Nett:SSH:Perl not going to password auth

stikboy has asked for the wisdom of the Perl Monks concerning the following question:

I have a very straight forward script using Net::SSH::Perl that connects to multiple hosts and pulls data from them. The powers that be have added some new servers, and for some reason, the module will not connect to these new servers.

Here is a short version of what is failing:

#!/usr/bin/perl -w

use strict;
use Net::SSH::Perl;
my $user = "username";
my $pass = "password";
my $domain = ".mydomain.com";
my $ssh;
my $host;
my @hosts = qw(host1 host2);

my $lscmd = "ls -ltr";

foreach $host (@hosts){
 print "$host\n";
        $ssh = Net::SSH::Perl->new("$host$domain", protocol => 2, inte
+ractive => 0, options => [ "Password Authentication yes" ], (debug=>'
+true'));

        $ssh->login($user, $pass);
        my ($lsout, $lserr, $lsexit) = $ssh->cmd($lscmd);
 print "lsout = $lsout\n";
 print "lserr = $lserr\n";
 print "lsexit = $lsexit\n";
}
[download]

host1 connects and displays lscmd fine. It is a linux server running OpenSSH_3.6.1p2

host2 is a linux server running OpenSSH_4.2. SSH debug info from the script shows:

....
asmodeus: Net::SSH::Perl Version 1.30, protocol version 2.0.
asmodeus: No compat match: OpenSSH_4.2.
asmodeus: Connection established.
asmodeus: Sent key-exchange init (KEXINIT), wait response.
asmodeus: Algorithms, c->s: 3des-cbc hmac-sha1 none
asmodeus: Algorithms, s->c: 3des-cbc hmac-sha1 none
asmodeus: Entering Diffie-Hellman Group 1 key exchange.
asmodeus: Sent DH public key, waiting for reply.
asmodeus: Received host key, type 'ssh-dss'.
asmodeus: Host 'host2.mydomain.com' is known and matches the host key.
asmodeus: Computing shared secret key.
asmodeus: Verifying server signature.
asmodeus: Waiting for NEWKEYS message.
asmodeus: Enabling incoming encryption/MAC/compression.
asmodeus: Send NEWKEYS, enable outgoing encryption/MAC/compression.
asmodeus: Sending request for user-authentication service.
asmodeus: Service accepted: ssh-userauth.
asmodeus: Trying empty user-authentication request.
asmodeus: Authentication methods that can continue: publickey,keyboard
+-interactive.
asmodeus: Next method to try is publickey.
Permission denied at ./ssh_test.pl line 19
[download]

I have tried with and without options =>, and both protocol 1 and 2.

I have added the following to ~/.ssh/config PreferredAuthentications password,keyboard-interactive,publickey,hostbased

The error stays the same using the script no matter which of the above I have tried

A manual ssh to host2 works, and using interactive => 1 works (although I have to type pw, which defeats the purpose since I have 200+ systems the real script queries)

I mention SSH versions above because that is the one difference I can think of that would affect this.

Does anyone know why this would fail, and what I can do to fix this?

Thank you in advance for your time

Scott

Comment on Nett:SSH:Perl not going to password auth Select or Download Code

Replies are listed 'Best First'.
Re: Nett:SSH:Perl not going to password auth by Khen1950fx (Canon) on Jun 05, 2008 at 07:30 UTC
`#!/usr/bin/perl use strict; use warnings; use diagnostics; use Net::SSH::Perl; my $host = 'localhost'; my $host1 = 'localhost'; my $host2 = 'localhost'; my $pass = 'password'; my $user = 'user'; my $domain = 'localhost.localdomain'; my @hosts = qw(host1, host2); my $lscmd = 'ls -ltr'; foreach $host (@hosts) { print "$host\n"; my $ssh = Net::SSH::Perl->new($host1, protocol => '1,2', debug +=> 1); $ssh->login($user, $pass); my ($stdout, $stderr, $exit) = $ssh->cmd($lscmd); print $stdout, "\n"; }` [download]	[reply] [d/l]
Re^2: Net:SSH:Perl not going to password auth by stikboy (Initiate) on Jun 05, 2008 at 17:18 UTC
adding use diagnostics gives the below: asmodeus: Connection established. asmodeus: Sent key-exchange init (KEXINIT), wait response. asmodeus: Algorithms, c->s: 3des-cbc hmac-sha1 none asmodeus: Algorithms, s->c: 3des-cbc hmac-sha1 none asmodeus: Entering Diffie-Hellman Group 1 key exchange. asmodeus: Sent DH public key, waiting for reply. asmodeus: Received host key, type 'ssh-dss'. asmodeus: Host 'host2.mydomain.com' is known and matches the host key. asmodeus: Computing shared secret key. asmodeus: Verifying server signature. asmodeus: Waiting for NEWKEYS message. asmodeus: Enabling incoming encryption/MAC/compression. asmodeus: Send NEWKEYS, enable outgoing encryption/MAC/compression. asmodeus: Sending request for user-authentication service. asmodeus: Service accepted: ssh-userauth. asmodeus: Trying empty user-authentication request. asmodeus: Authentication methods that can continue: publickey,keyboard +-interactive. asmodeus: Next method to try is publickey. Permission denied at ./ssh_test.pl line 20 (#1) (F) The setuid emulator in suidperl decided you were up to no good +. Uncaught exception from user code: Permission denied at ./ssh_test.pl line 20 at /usr/local/share/perl/5.8.8/Net/SSH/Perl.pm line 258 Net::SSH::Perl::fatal_disconnect('Net::SSH::Perl::SSH2=HASH(0x +888ac20)', 'Permission denied') called at /usr/local/share/perl/5.8.8 +/Net/SSH/Perl/SSH2.pm line 66 Net::SSH::Perl::SSH2::login('Net::SSH::Perl::SSH2=HASH(0x888ac +20)', 'user', 'password') called at ./ssh_test.pl line 20 Uncaught exception from user code: Permission denied at ./ssh_test.pl line 20 at /usr/local/share/perl/5.8.8/Net/SSH/Perl.pm line 258 Net::SSH::Perl::fatal_disconnect('Net::SSH::Perl::SSH2=HASH(0x +888ac20)', 'Permission denied') called at /usr/local/share/perl/5.8.8 +/Net/SSH/Perl/SSH2.pm line 66 Net::SSH::Perl::SSH2::login('Net::SSH::Perl::SSH2=HASH(0x888ac +20)', 'user', 'password') called at ./ssh_test.pl line 20 [download] The user/password it prints are the correct ones	[reply] [d/l]
Re^3: Net:SSH:Perl not going to password auth by Khen1950fx (Canon) on Jun 05, 2008 at 20:32 UTC
It seems that your problem is suidperl. I don't have the experience to advise you on that one, but I believe that there are patches available to fix the problem. If you have root priviledges on the server that has suidperl, then try to disable suidperl. Good Luck!	[reply]
Re^4: Net:SSH:Perl not going to password auth by stikboy (Initiate) on Jun 05, 2008 at 20:59 UTC
Re^5: Net:SSH:Perl not going to password auth by Khen1950fx (Canon) on Jun 05, 2008 at 22:38 UTC
Re^2: Net:SSH:Perl not going to password auth by stikboy (Initiate) on Jun 06, 2008 at 02:06 UTC
OK, so I found that suidperl is installed on the remote server that the login failures are happening on. It is NOT on the local server, or the host1 which is working. Because of the error that is given, and the difference of suidperl being installed, I am going to assume that's where my problem is at the moment. Unfortunately, I don't have enough access on the remote server to disable/un-install it. From what I have read (admittedly a very fast read through), suidperl changes the user that the script runs as. I am confused as to whether it automatically runs it as root, or tries to make it run as the id that started the script on the local server. I suspect it tries as root because it doesn't even list user/pass pair in the auth methods it would attempt to try (root login disabled). Although, I did try and create a local id matching the login id of the remote server and running it that way, but still the same error. I am confused as to why this would affect it before the login is complete though. So, for the time being, I believe I am stuck. I'm off to learn more about suidperl and possibly Expect (and I've tried for two years to avoid Expect :-D ). Thanks so much for the pointers, and if I come up with something new to try, I will post back and let everyone know how it worked out.	[reply]