Net::OpenSSH, strict_mode parameter not working

wardmw has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I am using the Net::OpenSSH module to write a Perl script that can copy a file from a Windows 2003 server to a Solaris 10 server. The Perl script runs on the Solaris machine and tries to open an SSH connection like this:

#!/usr/local/bin/perl
use Net::OpenSSH;
my $remoteserver='nms4';
my $remoteuser='tftp';
my $ssh = Net::OpenSSH->new('$remotehost', user => '$remoteuser', stri
+ct_mode => 0);
[download]

I need 'strict_mode => 0' due to permissions set on the higher-level directories, however I always get the same error whether I use 0 or 1:

Couldn't establish SSH connection: ctl_dir /home/tftp/.libnet-openssh-
+perl/ is not secure at /usr/local/bin/engsql01_backup line 36
[download]

The permissions on .libnet-openssh-perl are set to 0700 and that directory is owned by the user running the script:

drwx------   2 tftp     nobody       512 Jun 29 14:15 /home/tftp/.libn
+et-openssh-perl
[download]

Can anyone give me a pointer in the right direction on how to fix this?

|\/|artin

Comment on Net::OpenSSH, strict_mode parameter not working Select or Download Code

Replies are listed 'Best First'.
Re: Net::OpenSSH, strict_mode parameter not working by jethro (Monsignor) on Jun 29, 2009 at 15:16 UTC
Not only the directory itself but all the parent directories up to the home dir have to conform to the security model enforced by the module. The relevant parts can be found in the source in the sub _is_secure_path: `my @parts = File::Spec->splitdir(Cwd::realpath($path)); my $home = $self->{_home}; for my $last (reverse 0..$#parts) { ... return undef unless(($uid == $> or $uid == 0 ) and (($mode & +022) == 0)); return 1 if (defined $home and $home eq $dir);` [download] So all dirs from .libnet-openssh-perl to $home (or / if $home is not defined) have to be owned either by the effective user or root and must not have any write permissions for group and other	[reply] [d/l]
Re: Net::OpenSSH, strict_mode parameter not working by salva (Canon) on Jun 29, 2009 at 15:47 UTC
There is a bug in the module, I will release a new version tomorrow. update: done!	[reply]
Re^2: Net::OpenSSH, strict_mode parameter not working by Anonymous Monk on Jun 29, 2009 at 16:24 UTC
I love ya Tomorrow!	[reply]
Re^2: Net::OpenSSH, strict_mode parameter not working by wardmw (Acolyte) on Jul 04, 2009 at 07:07 UTC
Thanks Salva! \|\/\|artin	[reply]
Re^2: Net::OpenSSH, strict_mode parameter not working by quicktutoriel (Initiate) on Aug 16, 2011 at 13:56 UTC
Hello, Where I download the correct version of Net:OpenSSH. Thanks for this help. Guillaume	[reply]
Re^3: Net::OpenSSH, strict_mode parameter not working by salva (Canon) on Aug 16, 2011 at 16:07 UTC
Net::OpenSSH	[reply]
Re^4: Net::OpenSSH, strict_mode parameter not working by Anonymous Monk on Jun 26, 2014 at 14:54 UTC