[Kc] Interactive Login in Perl

Eric Wilhelm scratchcomputing at gmail.com
Mon Jul 17 09:32:56 PDT 2006


# from Scott Kahler
# on Monday 17 July 2006 06:33 am:

>Maybe you are looking for Net::SSH ?

  =head1 FREQUENTLY ASKED QUESTIONS

  Q: How do you supply a password to connect with ssh within a perl
  script using the Net::SSH module?

  A: You don't.  Use RSA or DSA keys.  See the ssh-keygen(1) manpage.

The command-line client (and rsync and svn and ...) is the same way.  If 
you need to create ssh connections in batch jobs, you *must* have a 
password-less key.

If you need to be paranoid, setup ~/.ssh/authorized_keys on the target 
host with an explicit set of allowed commands:

(all one line)
  no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,
  command="/$some_path/commands_allowed",from="$host"
  ssh-dss $public_key$user@$host

The command= parameter actually means "run only this command" (including 
parameters.)  The commands_allowed script should then check 
$ENV{SSH_ORIGINAL_COMMAND} and exec that if it decides to allow it.

--Eric
-- 
A counterintuitive sansevieria trifasciata was once literalized 
guiltily.
--Product of Artificial Intelligence
---------------------------------------------------
    http://scratchcomputing.com
---------------------------------------------------


More information about the kc mailing list