Perl Net::SSH2公钥身份验证问题
我正在尝试使用Net::SSH2连接到远程SSH服务器。命令行ssh工作正常。不过,我似乎无法找出正确的基于身份验证的参数 这是我的代码:Perl Net::SSH2公钥身份验证问题,perl,ssh,public-key,Perl,Ssh,Public Key,我正在尝试使用Net::SSH2连接到远程SSH服务器。命令行ssh工作正常。不过,我似乎无法找出正确的基于身份验证的参数 这是我的代码: use Net::SSH2; my $ssh = Net::SSH2->new(); $ssh->debug(1); $ssh->trace(-1); $ssh->connect('remotehost.remotedomain.tld') or die; $ssh->auth_hostbased('username',
use Net::SSH2;
my $ssh = Net::SSH2->new();
$ssh->debug(1);
$ssh->trace(-1);
$ssh->connect('remotehost.remotedomain.tld') or die;
$ssh->auth_hostbased('username',
'ssh-rsa AAAAB3Nz[..]C0JoaFF9 root@myhost',
'-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,FA97214E87562096A7E480C82DAE5EB4
XIMKnj9k[..]kpRo5V
-----END RSA PRIVATE KEY-----',
'myhost.mydomain.tld',
'username',
'keypassword') or die;
非常感谢您对正确参数格式或替代模块的任何帮助。为什么不使用Net::OpenSSH? 这是一个简单的ssh包装器脚本,我不久前写过:
#!/usr/bin/perl
#Simple SSH Remote Executor using Net::OpenSSH Library
use warnings;
use strict;
use Net::OpenSSH;
# see http://search.cpan.org/~salva/Net-OpenSSH-0.62/lib/Net/OpenSSH.pm#DEBUGGING
$Net::OpenSSH::debug = undef;
use Getopt::Long;
my $timeout = 10;
my ($username,$identity,$hostname,$command) = undef;
my $uid=getpwuid($<);
my $ctl_dir=qq{/tmp/.libnet-puppet-$uid};
my $ctl_mode=0700;
if ( ! -d $ctl_dir ) { mkdir( $ctl_dir,$ctl_mode ) };
open my $stderr_fh, '>>', '/dev/null' or die $!;
sub print_help{
print qq{\nusage: $0 [options] -h Hostname
-u username
-i identity
-c command
long options are supported !
};
exit (1);
}
GetOptions ("hostname=s" => \$hostname, # string
"username=s" => \$username, # string
"identity=s" => \$identity, # string
"command=s" => \$command) # string
or print_help;
if ( not defined $username or not defined $identity or not defined $hostname or not defined $command ) { print_help };
my $port = q{22};
my $user = $username;
my $ssh;
my $cmd = qq{$command};
my $options = {
host => $hostname,
user => $user,
port => $port,
default_stderr_fh => $stderr_fh,
ctl_dir => $ctl_dir,
master_opts => [
-o => "UserKnownHostsFile=/dev/null",
-o => "StrictHostKeyChecking=no",
-o => qq{IdentityFile=$identity},
],
timeout => $timeout };
#ALARM Timer timeout handling
$SIG{ALRM} = sub {
printf( "%s\n", qq{invalid-timeout-connecting-to-node-$hostname});
exit(1);
};
#init alarm timer ;-)
alarm( $timeout );
$ssh = Net::OpenSSH->new( %{$options} )
or $ssh->error and die "Couldn't establish SSH connection: ". $ssh->error;
my (@out, $err) = $ssh->capture2({ timeout => 10 }, $cmd);
die("Error: %s\n", $err) if defined $err;
if ( (scalar(@out)) eq 0 ) {
printf( "%s\n", qq{invalid-empty-string-received-by-node-$hostname});
exit(1);
}
foreach my $line ( @out ) {
$line =~ s/^\s{1,}//;
printf ("%s",$line);
}
#/usr/bin/perl
#使用Net::OpenSSH库的简单SSH远程执行器
使用警告;
严格使用;
使用Net::OpenSSH;
#看http://search.cpan.org/~salva/Net-OpenSSH-0.62/lib/Net/OpenSSH.pm#调试
$Net::OpenSSH::debug=undf;
使用Getopt::Long;
我的$timeout=10;
我的($username,$identity,$hostname,$command)=未定义;
my$uid=getpwuid($\$hostname,#字符串
“username=s”=>\$username,#字符串
“identity=s”=>\$identity,#字符串
“command=s”=>\$command)#字符串
或打印帮助;
如果(未定义$username或未定义$identity或未定义$hostname或未定义$command){print_help};
my$port=q{22};
我的$user=$username;
我的$ssh;
my$cmd=qq{$command};
我的$options={
主机=>$hostname,
用户=>$user,
端口=>$port,
默认值\u stderr\u fh=>$stderr\u fh,
ctl\U dir=>$ctl\U dir,
主选项=>[
-o=>“UserKnownHostsFile=/dev/null”,
-o=>“StrictHostKeyChecking=否”,
-o=>qq{IdentityFile=$identity},
],
超时=>$timeout};
#报警计时器超时处理
$SIG{ALRM}=sub{
printf(“%s\n”,qq{连接到节点的超时无效-$hostname});
出口(1);
};
#初始化报警计时器;-)
报警($超时);
$ssh=Net::OpenSSH->new(%{$options})
或者$ssh->error and die“无法建立ssh连接:”$ssh->错误;
my(@out,$err)=$ssh->capture2({timeout=>10},$cmd);
如果定义了$err,则为die(“错误:%s\n”,$err);
if((标量(@out))等式0){
printf(“%s\n”,qq{节点接收到无效的空字符串-$hostname});
出口(1);
}
foreach我的$line(@out){
$line=~s/^\s{1,}/;
printf(“%s”,美元行);
}
有关可用的主选项,请参阅“手动ssh_配置”。
不过,我认为该脚本会有很大帮助。
Rgds。Franz您正在传递密码短语作为最后一个参数,对吗?从命令行连接时使用了什么身份验证模式?这在bash中起作用:“ssh-i/root/.ssh/privkey”username@remotehost.remotedomain.tldls-l'然后输入keypassword来解锁privkeyUse
auth_publickeydieprint STDERR join(“”,$ssh->error)