Net::SSH::Perl - looking for someone to point me in the right direction

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I'm trying to use Net::SSH::Perl to establish a secure connection to a server through CGI. I'm the VERY first to admit that perhaps this may not be the way to go but I'm a new and needing advice. Please PLEASE offer any!

I created a form with a 'post' to a cgi script. The cgi script tries to use Net::SSH::Perl to login to the server. It won't complete and returns the following error:

Software error:

Can't write to /.ssh/known_hosts2: Permission denied at /usr/lib/perl5
+/site_perl/5.8.5/Net/SSH/Perl.pm line 380
[download]

Here is the script that I would like to try (unless I can be told it's better to be done another route - and I'm WAY willing to go there!):

#!/usr/bin/perl -wT
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use strict;

print header;
print start_html("Thank You");
print h2("Thank You");

my %form;
foreach my $p (param()) {
$form{$p} = param($p);
#print "$p = $form{$p}<br>\n";
}
print end_html;

my $mypassword;
$mypassword = '******';

my $var;
my $val;

print header;

foreach $var (sort(keys(%ENV))) {
    $val = $ENV{$var};
    $val =~ s|\n|\\n|g;
    $val =~ s|"|\\"|g;
    #print "${var}=\"${val}\"\n";
}

use Net::SSH::Perl;
print "<br / > Here is where we try to make the ssh<br / >";

my $ssh = Net::SSH::Perl->new('my_personal_box');
    print "<br / >here is the ssh part: $ssh <br / >";
    $ssh->login("my_userid", $mypassword);
        
print end_html;
[download]

Thank you for ANY advice you may offer. Trust me! It is sincerely appreciated! Ronni

CODE tags added by Arunbear

Comment on Net::SSH::Perl - looking for someone to point me in the right direction Select or Download Code

Replies are listed 'Best First'.
Re: Net::SSH::Perl - looking for someone to point me in the right direction by graff (Chancellor) on Oct 04, 2005 at 21:56 UTC
I'm not sure what to say about the Net::SSH issue, but I'm curious about this feature of the code you posted: `... print header; print start_html("Thank You"); print h2("Thank You"); ... print end_html; ... print header; ... # (try to print stuff about ssh progress) print end_html;` [download] How is it that you expect to have two distinct HTML elements returned to the http client from a single run of this script? What do you expect the client to do with the second one? (I've never tried this, so I don't know.) Apart from that, what would you expect to be the next thing that should happen after doing the ssh login, assuming that the login succeeds? As it is, it looks like there is nothing that can happen -- all you do there is "print end_html" and exit the process, which means that the ssh connection would need to shut down. You say you want to "establish a secure connection to a server through CGI", but what do you really want to do, assuming such a connection should be made? I have a hunch you are trying to do something that is basically impossible. CGI and web interactions generally are "stateless": client sends a "GET" or "POST" request to a server, server processes that, sends something back to the client, and that's it, period, end of process. Each such transaction is completely independent and isolated from other such transactions, unless special steps are taken at the server to maintain some record somewhere about particular clients and their particular requests (e.g. cookies, extra parameters in the html returned to the client, sessions, etc). But in order to maintain an ssh login session on some host, the http server would need to preserve socket connections to that host, and somehow be able to access those sockets in accordance with subsequent transactions with the particular client. I wouldn't want to go there, even if it were possible to do so (which I doubt). update: I just noticed this in one of your earlier replies: In the long run I hope to use an HTML form to submit a job under a userid/password so that a job can execute as that user and return data to a directory owned by them. I think you'll want to figure out an appropriate way to specify what job is supposed to be run, and use the "cmd" method in Net::SSH:Perl, which executes whatever command line you give it on the remote host, and returns the stdout, stderr and exit status. Bear in mind that if the job being run takes a while, your cgi script will hang waiting for the return. If that becomes a problem, you'll need to settle on a way of having the command line return immediately, and making sure that its "real" output gets written to appropriate files. (There are several ways of doing this, including the use of redirection for stdout and stderr, and appending "&", at the end of the command line string.)	[reply] [d/l]
Re^2: Net::SSH::Perl - looking for someone to point me in the right direction by Anonymous Monk on Oct 05, 2005 at 14:48 UTC
Thank you, Graff and Talexb. You are correct that the path I want to tred is the one you outline. I would LOVE to use Net::SSH::Perl to place a file in a location designated by the user/pass - then have a watching cron job fire off the remaining process and follow with an email. That has been the dream all along. Only I can't get Net::SSH::Perl to work like everyone else seems to get it to work. I still have that hurdle of the error message and the thing wanting to write to a /.ssh file that doesn't exist or doesn't have write access to create. In the documentation it implies that you will log onto the server as that users and can execute command as that user. I want to do that - is there a way? Thank you for all the support. I appreciate the time you are taking! Ronni	[reply]
Re: Net::SSH::Perl - looking for someone to point me in the right direction by talexb (Chancellor) on Oct 04, 2005 at 20:04 UTC
#!/usr/bin/perl -wT use CGI qw(:standard); use CGI::Carp qw(warningsToBrowser fatalsToBrowser); use strict; print header; print start_html("Thank You"); print h2("Thank You"); my %form; foreach my $p (param()) { $form{$p} = param($p); #print "$p = $form{$p}\n"; } print end_html; my $mypassword; $mypassword = '****'; my $var; my $val; print header; foreach $var (sort(keys(%ENV))) { $val = $ENV{$var}; $val =~ s\|\n\|\\n\|g; $val =~ s\|"\|\\"\|g; #print "${var}=\"${val}\"\n"; } use Net::SSH::Perl; print "Here is where we try to make the ssh"; my $ssh = Net::SSH::Perl->new('my_personal_box'); print "here is the ssh part: $ssh"; $ssh->login("my_userid", $mypassword); print end_html; [download] If you put your code samples inside code** tags then it's easier to read. So, what have you tried to fix the error `Software error: Can't write to /.ssh/known_hosts2: Permission denied at /usr/lib/perl5/site_perl/5.8.5/Net/SSH/Perl.pm line 380`? This is a message that SSH wants to update your known hosts file. Fix that problem, and the error should go away. Alex / talexb / Toronto "Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds	[reply] [d/l] [select]
Re^2: Net::SSH::Perl - looking for someone to point me in the right direction by Anonymous Monk on Oct 04, 2005 at 20:11 UTC
Sorry about the tags. I tried that but I think I'm use impaired. Well, nothing, really. I work the ssh by hand and can see where the key information tries to write. I looked at all the files and found that I have a ./ssh in root and my_userid (which is expected). I turned on total use permissions for each just to see if it is trying to access one of these - but it's not. So I went into the Hosts.pm file until Net::SSH::Perl and discovered the routine "sub _add_host_to_hostfile" is the one containing the check and error. The code in there that errors is the following: `unless (-d $dir) { print "Inside the 'unless'". "<br / >"; require File::Path; File::Path::mkpath([ $dir ])` [download] Now I'm pretty much stuck. I feel like the dullest person in the world right now. I apologize! Thank you for the help. I AM happy to have it! REALLY!!	[reply] [d/l]
Re^3: Net::SSH::Perl - looking for someone to point me in the right direction by talexb (Chancellor) on Oct 04, 2005 at 20:27 UTC
Why don't we back up a bit -- what are you trying to do, log on to an SSH session through a form? Alex / talexb / Toronto "Groklaw is the open-source mentality applied to legal research" ~ Linus Torvalds	[reply]
Re^4: Net::SSH::Perl - looking for someone to point me in the right direction by Anonymous Monk on Oct 04, 2005 at 21:46 UTC
Re^5: Net::SSH::Perl - looking for someone to point me in the right direction by talexb (Chancellor) on Oct 05, 2005 at 03:00 UTC
Re: Net::SSH::Perl - looking for someone to point me in the right direction by Anonymous Monk on Oct 05, 2005 at 15:12 UTC
I found a Dutch site (and don't speak or write Dutch) and was able to make out that cgi-bin must have a .ssh directory with Apache write access. The key is written by Apache - then the login is as expected - belonging to the user/pass given. In case anyone else encounters this hudle! I hope this information helps. Thanks again to both Talexb and Graff! Now I'm off to learn what both of you already know about cgi, perl, html.....(the list goes on - I have a TON to learn!) :-) Ronni 2005-10-05 Retitled by planetscape, as per Monastery guidelines Original title: 'Update'	[reply]