ssh-sftp-perl-users — For users and developers of the Perl SSH and SFTP modules

[Ssh-sftp-perl-users] Login with DSA keys slow, RSA keys fast

[Michael S. <msc...@gm...>]

Hello,
I have an odd problem.  I am trying to use the Perl Net::SSH::Perl library,
v 1.34 from a RHEL 5.3 box to ssh into another RHEL 5.3 box (pretty
vanilla), or to ssh locally (as a test) on a single RHEL5.3 box.  I am
simply executing "hostname" at the moment.

The problem is, it goes very quickly if I use an rsa public/private keypair.
 Always.  On the other hand, dsa usually takes a much longer time.  It can
take 30 seconds to login if going from host-to-host.  Ssh'ing from localhost
into localhost, it takes over a minute.  Sometimes it even times out.

If I ssh from host-to-host, my login times generally seem to oscillate
fairly regularly between about 30 seconds to only a second or two.  That is,
I try my script and it takes 30 seconds to login and return the "hostname"
output.  Then, about a second.  Then 30.  Then 1.  Then 30... etc...

 Locally, the login times are always just plain long.

Using the OpenSSH on the command line (not perl) is always quick; time(1)
shows less than 0.2s realtime to run the hostname command.  No matter if I
use my dsa or rsa identity.

What could possibly be going wrong?  I'm stumped.

My login session pauses just a moment here:
myhost.mydomain.com: Reading configuration data /home/operat/.ssh/config
myhost.mydomain.com: Reading configuration data /etc/ssh_config
myhost.mydomain.com: Connecting to localhost, port 22.
myhost.mydomain.com: Remote protocol version 2.0, remote software version
OpenSSH_4.3
myhost.mydomain.com: Net::SSH::Perl Version 1.34, protocol version 2.0.
myhost.mydomain.com: No compat match: OpenSSH_4.3.
myhost.mydomain.com: Connection established.
myhost.mydomain.com: Sent key-exchange init (KEXINIT), wait response.
myhost.mydomain.com: Algorithms, c->s: 3des-cbc hmac-sha1 none
myhost.mydomain.com: Algorithms, s->c: 3des-cbc hmac-sha1 none
(a few seconds' delay)
myhost.mydomain.com: Entering Diffie-Hellman Group 1 key exchange.
myhost.mydomain.com: Sent DH public key, waiting for reply.
myhost.mydomain.com: Received host key, type 'ssh-dss'.
myhost.mydomain.com: Host 'localhost' is known and matches the host key.
myhost.mydomain.com: Computing shared secret key.
myhost.mydomain.com: Verifying server signature.
myhost.mydomain.com: Waiting for NEWKEYS message.
myhost.mydomain.com: Send NEWKEYS.
myhost.mydomain.com: Enabling encryption/MAC/compression.
myhost.mydomain.com: Sending request for user-authentication service.
myhost.mydomain.com: Service accepted: ssh-userauth.
myhost.mydomain.com: Trying empty user-authentication request.
myhost.mydomain.com: Authentication methods that can continue:
publickey,gssapi-with-mic,password.
myhost.mydomain.com: Next method to try is publickey.
myhost.mydomain.com: Trying pubkey authentication with key file
'/home/operat/.ssh/id_dsa'


Then it takes a really long time before it finishes:

myhost.mydomain.com: Login completed, opening dummy shell channel.
myhost.mydomain.com: channel 0: new [client-session]
myhost.mydomain.com: Requesting channel_open for channel 0.
myhost.mydomain.com: channel 0: open confirm rwindow 0 rmax 32768
myhost.mydomain.com: Got channel open confirmation, requesting shell.
myhost.mydomain.com: Requesting service shell on channel 0.
myhost.mydomain.com: channel 1: new [client-session]
myhost.mydomain.com: Requesting channel_open for channel 1.
myhost.mydomain.com: Entering interactive session.
myhost.mydomain.com: Sending command: hostname
myhost.mydomain.com: Sending command: hostname
myhost.mydomain.com: Requesting service exec on channel 1.
myhost.mydomain.com: channel 1: open confirm rwindow 0 rmax 32768
myhost.mydomain.com: input_channel_request: rtype exit-status reply 0
myhost.mydomain.com: channel 1: rcvd eof
myhost.mydomain.com: channel 1: output open -> drain
myhost.mydomain.com: channel 1: rcvd close
myhost.mydomain.com: channel 1: input open -> closed
myhost.mydomain.com: channel 1: close_read
myhost.mydomain.com: channel 1: obuf empty
myhost.mydomain.com: channel 1: output drain -> closed
myhost.mydomain.com: channel 1: close_write
myhost.mydomain.com: channel 1: send close
myhost.mydomain.com: channel 1: full closed
Cmd output: myhost.mydomain.com

Here are my params:

my @id      = ("$ENV{HOME}/.ssh/id_dsa");
my %params = (
    protocol => '2',
    interactive => 0,
    identity_files => [@id],
    port => 22,
    debug => 1,
);

Thanks!
-- 
-Mike Schwager

Re: [Ssh-sftp-perl-users] Problem getting output using Net::SSH2

[Steve P. <st...@fo...>]

On 6/05/2011 12:55 PM, David Robins wrote:
> The problem with waiting for responses from a command shell channel is that it's no different from any other channel and one cannot intrinsically tell the difference between no response due to a command being busy or slow and no response due to the output being finished. The 250ms timeout is in Net::SSH2::Channel::GETC (READLINE depends on GETC, and READLINE is what is implementing<>). You can get more control over reading from the channel with the read method - but less convenience. Similarly you can use the Net::SSH2::poll method on your own to check for pending events (and give it a timeout), again, at a cost of convenience.
>
> To avoid requiring a 1 second sleep before getting each line, you could poll the channel with a 1000ms timeout and then read a line if it indicates data being ready; this means you only wait a whole second in the end of output case (assuming 1000 ms is long enough for your command). To eliminate that last case you could either exec a single command (see Net::SSH2::Channel::exec) which should terminate the poll invocation when the command exits, or send something like "cmd; exit" to the shell channel to have it exit after the command runs.

Thanks for the replies,

I've since implemented a while loop that waits for the first line of 
output then continues for the rest, this also lets me implement a 
timeout where the command takes an inordinate amount of time I can exit 
the script with a timeout error as well.

I'll look more into the Net::SSH2::Channel:Exec stuff as well as that 
looks quite promising.

Thanks,

-- 
Steve.

Re: [Ssh-sftp-perl-users] Problem getting output using Net::SSH2

[David R. <Dav...@mi...>]

The problem with waiting for responses from a command shell channel is that it's no different from any other channel and one cannot intrinsically tell the difference between no response due to a command being busy or slow and no response due to the output being finished. The 250ms timeout is in Net::SSH2::Channel::GETC (READLINE depends on GETC, and READLINE is what is implementing <>). You can get more control over reading from the channel with the read method - but less convenience. Similarly you can use the Net::SSH2::poll method on your own to check for pending events (and give it a timeout), again, at a cost of convenience.

To avoid requiring a 1 second sleep before getting each line, you could poll the channel with a 1000ms timeout and then read a line if it indicates data being ready; this means you only wait a whole second in the end of output case (assuming 1000 ms is long enough for your command). To eliminate that last case you could either exec a single command (see Net::SSH2::Channel::exec) which should terminate the poll invocation when the command exits, or send something like "cmd; exit" to the shell channel to have it exit after the command runs.

________________________________________
From: Steve Phillips [st...@fo...]
Sent: Thursday, May 05, 2011 6:24 PM
Cc: ssh...@li...
Subject: Re: [Ssh-sftp-perl-users] Problem getting output using Net::SSH2

On 5/05/2011 5:43 PM, Thierry Chich wrote:
> Le 05/05/2011 07:30, Fitzpatrick, Robert M (Rob) a écrit :
>> If I manually ssh into the remote box and run the command it returns
>> values as expected, and if I do something similar using Net::SSH::Perl
>> it works as well, however, Net::SSH::Perl seems to take upward of 30
>> seconds to create a connection which isn't an option in this environment
>> (and yeah - I've tried all the math module stuff which didn't seem to
>> make a difference:-(  )
> Hello,
>
> There is a very good alternative to Net::SSH::Perl. It is Net::OpenSSH.
> It is using openssh, but it is a very good implantation.  It is working
> well, it implement scp, sftp, channel.
> But I am quite sure that connecting in 30 second  is not a normal
> behavior. The dependancies of  Net::SSH::Perl are painfull. I never
> remember if it is Math::BigInt that accelerate the whole thing, or a
> GMP::*. I see that you think that you have installed all this stuff, but
> I think you should check this an other time.

Yeah, I spent quite a bit of time trying to figure out why this took so
long. I had the Math::BigInt::GMP module installed - which people
advised would speed things up and for some reason it took even longer (I
gave up waiting after around 1:30 per connection) and also had Math::GMP
installed with no discernible improvements.

I had decided that it was possibly a version problem (this was running
on a Redhat 9 box, don't ask) and so put a new, more powerful system in
(CentOS 5, with an i7 CPU) and re-installed Net::SSH::Perl along with
most dependencies (I think I was missing one of the Crypt modules that
caused it to burp at private key auth using DSA) but the connection side
of things still took over 30 seconds. (this is the initial key exchange
sequence that seems to take this long)

All this was using pre compiled packages as well, as compiling isn't
really an option due to the system it's going to end up on (well, it
COULD be but would require a lot more effort than simply switching to
something that works out of the box :-) )

At that point I gave up and found Net::SSH2 which using the compiled
library is stupidly fast in comparison, but now have this output problem
that is semi solved (thanks Rob) and just have to figure out how to tell
when there is data waiting to be read off the filehandle so I don't have
to use random sleep timers.

At this point I'm contemplating a loop using usleep but this seems like
a bit of a hack - when spawning a shell to run your commands, is there
really no way to block until the command has exited or do you have to
find other ways of figuring out the exit state of the last passed
command (like running $command and then a 'whoami' and read input until
you come across the username on a single line - seems a little much)

--
Steve.

Re: [Ssh-sftp-perl-users] Problem getting output using Net::SSH2

[Steve P. <st...@fo...>]

On 5/05/2011 5:43 PM, Thierry Chich wrote:
> Le 05/05/2011 07:30, Fitzpatrick, Robert M (Rob) a écrit :
>> If I manually ssh into the remote box and run the command it returns
>> values as expected, and if I do something similar using Net::SSH::Perl
>> it works as well, however, Net::SSH::Perl seems to take upward of 30
>> seconds to create a connection which isn't an option in this environment
>> (and yeah - I've tried all the math module stuff which didn't seem to
>> make a difference:-(  )
> Hello,
>
> There is a very good alternative to Net::SSH::Perl. It is Net::OpenSSH.
> It is using openssh, but it is a very good implantation.  It is working
> well, it implement scp, sftp, channel.
> But I am quite sure that connecting in 30 second  is not a normal
> behavior. The dependancies of  Net::SSH::Perl are painfull. I never
> remember if it is Math::BigInt that accelerate the whole thing, or a
> GMP::*. I see that you think that you have installed all this stuff, but
> I think you should check this an other time.

Yeah, I spent quite a bit of time trying to figure out why this took so 
long. I had the Math::BigInt::GMP module installed - which people 
advised would speed things up and for some reason it took even longer (I 
gave up waiting after around 1:30 per connection) and also had Math::GMP 
installed with no discernible improvements.

I had decided that it was possibly a version problem (this was running 
on a Redhat 9 box, don't ask) and so put a new, more powerful system in 
(CentOS 5, with an i7 CPU) and re-installed Net::SSH::Perl along with 
most dependencies (I think I was missing one of the Crypt modules that 
caused it to burp at private key auth using DSA) but the connection side 
of things still took over 30 seconds. (this is the initial key exchange 
sequence that seems to take this long)

All this was using pre compiled packages as well, as compiling isn't 
really an option due to the system it's going to end up on (well, it 
COULD be but would require a lot more effort than simply switching to 
something that works out of the box :-) )

At that point I gave up and found Net::SSH2 which using the compiled 
library is stupidly fast in comparison, but now have this output problem 
that is semi solved (thanks Rob) and just have to figure out how to tell 
when there is data waiting to be read off the filehandle so I don't have 
to use random sleep timers.

At this point I'm contemplating a loop using usleep but this seems like 
a bit of a hack - when spawning a shell to run your commands, is there 
really no way to block until the command has exited or do you have to 
find other ways of figuring out the exit state of the last passed 
command (like running $command and then a 'whoami' and read input until 
you come across the username on a single line - seems a little much)

-- 
Steve.

Re: [Ssh-sftp-perl-users] Problem getting output using Net::SSH2

[Thierry C. <thi...@gm...>]

Le 05/05/2011 07:30, Fitzpatrick, Robert M (Rob) a écrit :
> If I manually ssh into the remote box and run the command it returns
> values as expected, and if I do something similar using Net::SSH::Perl
> it works as well, however, Net::SSH::Perl seems to take upward of 30
> seconds to create a connection which isn't an option in this environment
> (and yeah - I've tried all the math module stuff which didn't seem to
> make a difference:-(  )
Hello,

There is a very good alternative to Net::SSH::Perl. It is Net::OpenSSH. 
It is using openssh, but it is a very good implantation.  It is working 
well, it implement scp, sftp, channel.
But I am quite sure that connecting in 30 second  is not a normal 
behavior. The dependancies of  Net::SSH::Perl are painfull. I never 
remember if it is Math::BigInt that accelerate the whole thing, or a 
GMP::*. I see that you think that you have installed all this stuff, but 
I think you should check this an other time.

Thierry

Re: [Ssh-sftp-perl-users] Problem getting output using Net::SSH2

[Steve P. <st...@fo...>]

Hmm, the sleep got it to work.

Does this mean that 'blocking' being set to 1 doesn't actually mean that 
the command executed by the shell blocks until it returns ? or is 
blocking set to 1 or 0 something else entirely ?

Which I guess means that the next question is 'how do you get it to wait 
until output returns' for a command that could return in an indefinite 
amount of time ? (without the obvious of lowest common denominator and 
getting all commands to wait for 20 seconds or so)

Also, thanks for the speedy response :-)

-- 
Steve.

On 5/05/2011 3:30 PM, Fitzpatrick, Robert M (Rob) wrote:
>
>   First, can you confirm that it is a simple timing issue, and not
> something about the input or output of your command?  What if you just
> run a "sleep 1", does that cause your issue?  Sleep 10?
>
> That will also give the rest of us a replicatable test situation if we
> can't resolve this quickly.
>
> Best of luck,
>    Rob
>
> -----Original Message-----
> From: Steve Phillips [mailto:st...@fo...]
> Sent: Wednesday, May 04, 2011 8:54 PM
> To: ssh...@li...
> Subject: [Ssh-sftp-perl-users] Problem getting output using Net::SSH2
>
> Hey There,
>
> I'm busy pulling my hair out over this one. I have a small script
> similar to the below.
>
> my $ssh2 = Net::SSH2->new();
> $ssh2->debug(1);
> $ssh2->connect($server) or die "Unable to connect Host $@ \n";
> $ssh2->auth_publickey($userName,$publicKey,$privateKey);
>
> my $chan = $ssh2->channel();
> $chan->blocking(0);
> $chan->shell();
>
> This seems to work quite happily and a connection is established,
> however - when running small commands (ls -l, whoami etc) everything
> works as expected
>
> print $chan "ls -la\n";
> while (<$chan>) { print "LINE: " . $_ }
>
> But, when I run a command that takes a while to return, I simply get a
> blank output.
>
> print $chan "vip/listmse /WideSpan/config/vipclient.conf 1 -c 'RADIUS
> Server'\n"; while (<$chan>) { print "LINE: " . $_ }
>
> The only thing I can think of is that the second command seems to take a
> few miliseconds longer to produce output.
>
> I've tried to play around with "$ssh2->poll(0)" which I read somewhere
> sets polling to infinite, but still no results.
>
> When debug is enabled I get thousands of lines similar to
>
> Net::SSH2::Channel::read(size = 1, ext = 0)
> - read 1 bytes
> - read 1 total
> Net::SSH2::poll: timeout = 250, array[1]
> - [0] = channel
> - [0] events 1
> - libssh2_poll returned 1
> - [0] revents 1
>
> scrolling up the screen, which I would assume means that I have exceeded
> a timeout of 250ms ?
>
> I've tried setting blocking to 0 and 1 with no joy either. (I've found
> that setting blocking to 0 when performing shell commands can lead to
> interesting output tho, so I assume that interactive shell commands
> should leave blocking to 1 ? setting to 0 seems to have interesting
> results when trying to run commands like ls -la)
>
> If I manually ssh into the remote box and run the command it returns
> values as expected, and if I do something similar using Net::SSH::Perl
> it works as well, however, Net::SSH::Perl seems to take upward of 30
> seconds to create a connection which isn't an option in this environment
> (and yeah - I've tried all the math module stuff which didn't seem to
> make a difference :-( )
>
> Any pointers as to why small/fast commands would work but commands that
> take around 1/2 a second to run would drop out would be appreciated.
>
> --
> Steve.
>

Re: [Ssh-sftp-perl-users] Problem getting output using Net::SSH2

[Fitzpatrick, R. M (Rob) <rob...@ve...>]

 First, can you confirm that it is a simple timing issue, and not
something about the input or output of your command?  What if you just
run a "sleep 1", does that cause your issue?  Sleep 10?

That will also give the rest of us a replicatable test situation if we
can't resolve this quickly.

Best of luck,
  Rob

-----Original Message-----
From: Steve Phillips [mailto:st...@fo...] 
Sent: Wednesday, May 04, 2011 8:54 PM
To: ssh...@li...
Subject: [Ssh-sftp-perl-users] Problem getting output using Net::SSH2

Hey There,

I'm busy pulling my hair out over this one. I have a small script
similar to the below.

my $ssh2 = Net::SSH2->new();
$ssh2->debug(1);
$ssh2->connect($server) or die "Unable to connect Host $@ \n";
$ssh2->auth_publickey($userName,$publicKey,$privateKey);

my $chan = $ssh2->channel();
$chan->blocking(0);
$chan->shell();

This seems to work quite happily and a connection is established,
however - when running small commands (ls -l, whoami etc) everything
works as expected

print $chan "ls -la\n";
while (<$chan>) { print "LINE: " . $_ }

But, when I run a command that takes a while to return, I simply get a
blank output.

print $chan "vip/listmse /WideSpan/config/vipclient.conf 1 -c 'RADIUS
Server'\n"; while (<$chan>) { print "LINE: " . $_ }

The only thing I can think of is that the second command seems to take a
few miliseconds longer to produce output.

I've tried to play around with "$ssh2->poll(0)" which I read somewhere
sets polling to infinite, but still no results.

When debug is enabled I get thousands of lines similar to

Net::SSH2::Channel::read(size = 1, ext = 0)
- read 1 bytes
- read 1 total
Net::SSH2::poll: timeout = 250, array[1]
- [0] = channel
- [0] events 1
- libssh2_poll returned 1
- [0] revents 1

scrolling up the screen, which I would assume means that I have exceeded
a timeout of 250ms ?

I've tried setting blocking to 0 and 1 with no joy either. (I've found
that setting blocking to 0 when performing shell commands can lead to
interesting output tho, so I assume that interactive shell commands
should leave blocking to 1 ? setting to 0 seems to have interesting
results when trying to run commands like ls -la)

If I manually ssh into the remote box and run the command it returns
values as expected, and if I do something similar using Net::SSH::Perl
it works as well, however, Net::SSH::Perl seems to take upward of 30
seconds to create a connection which isn't an option in this environment
(and yeah - I've tried all the math module stuff which didn't seem to
make a difference :-( )

Any pointers as to why small/fast commands would work but commands that
take around 1/2 a second to run would drop out would be appreciated.

--
Steve.

[Ssh-sftp-perl-users] Problem getting output using Net::SSH2

[Steve P. <st...@fo...>]

Hey There,

I'm busy pulling my hair out over this one. I have a small script 
similar to the below.

my $ssh2 = Net::SSH2->new();
$ssh2->debug(1);
$ssh2->connect($server) or die "Unable to connect Host $@ \n";
$ssh2->auth_publickey($userName,$publicKey,$privateKey);

my $chan = $ssh2->channel();
$chan->blocking(0);
$chan->shell();

This seems to work quite happily and a connection is established, 
however - when running small commands (ls -l, whoami etc) everything 
works as expected

print $chan "ls -la\n";
while (<$chan>) { print "LINE: " . $_ }

But, when I run a command that takes a while to return, I simply get a 
blank output.

print $chan "vip/listmse /WideSpan/config/vipclient.conf 1 -c 'RADIUS 
Server'\n";
while (<$chan>) { print "LINE: " . $_ }

The only thing I can think of is that the second command seems to take a 
few miliseconds longer to produce output.

I've tried to play around with "$ssh2->poll(0)" which I read somewhere 
sets polling to infinite, but still no results.

When debug is enabled I get thousands of lines similar to

Net::SSH2::Channel::read(size = 1, ext = 0)
- read 1 bytes
- read 1 total
Net::SSH2::poll: timeout = 250, array[1]
- [0] = channel
- [0] events 1
- libssh2_poll returned 1
- [0] revents 1

scrolling up the screen, which I would assume means that I have exceeded 
a timeout of 250ms ?

I've tried setting blocking to 0 and 1 with no joy either. (I've found 
that setting blocking to 0 when performing shell commands can lead to 
interesting output tho, so I assume that interactive shell commands 
should leave blocking to 1 ? setting to 0 seems to have interesting 
results when trying to run commands like ls -la)

If I manually ssh into the remote box and run the command it returns 
values as expected, and if I do something similar using Net::SSH::Perl 
it works as well, however, Net::SSH::Perl seems to take upward of 30 
seconds to create a connection which isn't an option in this environment 
(and yeah - I've tried all the math module stuff which didn't seem to 
make a difference :-( )

Any pointers as to why small/fast commands would work but commands that 
take around 1/2 a second to run would drop out would be appreciated.

-- 
Steve.

[Ssh-sftp-perl-users] Sample Perl script

[Ibrahim S. <sal...@gm...>]

Hello,

Does anybodyget perl script that allows a connection to oracle databse using
jdbc on a linux box .

I already googled it and i have found few scripts but all of them includs
modules

is there any other way to connect without using modules.

Thanks in advance

Re: [Ssh-sftp-perl-users] Put Issues with SFTP

[Nigel R. <ni...@sy...>]

What if you.  print "$_:";  I always do that to make sure there is nothing extra on the end of whatever is in $_  I can't remember if you need to use chop to get rid of linefeeds. Just a guess.

"Laslo Forro" <get...@gm...> wrote:

>Is port ok? ( perhaps 22 instead of 220 ?)
>
>On Fri, Dec 31, 2010 at 10:38 AM, Thierry Chich
><thi...@gm...>wrote:
>
>>  Le 30/12/2010 22:31, Scott Burks a écrit :
>>
>>   I have a perl script that logs into a vendor site and successfully
>lists
>> the directory.  But when I add the functionality to ‘put’ a group of
>files,
>> I get the following error:
>>
>>
>>
>> “Couldn't get handle: Failure at ./blackdiamond.pl line XXX”
>>
>>
>>
>> I’ve tried ‘put’ting the file from a loop and even hard-coating for a
>> specific file and get the same error.  But a manual sftp and put
>works just
>> fine.
>>
>>
>>
>> I include the snippet of script below in hopes that someone can help
>me get
>> past this error:
>>
>>
>>
>> #!/usr/bin/perl -w
>>
>> use warnings;
>>
>> use Net::SFTP;
>>
>> my $putdir = "/home/blackd/put";
>>
>> my $server="remoteftpsite";
>>
>> my $username="username";
>>
>> my $password="password";
>>
>> my $sshport="220";
>>
>> # execute ftps to Vendor
>>
>> while(true) {
>>
>>   #Get all the files in the directory
>>
>>   @files = <$putdir/*>;
>>
>>   #If it's empty, ignore doing anything.
>>
>>   if(@files) {
>>
>>       # Set up a SFTP connection and login.
>>
>>       my $sftp = new Net::SFTP( $server, user=>$username,
>> password=>$password, debug=>'true', ssh_args => [ port => '220' ] )
>or die
>>                           "Cannot Open Connection to $server";
>>
>>       # Loop through the files found.
>>
>>      foreach(@files) {
>>
>>          # SFTP the files first
>>
>>          $sftp->put($_, ".") or die "Cannot putfile";
>>
>>       }
>>
>>   }
>>
>> }
>>
>> closedir(PUTDIR);
>>
>> $sftp->ls('.' , sub { print $_[0]->{filename}, "\n" });
>>
>> undef $sftp;
>>
>>
>>
>> Thanks for any input,
>>
>>
>>
>> Hello Scott.
>> I have more questions than answers, at this point.
>> - What line number is  XXXX ?
>> - Why is there a while loop ? If your script work, it could overload
>your
>> ssh server.
>> - You seem confident that @files contains real files, but I think you
>> should test it before
>> you try to put it on the remote server.
>>
>>
>>
>>
>>
>------------------------------------------------------------------------------
>> Learn how Oracle Real Application Clusters (RAC) One Node allows
>customers
>> to consolidate database storage, standardize their database
>environment,
>> and,
>> should the need arise, upgrade to a full multi-node Oracle RAC
>database
>> without downtime or disruption
>> http://p.sf.net/sfu/oracle-sfdevnl
>> _______________________________________________
>> Ssh-sftp-perl-users mailing list
>> Ssh...@li...
>> https://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users
>>
>>
>------------------------------------------------------------------------------
>Learn how Oracle Real Application Clusters (RAC) One Node allows
>customers
>to consolidate database storage, standardize their database
>environment, and, 
>should the need arise, upgrade to a full multi-node Oracle RAC database
>
>without downtime or disruption
>http://p.sf.net/sfu/oracle-sfdevnl_______________________________________________
>Ssh-sftp-perl-users mailing list
>Ssh...@li...
>https://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: [Ssh-sftp-perl-users] Put Issues with SFTP

[Laslo F. <get...@gm...>]

Is port ok? ( perhaps 22 instead of 220 ?)

On Fri, Dec 31, 2010 at 10:38 AM, Thierry Chich <thi...@gm...>wrote:

>  Le 30/12/2010 22:31, Scott Burks a écrit :
>
>   I have a perl script that logs into a vendor site and successfully lists
> the directory.  But when I add the functionality to ‘put’ a group of files,
> I get the following error:
>
>
>
> “Couldn't get handle: Failure at ./blackdiamond.pl line XXX”
>
>
>
> I’ve tried ‘put’ting the file from a loop and even hard-coating for a
> specific file and get the same error.  But a manual sftp and put works just
> fine.
>
>
>
> I include the snippet of script below in hopes that someone can help me get
> past this error:
>
>
>
> #!/usr/bin/perl -w
>
> use warnings;
>
> use Net::SFTP;
>
> my $putdir = "/home/blackd/put";
>
> my $server="remoteftpsite";
>
> my $username="username";
>
> my $password="password";
>
> my $sshport="220";
>
> # execute ftps to Vendor
>
> while(true) {
>
>   #Get all the files in the directory
>
>   @files = <$putdir/*>;
>
>   #If it's empty, ignore doing anything.
>
>   if(@files) {
>
>       # Set up a SFTP connection and login.
>
>       my $sftp = new Net::SFTP( $server, user=>$username,
> password=>$password, debug=>'true', ssh_args => [ port => '220' ] ) or die
>                           "Cannot Open Connection to $server";
>
>       # Loop through the files found.
>
>      foreach(@files) {
>
>          # SFTP the files first
>
>          $sftp->put($_, ".") or die "Cannot putfile";
>
>       }
>
>   }
>
> }
>
> closedir(PUTDIR);
>
> $sftp->ls('.' , sub { print $_[0]->{filename}, "\n" });
>
> undef $sftp;
>
>
>
> Thanks for any input,
>
>
>
> Hello Scott.
> I have more questions than answers, at this point.
> - What line number is  XXXX ?
> - Why is there a while loop ? If your script work, it could overload your
> ssh server.
> - You seem confident that @files contains real files, but I think you
> should test it before
> you try to put it on the remote server.
>
>
>
>
> ------------------------------------------------------------------------------
> Learn how Oracle Real Application Clusters (RAC) One Node allows customers
> to consolidate database storage, standardize their database environment,
> and,
> should the need arise, upgrade to a full multi-node Oracle RAC database
> without downtime or disruption
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> Ssh-sftp-perl-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users
>
>

Re: [Ssh-sftp-perl-users] Put Issues with SFTP

[Thierry C. <thi...@gm...>]

  Le 30/12/2010 22:31, Scott Burks a écrit :
>
> I have a perl script that logs into a vendor site and successfully 
> lists the directory.  But when I add the functionality to ‘put’ a 
> group of files, I get the following error:
>
> “Couldn't get handle: Failure at ./blackdiamond.pl line XXX”
>
> I’ve tried ‘put’ting the file from a loop and even hard-coating for a 
> specific file and get the same error.  But a manual sftp and put works 
> just fine.
>
> I include the snippet of script below in hopes that someone can help 
> me get past this error:
>
> #!/usr/bin/perl -w
>
> use warnings;
>
> use Net::SFTP;
>
> my $putdir = "/home/blackd/put";
>
> my $server="remoteftpsite";
>
> my $username="username";
>
> my $password="password";
>
> my $sshport="220";
>
> # execute ftps to Vendor
>
> while(true) {
>
>   #Get all the files in the directory
>
>   @files = <$putdir/*>;
>
>   #If it's empty, ignore doing anything.
>
>   if(@files) {
>
>       # Set up a SFTP connection and login.
>
>       my $sftp = new Net::SFTP( $server, user=>$username, 
> password=>$password, debug=>'true', ssh_args => [ port => '220' ] ) or 
> die                           "Cannot Open Connection to $server";
>
>       # Loop through the files found.
>
>      foreach(@files) {
>
>          # SFTP the files first
>
>          $sftp->put($_, ".") or die "Cannot putfile";
>
>       }
>
>   }
>
> }
>
> closedir(PUTDIR);
>
> $sftp->ls('.' , sub { print $_[0]->{filename}, "\n" });
>
> undef $sftp;
>
> Thanks for any input,
>


Hello Scott.
I have more questions than answers, at this point.
- What line number is  XXXX ?
- Why is there a while loop ? If your script work, it could overload 
your ssh server.
- You seem confident that @files contains real files, but I think you 
should test it before
you try to put it on the remote server.

[Ssh-sftp-perl-users] AUTO: Didier Dieudonne/NCE/AMADEUS is out of the office. (returning 03/01/2011)

[Didier D. <ddi...@am...>]

I am out of the office until 03/01/2011.

I will respond to your message when I return.
Merry Xmas and see you next year.


Note: This is an automated response to your message  "Ssh-sftp-perl-users
Digest, Vol 43, Issue 1" sent on 30/12/2010 23:12:05.

This is the only notification you will receive while this person is away.

[Ssh-sftp-perl-users] Put Issues with SFTP

[Scott B. <sb...@tr...>]

I have a perl script that logs into a vendor site and successfully lists
the directory.  But when I add the functionality to 'put' a group of
files, I get the following error:

 

"Couldn't get handle: Failure at ./blackdiamond.pl line XXX"

 

I've tried 'put'ting the file from a loop and even hard-coating for a
specific file and get the same error.  But a manual sftp and put works
just fine.

 

I include the snippet of script below in hopes that someone can help me
get past this error:

 

#!/usr/bin/perl -w

use warnings;

use Net::SFTP;

my $putdir = "/home/blackd/put";

my $server="remoteftpsite";

my $username="username";

my $password="password";

my $sshport="220";

# execute ftps to Vendor

while(true) {

  #Get all the files in the directory

  @files = <$putdir/*>;

  #If it's empty, ignore doing anything.

  if(@files) {

      # Set up a SFTP connection and login.

      my $sftp = new Net::SFTP( $server, user=>$username,
password=>$password, debug=>'true', ssh_args => [ port => '220' ] ) or
die                           "Cannot Open Connection to $server";

      # Loop through the files found.

     foreach(@files) {

         # SFTP the files first

         $sftp->put($_, ".") or die "Cannot putfile";

      }

  }

}

closedir(PUTDIR);

$sftp->ls('.' , sub { print $_[0]->{filename}, "\n" });

undef $sftp;

 

Thanks for any input,

 
Scott Burks
Manager of Technical Services
Trust Company of America
Office : 303.705.6049  | Cell : 303.588.0594 
http://www.trustamerica.com/
 
ONE ON ONE, JUST LIKE YOU
TRUST PROVIDES CUSTODY AND TECHNOLOGY SERVICES
TO FEE-BASED REGISTERED INVESTMENT ADVISORS.
 
This message contains confidential and / or privileged information. If you are not the intended recipient, you must not use, copy, disclose or take any action based on this information, including attachments. If you are not the intended recipient, please advise the sender immediately by reply email and delete this message and any attachments. Thank you for your cooperation.

Re: [Ssh-sftp-perl-users] listing but can't download

[Howard, C. <Ho...@pr...>]

Just the very act of posting the question sometimes seems
to be a breakthrough.

In this case, I discovered if I use a complete path
to the subdirectory then things work ok.

get  "/userhome/subdir/desired_file"
works great.

Thanks!

Chris


> -----Original Message-----
> From: Howard, Chris [mailto:Ho...@pr...]
> Sent: Monday, December 06, 2010 1:52 PM
> To: ssh...@li...
> Subject: [Ssh-sftp-perl-users] listing but can't download
> 
> 
> I'm attempting to use a script to download a file.
> It is a copy of a script that works with a different server.
> 
> But this time it is giving me an error.
> 
> The file desired is in a sub-directory.
> I can do a 'ls' of the  sub-directory and I see the file
> I want.  When I attempt a get './subdir/desired_file' I only get an
> error:
> 
> "Couldn't stat remote file"
> 
> I have attempted hardwiring in the name of the file, no difference.
> 
> I can download the file with commandline sftp, no problem.
> Once I download, the file disappears.  So the server side
> is doing something funky but I don't know what.
> 
> Any ideas?
> 
> Chris Howard
> ho...@pr...
> 
> 
> 
>
-----------------------------------------------------------------------
> -------
> What happens now with your Lotus Notes apps - do you make another
> costly
> upgrade, or settle for being marooned without product support? Time to
> move
> off Lotus Notes and onto the cloud with Force.com, apps are easier to
> build,
> use, and manage than apps on traditional platforms. Sign up for the
> Lotus
> Notes Migration Kit to learn more. http://p.sf.net/sfu/salesforce-d2d
> _______________________________________________
> Ssh-sftp-perl-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users

[Ssh-sftp-perl-users] listing but can't download

[Howard, C. <Ho...@pr...>]

I'm attempting to use a script to download a file.
It is a copy of a script that works with a different server.

But this time it is giving me an error.

The file desired is in a sub-directory.
I can do a 'ls' of the  sub-directory and I see the file
I want.  When I attempt a get './subdir/desired_file' I only get an
error:

"Couldn't stat remote file"

I have attempted hardwiring in the name of the file, no difference.

I can download the file with commandline sftp, no problem.
Once I download, the file disappears.  So the server side
is doing something funky but I don't know what.

Any ideas?

Chris Howard
ho...@pr...

[Ssh-sftp-perl-users] Net::SFTP unable to handle '^' in a password?

[Scott L. <lo...@gm...>]

Good day:

       It seems that a Net::SFTP->new(host,%hash) is failing when the
password contains a '^'.  I have no easy way to test this due to our
circumstances here.  We can log in to the remote server from the command
line.  When the script is run and Net::SFTP->new is called, I see the
correct password being handed to it with the perl debugger.

       It just seems like I would have seen something here if that was the
case.

--Scott

-- 
There's a box?

[Ssh-sftp-perl-users] SSH Twice via Net::SSH::Perl

[David R. <dav...@gm...>]

Hello,

I am very knew to perl, but have achieved almost half my goal in a pretty
short time span.  I just need help with the other half.

I need to ssh into a remote computer to grab some files.  The problem is
though I need to ssh into a middleman and then ssh again into the final
computer.  Using the Net::SSH:Perl module I have been able to get into the
second, but if I use the same command again I get an error that it can't
find the host.  I think this is because it is trying to connect to another
host from my computer and not through the second computer.

How can I ssh again from the second to reach the third?  Thanks for the
help.

-Dave

Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in Net::SFTP::Foreign

[Russ B. <us...@gm...>]

Salva,

The Department of Defense (DoD) may implement new ssh configuration
guidelines that require all installed ssh clients and servers to be
running in FIPS 140-2 compatibility mode.  Tectia corporation
(formerly named SSH.com) has obtained FIPS certification for its ssh
product. Tectia is under consideration because it would standardize
the ssh software used on Windows and UNIX servers and provide a
corporate stamp of approval that FIPS requirements have actually been
met.

While openssl has achieved FIPS certification, my concern is that it
might be difficult to prove that OpenSSH was built in a manner that
maintained openssl's FIPS validity. SUN's native client is not
currently built with a FIPS operating mode.

Presently Net::SSH::Perl and Net::SFTP are used by our automated file
transfer scripts.  The crypto packages used by these modules are not
likely to be put through the costly FIPS certification process for the
ssh client they generate.  Since Net::SFTP::Foreign controls the
installed ssh client, installing FIPS certified Tectia software is one
solution being explored. This solution seemed promising and has tested
very well in FIPS mode while the key pairs had empty passphrases.

However, another (currently draft) requirement specifies that user
passphrases be generated by FIPS certified software. The Tectia
ssh-keygen-g3 utility (in FIPS mode) will not allow key pair
generation with an empty passphrase.  This led to our testing the
Tectia software with passphrases.

I do not need a work-around immediately, since I am working to meet
currently draft standards that do not yet have an announced
implementation date. But the sooner I can chart a course of action,
the better. That is, I could migrate my scripts from Net::SFTP to
Net::SFTP::Foreign if I new for sure that the passphrase issue would
be resolved in a month or two. I could also begin the migration if I
knew that passwords could always be used instead of passphrases.

How certain is it that a passphrase work-around can be created? If
created, how long would it take, in light of your many existing
obligations?

Do you believe this Tectia passphrase issue also applies to passwords?
I can test that today.

Is passing the passphrase to stderr instead of /dev/tty an issue that
Tectia might consider for its own prompt attention?

I appreciate the time you have spent helping analyze this issue and
your willingness to implement a work-around, time constraints
permitting.

Russ

Note: I am not affiliated with Tectia in any way.  I have simply been
asked to evaluate its use in FIPS compliant mode relative to a planned
migration from Net::SFTP to Net::SFTP::Foreign.


On Thu, Oct 28, 2010 at 7:14 AM, Salvador Fandino <sfa...@ya...> wrote:
>
>
>
>
> ----- Original Message ----
>> From: Russ Brewer <us...@gm...>
>> To: Salvador Fandino <sfa...@ya...>
>> Sent: Thu, October 28, 2010 12:24:36 AM
>> Subject: Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in
>>Net::SFTP::Foreign
>>
>> Salva,
>>
>> The attached output was generated with command:
>>
>> truss -f -o  truss.out ./test_basic_passphrase.pl
>
> Hi,
>
> That confirms my suspicion: the tectia client is not sending the passphrase
> prompt to /dev/tty but to stderr and the module does not see it.
>
> Working around that from inside the module is not going to be easy and I don't
> have the time to solve it right now or for the next days.
>
> So, we are back at logging from the outside and using the "transport" feature to
> pass back the initialized connection to the module... but before exploring that
> way I see you are in a Solaris box and the native SSH client works flawless with
> Net::SFTP::Foreign, do you have any reason to not use that client instead?
>
> - Salva
>

Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in Net::SFTP::Foreign

[Salvador F. <sfa...@ya...>]

----- Original Message ----
> From: Russ Brewer <us...@gm...>
> To: Salvador Fandino <sfa...@ya...>
> Sent: Thu, October 28, 2010 12:24:36 AM
> Subject: Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in 
>Net::SFTP::Foreign
> 
> Salva,
> 
> The attached output was generated with command:
> 
> truss -f -o  truss.out ./test_basic_passphrase.pl

Hi,

That confirms my suspicion: the tectia client is not sending the passphrase 
prompt to /dev/tty but to stderr and the module does not see it.

Working around that from inside the module is not going to be easy and I don't 
have the time to solve it right now or for the next days.

So, we are back at logging from the outside and using the "transport" feature to 
pass back the initialized connection to the module... but before exploring that 
way I see you are in a Solaris box and the native SSH client works flawless with 
Net::SFTP::Foreign, do you have any reason to not use that client instead?

- Salva

Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in Net::SFTP::Foreign

[Salvador F. <sfa...@ya...>]

----- Original Message ----
> From: Russ Brewer <us...@gm...>
> To: Salvador Fandino <sfa...@ya...>
> Cc: ssh...@li...
> Sent: Wed, October 27, 2010 6:20:27 PM
> Subject: Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in 
>Net::SFTP::Foreign
> 
> On Wed, Oct 27, 2010 at 11:42 AM, Salvador Fandino <sfa...@ya...>  
wrote:
> >
> >
> > ----- Original Message ----
> >> From:  Russ Brewer <us...@gm...>
> >> To: Ssh...@li...
> >>  Sent: Wed, October 27, 2010 5:17:47 PM
> >> Subject:  [Ssh-sftp-perl-users] Need help using passphrase with key pairs
> >> in  Net::SFTP::Foreign
> >>
> >> I have Net::SFTP::Foreign working  fine when my key pairs have an empty
> >> passphrase.  But I have been  directed to no longer use key pairs that
> >> are not protected by a  passphrase.
> >>
> >> In the code below I successfully use  "Expect" to pass the passphrase,
> >> complete the login and even list  the contents of the remote directory.
> >>
> >> But I can not then  get Net::SFTP::Foreign to to utilize the
> >> connection that Expect has  established ($conn). Documentation implies
> >> that transport =>  $conn should do the trick but it is not working in
> >> the example  below.
> >>
> >> Any help will be gratefully  appreciated.
> >
> > Net::SFTP::Foreign supports authenticating using  passphrase protected keys
> > natively. Have you tried it?
> >
> >    $ssh = Net::SFTP::Foreign->new($host,
> >                                   user => $user,
> >                                   ssh_cmd => $tectia_ssh_client,
> >                                   passphrase => $passphrase);
> >   $ssh->error  and die "unable to connect to $host: ". $ssh->error;
> >
> >
> >  - Salva
> >
> >
> >
> 
> Salva,
> 
> Thank you for your prompt  response.
> 
> Yes, I did try to use passphrase => $passphrase but it did  not work.
> 
>  Please look at the code below.  When the script runs, I  see the login
> banner on the remote server and I see the the prompt for  the
> passphrase.  After several minutes, the script times out.   I  turned
> to Expect because my try with the script below was not  working.
> 
> I have tested the key pairs and the passphrase works fine from  the
> command line.  I have no trouble logging in from the command line  when
> I type the passphrase by hand.  I have no problem using expect  to
> automate the login. So it appears that passphrase => $passphrase  in
> the following code is not being  recognized.
> 
> 
> 
> #!/usr/bin/perl
> 
> use  Net::SFTP::Foreign;
> 
> 
> my $tectia_ssh_client =  "/opt/tectia/bin/sshg3";
> $feed_server{server} =  "server01";
> $feed_server{directory} = "/export/home/tuser";
> @sshargs =  ('-v');
> $passphrase = "some group of words";
> $user =  "tuser";
> 
> 
>   my $sftp = Net::SFTP::Foreign->new
>      (
>       host => $feed_server{server},
>        user => $user,
>        ssh_cmd=>$tectia_ssh_client,
>        timeout=>20,
>       passphrase => $passphrase,
>        more => [@sshargs]
>     );
> 
> if  (($sftp->error) || ($sftp->status)) {
>      print  "\n";
>      print "Login Problem on host: $feed_server{server} using  key
> pairs -- exiting perl script $0\n";
>      print "sftp error:  ".$sftp->error."\n";
>      print "sftp status:  ".$sftp->status."\n";
> } else {
>    print "Got a connection without  errors\n";
> }
> 
>  eval {
>       $files_in_directory =  $sftp->ls("$feed_server{directory}") or
> die "Trapped DIE: Failed directory  list for $feed_server{directory} on
> server $feed_server{server}";
>    };
> 
>    if (($@) || ($sftp->error)) {
>     # reset  $sig_die_alarm in preparation for some future
>     # call to  subroutine sig_die_alarm
>      $sig_die_alarm = "false";
>       print "sftp--> error: ".$sftp->error."\n";
>      print  "\n";
>      print "Directory Listing Problem on host:  $feed_server{server} --
> exiting perl script $0\n";
>      print  "Directory = $feed_server{directory}\n";
>      print "ERROR =  $@\n";
>   } else {
>        print "File in directorty:  \n";
> 
>        foreach (@$files_in_directory) {
>           $longlist = $_->{longname};
>           $shortname = $_->{filename};
>          print  $longlist;
>       }
>    }
> #====================================================================
> 
> 
> When  the script is run, here is what I see:
> 
> SSH Tectia Client: Evaluation  period will end in 12 days.
> Product: SSH Tectia Client
> Evaluation period  will end in 12 days.
> This server is running on an evaluation license.
> It  will expire after 16 days.
> ========================== WARNING!  ====================================
> 
> This is a private computing  system!  Access to this system is limited
> to approved individuals  authorized by Intelligent Decisions Inc.
> Any attempted or unauthorized  access, use, or modification is expressly
> prohibited.  Unauthorized  users may face criminal or civil penalties.
> The use of this system may be  monitored and recorded.  If the monitoring
> reveals any possible evidence  of criminal activity, the company can
> provide the records to law  enforcement.  By continuing to
> access this system you consent to said  monitoring and you agree that you
> you have no expectation of a right to  privacy while using this system.
> 
> ========================== WARNING!  ====================================
> 
> 
> Key label: 1024-bit dsa,  tuser@controlzone, Tue Oct 26 2010 15:05:04 -0400
> File name:  /export/home/tuser/.ssh2/id_dsa_1024_a
> Passphrase for the private  key:
> 
> 
> 
> 
> ## ---- A long pause until timeout occurs right here,  then I get the
> following error messages
> 
> 
> Login Problem on host:  server01 using key pairs -- exiting perl  script
> ./test_basic_passphrase.pl
> sftp status: No connection
> sftp  status: No connection
> sftp--> error: Passphrase not requested as expected:  0

Maybe the tectia client is not opening /dev/tty for interaction with the user 
but just using stderr.

Could you trace your script at the OS level with ktrace, truss, strace or 
similar and send my the output (your keys and passphrases may be visible in the 
output, so don't use the real ones). Use the required options to include child 
processes in the tracing.

Cheers,

- Salva

Re: [Ssh-sftp-perl-users] Need help using passphrase with key pairs in Net::SFTP::Foreign

[Russ B. <us...@gm...>]

On Wed, Oct 27, 2010 at 11:42 AM, Salvador Fandino <sfa...@ya...> wrote:
>
>
> ----- Original Message ----
>> From: Russ Brewer <us...@gm...>
>> To: Ssh...@li...
>> Sent: Wed, October 27, 2010 5:17:47 PM
>> Subject: [Ssh-sftp-perl-users] Need help using passphrase with key pairs
>> in Net::SFTP::Foreign
>>
>> I have Net::SFTP::Foreign working fine when my key pairs have an empty
>> passphrase.  But I have been directed to no longer use key pairs that
>> are not protected by a passphrase.
>>
>> In the code below I successfully use "Expect" to pass the passphrase,
>> complete the login and even list the contents of the remote directory.
>>
>> But I can not then get Net::SFTP::Foreign to to utilize the
>> connection that Expect has established ($conn). Documentation implies
>> that transport => $conn should do the trick but it is not working in
>> the example below.
>>
>> Any help will be gratefully appreciated.
>
> Net::SFTP::Foreign supports authenticating using passphrase protected keys
> natively. Have you tried it?
>
>   $ssh = Net::SFTP::Foreign->new($host,
>                                  user => $user,
>                                  ssh_cmd => $tectia_ssh_client,
>                                  passphrase => $passphrase);
>   $ssh->error and die "unable to connect to $host: ". $ssh->error;
>
>
> - Salva
>
>
>

Salva,

Thank you for your prompt response.

Yes, I did try to use passphrase => $passphrase but it did not work.

 Please look at the code below.  When the script runs, I see the login
banner on the remote server and I see the the prompt for the
passphrase.  After several minutes, the script times out.   I turned
to Expect because my try with the script below was not working.

I have tested the key pairs and the passphrase works fine from the
command line.  I have no trouble logging in from the command line when
I type the passphrase by hand.  I have no problem using expect to
automate the login. So it appears that passphrase => $passphrase in
the following code is not being recognized.



#!/usr/bin/perl

use Net::SFTP::Foreign;


my $tectia_ssh_client = "/opt/tectia/bin/sshg3";
$feed_server{server} = "server01";
$feed_server{directory} = "/export/home/tuser";
@sshargs = ('-v');
$passphrase = "some group of words";
$user = "tuser";


  my $sftp = Net::SFTP::Foreign->new
    (
      host => $feed_server{server},
      user => $user,
      ssh_cmd=>$tectia_ssh_client,
      timeout=>20,
      passphrase => $passphrase,
      more => [@sshargs]
    );

if (($sftp->error) || ($sftp->status)) {
     print "\n";
     print "Login Problem on host: $feed_server{server} using key
pairs -- exiting perl script $0\n";
     print "sftp error: ".$sftp->error."\n";
     print "sftp status: ".$sftp->status."\n";
} else {
   print "Got a connection without errors\n";
}

 eval {
      $files_in_directory = $sftp->ls("$feed_server{directory}") or
die "Trapped DIE: Failed directory list for $feed_server{directory} on
server $feed_server{server}";
  };

   if (($@) || ($sftp->error)) {
    # reset $sig_die_alarm in preparation for some future
    # call to subroutine sig_die_alarm
     $sig_die_alarm = "false";
     print "sftp--> error: ".$sftp->error."\n";
     print "\n";
     print "Directory Listing Problem on host: $feed_server{server} --
exiting perl script $0\n";
     print "Directory = $feed_server{directory}\n";
     print "ERROR = $@\n";
  } else {
       print "File in directorty: \n";

       foreach (@$files_in_directory) {
         $longlist = $_->{longname};
         $shortname = $_->{filename};
         print $longlist;
      }
  }
#====================================================================


When the script is run, here is what I see:

SSH Tectia Client: Evaluation period will end in 12 days.
Product: SSH Tectia Client
Evaluation period will end in 12 days.
This server is running on an evaluation license.
It will expire after 16 days.
========================== WARNING! ====================================

This is a private computing system!  Access to this system is limited
to approved individuals authorized by Intelligent Decisions Inc.
Any attempted or unauthorized access, use, or modification is expressly
prohibited.  Unauthorized users may face criminal or civil penalties.
The use of this system may be monitored and recorded.  If the monitoring
reveals any possible evidence of criminal activity, the company can
provide the records to law enforcement.  By continuing to
access this system you consent to said monitoring and you agree that you
you have no expectation of a right to privacy while using this system.

========================== WARNING! ====================================


Key label: 1024-bit dsa, tuser@controlzone, Tue Oct 26 2010 15:05:04 -0400
File name: /export/home/tuser/.ssh2/id_dsa_1024_a
Passphrase for the private key:




## ---- A long pause until timeout occurs right here, then I get the
following error messages


Login Problem on host: server01 using key pairs -- exiting perl script
./test_basic_passphrase.pl
sftp status: No connection
sftp status: No connection
sftp--> error: Passphrase not requested as expected: 0

Directory Listing Problem on host: server01 -- exiting perl script
./test_basic_passphrase.pl
Directory = /export/home/tuser
ERROR = Trapped DIE: Failed directory list for /export/home/tuser on
server server01 at ./test_basic_passphrase.pl line 40.

[Ssh-sftp-perl-users] Need help using passphrase with key pairs in Net::SFTP::Foreign

[Russ B. <us...@gm...>]

I have Net::SFTP::Foreign working fine when my key pairs have an empty
passphrase.  But I have been directed to no longer use key pairs that
are not protected by a passphrase.

In the code below I successfully use "Expect" to pass the passphrase,
complete the login and even list the contents of the remote directory.

 But I can not then get Net::SFTP::Foreign to to utilize the
connection that Expect has established ($conn). Documentation implies
that transport => $conn should do the trick but it is not working in
the example below.

Any help will be gratefully appreciated.

Note that I am using Net::SFTP::Foreign to control the Tectia ssh
client, which is installed at /opt/tectia/bin/sshg3.  I have no
trouble controlling sshg3 except when the key pair
has a non-empty passphrase.

#!/usr/bin/perl

use Net::SFTP::Foreign;
use Expect;

$Net::SFTP::Foreign = -1;
my $tectia_ssh_client = "/opt/tectia/bin/sshg3";
my %feed_server;
$feed_server{server} = "server01";
$feed_server{directory} = "/export/home/tuser";
my @sshargs = ('-v');
my $passphrase = "some secret group of words";
my $timeout = 20;
my $delay =120;
my $user = "tuser";
my $host = "server01";
my @pattern = "Passphrase for the private key:";
my $logfile = "/export/home/tuser/mylog.txt";

$Expect::Exp_Internal = 1;

my $conn = Expect->new;
$conn->raw_pty(1);
$conn->log_stdout(1);
$conn->log_file($logfile);
$conn->spawn("$tectia_ssh_client $user\@$host")
    or die "spawn command failed";
$conn->expect($timeout, @pattern);

$conn->send("$passphrase\n");
$conn->expect($timeout, "bash");
$conn->send("ls -l\n");
$conn->expect($delay, "bash");

###  === this is where things stop working ======

my  $sftp = Net::SFTP::Foreign->new(transport => $conn);

if (($sftp->error) || ($sftp->status)) {
     print "\n";
     print "transport did not connect!  $0\n";
     print "sftp error: ".$sftp->error."\n";
     print "sftp status: ".$sftp->status."\n";
} else {
   print "Got a connection without errors\n";
}

 eval {
      $files_in_directory = $sftp->ls("$feed_server{directory}");
  };

   if (($@) || ($sftp->error)) {
     print "sftp--> error: ".$sftp->error."\n";
     print "\n";
     print "Directory Listing Problem on host: $feed_server{server} $0\n";
     print "Directory = $feed_server{directory}\n";
     print "ERROR = $@\n";
  } else {
       print "File in directorty: \n";

       foreach (@$files_in_directory) {
         $longlist = $_->{longname};
         $shortname = $_->{filename};
         print $longlist;
      }
  }

Re: [Ssh-sftp-perl-users] Timeout when executing scripts with Net::SSH::Perl by mod_perl

[Thierry C. <thi...@gm...>]

Not sure it could work, but perhaps you should try to set interactive to false  ?


Le 22 oct. 2010 à 12:37, uptest <up...@ao...> a écrit :

> 
> Dear all,
> 
> I have a problem when executing scripts with Net::SSH::Perl by mod_perl.
> When executing the script via mod_perl the ssh connection will be opened,  
> the $cmd executed but the output is never returned to the caller. It hangs  
> until a timeout occur. Nothing will be sent to the web browser.
> 
> If I execute the script locally it works fine.
> 
> The sample script just opens a ssh connection to the localhost:
> my $ssh = Net::SSH::Perl->new($host,%params);
> $ssh->login($user, $pass);
> my($stdout, $stderr, $exit) = $ssh->cmd($cmd);
> print "STDOUT=$stdout\n";
> print "STDERR=$stderr\n";
> print "EXIT=$exit\n";
> 
> See below the debug output when executed first by mod_perl then by a local  
> shell:
> 
> 
> Debug output when executed via mod_perl:
> from /var/log/httpd/error.log
> 
> anyhost: Reading configuration data /.ssh/config
> anyhost: Reading configuration data /etc/ssh_config
> anyhost: Connecting to localhost, port 22.
> anyhost: Remote protocol version 2.0, remote software version OpenSSH_5.0
> anyhost: Net::SSH::Perl Version 1.34, protocol version 2.0.
> anyhost: No compat match: OpenSSH_5.0.
> anyhost: Connection established.
> anyhost: Sent key-exchange init (KEXINIT), wait response.
> anyhost: Algorithms, c->s: 3des-cbc hmac-sha1 none
> anyhost: Algorithms, s->c: 3des-cbc hmac-sha1 none
> anyhost: Entering Diffie-Hellman Group 1 key exchange.
> anyhost: Sent DH public key, waiting for reply.
> anyhost: Received host key, type 'ssh-dss'.
> anyhost: Host 'localhost' is known and matches the host key.
> anyhost: Computing shared secret key.
> anyhost: Verifying server signature.
> anyhost: Waiting for NEWKEYS message.
> anyhost: Send NEWKEYS.
> anyhost: Enabling encryption/MAC/compression.
> anyhost: Sending request for user-authentication service.
> anyhost: Service accepted: ssh-userauth.
> anyhost: Trying empty user-authentication request.
> anyhost: Authentication methods that can continue:  
> publickey,gssapi-with-mic,password.
> anyhost: Next method to try is publickey.
> anyhost: Next method to try is password.
> anyhost: Trying password authentication.
> anyhost: Login completed, opening dummy shell channel.
> anyhost: channel 0: new [client-session]
> anyhost: Requesting channel_open for channel 0.
> anyhost: channel 0: open confirm rwindow 0 rmax 32768
> anyhost: Got channel open confirmation, requesting shell.
> anyhost: Requesting service shell on channel 0.
> anyhost: channel 1: new [client-session]
> anyhost: Requesting channel_open for channel 1.
> anyhost: Entering interactive session.
> anyhost: Sending command: ls -ltr
> anyhost: Sending command: ls -ltr
> anyhost: Requesting service exec on channel 1.
> anyhost: channel 1: open confirm rwindow 0 rmax 32768
> anyhost: input_channel_request: rtype exit-status reply 0
> anyhost: channel 1: rcvd eof
> anyhost: channel 1: output open -> drain
> anyhost: channel 1: rcvd close
> anyhost: channel 1: input open -> closed
> anyhost: channel 1: close_read
> 
> ------------------------------------------------------------------
> 
> Started from the local shell:
> 
> anyhost: Reading configuration data /root/.ssh/config
> anyhost: Reading configuration data /etc/ssh_config
> anyhost: Allocated local port 1023.
> anyhost: Connecting to localhost, port 22.
> anyhost: Remote protocol version 2.0, remote software version OpenSSH_5.0
> anyhost: Net::SSH::Perl Version 1.34, protocol version 2.0.
> anyhost: No compat match: OpenSSH_5.0.
> anyhost: Connection established.
> anyhost: Sent key-exchange init (KEXINIT), wait response.
> anyhost: Algorithms, c->s: 3des-cbc hmac-sha1 none
> anyhost: Algorithms, s->c: 3des-cbc hmac-sha1 none
> anyhost: Entering Diffie-Hellman Group 1 key exchange.
> anyhost: Sent DH public key, waiting for reply.
> anyhost: Received host key, type 'ssh-dss'.
> anyhost: Host 'localhost' is known and matches the host key.
> anyhost: Computing shared secret key.
> anyhost: Verifying server signature.
> anyhost: Waiting for NEWKEYS message.
> anyhost: Send NEWKEYS.
> anyhost: Enabling encryption/MAC/compression.
> anyhost: Sending request for user-authentication service.
> anyhost: Service accepted: ssh-userauth.
> anyhost: Trying empty user-authentication request.
> anyhost: Authentication methods that can continue:  
> publickey,gssapi-with-mic,password.
> anyhost: Next method to try is publickey.
> anyhost: Next method to try is password.
> anyhost: Trying password authentication.
> anyhost: Login completed, opening dummy shell channel.
> anyhost: channel 0: new [client-session]
> anyhost: Requesting channel_open for channel 0.
> anyhost: channel 0: open confirm rwindow 0 rmax 32768
> anyhost: Got channel open confirmation, requesting shell.
> anyhost: Requesting service shell on channel 0.
> anyhost: channel 1: new [client-session]
> anyhost: Requesting channel_open for channel 1.
> anyhost: Entering interactive session.
> anyhost: Sending command: ls -ltr
> anyhost: Sending command: ls -ltr
> anyhost: Requesting service exec on channel 1.
> anyhost: channel 1: open confirm rwindow 0 rmax 32768
> anyhost: input_channel_request: rtype exit-status reply 0
> anyhost: channel 1: rcvd eof
> anyhost: channel 1: output open -> drain
> anyhost: channel 1: rcvd close
> anyhost: channel 1: input open -> closed
> anyhost: channel 1: close_read
> anyhost: channel 1: obuf empty
> anyhost: channel 1: output drain -> closed
> anyhost: channel 1: close_write
> anyhost: channel 1: send close
> anyhost: channel 1: full closed
> STDOUT=total 12156
> -rw-------  1 root root     2022 Aug 13  2008 anaconda-ks.cfg
> drwxr-xr-x  2 root root     4096 Aug 14  2008 Desktop
> drwxr-xr-x  3 root root     4096 Sep  2  2008 workspace
> drwxr-xr-x  4 root root     4096 Oct 21  2008 SDC
> -rw-r--r--  1 root root     1030 Feb 27  2009 connections.txt
> -rw-r--r--  1 root root    86363 Aug  3  2009 SDABeans.jar
> -rw-r--r--  1 root root  1687590 Aug  3  2009 SDAWeb.war
> -rw-r--r--  1 root root      184 Nov 11  2009 TODO
> drwxr-xr-x  8 root root     4096 Nov 12  2009 backup
> -rw-r--r--  1 root root 10416040 Nov 12  2009 OSSmigrate121109.gz
> -rw-r--r--  1 root root      922 Nov 13  2009 svnAdmin.info
> drwxr-xr-x  4 root root     4096 May 11 17:14 tmp
> drwxr-xr-x  2 root root     4096 Jul 13 09:19 sh
> drwxr-xr-x  8 root root     4096 Aug 11 12:35 cpan
> drwxr-xr-x  7 root root     4096 Aug 11 13:05 BPM
> -rw-------  1 root root   139999 Aug 23 10:05 mbox
> drwxr-xr-x  7 root root     4096 Oct 14 14:42 Downloads
> 
> Use of uninitialized value $stderr in concatenation (.) or string at  
> ./local.pl line 20.
> STDERR=
> EXIT=0
> END!!!!!!!!
> 
> 
> Thanks in advance for any help.
> Bye
> Uwe
> 
> ------------------------------------------------------------------------------
> Nokia and AT&T present the 2010 Calling All Innovators-North America contest
> Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
> $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
> Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
> http://p.sf.net/sfu/nokia-dev2dev
> _______________________________________________
> Ssh-sftp-perl-users mailing list
> Ssh...@li...
> https://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users

[Ssh-sftp-perl-users] Timeout when executing scripts with Net::SSH::Perl by mod_perl

[uptest <up...@ao...>]

Dear all,

I have a problem when executing scripts with Net::SSH::Perl by mod_perl.
When executing the script via mod_perl the ssh connection will be opened,  
the $cmd executed but the output is never returned to the caller. It hangs  
until a timeout occur. Nothing will be sent to the web browser.

If I execute the script locally it works fine.

The sample script just opens a ssh connection to the localhost:
my $ssh = Net::SSH::Perl->new($host,%params);
$ssh->login($user, $pass);
my($stdout, $stderr, $exit) = $ssh->cmd($cmd);
print "STDOUT=$stdout\n";
print "STDERR=$stderr\n";
print "EXIT=$exit\n";

See below the debug output when executed first by mod_perl then by a local  
shell:


Debug output when executed via mod_perl:
 from /var/log/httpd/error.log

anyhost: Reading configuration data /.ssh/config
anyhost: Reading configuration data /etc/ssh_config
anyhost: Connecting to localhost, port 22.
anyhost: Remote protocol version 2.0, remote software version OpenSSH_5.0
anyhost: Net::SSH::Perl Version 1.34, protocol version 2.0.
anyhost: No compat match: OpenSSH_5.0.
anyhost: Connection established.
anyhost: Sent key-exchange init (KEXINIT), wait response.
anyhost: Algorithms, c->s: 3des-cbc hmac-sha1 none
anyhost: Algorithms, s->c: 3des-cbc hmac-sha1 none
anyhost: Entering Diffie-Hellman Group 1 key exchange.
anyhost: Sent DH public key, waiting for reply.
anyhost: Received host key, type 'ssh-dss'.
anyhost: Host 'localhost' is known and matches the host key.
anyhost: Computing shared secret key.
anyhost: Verifying server signature.
anyhost: Waiting for NEWKEYS message.
anyhost: Send NEWKEYS.
anyhost: Enabling encryption/MAC/compression.
anyhost: Sending request for user-authentication service.
anyhost: Service accepted: ssh-userauth.
anyhost: Trying empty user-authentication request.
anyhost: Authentication methods that can continue:  
publickey,gssapi-with-mic,password.
anyhost: Next method to try is publickey.
anyhost: Next method to try is password.
anyhost: Trying password authentication.
anyhost: Login completed, opening dummy shell channel.
anyhost: channel 0: new [client-session]
anyhost: Requesting channel_open for channel 0.
anyhost: channel 0: open confirm rwindow 0 rmax 32768
anyhost: Got channel open confirmation, requesting shell.
anyhost: Requesting service shell on channel 0.
anyhost: channel 1: new [client-session]
anyhost: Requesting channel_open for channel 1.
anyhost: Entering interactive session.
anyhost: Sending command: ls -ltr
anyhost: Sending command: ls -ltr
anyhost: Requesting service exec on channel 1.
anyhost: channel 1: open confirm rwindow 0 rmax 32768
anyhost: input_channel_request: rtype exit-status reply 0
anyhost: channel 1: rcvd eof
anyhost: channel 1: output open -> drain
anyhost: channel 1: rcvd close
anyhost: channel 1: input open -> closed
anyhost: channel 1: close_read

------------------------------------------------------------------

Started from the local shell:

anyhost: Reading configuration data /root/.ssh/config
anyhost: Reading configuration data /etc/ssh_config
anyhost: Allocated local port 1023.
anyhost: Connecting to localhost, port 22.
anyhost: Remote protocol version 2.0, remote software version OpenSSH_5.0
anyhost: Net::SSH::Perl Version 1.34, protocol version 2.0.
anyhost: No compat match: OpenSSH_5.0.
anyhost: Connection established.
anyhost: Sent key-exchange init (KEXINIT), wait response.
anyhost: Algorithms, c->s: 3des-cbc hmac-sha1 none
anyhost: Algorithms, s->c: 3des-cbc hmac-sha1 none
anyhost: Entering Diffie-Hellman Group 1 key exchange.
anyhost: Sent DH public key, waiting for reply.
anyhost: Received host key, type 'ssh-dss'.
anyhost: Host 'localhost' is known and matches the host key.
anyhost: Computing shared secret key.
anyhost: Verifying server signature.
anyhost: Waiting for NEWKEYS message.
anyhost: Send NEWKEYS.
anyhost: Enabling encryption/MAC/compression.
anyhost: Sending request for user-authentication service.
anyhost: Service accepted: ssh-userauth.
anyhost: Trying empty user-authentication request.
anyhost: Authentication methods that can continue:  
publickey,gssapi-with-mic,password.
anyhost: Next method to try is publickey.
anyhost: Next method to try is password.
anyhost: Trying password authentication.
anyhost: Login completed, opening dummy shell channel.
anyhost: channel 0: new [client-session]
anyhost: Requesting channel_open for channel 0.
anyhost: channel 0: open confirm rwindow 0 rmax 32768
anyhost: Got channel open confirmation, requesting shell.
anyhost: Requesting service shell on channel 0.
anyhost: channel 1: new [client-session]
anyhost: Requesting channel_open for channel 1.
anyhost: Entering interactive session.
anyhost: Sending command: ls -ltr
anyhost: Sending command: ls -ltr
anyhost: Requesting service exec on channel 1.
anyhost: channel 1: open confirm rwindow 0 rmax 32768
anyhost: input_channel_request: rtype exit-status reply 0
anyhost: channel 1: rcvd eof
anyhost: channel 1: output open -> drain
anyhost: channel 1: rcvd close
anyhost: channel 1: input open -> closed
anyhost: channel 1: close_read
anyhost: channel 1: obuf empty
anyhost: channel 1: output drain -> closed
anyhost: channel 1: close_write
anyhost: channel 1: send close
anyhost: channel 1: full closed
STDOUT=total 12156
-rw-------  1 root root     2022 Aug 13  2008 anaconda-ks.cfg
drwxr-xr-x  2 root root     4096 Aug 14  2008 Desktop
drwxr-xr-x  3 root root     4096 Sep  2  2008 workspace
drwxr-xr-x  4 root root     4096 Oct 21  2008 SDC
-rw-r--r--  1 root root     1030 Feb 27  2009 connections.txt
-rw-r--r--  1 root root    86363 Aug  3  2009 SDABeans.jar
-rw-r--r--  1 root root  1687590 Aug  3  2009 SDAWeb.war
-rw-r--r--  1 root root      184 Nov 11  2009 TODO
drwxr-xr-x  8 root root     4096 Nov 12  2009 backup
-rw-r--r--  1 root root 10416040 Nov 12  2009 OSSmigrate121109.gz
-rw-r--r--  1 root root      922 Nov 13  2009 svnAdmin.info
drwxr-xr-x  4 root root     4096 May 11 17:14 tmp
drwxr-xr-x  2 root root     4096 Jul 13 09:19 sh
drwxr-xr-x  8 root root     4096 Aug 11 12:35 cpan
drwxr-xr-x  7 root root     4096 Aug 11 13:05 BPM
-rw-------  1 root root   139999 Aug 23 10:05 mbox
drwxr-xr-x  7 root root     4096 Oct 14 14:42 Downloads

Use of uninitialized value $stderr in concatenation (.) or string at  
./local.pl line 20.
STDERR=
EXIT=0
END!!!!!!!!


Thanks in advance for any help.
Bye
Uwe