RE: problem with Net::SSH::Perl using dsa key authentication
Tn wrote: > Hi, > > As far as I can tell you are doing it right according to the manpages. > However, I noticed that in > http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/Ne > t::SSH::Perl.3pm that $ssh->login() requires a password that you aren't > supplying: > > $ssh->login("user1", "pass1"); > > I believe this refers to the linux password. Perhaps if the password is > not supplied for an interactive login then you will be prompted for it. > But you could disable linux password authentication as an ssh option at > least as a possible workaround: > > PasswordAuthentication=no # to be added to my %params > > As I recall the default config of sshd/ssh forces password > authentication on top of publickey authentication as an extra security > measure. You might take a look at your sshd and ssh config files to see > how they are set and a combination of tweaking them and the options in > your script may fix the problem. > > The sshd/ssh setup that I prefer requires no password authentication if > publickey authentication works, however it will use password > authentication if publickey authentication does not work and I cut keys > with a null passphrase for easier automation of script execution and > interactive logins. > > The error message seems to refer to a ssh_agent setup. Ssh_agent is a > special daemon that caches private keys and their passphrases so that > you don't have to keep supplying the latter on the command line to start > new sessions. I've never bothered setting it up but using it should be > more secure than using keys with null passphrases. > > For reference: > > Instructions for ssh_agent configuration are at > http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-op > enssh-client-config.html#S3-OPENSSH-CONFIG-SSH-AGENT. > > Manpages for openssh are at http://www.openssh.org/manual.html > > Manpages for perl ssh modules are at > http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/ > > I don't have a setup now for testing ssh or I would. > > Please let me know what works when you find it. > > -tristram > [EMAIL PROTECTED] Hi I'm using ssh with only key authentication in most of my linux servers. the problem is not in the configuration (i think). I guess it's a matter of running ssh-agent from the perl interface (since I've entered the Net::SSH::Perl::Auth it ignores the one that's already running as the parent of my X session). thanx -- Haim -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with Net::SSH::Perl using dsa key authentication
Wiggins D'Anconia wrote: >> my %params = { >> protocol => 2, >> interactive => 1, >> identity_files =>[EMAIL PROTECTED], >> }; > > Right here you are assigning a hash reference to a hash, which is > essentially setting a key using the reference location with a value as > undef. Then you pass the hash to the new constructor and it sees a > single value which is why you are getting there warning/error about > "Reference found where even sized list expected"... Switch the braces > in the above construct to parenthesis and it should work, or switch the > hash to a hash dereference below and the hash to a scalar above. well, this one did solve the even-sized list error/warning but not the "agent" method error. I think I must run some kind of ssh-agent before, but I have no idea how to implement this. (I actually have it running as the parent of my X, but since I've added the Net::SSH::Perl::Auth, it just ignores it. before I've added it, it accepted the linux ssh-agent as the authentication and didn't prompt me for a password). thanx -- Haim -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with Net::SSH::Perl using dsa key authentication
Tn wrote: > Hi, > > As far as I can tell you are doing it right according to the manpages. > However, I noticed that in > http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/Ne > t::SSH::Perl.3pm that $ssh->login() requires a password that you aren't > supplying: > > $ssh->login("user1", "pass1"); > > I believe this refers to the linux password. Perhaps if the password is > not supplied for an interactive login then you will be prompted for it. > But you could disable linux password authentication as an ssh option at > least as a possible workaround: > > PasswordAuthentication=no # to be added to my %params > > As I recall the default config of sshd/ssh forces password > authentication on top of publickey authentication as an extra security > measure. You might take a look at your sshd and ssh config files to see > how they are set and a combination of tweaking them and the options in > your script may fix the problem. > > The sshd/ssh setup that I prefer requires no password authentication if > publickey authentication works, however it will use password > authentication if publickey authentication does not work and I cut keys > with a null passphrase for easier automation of script execution and > interactive logins. > > The error message seems to refer to a ssh_agent setup. Ssh_agent is a > special daemon that caches private keys and their passphrases so that > you don't have to keep supplying the latter on the command line to start > new sessions. I've never bothered setting it up but using it should be > more secure than using keys with null passphrases. > > For reference: > > Instructions for ssh_agent configuration are at > http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-op > enssh-client-config.html#S3-OPENSSH-CONFIG-SSH-AGENT. > > Manpages for openssh are at http://www.openssh.org/manual.html > > Manpages for perl ssh modules are at > http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/ > > I don't have a setup now for testing ssh or I would. > > Please let me know what works when you find it. > > -tristram > [EMAIL PROTECTED] Hi I'm using ssh with only key authentication in most of my linux servers. the problem is not in the configuration (i think). I guess it's a matter of running ssh-agent from the perl interface (since I've entered the Net::SSH::Perl::Auth it ignores the one that's already running as the parent of my X session). thanx -- Haim -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with Net::SSH::Perl using dsa key authentication
Wiggins D'Anconia wrote: >> my %params = { >> protocol => 2, >> interactive => 1, >> identity_files => [EMAIL PROTECTED], >> }; > > Right here you are assigning a hash reference to a hash, which is > essentially setting a key using the reference location with a value as > undef. Then you pass the hash to the new constructor and it sees a > single value which is why you are getting there warning/error about > "Reference found where even sized list expected"... Switch the braces > in the above construct to parenthesis and it should work, or switch the > hash to a hash dereference below and the hash to a scalar above. well, this one did solve the even-sized list error/warning but not the "agent" method error. I think I must run some kind of ssh-agent before, but I have no idea how to implement this. (I actually have it running as the parent of my X, but since I've added the Net::SSH::Perl::Auth, it just ignores it. before I've added it, it accepted the linux ssh-agent as the authentication and didn't prompt me for a password). thanx -- Haim -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with Net::SSH::Perl using dsa key authentication
TN wrote: > Hi, > > As far as I can tell you are doing it right according to the manpages. > However, I noticed that in > http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/Ne > t::SSH::Perl.3pm that $ssh->login() requires a password that you aren't > supplying: > > $ssh->login("user1", "pass1"); That might be true, but it is not within the scope of the immediate problem. The problem so far is a simple one of mismatched data types. Only after the code is properly compiled and run can he test the actual connectivity aspects of the code. Joseph -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with Net::SSH::Perl using dsa key authentication
Haim Ashkenazi wrote: > Hi > > I'm trying to write a simple ssh login script using Net::SSH::Perl. with > regular password It's working without a problem, but when I try to use dsa > key (my usual dsa key) it doesn't work. > > here's the scritp: > > > > #!/usr/bin/perl -w > > use strict; > use Net::SSH::Perl; > use Net::SSH::Perl::Auth; > > my @ids = ("/home/haim/.ssh/identity"); > > my %params = { > protocol => 2, > interactive => 1, > identity_files => [EMAIL PROTECTED], > }; %params edclares a hash. {} assigns a scalar reference to an anonymous hash. They are not the same data type [aka storage category] > > When I run this script I get an error: > Reference found where even-sized list expected at login.pl line 10. [snip--all errors beyond the first are irrelavant] > can anyone please help? Try changing the braces around your hash to parens, to properly offer a list as a hash initiator. Or nake params a scalar $params. Try one xor the other of these, and let us know what results you get then. You have not yet begun to test the Net::SSH functionality, because your code does not get executed. Joseph -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with Net::SSH::Perl using dsa key authentication
That clears things up. Thanks for the detailed explanation! -tristram -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with Net::SSH::Perl using dsa key authentication
TN wrote: Help me to understand your explanation of "assigning a hash reference to a hash." Considering my %params = { protocol => 2, interactive => 1, identity_files => [EMAIL PROTECTED], }; It appears to have an even number of elements like a hash should (since "=>" works essentially like ",") but the right hand side should be delimited by () instead of {} for it to be properly assigned as the value of a hash. With {} the right hand side is really a hash reference and has its location as its value which accounts for the error message "Reference found where even-sized list expected"??? This sounds correct so I am not sure what the question is. Essentially you have to think of the assignment of, %params = Such that the right side is taken in list context, rather than any specific type of value. So if you have a single value on the right then it gets set as a key without a corresponding value because that is how it is seen in list context, so when that value is a set of braces, %params = {}; Then it is a single value in list context (and the reference is stringified to boot), where that value is seen as a hash reference by definition. Where as the parenthesis just reinforce list context on the right side and allow multiple values in a key/value, key/value, key/value... fashion to be assigned to the hash elements. %params = ( 'key' => 'value', 'key' => 'value' ); So you have two ways to write your code, either the more common: %params = ( 'protocol' => 2, 'interactive' => 1, 'identity_files' => [EMAIL PROTECTED], ); Or using a hash reference (note assignment is to a scalar): $params = { 'protocol' => 2, 'interactive' => 1, 'identity_files' => [EMAIL PROTECTED], }; And then when using the variable you would do so such as: Net::SSH::Perl->new($host, %params); or, Net::SSH::Perl->new($host, %$params); perldoc perlreftut perldoc perlref For more on references Does this clear things up or muddy the water further? http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with Net::SSH::Perl using dsa key authentication
Help me to understand your explanation of "assigning a hash reference to a hash." Considering my %params = { protocol => 2, interactive => 1, identity_files => [EMAIL PROTECTED], }; It appears to have an even number of elements like a hash should (since "=>" works essentially like ",") but the right hand side should be delimited by () instead of {} for it to be properly assigned as the value of a hash. With {} the right hand side is really a hash reference and has its location as its value which accounts for the error message "Reference found where even-sized list expected"??? Thanks, -tristram -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with Net::SSH::Perl using dsa key authentication
Just for clarification and the archives TN wrote: Hi, As far as I can tell you are doing it right according to the manpages. However, I noticed that in http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/Ne t::SSH::Perl.3pm that $ssh->login() requires a password that you aren't supplying: 'login' does not require a password. The password is optional, specifically for the OP's case where he wishes to use public key encryption authentication. $ssh->login("user1", "pass1"); I believe this refers to the linux password. Perhaps if the password is not supplied for an interactive login then you will be prompted for it. But you could disable linux password authentication as an ssh option at least as a possible workaround: PasswordAuthentication=no # to be added to my %params As I recall the default config of sshd/ssh forces password authentication on top of publickey authentication as an extra security measure. You might take a look at your sshd and ssh config files to see how they are set and a combination of tweaking them and the options in your script may fix the problem. It is forced by default *if* one of the other specified methods does not succeed. The sshd/ssh setup that I prefer requires no password authentication if publickey authentication works, however it will use password authentication if publickey authentication does not work and I cut keys with a null passphrase for easier automation of script execution and interactive logins. The error message seems to refer to a ssh_agent setup. Ssh_agent is a special daemon that caches private keys and their passphrases so that you don't have to keep supplying the latter on the command line to start new sessions. I've never bothered setting it up but using it should be more secure than using keys with null passphrases. Yep but it requires saving the session state and having a login session, which is difficult for scripting and automated tasks. But for things such as X sessions it is great I highly suggest it when empty passphrases are not acceptable. For reference: Instructions for ssh_agent configuration are at http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-op enssh-client-config.html#S3-OPENSSH-CONFIG-SSH-AGENT. Manpages for openssh are at http://www.openssh.org/manual.html Manpages for perl ssh modules are at http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/ I don't have a setup now for testing ssh or I would. Please let me know what works when you find it. See my other post, it should be an interface issue not a problem with the underlying module. http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with Net::SSH::Perl using dsa key authentication
Haim Ashkenazi wrote: Hi I'm trying to write a simple ssh login script using Net::SSH::Perl. with regular password It's working without a problem, but when I try to use dsa key (my usual dsa key) it doesn't work. here's the scritp: #!/usr/bin/perl -w use strict; use Net::SSH::Perl; use Net::SSH::Perl::Auth; my @ids = ("/home/haim/.ssh/identity"); my %params = { protocol => 2, interactive => 1, identity_files => [EMAIL PROTECTED], }; Right here you are assigning a hash reference to a hash, which is essentially setting a key using the reference location with a value as undef. Then you pass the hash to the new constructor and it sees a single value which is why you are getting there warning/error about "Reference found where even sized list expected"... Switch the braces in the above construct to parenthesis and it should work, or switch the hash to a hash dereference below and the hash to a scalar above. my $login = Net::SSH::Perl->new("coltrane", %params); my $auth = Net::SSH::Perl::Auth->new('PublicKey', $login); $auth->authenticate; $login->login("haim"); $login->shell; When I run this script I get an error: Reference found where even-sized list expected at login.pl line 10. Can't call method "agent" on an undefined value at /usr/local/share perl/5.8.0/Net/SSH/Perl/Auth/PublicKey.pm line 39, line 1. I've looked into the Net::SSH::Perl::Agent manpage but I can't figure out how do I use it. can anyone please help? HTH, http://danconia.org -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with Net::SSH::Perl using dsa key authentication
Hi, As far as I can tell you are doing it right according to the manpages. However, I noticed that in http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/Ne t::SSH::Perl.3pm that $ssh->login() requires a password that you aren't supplying: $ssh->login("user1", "pass1"); I believe this refers to the linux password. Perhaps if the password is not supplied for an interactive login then you will be prompted for it. But you could disable linux password authentication as an ssh option at least as a possible workaround: PasswordAuthentication=no # to be added to my %params As I recall the default config of sshd/ssh forces password authentication on top of publickey authentication as an extra security measure. You might take a look at your sshd and ssh config files to see how they are set and a combination of tweaking them and the options in your script may fix the problem. The sshd/ssh setup that I prefer requires no password authentication if publickey authentication works, however it will use password authentication if publickey authentication does not work and I cut keys with a null passphrase for easier automation of script execution and interactive logins. The error message seems to refer to a ssh_agent setup. Ssh_agent is a special daemon that caches private keys and their passphrases so that you don't have to keep supplying the latter on the command line to start new sessions. I've never bothered setting it up but using it should be more secure than using keys with null passphrases. For reference: Instructions for ssh_agent configuration are at http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/custom-guide/s1-op enssh-client-config.html#S3-OPENSSH-CONFIG-SSH-AGENT. Manpages for openssh are at http://www.openssh.org/manual.html Manpages for perl ssh modules are at http://www.squarebox.co.uk/cgi-squarebox/manServer/usr/share/man/man3/ I don't have a setup now for testing ssh or I would. Please let me know what works when you find it. -tristram [EMAIL PROTECTED] -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]