Perl Net::SSH2 pubkey authentication issue

Question

I am trying to connect to a remote SSH server using Net::SSH2. Commandline ssh works fine. I can not seem to figure out the correct auth_hostbased parameters, though

This is my code:

use Net::SSH2;

my $ssh = Net::SSH2->new();
$ssh->debug(1);
$ssh->trace(-1);
$ssh->connect('remotehost.remotedomain.tld') or die;
$ssh->auth_hostbased('username',
    'ssh-rsa  AAAAB3Nz[..]C0JoaFF9 root@myhost',
    '-----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: AES-128-CBC,FA97214E87562096A7E480C82DAE5EB4

    XIMKnj9k[..]kpRo5V
    -----END RSA PRIVATE KEY-----',
    'myhost.mydomain.tld',
    'username',
    'keypassword') or die;

The snippet dies @ $ssh->auth_hostbased with just a 'Net::SSH2::DESTROY object 0xe17de0'. Setting trace does not seem to matter. Replacing die with $ssh->die_with_error throws a 'die_with_error is not a valid Net::SSH2 macro'. Downloading the current 0.53 version of Net:SSH2 did not work as the script no longer compiles: 'Net::SSH2 object version 0.44 does not match bootstrap parameter 0.53'

Any help on the correct parameter format or an alternative module is appreciated.

Answer 1

Why not using Net::OpenSSH ? That is a simple ssh wrapper script, i wrote some time ago:

#!/usr/bin/perl

#Simple SSH Remote Executor  using Net::OpenSSH Library

use warnings;
use strict;
use Net::OpenSSH;
# see http://search.cpan.org/~salva/Net-OpenSSH-0.62/lib/Net/OpenSSH.pm#DEBUGGING
$Net::OpenSSH::debug = undef;
use Getopt::Long;


my $timeout = 10;
my ($username,$identity,$hostname,$command) = undef;
my $uid=getpwuid($<);
my $ctl_dir=qq{/tmp/.libnet-puppet-$uid};
my $ctl_mode=0700;

if ( ! -d $ctl_dir ) { mkdir( $ctl_dir,$ctl_mode ) };

open my $stderr_fh, '>>', '/dev/null' or die $!;


sub print_help{
    print qq{\nusage: $0 [options] -h Hostname

        -u username

        -i identity

        -c command

        long options are supported !

  };
        exit (1);
}



GetOptions ("hostname=s" => \$hostname, # string
                "username=s" => \$username, # string
                "identity=s" => \$identity, # string
                "command=s" => \$command) # string
or print_help;

if ( not defined $username or not defined $identity or not defined $hostname or not defined $command ) { print_help };

my $port = q{22};
my $user = $username;
my $ssh;

my $cmd = qq{$command};

my $options = {
    host => $hostname,
           user => $user,
           port => $port,
           default_stderr_fh => $stderr_fh,
       ctl_dir => $ctl_dir,
       master_opts => [
                   -o => "UserKnownHostsFile=/dev/null",
                   -o => "StrictHostKeyChecking=no",
                   -o => qq{IdentityFile=$identity},
               ],
    timeout => $timeout };

#ALARM Timer timeout handling
$SIG{ALRM} = sub {
  printf( "%s\n", qq{invalid-timeout-connecting-to-node-$hostname});
  exit(1);
};

#init alarm timer ;-)
alarm( $timeout );

$ssh = Net::OpenSSH->new( %{$options} )
           or $ssh->error and die "Couldn't establish SSH connection: ". $ssh->error;

my (@out, $err) = $ssh->capture2({ timeout => 10 }, $cmd);

die("Error: %s\n", $err) if defined $err;

if ( (scalar(@out)) eq 0 ) {
  printf( "%s\n", qq{invalid-empty-string-received-by-node-$hostname});
  exit(1);
}

foreach my $line ( @out ) {
    $line =~ s/^\s{1,}//;
       printf ("%s",$line);
}

Install it using cpanm (cpanm Net::OpenSSH) or as debian package "libnet-openssh-perl".
See "man ssh_config" for available master options.
I think that script will be of great help though.
Rgds. Franz