iloveperl has asked for the wisdom of the Perl Monks concerning the following question:

Ok it took me a while but I finally have everything working for Net::SSH. Here's the basic portion of the script I'm using and the problem:

use Net::SSH::Perl
print "What username?\n";
$username = <STDIN>;
chomp$username;
print "What password?\n";
$password = <STDIN>;
chomp$password;
my $cmd = 'get log event';
my $host = 'x.x.x.x';
my $ssh = Net::SSH::Perl->new($host, cipher => DES3,  protocol=>1, deb
+ug => true, use_pty=>1);
$ssh->login($username, $password);
my ($stdout, $stderr, $exit) = $ssh->cmd($cmd);
print $stdout

[download]
Ok the issue seems to be that the log-in for Netscreen sticks. I'm able to run this same script to a solaris-based box and perform an "ls" for the command and receive output. I've also used the command $ssh->shell after the login and the shell returns. When using debug I notice a few interesting messages which I don't receive when debugging a normal ssh connection. Those messages are as follows: 
#1 RSA authentication failed:  Can't load public key. #2 
Warning: ignoring packet of type 15.

[download]
I dont believe this is an RSA authentication error as when I view the log on the Netscreen I see the username/password being authenticated. The other reason I don't believe it's an RSA issue is the fact I can put the $ssh->shell command after the login and the prompt comes up with no problem.

Netscreen gives 2 messages for successful logins, #1 being: "SCS: SSH user X has been authenticated using password from x.x.x.x. Message #2 is: "Admin user X has logged in via SCS from x.x.x.x. When I'm utilizing the script I check the logfiles on the Netscreen from another session and only see message 1. The command also never gets issued as there is a log entry for the command. Perl also just sits. If I add the $ssh->shell or utilize a normal ssh login I get both messages. I'm wondering what could be wrong with my script where the login isn't going all the way through or if Netscreen has some crazy ssh that doesn't work.

Also, SSH-2 doesn't work on Netscreen as it states major protocol versions differ 2 v 1. Any help/ideas much appreciated.

Thanks.

janitored by ybiC: Balanced <code> tags around codeblock & error message, as per Monastery convention.

Replies are listed 'Best First'.
Re: Net SSH Module problem with Netscreen (you might have to use Expect)
by grinder (Bishop) on Jun 16, 2004 at 07:30 UTC

    Heh, been there, done that :)

    I don't know what Netscreen gear you are working with. I am using 5XTs from a couple of years ago, running ScreenOS 3.x. To cut a long story short, I suspect that their ssh implementation is slightly out of spec. Either that, or Net::SSH is (insofar as it doesn't deal correctly with a slightly non-orthodox ssh implementation, but it's a grey area). I spoke with btrott at the time about it, but I wasn't able to pinpoint the fault on one side of the fence or the other, or moreover how patch Net::SSH to deal with it.

    After battling for a while, I gave up and used Expect. My Netscreens are connected with el-cheapo ADSL lines (albeit with fixed IP addresses). From time to time the line goes down, or something else happens, and the Netscreen re-establishes the PPPoE session. When this occurs, it fetches the IP addresses of the provider's DNS servers, and obligingly offers this to the DHCP clients on the trusted interface. Which means that all of my internal hosts are unknown.

    I have to inspect each router periodically, check the addresses of the DNS servers it offers to its DHCP clients, and if they're not mine, I push my own. (I believe this flaw is corrected in more recent editions of ScreenOS). Anyway, to push a setting to a router, my code looks something like this:

        for my $site( @fix ) {
        my $ssh=Expect->spawn( "/usr/bin/ssh $user\@$site" )
            or die "could not create ssh Expect object: $!\n";

        $ssh->expect( TIMEOUT," password: ")
            or die "Never got password prompt from $site: $!\n";
        print $ssh "password\n");

        my @cmds = (
            'set dhcp server option dns1 10.0.0.1',
            'set dhcp server option dns2 10.0.0.2',
            'save',
            'exit',
        );

        for my $cmd( @cmds ) {
            $ssh->expect( TIMEOUT, "$site>" )
              or die "Never got command prompt from $site: $!\ndid not
+ send [$cmd]\n";
            print $ssh "$cmd\n";
        }

        sleep 1;
        $ssh->soft_close();
    }

    [download]

    - another intruder with the mooring of the heat of the Perl

[reply]
[d/l]
      Ok that's a bummer but that leads me to my next question which is most likely a simple answer but I haven't worked with it enough to figure it out and need a quick answer.

      Is there a way to manipulate <STDIN> to perform commands on my $ssh->shell. I can't use print as it's expecting STDIN for all commands. I also cannot use expect due to the environment I work in. Thanks for the help.

[reply]

Back to Seekers of Perl Wisdom