#!/usr/bin/perl
use strict;
use warnings;
use Net::SSH::Perl;

# If error is: 
# Can't locate object method "blocking" via package 
#"IO::Handle" at /usr/lib/perl5/site_perl/5.8.6/
# Net/SSH/Perl.pm line 212, <GEN0> line 1.

# then use "protocol => 2";


my %hostdata    = (
        'localhost' => {
                           user  => "z",
                       password  => "qumquat",
                       cmdtorun  => "ls -la",
                      misc_data  => [],
        },
        
    
   'zentara.zentara.net' => {
                               user  => "z",
                           password  => "aardvark",
                           cmdtorun  => "/usr/bin/uptime",
                          misc_data  => [],
        },

        
);

foreach my $host (keys %hostdata) {
    my $ssh = Net::SSH::Perl->new($host, 
                       port => 22,
               debug => 1,
               protocol => 2,1
               
                );
    $ssh->login($hostdata{$host}{user},$hostdata{$host}{password} );

    my ($out) = $ssh->cmd($hostdata{$host}{cmdtorun});
    print "$out\n";
}
[download]

It provides

• ssh_cmd for single connections providing a command (and feeding something to STDIN)
• sshopen2 which you call with 2 FileHandles - $reader, $writer
• sshopen3 which you call with 3 FileHandles - $reader, $writer, $error

The latter two would be your candidates, opening multiple connection and using select() to read/write from/to multiple filehandles. See IO::Select or POE for that. If that doesn't suit, here's a discussion about Waiting for multiple filehandles. In that thread there's a note from BrowserUk on how to do that with threads.. ,)

--shmem

_($_=" "x(1<<5)."?\n".q·/)Oo.  G°\        /
                              /\_¯/(q    /
----------------------------  \__(m.====·.(_("always off the crowd"))."·
");sub _{s,/,($e="'Itrs `mnsgdq Gdbj O`qkdq")=~y/"-y/#-z/;$e,e && print}

I have used Net::SSH::Perl with success. The basic functionality worked fine, however when I switched over to trying to use id_dsa files (so that I did not have to rely on storing a password in a file), there were some undocumented quirks with the module. The module has a mailing list on Sourceforge where I got my answers but the undocumented features :) did make it more difficult then it had to be.

So the answer is, Net::SSH::Perl can work for you, though it will take a little work to get where it needs to be...

As for user auth, setting up RSA/DSA key pairs to allow passwordless login is the way to go. Especially since the alternative is to store your passwords in a file. Just set a good passphrase on the private key(s) so they can't be trivially lifted from the filesystem.

But how do you automate once you've set a passphrase? Aren't you back to putting a password/passphrase in a file?

You can use ssh-agent and ssh-add to allow you to manually enter the passphrase once, then have the keys available to all shells/programs you run under the agent, including your ssh-to-multiple-servers app. (Most Linux distros run ssh-agent by default when you log in under X, at least; if it's not active, ssh-agent bash will open a new shell with an active agent.)

So the worst-case process would be:

1. Log in
2. Run ssh-agent bash
3. Run ssh-add, which prompts for your passphrase
4. Enter passphrase
5. Run the multiple-ssh program
Step 2 may not be necessary if you're running under an ssh-agent by default. If you completely trust the system you're running on, steps 3 and 4 can be skipped by using an empty passphrase on the private key, but I wouldn't recommend doing so unless you need it to be able to run unattended (e.g., from cron), since that does go back to putting the complete login credentials into a file.

I personally still use system /ssh -i $key -h $host/ for perl scripts although using other ways specified (Net::SSH::Perl) might work better for you. I have found that I still like to use system /ssh $blah/ because I am still a fan of pwless SSH keys because of the way I have the security of my network layed out (and I am sure that a lot of people would argue my use of this, but this isn't the time or the place for that).

However, I have found that when I need to have multiple connections or do multiple time intensive things simultaneously that I use Parallel::ForkManager. It just forks off processes and lets you set the max number of processes that you would like to allow to run continuously.

 # Begin ForkManager
 my $_max_procs = 5;
 $_pm = new Parallel::ForkManager($_max_procs);

 # Log at process fork
 $_pm ->run_on_start(
   sub { my ($pid, $host) = @_;
     print "Forking process PID: $pid\n";
   }
 );

 # Log at process copmletion
 $_pm ->run_on_finish(
   sub { my ($pid, $exit_code, $host) = @_;
     print "Finishing up process PID: $pid\n";
   }
 );

 $_pm->run_on_wait(
   sub { print "Waiting for children to finish.\n" }, 5.0 );

foreach my $ssh_host (keys %{$ssh_host_list}) {
  # Fork off the children and get going on the queries
  my $pid = $_pm->start($ssh_host) and next;

  # do script stuff here

  # Closing the forked process
  $_pm->finish;
}

# Ensure all children have finished
$_pm->wait_all_children;
exit(1);
[download]