Net::SSH::Perl - Channel open failure?

[CsB]

I am attempting to write a couple of test scripts to use SSH for
connecting to a host, executing commands, and displaying the results..

I've exhausted my google-fu (even Google code search) and hoped
someone might be able to enlighten me as to why this script is
failing.

I'm receiving "Channel open failure: 1: reason 1: open failed" in my
debug statements. From what I can tell, all this means is the SSH
Open was administratively prohibited (for any number of reasons).

What I'm confused about, though, is I connect to my test host using
SSH 2. And in the Net::SSH:erl docs, it says "SSH-2 fuly supports
running more than one command over the same connection". However, in
my debug info (below) it looks like my script is attempting to open a
second connection (channel 1) for sending the command instead of using
the currently open connection (channel 0).

Is there something special I need to do to utilize the existing open
connection for subsequent commands? Or, am I way out in left-field on
ths problem?

Any suggestions or advice would be greatly appreciated.

- - BEGIN - SCRIPT - - - - - - - -

use Net::SSH:erl;
use strict;
use warnings;
my $host = "example.host.com";
my $user = "username";
my $password = "password";
my $cmd = "ls";
my $ssh = Net::SSH:erl->new(
$host,
debug => 1,
protocol => '2,1',
port => 22
);
$ssh->login( $user, $password );
$ssh->register_handler(
"stdout",
sub {
my ( $channel, $buffer ) = @_;
print "I received this: ", $buffer->bytes;
}
);
$ssh->cmd($cmd);

- - END - SCRIPT - - - - - - - -

- - BEGIN - OUTPUT - - - - - - - -

development[/home/user]# test-ssh.pl
development: Reading configuration data //.ssh/config
development: Reading configuration data /etc/ssh_config
development: Allocated local port 1021.
development: Connecting to example.host.com, port 22.
development: Remote version string: SSH-2.0-OpenSSH_2.9p2

development: Remote protocol version 2.0, remote software version
OpenSSH_2.9p2
development: Net::SSH:erl Version 1.30, protocol version 2.0.
development: No compat match: OpenSSH_2.9p2.
development: Connection established.
development: Sent key-exchange init (KEXINIT), wait response.
development: Algorithms, c->s: 3des-cbc hmac-sha1 none
development: Algorithms, s->c: 3des-cbc hmac-sha1 none
development: Entering Diffie-Hellman Group 1 key exchange.
development: Sent DH public key, waiting for reply.
development: Received host key, type 'ssh-dss'.
development: Host 'example.host.com' is known and matches the host
key.
development: Computing shared secret key.
development: Verifying server signature.
development: Waiting for NEWKEYS message.
development: Enabling incoming encryption/MAC/compression.
development: Send NEWKEYS, enable outgoing encryption/MAC/compression.
development: Sending request for user-authentication service.
development: Service accepted: ssh-userauth.
development: Trying empty user-authentication request.
development: Authentication methods that can continue: keyboard-
interactive,password.
development: Next method to try is password.
development: Trying password authentication.
development: Login completed, opening dummy shell channel.
development: channel 0: new [client-session]
development: Requesting channel_open for channel 0.
development: channel 0: open confirm rwindow 0 rmax 16384
development: Got channel open confirmation, requesting shell.
development: Requesting service shell on channel 0.
development: channel 1: new [client-session]
development: Requesting channel_open for channel 1.
development: Entering interactive session.
development: Channel open failure: 1: reason 1: open failed
development[/home/user]#

- - END - OUTPUT - - - - - - - - - -

 

[Guest]

I am attempting to write a couple of test scripts to use SSH for
connecting to a host, executing commands, and displaying the results..

I've exhausted my google-fu (even Google code search) and hoped
someone might be able to enlighten me as to why this script is
failing.

I'm receiving "Channel open failure: 1: reason 1: open failed" in my
debug statements. From what I can tell, all this means is the SSH
Open was administratively prohibited (for any number of reasons).
[...]

Maybe, maybe not. I advise against using Net::SSH:erl. Others have
noted it to be buggy, and I consider it to be overly complicated and
perhaps a reduction of system security.

Please use Net::SSH or Expect along with the 'ssh' command instead.


HTH

 

[CsB]

Please use Net::SSH or Expect along with the 'ssh' command instead.

Thank you for your response.

The script I will eventually produce will replace one that currently
uses Net::Telnet. It accesses several thousand network components
(routers, switches, wireless access points, etc).

Please correct this if I am wrong, but if I use Net::SSH, I will need
to create and maintain a host key for each network component. This is
the primary reason I looked into Net::SSHerl first.

When you say to use "Expect along with the 'ssh' command instead",
would you be kind enough to provide a link to an example? I'm not
quite sure I understand your suggestion.

Also, I'm suprised I haven't received any additional responses. Do
you think I might have posted this in the wrong perl group?

Thank you again.

 

[Guest]

Thank you for your response.

The script I will eventually produce will replace one that currently
uses Net::Telnet. It accesses several thousand network components
(routers, switches, wireless access points, etc).

Please correct this if I am wrong, but if I use Net::SSH, I will need
to create and maintain a host key for each network component. This is
the primary reason I looked into Net::SSHerl first.

I'm not an ssh or cryptography expert, but I think you would only need
to create the private and public keys on the machine doing the
accessing. The other machines would only need a copy of the public key
of the machine that will do the accessing. Read "man ssh-keygen."

When you say to use "Expect along with the 'ssh' command instead",
would you be kind enough to provide a link to an example? I'm not
quite sure I understand your suggestion.

Expect.pm is a perl module that allows your program to interact with
other programs. You can use Expect to start the "ssh" utility and
programatically issue commands to ssh.

Also, I'm suprised I haven't received any additional responses. Do
you think I might have posted this in the wrong perl group?

Thank you again.

You could also try comp.lang.perl.modules or alt.perl. A couple of weeks
ago, there was a discussion of Net::SSH:erl in comp.lang.perl.modules.


HTH

 

[zentara]

Thank you for your response.

The script I will eventually produce will replace one that currently
uses Net::Telnet. It accesses several thousand network components
(routers, switches, wireless access points, etc).

Please correct this if I am wrong, but if I use Net::SSH, I will need
to create and maintain a host key for each network component. This is
the primary reason I looked into Net::SSHerl first.

When you say to use "Expect along with the 'ssh' command instead",
would you be kind enough to provide a link to an example? I'm not
quite sure I understand your suggestion.

Also, I'm suprised I haven't received any additional responses. Do
you think I might have posted this in the wrong perl group?

Thank you again.

You would be best off using the newer Net::SSH2

#!/usr/bin/perl
use warnings;
use strict;
use Net::SSH2;
use Data:umper;

# assuming a user named 'z' for demonstration
# connecting to localhost, so you need your sshd running

# see maillist archives at
# http://lists.sourceforge.net/lists/listinfo/ssh-sftp-perl-users
# for deeper discussions

my $ssh2 = Net::SSH2->new();

#connect
$ssh2->connect('localhost') or die "Unable to connect Host $@ \n";

# authorize
# this works but I use keys below
# $ssh2->auth_password('z','zfoobar') or die "Unable to login $@ \n";

#this dosn't work
#$ssh2->auth(username=>'z', interact => 1);

#get the password for the key
use Term::ReadKey;
print "And your key password: ";
ReadMode('noecho');
chomp(my $pass = ReadLine(0));
ReadMode('restore');
print "\n";
$ssh2->auth_publickey('z',
'/home/z/.ssh/id_rsa.pub', #testing on localhost
'/home/z/.ssh/id_rsa',
$pass );


my $chan = $ssh2->channel();
$chan->exec('ls -la');
while (<$chan>){ print }

#will get dir named 2
my $chan1 = $ssh2->channel();
$chan1->exec('ls -la 2');
while (<$chan1>){ print }

# mkdir with sftp
my $sftp = $ssh2->sftp();
my $dir = '/home/z/3';
$sftp->mkdir($dir);
my %stat = $sftp->stat($dir);
print Dumper([\%stat]), "\n";

#put a file
my $remote = "$dir/".time;
$ssh2->scp_put($0, $remote);

#get a small file to a scalar
use IO::Scalar;
my $local = IO::Scalar->new; #it needs a blessed reference
$ssh2->scp_get($remote, $local);
print "$local\n\n";

#get a large file like a 100Meg wav file
my $remote1 = $dir.'/1.wav';
use IO::File;
my $local1 = IO::File->new("> 2.wav"); #it needs a blessed reference
$ssh2->scp_get($remote1, $local1);


# get a dirlist
my $dh = $sftp->opendir($dir);
while(my $item = $dh->read) {
print $item->{'name'},"\n";
}

#shell use
my $chan2 = $ssh2->channel();
$chan2->shell();
print $chan2 "uname -a\n";
print "LINE : $_" while <$chan2>;
print $chan2 "who\n";
print "LINE : $_" while <$chan2>;
$chan2->close;
__END__

 

[CsB]

On Feb 7, 5:49 pm, "Mumia W. (NOSPAM)"

I think you would only need to create the private and public keys on the
machine doing the accessing. ... Read "man ssh-keygen."

You can use Expect to start the "ssh" utility and programatically issue
commands to ssh.

You could also try comp.lang.perl.modules or alt.perl. A couple of weeks
ago, there was a discussion of Net::SSH:erl in comp.lang.perl.modules.

Thank you again for your suggestions, I'll certainly take a look into
them.

 

[CsB]

You would be best off using the newer Net::SSH2

Wow, I didn't know Net::SSH2 existed. Searching for SSH on cpan only
turned up the Net::SSH varieties. I will give it a try.

Also, thank you for the example code. It will certainly save me some
time.

 

[rahed]

Is there something special I need to do to utilize the existing open
connection for subsequent commands? Or, am I way out in left-field on
ths problem?

Any suggestions or advice would be greatly appreciated.

- - BEGIN - SCRIPT - - - - - - - -

use Net::SSH:erl;
use strict;
use warnings;
my $host = "example.host.com";
my $user = "username";
my $password = "password";
my $cmd = "ls";
my $ssh = Net::SSH:erl->new(
$host,
debug => 1,
protocol => '2,1',
port => 22
);
$ssh->login( $user, $password );
$ssh->register_handler(
"stdout",
sub {
my ( $channel, $buffer ) = @_;
print "I received this: ", $buffer->bytes;
}
);
$ssh->cmd($cmd);

I don't use register_handler method but you can run more commands with
cmd method like this (from docs) ($out,$err,$exit) = $ssh->cmd($cmd);
It's limited to ssh-2 protocol.

I run your code whithout problems. I think you should upgrade openSSH,
2.9 is quite outdated.

HTH

 

[rahed]

Maybe, maybe not. I advise against using Net::SSH:erl. Others have
noted it to be buggy, and I consider it to be overly complicated and
perhaps a reduction of system security.

I use the module quite frequently and for my usage haven't noticed any
bugs. Complicated can be the installation because there are many
prerequisite modules.

 

[CsB]

I run your code whithout problems. I think you should upgrade openSSH,
2.9 is quite outdated.

Thank you. The remote system is a network switch. It's not under my
jurisdiction so I have no control over its software release. I think
it may be the problem.