RE: problem with Net::SSH::Perl using dsa key authentication

2003-09-29 Thread Haim Ashkenazi
Tn wrote:

> Hi,
> 
> As far as I can tell you are doing it right according to the manpages.
> However, I noticed that in
> http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/Ne
> t::SSH::Perl.3pm that $ssh->login() requires a password that you aren't
> supplying:
> 
> $ssh->login("user1", "pass1");
> 
> I believe this refers to the linux password.  Perhaps if the password is
> not supplied for an interactive login then you will be prompted for it.
> But you could disable linux password authentication as an ssh option at
> least as a possible workaround:
> 
> PasswordAuthentication=no # to be added to my %params
> 
> As I recall the default config of sshd/ssh forces password
> authentication on top of publickey authentication as an extra security
> measure.  You might take a look at your sshd and ssh config files to see
> how they are set and a combination of tweaking them and the options in
> your script may fix the problem.
> 
> The sshd/ssh setup that I prefer requires no password authentication if
> publickey authentication works, however it will use password
> authentication if publickey authentication does not work and I cut keys
> with a null passphrase for easier automation of script execution and
> interactive logins.
> 
> The error message seems to refer to a ssh_agent setup.  Ssh_agent is a
> special daemon that caches private keys and their passphrases so that
> you don't have to keep supplying the latter on the command line to start
> new sessions.  I've never bothered setting it up but using it should be
> more secure than using keys with null passphrases.
> 
> For reference:
> 
> Instructions for ssh_agent configuration are at
> http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-op
> enssh-client-config.html#S3-OPENSSH-CONFIG-SSH-AGENT.
> 
> Manpages for openssh are at http://www.openssh.org/manual.html
> 
> Manpages for perl ssh modules are at
> http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/
> 
> I don't have a setup now for testing ssh or I would.
> 
> Please let me know what works when you find it.
> 
> -tristram
> [EMAIL PROTECTED]
Hi

I'm using ssh with only key authentication in most of my linux servers. the
problem is not in the configuration (i think). I guess it's a matter of
running ssh-agent from the perl interface (since I've entered the
Net::SSH::Perl::Auth it ignores the one that's already running as the
parent of my X session).

thanx
--
Haim

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: problem with Net::SSH::Perl using dsa key authentication

2003-09-29 Thread Haim Ashkenazi
Wiggins D'Anconia wrote:
>> my %params = {
>> protocol => 2,
>> interactive => 1,
>> identity_files =>[EMAIL PROTECTED],
>> };
> 
> Right here  you are assigning a hash reference to a hash, which is
> essentially setting a key using the reference location with a value as
> undef. Then you pass the hash to the new constructor and it sees a
> single value which is why you are getting there warning/error about
> "Reference found where even sized list expected"...  Switch the braces
> in the above construct to parenthesis and it should work, or switch the
> hash to a hash dereference below and the hash to a scalar above.
well, this one did solve the even-sized list error/warning but not the
"agent" method error. I think I must run some kind of ssh-agent before, but
I have no idea how to implement this. (I actually have it running as the
parent of my X, but since I've added the Net::SSH::Perl::Auth, it just
ignores it. before I've added it, it accepted the linux ssh-agent as the
authentication and didn't prompt me for a password).

thanx
--
Haim

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: problem with Net::SSH::Perl using dsa key authentication

2003-09-29 Thread Haim Ashkenazi
Tn wrote:

> Hi,
> 
> As far as I can tell you are doing it right according to the manpages.
> However, I noticed that in
> http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/Ne
> t::SSH::Perl.3pm that $ssh->login() requires a password that you aren't
> supplying:
> 
> $ssh->login("user1", "pass1");
> 
> I believe this refers to the linux password.  Perhaps if the password is
> not supplied for an interactive login then you will be prompted for it.
> But you could disable linux password authentication as an ssh option at
> least as a possible workaround:
> 
> PasswordAuthentication=no # to be added to my %params
> 
> As I recall the default config of sshd/ssh forces password
> authentication on top of publickey authentication as an extra security
> measure.  You might take a look at your sshd and ssh config files to see
> how they are set and a combination of tweaking them and the options in
> your script may fix the problem.
> 
> The sshd/ssh setup that I prefer requires no password authentication if
> publickey authentication works, however it will use password
> authentication if publickey authentication does not work and I cut keys
> with a null passphrase for easier automation of script execution and
> interactive logins.
> 
> The error message seems to refer to a ssh_agent setup.  Ssh_agent is a
> special daemon that caches private keys and their passphrases so that
> you don't have to keep supplying the latter on the command line to start
> new sessions.  I've never bothered setting it up but using it should be
> more secure than using keys with null passphrases.
> 
> For reference:
> 
> Instructions for ssh_agent configuration are at
> http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-op
> enssh-client-config.html#S3-OPENSSH-CONFIG-SSH-AGENT.
> 
> Manpages for openssh are at http://www.openssh.org/manual.html
> 
> Manpages for perl ssh modules are at
> http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/
> 
> I don't have a setup now for testing ssh or I would.
> 
> Please let me know what works when you find it.
> 
> -tristram
> [EMAIL PROTECTED]
Hi

I'm using ssh with only key authentication in most of my linux servers. the
problem is not in the configuration (i think). I guess it's a matter of
running ssh-agent from the perl interface (since I've entered the
Net::SSH::Perl::Auth it ignores the one that's already running as the
parent of my X session).

thanx
--
Haim

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: problem with Net::SSH::Perl using dsa key authentication

2003-09-29 Thread Haim Ashkenazi
Wiggins D'Anconia wrote:
>> my %params = {
>> protocol => 2,
>> interactive => 1,
>> identity_files => [EMAIL PROTECTED],
>> };
> 
> Right here  you are assigning a hash reference to a hash, which is
> essentially setting a key using the reference location with a value as
> undef. Then you pass the hash to the new constructor and it sees a
> single value which is why you are getting there warning/error about
> "Reference found where even sized list expected"...  Switch the braces
> in the above construct to parenthesis and it should work, or switch the
> hash to a hash dereference below and the hash to a scalar above.
well, this one did solve the even-sized list error/warning but not the
"agent" method error. I think I must run some kind of ssh-agent before, but
I have no idea how to implement this. (I actually have it running as the
parent of my X, but since I've added the Net::SSH::Perl::Auth, it just
ignores it. before I've added it, it accepted the linux ssh-agent as the
authentication and didn't prompt me for a password).

thanx
--
Haim

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: problem with Net::SSH::Perl using dsa key authentication

2003-09-28 Thread R. Joseph Newton
TN wrote:

> Hi,
>
> As far as I can tell you are doing it right according to the manpages.
> However, I noticed that in
> http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/Ne
> t::SSH::Perl.3pm that $ssh->login() requires a password that you aren't
> supplying:
>
> $ssh->login("user1", "pass1");

That might be true, but it is not within the scope of the immediate
problem.  The problem so far is a simple one of mismatched data types.  Only
after the code is properly compiled and run can he test the actual
connectivity aspects of the code.

Joseph


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: problem with Net::SSH::Perl using dsa key authentication

2003-09-28 Thread R. Joseph Newton
Haim Ashkenazi wrote:

> Hi
>
> I'm trying to write a simple ssh login script using Net::SSH::Perl. with
> regular password It's working without a problem, but when I try to use dsa
> key (my usual dsa key) it doesn't work.
>
> here's the scritp:
>
> 
>
> #!/usr/bin/perl -w
>
> use strict;
> use Net::SSH::Perl;
> use Net::SSH::Perl::Auth;
>
> my @ids = ("/home/haim/.ssh/identity");
>
> my %params = {
> protocol => 2,
> interactive => 1,
> identity_files => [EMAIL PROTECTED],
> };

%params edclares a hash.
{} assigns a scalar reference to an anonymous hash.
They are not the same data type [aka storage category]

> 

> When I run this script I get an error:
> Reference found where even-sized list expected at login.pl line 10.

[snip--all errors beyond the first are irrelavant]

> can anyone please help?

Try changing the braces around your hash to parens, to properly offer a list as a
hash initiator.  Or nake params a scalar $params.

Try one xor the other of these, and let us know what results you get then.  You have
not yet begun to test the Net::SSH functionality, because your code does not get
executed.

Joseph


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: problem with Net::SSH::Perl using dsa key authentication

2003-09-28 Thread TN
That clears things up.  Thanks for the detailed explanation!

-tristram 


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: problem with Net::SSH::Perl using dsa key authentication

2003-09-28 Thread Wiggins d'Anconia
TN wrote:
Help me to understand your explanation of "assigning a hash reference to
a hash."
Considering 

my %params = {
protocol => 2,
interactive => 1,
identity_files => [EMAIL PROTECTED],
};
It appears to have an even number of elements like a hash should (since
"=>" works essentially like ",") but the right hand side should be
delimited by () instead of {} for it to be properly assigned as the
value of a hash.  With {} the right hand side is really a hash reference
and has its location as its value which accounts for the error message
"Reference found where even-sized list expected"???
This sounds correct so I am not sure what the question is. Essentially 
you have to think of the assignment of,

%params =

Such that the right side is taken in list context, rather than any 
specific type of value. So if you have a single value on the right then 
it gets set as a key without a corresponding value because that is how 
it is seen in list context, so when that value is a set of braces,

%params = {};

Then it is a single value in list context (and the reference is 
stringified to boot), where that value is seen as a hash reference by 
definition.  Where as the parenthesis just reinforce list context on the 
right side and allow multiple values in a key/value, key/value, 
key/value... fashion to be assigned to the hash elements.

%params = ( 'key' => 'value', 'key' => 'value' );

So you have two ways to write your code, either the more common:

%params = ( 'protocol' => 2, 'interactive' => 1, 'identity_files' => 
[EMAIL PROTECTED], );

Or using a hash reference (note assignment is to a scalar):

$params = { 'protocol' => 2, 'interactive' => 1, 'identity_files' => 
[EMAIL PROTECTED], };

And then when using the variable you would do so such as:

Net::SSH::Perl->new($host, %params);

or,

Net::SSH::Perl->new($host, %$params);

perldoc perlreftut
perldoc perlref
For more on references

Does this clear things up or muddy the water further?

http://danconia.org

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


RE: problem with Net::SSH::Perl using dsa key authentication

2003-09-28 Thread TN
Help me to understand your explanation of "assigning a hash reference to
a hash."

Considering 

my %params = {
protocol => 2,
interactive => 1,
identity_files => [EMAIL PROTECTED],
};

It appears to have an even number of elements like a hash should (since
"=>" works essentially like ",") but the right hand side should be
delimited by () instead of {} for it to be properly assigned as the
value of a hash.  With {} the right hand side is really a hash reference
and has its location as its value which accounts for the error message
"Reference found where even-sized list expected"???

Thanks,

-tristram


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: problem with Net::SSH::Perl using dsa key authentication

2003-09-28 Thread Wiggins d'Anconia
Just for clarification and the archives

TN wrote:
Hi,

As far as I can tell you are doing it right according to the manpages.
However, I noticed that in
http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/Ne
t::SSH::Perl.3pm that $ssh->login() requires a password that you aren't
supplying:
'login' does not require a password. The password is optional, 
specifically for the OP's case where he wishes to use public key 
encryption authentication.

$ssh->login("user1", "pass1");

I believe this refers to the linux password.  Perhaps if the password is
not supplied for an interactive login then you will be prompted for it.
But you could disable linux password authentication as an ssh option at
least as a possible workaround:
PasswordAuthentication=no # to be added to my %params

As I recall the default config of sshd/ssh forces password
authentication on top of publickey authentication as an extra security
measure.  You might take a look at your sshd and ssh config files to see
how they are set and a combination of tweaking them and the options in
your script may fix the problem.  

It is forced by default *if* one of the other specified methods does not 
succeed.

The sshd/ssh setup that I prefer requires no password authentication if
publickey authentication works, however it will use password
authentication if publickey authentication does not work and I cut keys
with a null passphrase for easier automation of script execution and
interactive logins.
The error message seems to refer to a ssh_agent setup.  Ssh_agent is a
special daemon that caches private keys and their passphrases so that
you don't have to keep supplying the latter on the command line to start
new sessions.  I've never bothered setting it up but using it should be
more secure than using keys with null passphrases.  

Yep but it requires saving the session state and having a login session, 
which is difficult for scripting and automated tasks. But for things 
such as X sessions it is great I highly suggest it when empty 
passphrases are not acceptable.

For reference:

Instructions for ssh_agent configuration are at
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-op
enssh-client-config.html#S3-OPENSSH-CONFIG-SSH-AGENT.
Manpages for openssh are at http://www.openssh.org/manual.html

Manpages for perl ssh modules are at
http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/
I don't have a setup now for testing ssh or I would.  

Please let me know what works when you find it.
See my other post, it should be an interface issue not a problem with 
the underlying module.

http://danconia.org

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


Re: problem with Net::SSH::Perl using dsa key authentication

2003-09-28 Thread Wiggins d'Anconia
Haim Ashkenazi wrote:
Hi

I'm trying to write a simple ssh login script using Net::SSH::Perl. with
regular password It's working without a problem, but when I try to use dsa
key (my usual dsa key) it doesn't work.
here's the scritp:



#!/usr/bin/perl -w

use strict;
use Net::SSH::Perl;
use Net::SSH::Perl::Auth;
my @ids = ("/home/haim/.ssh/identity");

my %params = {
protocol => 2,
interactive => 1,
identity_files => [EMAIL PROTECTED],
};
Right here  you are assigning a hash reference to a hash, which is 
essentially setting a key using the reference location with a value as 
undef. Then you pass the hash to the new constructor and it sees a 
single value which is why you are getting there warning/error about 
"Reference found where even sized list expected"...  Switch the braces 
in the above construct to parenthesis and it should work, or switch the 
hash to a hash dereference below and the hash to a scalar above.


my $login = Net::SSH::Perl->new("coltrane", %params);

my $auth = Net::SSH::Perl::Auth->new('PublicKey', $login);
$auth->authenticate;
$login->login("haim");

$login->shell;



When I run this script I get an error:
Reference found where even-sized list expected at login.pl line 10.
Can't call method "agent" on an undefined value at /usr/local/share
perl/5.8.0/Net/SSH/Perl/Auth/PublicKey.pm line 39,  line 1.
I've looked into the Net::SSH::Perl::Agent manpage but I can't figure out
how do I use it.
can anyone please help?

HTH,

http://danconia.org

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


RE: problem with Net::SSH::Perl using dsa key authentication

2003-09-28 Thread TN
Hi,

As far as I can tell you are doing it right according to the manpages.
However, I noticed that in
http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/Ne
t::SSH::Perl.3pm that $ssh->login() requires a password that you aren't
supplying:

$ssh->login("user1", "pass1");

I believe this refers to the linux password.  Perhaps if the password is
not supplied for an interactive login then you will be prompted for it.
But you could disable linux password authentication as an ssh option at
least as a possible workaround:

PasswordAuthentication=no # to be added to my %params

As I recall the default config of sshd/ssh forces password
authentication on top of publickey authentication as an extra security
measure.  You might take a look at your sshd and ssh config files to see
how they are set and a combination of tweaking them and the options in
your script may fix the problem.  

The sshd/ssh setup that I prefer requires no password authentication if
publickey authentication works, however it will use password
authentication if publickey authentication does not work and I cut keys
with a null passphrase for easier automation of script execution and
interactive logins.

The error message seems to refer to a ssh_agent setup.  Ssh_agent is a
special daemon that caches private keys and their passphrases so that
you don't have to keep supplying the latter on the command line to start
new sessions.  I've never bothered setting it up but using it should be
more secure than using keys with null passphrases.  

For reference:

Instructions for ssh_agent configuration are at
http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-op
enssh-client-config.html#S3-OPENSSH-CONFIG-SSH-AGENT.

Manpages for openssh are at http://www.openssh.org/manual.html

Manpages for perl ssh modules are at
http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/

I don't have a setup now for testing ssh or I would.  

Please let me know what works when you find it.

-tristram
[EMAIL PROTECTED]


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]