful than the message when it dies. I did something like this:

==========
@warnings = (); # empty array

$SIG{'__WARN__'} = sub { $warnings[$#warnings + 1] = $_[0]; };

eval {
  # The net::ssh action which may die
};

$SIG{'__WARN__'} = 'DEFAULT';
 

#-------------------------------------------------------------------------------
# Write failure response.
#-------------------------------------------------------------------------------
if (($#warnings > -1) or (!defined($sftp) or !$sftp) ) {

  for (@warnings) {
    print STDERR $_;
  } 

  exit 99;

}
========================

I posted an exact example a few months ago, but I can't get to the mailing list's archive at the moment. You can search for "eval" and look at the few things I posted. 

If the problem is that your connection never times out, you can do something like this:

==================
eval {
        local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required
        alarm 10;
        #net::ssh action that may hang
        alarm 0;
    };
if ($@) {
        die unless $@ eq "alarm\n";   # propagate unexpected errors
        # timed out
}
else {
        # didn't timeout
}
===================

You can nest the two evals to protect against either case. But, you want to make sure you don't have a race condition if the command dies and you haven't turned off the alarm yet.

FWIW, I began using expect.pm to drive my native ssh/sftp/scp binaries. To me it's faster and simpler. The big positive is that if something doesn't work right, I can run the binary and see exactly what my script (using expect.pm) sees. There's no differences between my command line use and what happens in my scripts. I posted an example of how to do this a few months ago too.

Mark

Re: [Ssh-sftp-perl-users] Detecting connection closed by server.

[Rhugga H. <rh...@gm...>]

You can look into some of the raw ssh stuff that Net::SSH::Perl supports.
But I believe there is a method you can use to check if your connection is
still defined. (Working from memory here)

As a sidenote, Net::SSH::Perl is much slower than just forking your own
connection in perl. I just spent weeks trying to tune this and the best I
can achieve is a 4 second latency with Net::SSH::Perl. (And with 25k+ hosts=
,
4 seconds means alot) However, this code connects in sub-second:

open(RMT_CMD, "$ssh $server $cmd |") or die "Unable to open pipe: $!\n";

while (<RMT_CMD>) {
.....

The only downfall to this method is it is harder to check your $cmd's retur=
n
code. (In some cases I couldn't check it at all)


The same author is also working on Net::SSH2 which is supposed to be much
faster but I haven't been able to get it compiled yet.

Hope this helps,
rhugga

On 11/14/05, Enrique de Andres Saiz <enr...@pc...> wrote:
>
> Hi,
>
> I'm doing a little program which sends command to anothe machine
> periodically. The code of this program is basically the next one:
>
> my $ssh =3D Net::SSH::Perl->new($host, protocol =3D> 2, compression =3D> =
1,
> debug =3D> 1);
> $ssh->login($user, $pass);
>
> my $i;
> for ($i=3D0; $i<10; $i++) {
> print "Iteration $i\n";
> my ($out, $err, $exit) =3D $ssh->cmd("ls");
> print ($out, $err, $exit, "\n");
> sleep 60;
> }
>
> I'm using SSH-2 to avoid authenticate myself each time I send a command
> (it's very important for me because time reasons).
>
> I have next problems, sometimes it's possible that ssh server close SSH
> connection. Then, requests sent by the client has not response, but it
> is unable to detect it.
>
> Has anybody any idea about how to detect that server has closed the
> connection?
>
> Thanks in advance,
>
> Enrique.
>
>
>
> -------------------------------------------------------
> SF.Net email is sponsored by:
> Tame your development challenges with Apache's Geronimo App Server.
> Download
> it for free - -and be entered to win a 42" plasma tv or your very own
> Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
> _______________________________________________
> Ssh-sftp-perl-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users
>

[Ssh-sftp-perl-users] Detecting connection closed by server.

[Enrique de A. S. <enr...@pc...>]

Hi,

I'm doing a little program which sends command to anothe machine 
periodically. The code of this program is basically the next one:

my $ssh = Net::SSH::Perl->new($host, protocol => 2, compression => 1, 
debug => 1);
$ssh->login($user, $pass);

my $i;
for ($i=0; $i<10; $i++) {
	print "Iteration $i\n";
	my ($out, $err, $exit) = $ssh->cmd("ls");
	print ($out, $err, $exit, "\n");
	sleep 60;
}

I'm using SSH-2 to avoid authenticate myself each time I send a command 
(it's very important for me because time reasons).

I have next problems, sometimes it's possible that ssh server close SSH 
connection. Then, requests sent by the client has not response, but it 
is unable to detect it.

Has anybody any idea about how to detect that server has closed the 
connection?

Thanks in advance,

Enrique.

Re: [Ssh-sftp-perl-users] Problems Building Net::SSH2 on RH AS3 U4

[David R. <dbr...@cp...>]

On Monday November 7, 2005 22:25, David Robins wrote:
> On Monday November 7, 2005 10:14, Rhugga Harper wrote:
> > I am having trouble building Net::SSH2 0.03 on a RH AS3U4 system.
> ...
> > However, when I do 'perl Makefile.PL && make' It dies with this:
> <snip>
> 
> Mea culpa.  Looks like my gcc settings are defaulting to some permissive 
> dialect (c99?); when I add -std=c89 and -Wall to CFLAGS, it goes bananas as 
> it should.
> 
> I've got a fix ready for 0.04, I just want to add public key objects for the 
> new libssh2 0.12 public key support; I expect to upload it to CPAN today.

Net::SSH2 0.04 is available on CPAN; please let me know if it works for you.

Thanks,

-- 
Dave
Isa. 40:31

Re: [Ssh-sftp-perl-users] Problems Building Net::SSH2 on RH AS3 U4

[David R. <dbr...@cp...>]

On Monday November 7, 2005 10:14, Rhugga Harper wrote:
> I am having trouble building Net::SSH2 0.03 on a RH AS3U4 system.
...
> However, when I do 'perl Makefile.PL && make' It dies with this:
<snip>

Mea culpa.  Looks like my gcc settings are defaulting to some permissive 
dialect (c99?); when I add -std=c89 and -Wall to CFLAGS, it goes bananas as 
it should.

I've got a fix ready for 0.04, I just want to add public key objects for the 
new libssh2 0.12 public key support; I expect to upload it to CPAN today.

-- 
Dave
Isa. 40:31

[Ssh-sftp-perl-users] Problems Building Net::SSH2 on RH AS3 U4

[Rhugga H. <rh...@gm...>]

I am having trouble building Net::SSH2 0.03 on a RH AS3U4 system.

First I tried using the default openssl lib. I then built a copy of
openssl-0.9.8a into /usr/local/openssl-0.9.8a. I then built libssh2 using
this new openssl dir:
adcinfops02:/usr/local/lib #ldd libssh2.so
/etc/libcwait.so =3D> /etc/libcwait.so (0x5501c000)
libcrypto.so.0.9.8 =3D> /usr/local/openssl-0.9.8a/lib/libcrypto.so.0.9.8
(0x5501e000)
libz.so.1 =3D> /usr/lib/libz.so.1 (0x55140000)
libm.so.6 =3D> /lib/tls/libm.so.6 (0x5514e000)
libc.so.6 =3D> /lib/tls/libc.so.6 (0x55170000)
libdl.so.2 =3D> /lib/libdl.so.2 (0x552a8000)
/lib/ld-linux.so.2 =3D> /lib/ld-linux.so.2 (0xf65e9000)

I then also made sure the following were defined in LDFLAGS and CPPFLAGS:
"-L/usr/local/openssl-0.9.8a/lib -L/usr/local/lib" and
"-I/usr/local/openssl-0.9.8a/include/openssl -I/usr/local/include". (This
accounts for all ssl related header and lib files)

However, when I do 'perl Makefile.PL && make' It dies with this:

adcinfops02:/var/spool/cpan/build/Net-SSH2-0.03 #perl Makefile.PL
Net::SSH2: using library -L/usr/local/lib -lssh2 and include path
-I/usr/local/include.
Writing Makefile for Net::SSH2

adcinfops02:/var/spool/cpan/build/Net-SSH2-0.03 #make
gcc -c -I/usr/local/openssl-0.9.8a/include/openssl -I/usr/local/include -I.
-D_REENTRANT -D_GNU_SOURCE -DTHREADS_HAVE_PIDS -DDEBUGGING
-fno-strict-aliasing -I/usr/local/include -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=3D64 -I/usr/include/gdbm -O2 -g -pipe -march=3Di386
-mcpu=3Di686 -DVERSION=3D\"0.03\" -DXS_VERSION=3D\"0.03\" -fPIC
"-I/usr/lib/perl5/5.8.0/i386-linux-thread-multi/CORE" SSH2.c
SSH2.xs: In function `XS_Net__SSH2__startup':
SSH2.xs:670: parse error before `int'
SSH2.xs:671: `success' undeclared (first use in this function)
SSH2.xs:671: (Each undeclared identifier is reported only once
SSH2.xs:671: for each function it appears in.)
SSH2.c: In function `XS_Net__SSH2_channel':
SSH2.c:1342: parse error before `*'
SSH2.c:1342: `nsv' undeclared (first use in this function)
SSH2.c:1342: parse error before `)'
SSH2.c:1345: `gv' undeclared (first use in this function)
SSH2.c:1346: `io' undeclared (first use in this function)
SSH2.c:1347: `RETVAL' undeclared (first use in this function)
SSH2.c:1348: `name' undeclared (first use in this function)
SSH2.c: At top level:
SSH2.c:1354: parse error before `void'
SSH2.c: In function `XS_Net__SSH2__scp_get':
SSH2.c:1399: parse error before `*'
SSH2.c:1399: `nsv' undeclared (first use in this function)
SSH2.c:1399: parse error before `)'
SSH2.c:1402: `gv' undeclared (first use in this function)
SSH2.c:1403: `io' undeclared (first use in this function)
SSH2.c:1404: `RETVAL' undeclared (first use in this function)
SSH2.c:1405: `name' undeclared (first use in this function)
SSH2.c: At top level:
SSH2.c:1411: parse error before `void'
SSH2.c: In function `XS_Net__SSH2__scp_put':
SSH2.c:1451: parse error before `*'
SSH2.c:1451: `nsv' undeclared (first use in this function)
SSH2.c:1451: parse error before `)'
SSH2.c:1454: `gv' undeclared (first use in this function)
SSH2.c:1455: `io' undeclared (first use in this function)
SSH2.c:1456: `RETVAL' undeclared (first use in this function)
SSH2.c:1457: `name' undeclared (first use in this function)
SSH2.c: At top level:
SSH2.c:1463: parse error before `void'
SSH2.c: In function `XS_Net__SSH2_tcpip':
SSH2.c:1505: parse error before `*'
SSH2.c:1505: `nsv' undeclared (first use in this function)
SSH2.c:1505: parse error before `)'
SSH2.c:1508: `gv' undeclared (first use in this function)
SSH2.c:1509: `io' undeclared (first use in this function)
SSH2.c:1510: `RETVAL' undeclared (first use in this function)
SSH2.c:1511: `name' undeclared (first use in this function)
SSH2.c: At top level:
SSH2.c:1517: parse error before `void'
SSH2.c: In function `XS_Net__SSH2__Listener_accept':
SSH2.c:2269: parse error before `*'
SSH2.c:2269: `nsv' undeclared (first use in this function)
SSH2.c:2269: parse error before `)'
SSH2.c:2272: `gv' undeclared (first use in this function)
SSH2.c:2273: `io' undeclared (first use in this function)
SSH2.c:2274: `RETVAL' undeclared (first use in this function)
SSH2.c:2275: `name' undeclared (first use in this function)
SSH2.c: At top level:
SSH2.c:2281: parse error before `void'
SSH2.c: In function `XS_Net__SSH2__SFTP_open':
SSH2.c:2454: parse error before `*'
SSH2.c:2454: `nsv' undeclared (first use in this function)
SSH2.c:2454: parse error before `)'
SSH2.c:2457: `gv' undeclared (first use in this function)
SSH2.c:2458: `io' undeclared (first use in this function)
SSH2.c:2459: `RETVAL' undeclared (first use in this function)
SSH2.c:2460: `name' undeclared (first use in this function)
SSH2.c: At top level:
SSH2.c:2466: parse error before `void'
make: *** [SSH2.o] Error 1

I'm sur eits something obvious but it eludes me at this point. Anyone have
any suggestions?
Thanks
CC

RE: [Ssh-sftp-perl-users] SSH Connections have 15-second Latency

[Eric L. <net...@er...>]

Thanks to David Funk for providing this as a fix to the list earlier. 

 

 

I installed IO::Handle 

Then installed Math::BigInt::GMP 

I installed these and my latency problems went away. 

 

You can also try the new Net::SSH2 module which is supposed to be quite
fast. I'm just starting to test it for some of my jobs.

 

 

 

  _____  

From: ssh...@li...
[mailto:ssh...@li...] On Behalf Of Rhugga
Harper
Sent: Saturday, November 05, 2005 2:38 PM
To: SSH-Perl List
Subject: [Ssh-sftp-perl-users] SSH Connections have 15-second Latency

 

Hey All,

 

I am using Net::SSH::Perl 1.29 on a Red Hat AS3 U4 system. (This is perl,
v5.8.0 built for i386-linux-thread-multi) When making a simple connection to
several host systems there is a 15-second latency during the connection. I
have played with different ciphers and etc... 

 

This might be related to a problem I found using just plain ssh in a bash
shell. When I connect with X11Forwading enabled, there is about a 5 second
pause here:

 

ssh -X -v -v myhost uptime

debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start 
debug2: x11_get_proto: /usr/bin/X11/xauth -f /tmp/ssh-DFJeCM7583/xauthfile
generate unix:22.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null

 

After I see this line displayed on the console, it hangs for about 5
seconds. The next line displayed is this:

debug2: x11_get_proto: /usr/bin/X11/xauth -f /tmp/ssh-DFJeCM7583/xauthfile
list unix:22.0 . 2>/dev/null

 

Using 'ssh -x -v -v myhost uptime' the connection is sub-second.

 

So, I created a /root/.ssh/config file and disabled all X11 stuff and the
Agent forwarding as well, however, I get a latency when connecting. (Its
longer than I get from the command line test)

 

Here is the debug 2 output: (you should be able to glean all relevant SSH
versions from this output)

[root@adcinfops02 admin]# ./test.pl
adcinfops02: Reading configuration data /root/.ssh/config
adcinfops02: Reading configuration data /etc/ssh_config
adcinfops02: Allocated local port 1023.
adcinfops02: Connecting to adcbkp1, port 22. 
adcinfops02: Remote protocol version 2.0, remote software version
OpenSSH_3.8.1p1
adcinfops02: Net::SSH::Perl Version 1.29, protocol version 2.0.
adcinfops02: No compat match: OpenSSH_3.8.1p1.
adcinfops02: Connection established. 
adcinfops02: Sent key-exchange init (KEXINIT), wait response.
adcinfops02: Algorithms, c->s: 3des-cbc hmac-sha1 none
adcinfops02: Algorithms, s->c: 3des-cbc hmac-sha1 none

IT FIRST HANGS HERE FOR ABOUT 5 SECONDS


adcinfops02: Entering Diffie-Hellman Group 1 key exchange.
adcinfops02: Sent DH public key, waiting for reply.
adcinfops02: Received host key, type 'ssh-dss'.
adcinfops02: Host 'adcbkp1' is known and matches the host key. 
adcinfops02: Computing shared secret key.

IT HANGS HERE FOR ABOUT 5 SECONDS


adcinfops02: Verifying server signature.

IT HANGS HERE FOR ABOUT 3 SECONDS


adcinfops02: Waiting for NEWKEYS message.
adcinfops02: Enabling incoming encryption/MAC/compression.
adcinfops02: Send NEWKEYS, enable outgoing encryption/MAC/compression.
adcinfops02: Sending request for user-authentication service. 
adcinfops02: Service accepted: ssh-userauth.
adcinfops02: Trying empty user-authentication request.
adcinfops02: Authentication methods that can continue:
publickey,password,keyboard-interactive.
adcinfops02: Next method to try is publickey. 
adcinfops02: Trying pubkey authentication with key file '/root/.ssh/id_dsa'
adcinfops02: Login completed, opening dummy shell channel.
adcinfops02: channel 0: new [client-session]
adcinfops02: Requesting channel_open for channel 0. 
adcinfops02: channel 0: open confirm rwindow 0 rmax 32768
adcinfops02: Got channel open confirmation, requesting shell.
adcinfops02: Requesting service shell on channel 0.
adcinfops02: channel 1: new [client-session] 
adcinfops02: Requesting channel_open for channel 1.
adcinfops02: Entering interactive session.
adcinfops02: Sending command: uptime
adcinfops02: Requesting service exec on channel 1.
adcinfops02: channel 1: open confirm rwindow 0 rmax 32768 
adcinfops02: channel 1: rcvd eof
adcinfops02: channel 1: output open -> drain
adcinfops02: channel 1: obuf empty
adcinfops02: channel 1: output drain -> closed
adcinfops02: channel 1: close_write 
adcinfops02: input_channel_request: rtype exit-status reply 0
adcinfops02: channel 1: rcvd close
adcinfops02: channel 1: input open -> closed
adcinfops02: channel 1: close_read
adcinfops02: channel 1: send close 
adcinfops02: channel 1: full closed
  1:27pm  up 17 day(s),  8:22,  4 users,  load average: 1.77, 2.48, 2.31

exit=0
adcinfops02: channel 2: new [client-session]
adcinfops02: Requesting channel_open for channel 2.
adcinfops02: Entering interactive session.
adcinfops02: Sending command: date
adcinfops02: Requesting service exec on channel 2. 
adcinfops02: channel 2: open confirm rwindow 0 rmax 32768
adcinfops02: channel 2: rcvd eof
adcinfops02: channel 2: output open -> drain
adcinfops02: input_channel_request: rtype exit-status reply 0
adcinfops02: channel 2: rcvd close 
adcinfops02: channel 2: input open -> closed
adcinfops02: channel 2: close_read
adcinfops02: channel 2: obuf empty
adcinfops02: channel 2: output drain -> closed
adcinfops02: channel 2: close_write
adcinfops02: channel 2: send close
adcinfops02: channel 2: full closed
Sat Nov  5 13:27:08 PST 2005

exit=0

The code used for the second example above is as follows:

#!/usr/bin/perl

use Net::SSH::Perl;

my %ssh_config =        (
                        "ForwardAgent"          => "no",
                        "ForwardX11"            => "no",
                        "ForwardX11Trusted"     => "no", 
                        "Protocol"              => "2"
                        );


my $ssh = Net::SSH::Perl->new("adcbkp1", debug => 2);

$ssh->login();

my ($stdout, $stderr, $exit) = $ssh->cmd('uptime'); 
print STDOUT "$stdout\n";
print STDOUT "exit=$exit\n";

my ($stdout, $stderr, $exit) = $ssh->cmd('date');
print STDOUT "$stdout\n";
print STDOUT "exit=$exit\n";
exit 0;

Anyone have any ideas??? I need to use this module to monitor hundreds of
hosts but a 15+ second latency will not work for us.

Thanks for any help,

CC

[Ssh-sftp-perl-users] SSH Connections have 15-second Latency

[Rhugga H. <rh...@gm...>]

Hey All,
 I am using Net::SSH::Perl 1.29 on a Red Hat AS3 U4 system. (This is perl,
v5.8.0 built for i386-linux-thread-multi) When making a simple connection t=
o
several host systems there is a 15-second latency during the connection. I
have played with different ciphers and etc...
 This might be related to a problem I found using just plain ssh in a bash
shell. When I connect with X11Forwading enabled, there is about a 5 second
pause here:
 ssh -X -v -v myhost uptime
debug1: read PEM private key done: type DSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: x11_get_proto: /usr/bin/X11/xauth -f /tmp/ssh-DFJeCM7583/xauthfile
generate unix:22.0 MIT-MAGIC-COOKIE-1 untrusted timeout 1200 2>/dev/null
 After I see this line displayed on the console, it hangs for about 5
seconds. The next line displayed is this:
debug2: x11_get_proto: /usr/bin/X11/xauth -f /tmp/ssh-DFJeCM7583/xauthfile
list unix:22.0 . 2>/dev/null
 Using 'ssh -x -v -v myhost uptime' the connection is sub-second.
 So, I created a /root/.ssh/config file and disabled all X11 stuff and the
Agent forwarding as well, however, I get a latency when connecting. (Its
longer than I get from the command line test)
 Here is the debug 2 output: (you should be able to glean all relevant SSH
versions from this output)

[root@adcinfops02 admin]# ./test.pl
adcinfops02: Reading configuration data /root/.ssh/config
adcinfops02: Reading configuration data /etc/ssh_config
adcinfops02: Allocated local port 1023.
adcinfops02: Connecting to adcbkp1, port 22.
adcinfops02: Remote protocol version 2.0, remote software version
OpenSSH_3.8.1p1
adcinfops02: Net::SSH::Perl Version 1.29, protocol version 2.0.
adcinfops02: No compat match: OpenSSH_3.8.1p1.
adcinfops02: Connection established.
adcinfops02: Sent key-exchange init (KEXINIT), wait response.
adcinfops02: Algorithms, c->s: 3des-cbc hmac-sha1 none
adcinfops02: Algorithms, s->c: 3des-cbc hmac-sha1 none

IT FIRST HANGS HERE FOR ABOUT 5 SECONDS


adcinfops02: Entering Diffie-Hellman Group 1 key exchange.
adcinfops02: Sent DH public key, waiting for reply.
adcinfops02: Received host key, type 'ssh-dss'.
adcinfops02: Host 'adcbkp1' is known and matches the host key.
adcinfops02: Computing shared secret key.

IT HANGS HERE FOR ABOUT 5 SECONDS


adcinfops02: Verifying server signature.

IT HANGS HERE FOR ABOUT 3 SECONDS


adcinfops02: Waiting for NEWKEYS message.
adcinfops02: Enabling incoming encryption/MAC/compression.
adcinfops02: Send NEWKEYS, enable outgoing encryption/MAC/compression.
adcinfops02: Sending request for user-authentication service.
adcinfops02: Service accepted: ssh-userauth.
adcinfops02: Trying empty user-authentication request.
adcinfops02: Authentication methods that can continue:
publickey,password,keyboard-interactive.
adcinfops02: Next method to try is publickey.
adcinfops02: Trying pubkey authentication with key file '/root/.ssh/id_dsa'
adcinfops02: Login completed, opening dummy shell channel.
adcinfops02: channel 0: new [client-session]
adcinfops02: Requesting channel_open for channel 0.
adcinfops02: channel 0: open confirm rwindow 0 rmax 32768
adcinfops02: Got channel open confirmation, requesting shell.
adcinfops02: Requesting service shell on channel 0.
adcinfops02: channel 1: new [client-session]
adcinfops02: Requesting channel_open for channel 1.
adcinfops02: Entering interactive session.
adcinfops02: Sending command: uptime
adcinfops02: Requesting service exec on channel 1.
adcinfops02: channel 1: open confirm rwindow 0 rmax 32768
adcinfops02: channel 1: rcvd eof
adcinfops02: channel 1: output open -> drain
adcinfops02: channel 1: obuf empty
adcinfops02: channel 1: output drain -> closed
adcinfops02: channel 1: close_write
adcinfops02: input_channel_request: rtype exit-status reply 0
adcinfops02: channel 1: rcvd close
adcinfops02: channel 1: input open -> closed
adcinfops02: channel 1: close_read
adcinfops02: channel 1: send close
adcinfops02: channel 1: full closed
1:27pm up 17 day(s), 8:22, 4 users, load average: 1.77, 2.48, 2.31

exit=3D0
adcinfops02: channel 2: new [client-session]
adcinfops02: Requesting channel_open for channel 2.
adcinfops02: Entering interactive session.
adcinfops02: Sending command: date
adcinfops02: Requesting service exec on channel 2.
adcinfops02: channel 2: open confirm rwindow 0 rmax 32768
adcinfops02: channel 2: rcvd eof
adcinfops02: channel 2: output open -> drain
adcinfops02: input_channel_request: rtype exit-status reply 0
adcinfops02: channel 2: rcvd close
adcinfops02: channel 2: input open -> closed
adcinfops02: channel 2: close_read
adcinfops02: channel 2: obuf empty
adcinfops02: channel 2: output drain -> closed
adcinfops02: channel 2: close_write
adcinfops02: channel 2: send close
adcinfops02: channel 2: full closed
Sat Nov 5 13:27:08 PST 2005

exit=3D0

The code used for the second example above is as follows:

#!/usr/bin/perl

use Net::SSH::Perl;

my %ssh_config =3D (
"ForwardAgent" =3D> "no",
"ForwardX11" =3D> "no",
"ForwardX11Trusted" =3D> "no",
"Protocol" =3D> "2"
);


my $ssh =3D Net::SSH::Perl->new("adcbkp1", debug =3D> 2);

$ssh->login();

my ($stdout, $stderr, $exit) =3D $ssh->cmd('uptime');
print STDOUT "$stdout\n";
print STDOUT "exit=3D$exit\n";

my ($stdout, $stderr, $exit) =3D $ssh->cmd('date');
print STDOUT "$stdout\n";
print STDOUT "exit=3D$exit\n";
exit 0;

Anyone have any ideas??? I need to use this module to monitor hundreds of
hosts but a 15+ second latency will not work for us.

Thanks for any help,

CC

[Ssh-sftp-perl-users] Net::SSH2 available on CPAN

[David R. <dbr...@cp...>]

As promised, I've created Net::SSH2, based on the excellent libSSH2 library=
 (http://www.libssh2.org). =A0Version 0.03 is up on CPAN (although it may n=
ot be indexed yet); see http://search.cpan.org/~dbrobins/Net-SSH2.

It has several advantages over Net::SSH::Perl:

=2D=A0=A0=A0=A0=A0=A0=A0Fewer dependencies: it only requires libSSH2, which=
 only requires OpenSSL (http://www.openssl.org), which is likely to be inst=
alled most places.
=2D=A0=A0=A0=A0=A0=A0=A0No SSH1 baggage (downside: no SSH1 support). =A0Thi=
s means it's able to offer new features and architecture.
=2D=A0=A0=A0=A0=A0=A0=A0SFTP and SCP support.
=2D=A0=A0=A0=A0=A0=A0=A0Supports many authentication and encryption methods=
 (see list on libSSH2 home page).
=2D=A0=A0=A0=A0=A0=A0=A0Object-oriented: channel, SFTP, file, directory, an=
d listener objects.
=2D=A0=A0=A0=A0=A0=A0=A0Win32 support (not tested, but libSSH2 works on Win=
dows, so Net::SSH2 should too).
=2D=A0=A0=A0=A0=A0=A0=A0Channels can be reused (this should help the Cisco =
router folks).
=2D=A0=A0=A0=A0=A0=A0=A0Very fast C implementation.
=2D=A0=A0=A0=A0=A0=A0=A0Tied handle interface to make it possible to use ge=
tline/<> on remote files and channels.
=2D Polling interface for channels and listeners.

I will continue to maintain Net::SSH::Perl, but for certain issues (such as=
 channels) I will refer people to Net::SSH2.

What's needed now is people to test the new module and to comment on the ar=
chitecture; changes certainly can and will be made at this point.

Sample code illustrating several ways to read /etc/passwd:

use Net::SSH2;
use IO::Scalar;

my $ssh2 =3D Net::SSH2->new;
die "can't connect" unless $ssh2->connect('localhost');
# use an interactive authentication method with default callback
# (if a password is provided here, it will forward it without prompting)
die "can't authenticate"
 unless $ssh2->auth(username =3D> scalar getpwuid($<), interact =3D> 1);

sub _read {
    my $handle =3D shift;
    while (my $line =3D <$handle>) {
        chomp $line;
        $line =3D~ s/:.*$//;
        print "found user '$line'\n";
    }
}

# (a) read using SCP
my $passwd =3D IO::Scalar->new;
die "can't fetch /etc/passwd" unless
 $ssh2->scp_get('/etc/passwd', $passwd);
$passwd->seek(0, 0);
_read($passwd);

# (b) read a line at a time with SFTP
my $sftp =3D $ssh2->sftp;
my $file =3D $sftp->open('/etc/passwd') or die;
_read($file);

# (c) type it over a channel
$chan =3D $ssh2->channel;
$chan->exec('cat /etc/passwd') or die;
_read($chan);

=2D-=20
David Robins