ssh tullen

Discussion in 'Perl Misc' started by Dr Eberhard Lisse, Jan 16, 2012.

  1. Hi,

    I have a PostgreSQL database behind a firewall which I can access from a
    fixed IP address but obviously not while on the road where I must issue
    something like:

    ssh -N -C -L 5433/localhost/5432

    and then run my script to generate the report.

    I can in a slightly different context using Net::SSH issue commands
    to the remote host, but I have been unable to figure out how to open a
    tunnel from within the perl script (preferably with a module, but that's
    not really the issue), then do my usual thing, and then close the tunnel
    again.

    Is this a unique problem? Or can someone point me to a code fragment
    that does something like this...

    el
    Dr Eberhard Lisse, Jan 16, 2012
    #1
    1. Advertising

  2. On 2012-01-16 07:59, Dr Eberhard Lisse <> wrote:
    > I have a PostgreSQL database behind a firewall which I can access from a
    > fixed IP address but obviously not while on the road where I must issue
    > something like:
    >
    > ssh -N -C -L 5433/localhost/5432
    >
    > and then run my script to generate the report.
    >
    > I can in a slightly different context using Net::SSH issue commands
    > to the remote host, but I have been unable to figure out how to open a
    > tunnel from within the perl script (preferably with a module, but that's
    > not really the issue), then do my usual thing, and then close the tunnel
    > again.


    maybe I misunderstand the problem, but have you tried simply starting
    ssh in the background (with open or fork/exec) at the start of your
    script and killing it at the end?

    hp

    --
    _ | Peter J. Holzer | Deprecating human carelessness and
    |_|_) | Sysadmin WSR | ignorance has no successful track record.
    | | | |
    __/ | http://www.hjp.at/ | -- Bill Code on
    Peter J. Holzer, Jan 16, 2012
    #2
    1. Advertising

  3. Re: ssh tunnel

    Haven't been able to successfully do that.

    Have you got a working code fragment?


    el

    On 2012-01-16 13:46 , Peter J. Holzer wrote:
    > On 2012-01-16 07:59, Dr Eberhard Lisse <> wrote:
    >> I have a PostgreSQL database behind a firewall which I
    >> can access from a fixed IP address but obviously not
    >> while on the road where I must issue something like:
    >>
    >> ssh -N -C -L
    >> 5433/localhost/5432
    >>
    >> and then run my script to generate the report.
    >>
    >> I can in a slightly different context using Net::SSH
    >> issue commands to the remote host, but I have been unable
    >> to figure out how to open a tunnel from within the perl
    >> script (preferably with a module, but that's not really
    >> the issue), then do my usual thing, and then close the
    >> tunnel again.

    >
    > maybe I misunderstand the problem, but have you tried
    > simply starting ssh in the background (with open or
    > fork/exec) at the start of your script and killing it at
    > the end?
    >
    > hp
    >



    --
    If you want to email me, replace nospam with el
    Dr Eberhard W Lisse, Jan 17, 2012
    #3
  4. Re: ssh tunnel

    Dr Eberhard W Lisse <> writes:

    >> maybe I misunderstand the problem, but have you tried
    >> simply starting ssh in the background (with open or
    >> fork/exec) at the start of your script and killing it at
    >> the end?

    >
    > Haven't been able to successfully do that.


    What did you try? How did it fail?

    > Have you got a working code fragment?


    I have written a lot of code which rather naïvely uses IPC::Open3 to run
    ssh as a background process. It should work for opening a tunnel.

    The problems I don't usual handle is that the initial connection often
    asks whether to accept the host key. In this scenario the process just
    hangs. If you just accept the hostkey by hand it works correctly.

    //Makholm
    Peter Makholm, Jan 17, 2012
    #4
  5. Re: ssh tunnel

    Peter,

    reason for failure:

    Stupidity and Ignorance of this elderly Gynaecologist :)-O

    I have the key pairs organized :)-O

    el

    On 2012-01-17 12:17 , Peter Makholm wrote:
    > Dr Eberhard W Lisse <> writes:
    >
    >>> maybe I misunderstand the problem, but have you tried
    >>> simply starting ssh in the background (with open or
    >>> fork/exec) at the start of your script and killing it at
    >>> the end?

    >>
    >> Haven't been able to successfully do that.

    >
    > What did you try? How did it fail?
    >
    >> Have you got a working code fragment?

    >
    > I have written a lot of code which rather naïvely uses
    > IPC::Open3 to run ssh as a background process. It should
    > work for opening a tunnel.
    >
    > The problems I don't usual handle is that the initial
    > connection often asks whether to accept the host key. In
    > this scenario the process just hangs. If you just accept
    > the hostkey by hand it works correctly.
    >
    > //Makholm
    >



    --
    If you want to email me, replace nospam with el
    Dr Eberhard W Lisse, Jan 19, 2012
    #5
  6. Re: ssh tunnel

    On 2012-01-17 11:46, Ben Morrow <> wrote:
    > Try system("ssh -f -L... ... sleep 10") instead of open3. It's important
    > with -f to use 'sleep 10' rather than -N, otherwise the ssh process will
    > never exit. (It doesn't seem to be very easy to find its pid to kill it
    > manually.)


    open($fh, '-|', ...) returns the pid, so does fork. The following script
    works for me, at least on linux:


    #!/usr/bin/perl
    use warnings;
    use strict;
    use IO::Socket::INET;

    $| = 1;
    print "opening tunnel ... ";
    my $pid = open(my $fh, '-|',
    'ssh', '-N', '', '-L', '10007:chronos.DOMAIN:7'
    ) or die;
    print " done (pid=$pid)\n";

    sleep 5;
    system('lsof', '-i', ':10007');
    sleep 5;

    print "opening socket ... ";
    my $sock = IO::Socket::INET->new(PeerHost => 'localhost',
    PeerPort => 10007,
    Proto => 'tcp');
    print " done\n";

    print "sending request ... ";
    print $sock "test123\n";
    print " done\n";

    print "reading response ... ";
    my $resp = <$sock>;
    print " done (resp = $resp)\n";

    print "closing socket ... ";
    close($sock);
    print " done\n";

    sleep(5);
    system('lsof', '-i', ':10007');
    sleep(5);

    print "closing tunnel ... ";
    kill(15, $pid);
    my $rc = waitpid($pid, 0);
    print " done (rc = $rc)\n";

    sleep(5);
    system('lsof', '-i', ':10007');
    __END__

    hp


    --
    _ | Peter J. Holzer | Deprecating human carelessness and
    |_|_) | Sysadmin WSR | ignorance has no successful track record.
    | | | |
    __/ | http://www.hjp.at/ | -- Bill Code on
    Peter J. Holzer, Jan 21, 2012
    #6
  7. Re: ssh tunnel

    On 2012-01-21 17:35, Ben Morrow <> wrote:
    > Quoth "Peter J. Holzer" <>:
    >> On 2012-01-17 11:46, Ben Morrow <> wrote:
    >> > Try system("ssh -f -L... ... sleep 10") instead of open3. It's important
    >> > with -f to use 'sleep 10' rather than -N, otherwise the ssh process will
    >> > never exit. (It doesn't seem to be very easy to find its pid to kill it
    >> > manually.)

    >>
    >> open($fh, '-|', ...) returns the pid, so does fork. The following script
    >> works for me, at least on linux:

    >
    > I think you're not realising what the -f argument to ssh does. It makes
    > ssh put itself in the background, but only after any possible need to
    > prompt the user has been dealt with.


    Yes, but there is no reason to use it. Perl can put processes in the
    "background" just fine. You will notice that my little test program
    doesn't use it.

    hp


    --
    _ | Peter J. Holzer | Deprecating human carelessness and
    |_|_) | Sysadmin WSR | ignorance has no successful track record.
    | | | |
    __/ | http://www.hjp.at/ | -- Bill Code on
    Peter J. Holzer, Jan 21, 2012
    #7
  8. Re: ssh tunnel

    On 2012-01-21 20:49, Ben Morrow <> wrote:
    >
    > Quoth "Peter J. Holzer" <>:
    >> On 2012-01-21 17:35, Ben Morrow <> wrote:
    >> > Quoth "Peter J. Holzer" <>:
    >> >> On 2012-01-17 11:46, Ben Morrow <> wrote:
    >> >> > Try system("ssh -f -L... ... sleep 10") instead of open3. It's important
    >> >> > with -f to use 'sleep 10' rather than -N, otherwise the ssh process will
    >> >> > never exit. (It doesn't seem to be very easy to find its pid to kill it
    >> >> > manually.)
    >> >>
    >> >> open($fh, '-|', ...) returns the pid, so does fork. The following script
    >> >> works for me, at least on linux:
    >> >
    >> > I think you're not realising what the -f argument to ssh does. It makes
    >> > ssh put itself in the background, but only after any possible need to
    >> > prompt the user has been dealt with.

    >>
    >> Yes, but there is no reason to use it. Perl can put processes in the
    >> "background" just fine. You will notice that my little test program
    >> doesn't use it.

    >
    > Perl can put processes in the background just fine, yes. That's not the
    > issue. The issue is that sometimes ssh needs to prompt, and running it in
    > the background from Perl doesn't handle that very well.


    Prompting doesn't work if the script is run from cron, or from a web
    server, or most other situations where I've ever needed to call ssh from
    a perl script. Your assumption that it is possible to prompt isn't any
    more reasonable than my assumption that the environment has been set up
    correctly (remote host key in known_hosts, local public key in remote
    authorized_keys, ...).


    > I took the program you posted and made the following change:


    "Doctor, it hurts when I do this!"

    "Well, then don't do it!"


    hp

    --
    _ | Peter J. Holzer | Deprecating human carelessness and
    |_|_) | Sysadmin WSR | ignorance has no successful track record.
    | | | |
    __/ | http://www.hjp.at/ | -- Bill Code on
    Peter J. Holzer, Jan 21, 2012
    #8
  9. Dr Eberhard Lisse

    C.DeRykus Guest

    Re: ssh tunnel

    On Jan 17, 2:17 am, Peter Makholm <> wrote:
    > Dr Eberhard W Lisse <> writes:
    >
    > >> maybe I misunderstand the problem, but have you tried
    > >> simply starting ssh in the background (with open or
    > >> fork/exec) at the start of your script and killing it at
    > >> the end?

    >
    > > Haven't been able to successfully do that.

    >
    > What did you try? How did it fail?
    >
    > > Have you got a working code fragment?

    >
    > I have written a lot of code which rather naïvely uses IPC::Open3 to run
    > ssh as a background process. It should work for opening a tunnel.
    >
    > The problems I don't usual handle is that the initial connection often
    > asks whether to accept the host key. In this scenario the process just
    > hangs. If you just accept the hostkey by hand it works correctly.
    >
    > //Makholm


    Off-topic a bit, but I seem to recall a workaround with /dev/null...
    ah, here's
    the incantation:

    $ ssh -o UserKnownHostsFile=/dev/null \
    -o StrictHostKeyChecking=no \
    ...

    --
    Charles DeRykus
    C.DeRykus, Jan 22, 2012
    #9
  10. Dr Eberhard Lisse

    l v Guest

    On 1/16/2012 1:59 AM, Dr Eberhard Lisse wrote:
    > Hi,
    >
    > I have a PostgreSQL database behind a firewall which I can access from a
    > fixed IP address but obviously not while on the road where I must issue
    > something like:
    >
    > ssh -N -C -L 5433/localhost/5432
    >
    > and then run my script to generate the report.
    >
    > I can in a slightly different context using Net::SSH issue commands
    > to the remote host, but I have been unable to figure out how to open a
    > tunnel from within the perl script (preferably with a module, but that's
    > not really the issue), then do my usual thing, and then close the tunnel
    > again.
    >
    > Is this a unique problem? Or can someone point me to a code fragment
    > that does something like this...
    >
    > el


    How about trying Net::OpenSSH? I have not used this module.

    http://search.cpan.org/~salva/Net-OpenSSH-0.57/lib/Net/OpenSSH.pm#Tunnels

    <quote>

    tunnel => $bool

    Instead of executing a command in the remote host, this option instruct
    Net::OpenSSH to create a TCP tunnel. The arguments become the target IP
    and port.

    Example:

    my ($in, $out, undef, $pid) = $ssh->open_ex({tunnel => 1}, $IP, $port);

    </quote>

    --
    Len
    l v, Jan 26, 2012
    #10
  11. Have you got a code fragment for this elderly Gyneaecologist?

    Didn't manage to get OpenSSH to work either.

    thanks, el

    On 2012-01-26 04:34 , l v wrote:
    [...]
    >
    > How about trying Net::OpenSSH? I have not used this module.

    --
    If you want to email me, replace nospam with el
    Dr Eberhard W Lisse, Jan 26, 2012
    #11
  12. Re: ssh tunnel

    Thanks, that helps.

    el

    On 2012-01-21 13:19 , Peter J. Holzer wrote:
    > On 2012-01-17 11:46, Ben Morrow <> wrote:
    >> Try system("ssh -f -L... ... sleep 10") instead of open3. It's important
    >> with -f to use 'sleep 10' rather than -N, otherwise the ssh process will
    >> never exit. (It doesn't seem to be very easy to find its pid to kill it
    >> manually.)

    >
    > open($fh, '-|', ...) returns the pid, so does fork. The following script
    > works for me, at least on linux:
    >
    >
    > #!/usr/bin/perl
    > use warnings;
    > use strict;
    > use IO::Socket::INET;
    >
    > $| = 1;
    > print "opening tunnel ... ";
    > my $pid = open(my $fh, '-|',
    > 'ssh', '-N', '', '-L', '10007:chronos.DOMAIN:7'
    > ) or die;
    > print " done (pid=$pid)\n";
    >
    > sleep 5;
    > system('lsof', '-i', ':10007');
    > sleep 5;
    >
    > print "opening socket ... ";
    > my $sock = IO::Socket::INET->new(PeerHost => 'localhost',
    > PeerPort => 10007,
    > Proto => 'tcp');
    > print " done\n";
    >
    > print "sending request ... ";
    > print $sock "test123\n";
    > print " done\n";
    >
    > print "reading response ... ";
    > my $resp = <$sock>;
    > print " done (resp = $resp)\n";
    >
    > print "closing socket ... ";
    > close($sock);
    > print " done\n";
    >
    > sleep(5);
    > system('lsof', '-i', ':10007');
    > sleep(5);
    >
    > print "closing tunnel ... ";
    > kill(15, $pid);
    > my $rc = waitpid($pid, 0);
    > print " done (rc = $rc)\n";
    >
    > sleep(5);
    > system('lsof', '-i', ':10007');
    > __END__
    >
    > hp
    >
    >



    --
    If you want to email me, replace nospam with el
    Dr Eberhard W Lisse, Jan 26, 2012
    #12
  13. Re: ssh tunnel

    And you can go and see Isak N. Jacobsen.

    el


    on 2012-01-27 06:23 Tad McClellan said the following:
    > Dr Eberhard W Lisse <> wrote:
    >
    >> Thanks, that helps.
    >>
    >> el

    >
    >
    > Perhaps you do not realize it, but you appear to be rude.
    >
    > You should learn Usenet manners if you intend to post to Usenet.
    >
    > Do not top-post.
    >
    > Do not full-quote.
    >
    >
    > http://web.presby.edu/~nnqadmin/nnq/nquote.html
    >
    >
    Dr Eberhard Lisse, Jan 27, 2012
    #13
  14. Re: ssh tunnel

    Sorry, you didn't realize that you are unconcerned about appearing arrogant.

    el

    On 2012-01-27 16:50 , Tad McClellan wrote:
    > Dr Eberhard Lisse <> wrote:
    >> And you can go and see Isak N. Jacobsen.
    >>
    >> el
    >>
    >>
    >> on 2012-01-27 06:23 Tad McClellan said the following:
    >>> Dr Eberhard W Lisse <> wrote:
    >>>
    >>>> Thanks, that helps.
    >>>>
    >>>> el
    >>>
    >>>
    >>> Perhaps you do not realize it, but you appear to be rude.

    >
    >
    > Sorry, I did not realize that you are unconcerned about appearing clueless.
    >
    >



    --
    If you want to email me, replace nospam with el
    Dr Eberhard W Lisse, Jan 28, 2012
    #14
  15. Dr Eberhard Lisse

    Kaz Kylheku Guest

    Re: ssh tunnel

    On 2012-01-27, Tad McClellan <> wrote:
    > Dr Eberhard Lisse <> wrote:
    >>> Perhaps you do not realize it, but you appear to be rude.

    >
    > Sorry, I did not realize that you are unconcerned about appearing clueless.


    Yet, you fixed your top-posting in response to Dr. Lisse, so it was
    not entirely in vain. :)
    Kaz Kylheku, Jan 28, 2012
    #15
  16. Dr Eberhard Lisse

    Kaz Kylheku Guest

    Re: ssh tunnel

    On 2012-01-27, Dr Eberhard Lisse <> wrote:
    > And you can go and see Isak N. Jacobsen.


    Doc, it really is better if you trim the quoted material, break it up into
    pieces that you want to respond to and reply below those pieces. Try it!

    (This is why the > characters are there; to clearly distinguish
    between your embedded pieces and the original text.)

    It's not "rude" otherwise; it's just a different cultural convention. In the
    corporate world of Mirosoft Exchange/Outlook e-mail communication, full quoting
    and top-posting is the norm. (And note that > quoting is not used!)

    In the classic world of Internet e-mail, mailing lists, Usenet newsgroups
    and BBS's, we have > with in-between quoting. It is better suited for complex
    discussions with multiple points.

    The posting sotware you are using is already doing half the job of sticking to
    the convention by inserting the > characters.

    Cheers ...
    Kaz Kylheku, Jan 28, 2012
    #16
  17. Re: ssh tunnel

    I think you must get out more.

    el

    On 2012-01-28 22:37 , Tad McClellan wrote:
    > Dr Eberhard W Lisse <> wrote:
    >
    >
    >> Sorry, you didn't realize

    > ^^^
    > ^^^
    >
    > You are apologizing for me?
    >
    > That seems a bit presumptuous...
    >
    >
    >> On 2012-01-27 16:50 , Tad McClellan wrote:

    >
    >>> Sorry, I did not realize

    >
    >
    > Here I apologized for me.
    >
    >
    >
    > You apologize for you.
    >
    > You are not priveleged to apologize for me.
    >
    >



    --
    If you want to email me, replace nospam with el
    Dr Eberhard W Lisse, Jan 28, 2012
    #17
  18. Re: ssh tunnel

    Thank you very much for explaining this to me.


    But you see, old habits die hard, been top-posting and full-quoting
    now for 30 years or so, initially nn but TBird does this also very
    well.

    We are now hoever getting well off topic, and though I enjoy a
    good flame as the next one I wasn't really trolling.

    greetings, el


    On 2012-01-28 21:12 , Kaz Kylheku wrote:
    > On 2012-01-27, Dr Eberhard Lisse <> wrote:
    >> And you can go and see Isak N. Jacobsen.

    >
    > Doc, it really is better if you trim the quoted material, break it
    > up into pieces that you want to respond to and reply below those
    > pieces. Try it!
    >
    > (This is why the > characters are there; to clearly distinguish
    > between your embedded pieces and the original text.)
    >
    > It's not "rude" otherwise; it's just a different cultural
    > convention. In the corporate world of Mirosoft Exchange/Outlook
    > e-mail communication, full quoting and top-posting is the norm.
    > (And note that > quoting is not used!)
    >
    > In the classic world of Internet e-mail, mailing lists, Usenet
    > newsgroups and BBS's, we have > with in-between quoting. It is
    > better suited for complex discussions with multiple points.
    >
    > The posting sotware you are using is already doing half the job of
    > sticking to the convention by inserting the > characters.
    >
    > Cheers ...



    --
    If you want to email me, replace nospam with el
    Dr Eberhard W Lisse, Jan 28, 2012
    #18
  19. Re: ssh tunnel [OT}

    Shmuel,

    I agree, but often the same as below happens, the editor used (I use
    emacs and AlphaX) don't recognize the kk> for formatting purposes,
    wiithout some intervention :)-O

    el

    on 2012-01-29 05:05 Shmuel (Seymour J.) Metz said the following:
    > In <>, on 01/28/2012
    > at 07:12 PM, Kaz Kylheku <> said:
    >
    >> In the classic world of Internet e-mail, mailing lists, Usenet
    >> newsgroups and BBS's, we have > with in-between quoting. It is
    >> better suited for complex discussions with multiple points.

    >
    > The BBS world is the odd man out; there the convention is not a bare
    > ">" but rather the initials of the poster, e.g.,
    >
    > kk> In the classic world of Internet e-mail, mailing lists, Usenet kk>
    > newsgroups and BBS's, we have > with in-between quoting. It is kk>
    > better suited for complex discussions with multiple points.
    >
    > IMHO it's a better convention, especially with nested quotes.
    >
    Dr Eberhard Lisse, Jan 30, 2012
    #19
  20. Dr Eberhard Lisse

    Tim McDaniel Guest

    Re: ssh tunnel

    In article <>,
    >We are now hoever getting well off topic,


    Meta-discussion is related to the topic.

    >and though I enjoy a
    >good flame as the next one I wasn't really trolling.


    When multiple people tell you about group customs and explain why
    they're practical, and you loudly refuse to follow and denigrate the
    reasons: yes, you are indeed trolling. Luckily, my news reader has a
    "killfile" that can filter by sender.

    --
    Tim McDaniel,
    Tim McDaniel, Jan 30, 2012
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. loial
    Replies:
    0
    Views:
    385
    loial
    Feb 3, 2009
  2. loial
    Replies:
    0
    Views:
    389
    loial
    Feb 10, 2009
  3. Tench Johnson
    Replies:
    1
    Views:
    276
    Biff Tannen
    Apr 23, 2010
  4. salamond

    net/ssh in ruby. ssh.exec fails

    salamond, Feb 17, 2011, in forum: Ruby
    Replies:
    0
    Views:
    221
    salamond
    Feb 17, 2011
  5. Dr Eberhard Lisse

    ssh tullen

    Dr Eberhard Lisse, Jan 16, 2012, in forum: Perl Misc
    Replies:
    0
    Views:
    330
    Dr Eberhard Lisse
    Jan 16, 2012
Loading...

Share This Page