Net::OpenSSH and ProxyJump auth

doke has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to use Net::OpenSSH with the ssh -oProxyJump=user@bastionhost option to jump the connection through an intermediate bastion host. However, I can't get the authentication to work. The built in authentication only does one password prompt. So I'm trying to use login_hander => custom_login_hander option, and a custom handler subroutine that recognizes the password prompt and gives the right password for that stage. It works for the first hop. However, Net::OpenSSH seems to only fire the custom handler once. It seems to never call it on the second password prompt. Can anyone suggest anything?

I've got a workaround of calling the ssh binary, with the flags I need, and Expect-ing my way through the prompts. But it seems overly complicated.

Comment on Net::OpenSSH and ProxyJump auth

Replies are listed 'Best First'.
Re: Net::OpenSSH and ProxyJump auth by talexb (Chancellor) on Jul 24, 2025 at 13:25 UTC
I've used `ssh-copy-id` to copy my key to boxes that I log in to regularly in the past. That should solve the first log-in, and using Expect for the rest sounds a little hacky, but if it works, fine. Alex / talexb / Toronto As of June 2025, Groklaw is back! This site was a really valuable resource in the now ancient fight between SCO and Linux. As it turned out, SCO was all hat and no cattle.Thanks to PJ for all her work, we owe her so much. RIP -- 2003 to 2013.	[reply] [d/l]
Re: Net::OpenSSH and ProxyJump auth by Anonymous Monk on Jul 23, 2025 at 08:34 UTC
So I'm trying to use login_hander => custom_login_hander option, and a custom handler subroutine that recognizes the password prompt and gives the right password for that stage. Use keys instead.	[reply]
Re^2: Net::OpenSSH and ProxyJump auth by doke (Initiate) on Jul 23, 2025 at 19:15 UTC
I apologize, I did not explain my situation well enough. I'm trying to ssh to various routers, switches, firewalls, etc. Many of them do not have full ssh implementations, and do not support keys. I can use keys for some things, but not everything.	[reply]
Re^3: Net::OpenSSH and ProxyJump auth by Anonymous Monk on Jul 24, 2025 at 13:46 UTC
Can you use keys for the intermediate host then, so you only get one password prompt? (BTW see also sshpass)	[reply]
Re^4: Net::OpenSSH and ProxyJump auth by doke (Initiate) on Jul 25, 2025 at 13:32 UTC