A small piece of a project I'm working on necessitates SSH tunnels. I'm trying to use Net::SSH2 for this piece (I had no idea what a quagmire I was getting into with Perl and SSH from a Windows system) - simply because it seems to be the only module that I can actually install and get to work at all. Net::SSH::Perl looks great, but Windows is less then happy with it. So anyway. I tried the code snippet available here to no avail.

    my $tunnel1 = Net::SSH2->new();
    $tunnel1->debug(1);
    $tunnel1->connect($host) or die "connect to DMZ failed";
    $tunnel1->auth_password($user, $rzPass) or die "DMZ auth failed";
    $tunnel1chan = $tunnel1->channel();
    $tunnel1chan->shell();
    $tunnel1->tcpip($host2, 22, '127.0.0.1', $rzPort);

    my $tunnel2 = Net::SSH2->new();
    $tunnel2->connect('127.0.0.1', $rzPort) or die "connect to PLEX fa
+iled";
    $tunnel2->auth_password($user, $yzPass) or die "PLEX auth failed";
[download]

I authorize fine to the first node, but I never see my port forward open up on my local machine. The second connect fails on unable to connect to <host>:<port>. Here's the debug output:

libssh2_channel_open_ex(ss->session, pv_channel_type, len_channel_type
+, window_size, packet_size, ((void *)0) , 0 ) -> 0x1ea5664
libssh2_channel_direct_tcpip_ex(ss->session, (char*)host, port, (char*
+)shost, sport) -> 0x1ea5544
Net::SSH2: created new object 0x1f362fc
Net::SSH2::DESTROY object 0x1f362fc
Net::SSH2::Channel=GLOB(0x1d25ff4)Net::SSH2::Channel::DESTROY
Net::SSH2::Channel::DESTROY
Net::SSH2::DESTROY object 0x1caf124
[download]

And note, I call the shell and channel because I saw DESTROYS coming in before the tcpip call... I figured I didn't want that to happen, and this at least preserves the objects until after I make that call. FWIW, I can establish the tunnels through system calls to plink, but I'd really like to minimize any use of external binaries... plus without direct manipulation of the plink session, I'm utilizing timers to "guess" when the connection and authorization occurs. I must say, the syntax doesn't seem to make much sense to me... what I *expect* the M.O. to be is similar to the plink commands:

my $tunnel1 = Net::SSH2->new();
$tunnel1->debug(1);
$tunnel1->tcpip($host2, 22, '127.0.0.1', $rzPort);    
$tunnel1->connect($host) or die "connect to DMZ failed";
$tunnel1->auth_password($user, $rzPass) or die "DMZ auth failed";
$tunnel1chan = $tunnel1->channel();
$tunnel1chan->shell();
    
my $tunnel2 = Net::SSH2->new();
$tunnel2->connect('127.0.0.1', $rzPort) or die "connect to PLEX failed
+";
$tunnel2->auth_password($user, $yzPass) or die "PLEX auth failed";
[download]

...thus establishing the forwarding before you connect, similar to the way you call ssh with "-L <local port>:<remote server>:<remote port>". Any thoughts, help, experience, or documentation on Net::SSH2's tcpip call?