gjoshi has asked for the wisdom of the Perl Monks concerning the following question:

Hi all, I need to connect to server B from server A. For example I have one server called server A username "abc" password "123". I can SSH to that server A and from server A only I can SSH to server B. server B also has same username "abc" and password "123". After connecting to server B and need to send commands to server B via Server A. Could anyone help me in this? I am not able to figure out how to achieve above task. thanks --girija
  • Comment on How to open nested SSH connection using perl

Replies are listed 'Best First'.
Re: How to open nested SSH connection using perl
by salva (Canon) on Jul 10, 2015 at 08:40 UTC
    Which operating system runs on each server and on the machine running the Perl script?

    Also, is port forwarding enabled in server A?

[reply]
      all of them on Linux
[reply]
        Manually I can ssh to server A and from there I can ssh to server B. Manually it is working fine. thanks --girija
[reply]
Re: How to open nested SSH connection using perl
by thanos1983 (Parson) on Jul 10, 2015 at 14:19 UTC

    Hello gjoshi,

    Although the Monks seems that they have provided you with many solutions, I would like to add a few references where you can get some information with samples of code, for easier implementation.

    I had the same problem with you some time ago and I found the most common name is ssh multi hop, when describing what you are trying to achieve. So ref1 Transparent Multi-hop SSH and ref2 SSH Port Forwarding Through Multiple Hops (.ssh/config).

    Update: I found also another link that also contains a Perl script that I assume does exactly what you want. Ref3 ssh tunnel via multiple hops.

    Hope this helps.

    Seeking for Perl wisdom...on the process of learning...not there...yet!
[reply]
[d/l]
[select]
      Thanks thanos1983 With the help of the link you have given i started the port forwarding and tunneling process in the background and now I am able to do the SSH to host 2 in the script. thanks --girija
[reply]
        And so, port forwarding is enabled in the gateway server... 
        use Net::OpenSSH;

my $sshA = Net::OpenSSH->new($serverA,
                             user => $userA, password => $passwordA);

my $proxy_command = $sshA->make_remote_command({tunnel => 1}, $serverB
+, 22);
my $sshB = Net::OpenSSH->new($serverB,
                             user => $userB, password => $passwordB,
                             proxy_command => $proxy_command);

$sshB->system($cmd1);
$sshB->system($cmd2);
...

        [download]
[reply]
[d/l]
Re: How to open nested SSH connection using perl
by locked_user sundialsvc4 (Abbot) on Jul 10, 2015 at 12:33 UTC

    Easily the best and safest way to do this is ... don’t use passwords for the connection!   Configure the two systems to use (unique) digital certificates, and disable password-authentication as an alternative.   (Otherwise, ssh will fall-back to passwords.)

    Passwords are not a suitable authentication method for use with any encrypted connection, because mere knowledge of the magic word, e.g. that was lifted from the source-code of a forgotten script, is enough to let you in and to identify you as being who you claim to be.   A digital certificate, on the other hand, must be possessed, should be unique, and can be individually revoked.   Although the connection seems to have been made “without challenge,” in fact it is very strong.

    Also, in a corporate setting, keys can be centrally managed using LDAP (OpenDirectory), so that the entire problem of “live passwords lying-around in scripts” can be completely eliminated.

Back to Seekers of Perl Wisdom