Net::SSH::Perl

[get-fuzzy]

Sorry, I cant comment on the perl as yet but, are you not in the least bit
worried that someone might hack into your base system - get the unencrypted
password (old password) then log on - using ssh to the other box ?

ssh is not 100% flawless

From a security point of view it is a nightmare, from a SA point of view - I
can see where you are coming from !

Just curious is all

 

[blob]

Hi all,

Below is my script that will be used to connect to a remote host and
change my password automatically:

===========================================
#!/usr/bin/perl


use strict();
use Net::SSH:erl;


$user="jaws";
$pass="password";
$host="xxx.xxx.xxx.xxx";
$old_password="password";
$new_password="newpass";


my $ssh = Net::SSH:erl->new($host,debug=>1,use_pty=>1);
$ssh->login($user, $pass);


$ssh->register_handler("stderr", sub {
my($channel, $buffer) = @_;
my $str = $buffer->bytes;


if ($str eq "Enter login password: ") {
$channel->send_data($old_password);
}


elsif ($str eq "New password: ") {
$channel->send_data($new_password);
}

elsif ($str eq "Re-enter new password: ") {
$channel->send_data($new_password);
}
});
$ssh->cmd('passwd');
==========================================

After running the program, my password didnt changed I was still able to
connect using the old password.

Does anybody has an idea what's missing or wrong with my script?

Thanks.

Jaws

 

[James Willmore]

Hi all,

Below is my script that will be used to connect to a remote host and

change my password automatically:

After running the program, my password didnt changed I was still
able to connect using the old password.

Does anybody has an idea what's missing or wrong with my script?

Just a suggestion - you may wish to use one of the Expect modules for
what you're doing. Expect is, IMHO, better suited for this task. And
in true Perl fashion, there is a module to interact with Expect

HTH

--
Jim

Copyright notice: all code written by the author in this post is
released under the GPL. http://www.gnu.org/licenses/gpl.txt
for more information.

a fortune quote ...
Hlade's Law: If you have a difficult task, give it to a lazy
person -- they will find an easier way to do it.

 

[Nico Coetzee]

Hi all,

Below is my script that will be used to connect to a remote host and
change my password automatically:

===========================================
#!/usr/bin/perl


use strict();
use Net::SSH:erl;


$user="jaws";
$pass="password";
$host="xxx.xxx.xxx.xxx";
$old_password="password";
$new_password="newpass";


my $ssh = Net::SSH:erl->new($host,debug=>1,use_pty=>1);
$ssh->login($user, $pass);


$ssh->register_handler("stderr", sub {
my($channel, $buffer) = @_;
my $str = $buffer->bytes;


if ($str eq "Enter login password: ") {
$channel->send_data($old_password);
}


elsif ($str eq "New password: ") {
$channel->send_data($new_password);
}

elsif ($str eq "Re-enter new password: ") {
$channel->send_data($new_password);
}
});
$ssh->cmd('passwd');
==========================================

After running the program, my password didnt changed I was still able to
connect using the old password.

Does anybody has an idea what's missing or wrong with my script?

Thanks.

Jaws

Instead of waiting for the exact string, why not use regular expresions,
which might eliminate typo's. Something like:

if ($str =~ /enter\s+login\s+password/i ) {
$channel->send_data($old_password);
}


elsif ($str =~ /new\s+password/i ) {
$channel->send_data($new_password);
}

elsif ($str =~ /re.enter\s+new\s+password/i ) {
$channel->send_data($new_password);
}

Cheers

--
Nico Coetzee

http://www.itfirms.co.za/
http://za.pm.org/
http://forums.databasejournal.com/

To the systems programmer, users and applications serve only to provide a
test load.