Thread: [Ssh-sftp-perl-users] Net::SSH::perl to chroot enviro
Brought to you by:
dbrobins
Menu
▾
▴
ssh-sftp-perl-users
|
From: John F. <joh...@zn...> - 2004-06-02 23:09:13
|
I am trying to use the package to log into a server which uses chroot environments. As a person if I 'ssh -l username servername' I get dropped into the chroot environment. When I use the perl script I get dropped into the normal environment, as if the sudo line in .bash_profile had not run. when the source .bash_profile is the first command given to the ssh object, I get this debug text: <see below> and the second commend is never executed, the script hangs. It feels like the perl module enters through another mechanism than the standard command line ssh. Both servers are running Debian Woody. Any pointers much appreciated. John ### code ##### use strict; use diagnostics; use Net::SSH::Perl; my $cmd1 = "source /home/build/.bash_profile " ; my $cmd2 = "pwd" ; my $ssh = Net::SSH::Perl->new($host, debug => 1, protocol => 2); $ssh->login($user, $pass); my($out1, $err1, $exit1) = $ssh->cmd($cmd1); my($out2, $err2, $exit2) = $ssh->cmd($cmd2); #### debug message #### pt: Reading configuration data /root/.ssh/config pt: Reading configuration data /etc/ssh_config pt: Allocated local port 1023. pt: Connecting to nn.nn.nn.nn, port 22. pt: Remote protocol version 2.0, remote software version OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9 pt: Net::SSH::Perl Version 1.23, protocol version 2.0. pt: No compat match: OpenSSH_3.0.2p1 Debian 1:3.0.2p1-9. pt: Connection established. pt: Sent key-exchange init (KEXINIT), wait response. pt: Algorithms, c->s: 3des-cbc hmac-sha1 none pt: Algorithms, s->c: 3des-cbc hmac-sha1 none pt: Entering Diffie-Hellman Group 1 key exchange. pt: Sent DH public key, waiting for reply. pt: Received host key, type 'ssh-dss'. pt: Host 'nnn.nnn.nn.nn' is known and matches the host key. pt: Computing shared secret key. pt: Verifying server signature. pt: Waiting for NEWKEYS message. pt: Enabling incoming encryption/MAC/compression. pt: Send NEWKEYS, enable outgoing encryption/MAC/compression. pt: Sending request for user-authentication service. pt: Service accepted: ssh-userauth. pt: Trying empty user-authentication request. pt: Authentication methods that can continue: publickey,password,keyboard-interactive. pt: Next method to try is publickey. pt: Next method to try is password. pt: Trying password authentication. pt: Login completed, opening dummy shell channel. pt: channel 0: new [client-session] pt: Requesting channel_open for channel 0. pt: channel 0: open confirm rwindow 0 rmax 16384 pt: Got channel open confirmation, requesting shell. pt: Requesting service shell on channel 0. pt: channel 1: new [client-session] pt: Requesting channel_open for channel 1. pt: Entering interactive session. pt: Sending command: source /home/build/.bash_profile pt: Requesting service exec on channel 1. pt: channel 1: open confirm rwindow 0 rmax 16384 -- ---------------------------------------------------- John P. Fisher at ZNYX Networks 805 683 1488 x 3245 joh...@zn... |
|
From: Dave R. <au...@ur...> - 2004-06-02 23:21:05
|
On Wed, 2 Jun 2004, John Fisher wrote: > When I use the perl script I get dropped into the normal environment, as > if the sudo line in .bash_profile had not run. when the source > .bash_profile is the first command given to the ssh object, I get this > debug text: <see below> and the second commend is never executed, the > script hangs. It feels like the perl module enters through another > mechanism than the standard command line ssh. Do other commands work? Have you tried something like just "ls"? If that doesn't work, the problem isn't the specific command. When you send a command, I'm not sure if shell commands will actually work, but I don't know enough about the inner workings of SSH to say (anyone?). -dave /*======================= House Absolute Consulting www.houseabsolute.com =======================*/ |
|
From: Dave R. <au...@ur...> - 2004-06-02 23:59:58
|
On Wed, 2 Jun 2004, Dave Rolsky wrote: > On Wed, 2 Jun 2004, John Fisher wrote: > > > >Do other commands work? Have you tried something like just "ls"? > > > > > yes > > ls pwd cd /somepath all work, and they work as succesive > > commands > > $ssh->cmd(somecommand)..... > > $ssh->cmd(someothercommand)..... > > $ssh->cmd(somethirdcommand)..... > > How about some other shell command (not an executable)? I'm guessing that > when you log in via SSH without a terminal, you don't actually get a > shell, but that's just a guess. > > > -dave > > /*======================= > House Absolute Consulting > www.houseabsolute.com > =======================*/ > /*======================= House Absolute Consulting www.houseabsolute.com =======================*/ |
|
From: John F. <joh...@zn...> - 2004-06-03 00:16:38
|
These worked, and the shell is bash... my $cmd1 = "man ls " ; my $cmd2 = "echo " . '$SHELL' ; my $cmd3 = "cat /tmp/autobuild.log" ; my $cmd1 = "help" ; my $cmd2 = "dirs " ; my $cmd3 = "test" ; my $cmd1 = "xxxxx" ; my $cmd2 = "cd / " ; my $cmd3 = "pwd" ; Dave Rolsky wrote on 6/2/2004 4:59 PM: >On Wed, 2 Jun 2004, Dave Rolsky wrote: > > > >>On Wed, 2 Jun 2004, John Fisher wrote: >> >> >> >>>>Do other commands work? Have you tried something like just "ls"? >>>> >>>> >>>> >>>yes >>> ls pwd cd /somepath all work, and they work as succesive >>>commands >>>$ssh->cmd(somecommand)..... >>>$ssh->cmd(someothercommand)..... >>>$ssh->cmd(somethirdcommand)..... >>> >>> >>How about some other shell command (not an executable)? I'm guessing that >>when you log in via SSH without a terminal, you don't actually get a >>shell, but that's just a guess. >> >> >> ---------------------------------------------------- John P. Fisher at ZNYX Networks 805 683 1488 x 3245 joh...@zn... |
|
From: John F. <joh...@zn...> - 2004-06-04 00:48:13
|
FYI
Answer-
How to use Net::SSH::Perl to run chrooted commands on remote server.
Rules:
1) you have to login as root, not the user
2) with each command you must run chroot as part of the command <see
example> to get a command running inside the chroot enviro
3) you must use absolute pathnames, even for well-known commands
4) you still have to be careful about the environment and shell - it
doesn't act like a normal bash shell you reach manually
Code snippet:
use strict;
use diagnostics;
use Net::SSH::Perl;
my $cmd = "/usr/sbin/chroot /home/username/buildenv/potato myscript
param param param" ;
# myscript runs with the potato directory as its root
my $ssh = Net::SSH::Perl->new($host, debug => 10, protocol => 2);
# using code from instructions...
$ssh->login($user, $pass);
my($out, $err, $exit) = $ssh->cmd($cmd);
print("\n " . $out1 ) if $out1;
Why would anyone want to do this?
I build multiple large images on a remote Linux server nightly. I wrote
a script to extract them from cvs, and build in a special build
environment. ( the server runs a different Linux from the builds)
I version control the build environment itself, so that various releases
are tied to a controlled version of Linux. Each developer and I get to
choose which environment we build in, depending on which release we are
working on, latest or bug fixes. Sometimes I have to tarball the whole
build enviro and give it to a customer, too. We used to keep removable
hard drives for each flavor, but now we use multiple chroot environments
on a bigger server.
thanks
John
----------------------------------------------------
John P. Fisher
at ZNYX Networks
805 683 1488 x 3245
joh...@zn...
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X