240
240
my $ssh_cmd = _first_defined delete $opts{ssh_cmd}, 'ssh';
241
241
my $rsync_cmd = _first_defined delete $opts{rsync_cmd}, 'rsync';
242
242
my $scp_cmd = delete $opts{scp_cmd};
243
my $sshfs_cmd = _first_defined delete $opts{sshfs_cmd}, 'sshfs';
244
my $sftp_server_cmd = _first_defined delete $opts{sftp_server_cmd},
245
'/usr/lib/openssh/sftp-server';
243
246
my $timeout = delete $opts{timeout};
244
247
my $kill_ssh_on_timeout = delete $opts{kill_ssh_on_timeout};
245
248
my $strict_mode = _first_defined delete $opts{strict_mode}, 1;
252
255
_first_defined delete $opts{default_stream_encoding}, $default_encoding;
253
256
my $default_argument_encoding =
254
257
_first_defined delete $opts{default_argument_encoding}, $default_encoding;
258
my $forward_agent = delete $opts{forward_agent};
259
$forward_agent and $passphrase and
260
croak "agent forwarding can not be used when a passphrase has also been given";
256
262
my ($master_opts, @master_opts,
257
263
$master_stdout_fh, $master_stderr_fh,
329
334
_ssh_cmd => $ssh_cmd,
330
335
_scp_cmd => $scp_cmd,
331
336
_rsync_cmd => $rsync_cmd,
337
_sshfs_cmd => $sshfs_cmd,
338
_sftp_server_cmd => $sftp_server_cmd,
334
341
_host_squared => $host_squared,
344
351
_kill_ssh_on_timeout => $kill_ssh_on_timeout,
345
352
_batch_mode => $batch_mode,
354
_forward_agent => $forward_agent,
347
355
_external_master => $external_master,
348
356
_default_ssh_opts => $default_ssh_opts,
349
357
_default_stdin_fh => $default_stdin_fh,
357
365
_default_stream_encoding => $default_stream_encoding,
358
366
_default_argument_encoding => $default_argument_encoding,
359
367
_expand_vars => $expand_vars,
361
370
bless $self, $class;
363
372
# default file handles are opened so late in order to have the
493
502
my ($mode, $uid) = (stat $dir)[2, 4];
494
503
$debug and $debug & 2 and _debug "_is_secure_path(dir: $dir, file mode: $mode, file uid: $uid, euid: $>";
495
return undef unless(($uid == $> or $uid == 0 ) and (($mode & 022) == 0));
504
return undef unless(($uid == $> or $uid == 0 ) and (($mode & 022) == 0 or ($mode & 01000)));
496
505
return 1 if (defined $home and $home eq $dir);
503
512
my @before = @{shift || []};
504
513
my @args = ($self->{_ssh_cmd}, @before,
505
514
-S => $self->{_ctl_path},
506
@{$self->{_ssh_opts}}, $self->{_host_squared},
515
@{$self->{_ssh_opts}}, $self->{_host},
508
517
(@_ ? "@_" : ()));
509
518
$debug and $debug & 8 and _debug_dump 'call args' => \@args;
655
664
push @master_opts, -i => $self->{_key_path};
667
if (defined $self->{_forward_agent}) {
668
push @master_opts, ($self->{_forward_agent} ? '-A' : '-a');
658
671
my $proxy_command = $self->{_proxy_command};
717
if ($debug and $debug & 512) {
718
require Net::OpenSSH::OSTracer;
719
Net::OpenSSH::OSTracer->trace;
704
722
$mpty->make_slave_controlling_terminal if $mpty;
706
724
$self->_master_redirect('STDOUT');
707
725
$self->_master_redirect('STDERR');
709
if (defined $self->{_passwd}) {
710
delete $ENV{SSH_ASKPASS};
711
delete $ENV{SSH_AUTH_SOCK};
727
delete $ENV{SSH_ASKPASS} if defined $self->{_passwd};
728
delete $ENV{SSH_AUTH_SOCK} if defined $self->{_passphrase};
714
730
local $SIG{__DIE__};
715
731
eval { exec @call };
896
912
if ($state eq 'waiting_for_login_handler') {
913
local ($@, $SIG{__DIE__});
899
914
if (eval { $login_handler->($self, $mpty, $bout) }) {
900
915
$state = 'waiting_for_mux_socket';
956
971
stderr_to_stdout => 1, ssh_opts => [-O => $cmd]});
975
# FIXME: this method currently fails because of a bug in ssh.
976
my ($self, $timeout) = @_;
977
my $pid = $self->{_pid};
978
$self->_master_ctl('stop');
979
if (not $self->error and
981
$self->{_perl_pid} == $$ and
982
$self->{_thread_generation} == $thread_generation) {
984
local $self->{_kill_ssh_on_timeout};
985
if ($self->_waitpid($pid, $timeout)) {
986
delete $self->{_pid};
987
$self->_set_error(OSSH_MASTER_FAILED, "master ssh connection stopped");
991
return $self->_kill_master;
960
998
my $self = shift;
975
1013
my ($module, $version) = @_;
976
1014
$loaded_module{$module} ||= do {
1016
local ($@, $SIG{__DIE__});
980
1017
eval "require $module; 1"
981
1018
} or croak "unable to load Perl module $module";
984
1021
if (defined $version) {
1022
local ($@, $SIG{__DIE__});
987
1023
my $mv = eval "\$${module}::VERSION" || 0;
988
1024
(my $mv1 = $mv) =~ s/_\d*$//;
989
1025
croak "$module version $version required, $mv is available"
1117
1153
my @ssh_opts = _array_or_scalar_to_list delete $opts{ssh_opts};
1118
1154
my $tty = delete $opts{tty};
1119
1155
push @ssh_opts, ($tty ? '-qtt' : '-T') if defined $tty;
1156
if ($self->{_forward_agent}) {
1157
my $forward_agent = delete $opts{forward_agent};
1158
push @ssh_opts, ($forward_agent ? '-A' : '-a') if defined $forward_agent;
1120
1160
my $tunnel = delete $opts{tunnel};
1206
1246
$self->wait_for_master or return;
1207
1247
my %opts = (ref $_[0] eq 'HASH' ? %{shift()} : ());
1208
1248
my $tunnel = delete $opts{tunnel};
1209
my ($stdinout_socket, $stdinout_dpipe_is_parent);
1249
my ($stdinout_socket, $stdinout_dpipe_make_parent);
1210
1250
my $stdinout_dpipe = delete $opts{stdinout_dpipe};
1211
1251
if ($stdinout_dpipe) {
1212
$stdinout_dpipe_is_parent = delete $opts{stdinout_dpipe_is_parent};
1252
$stdinout_dpipe_make_parent = delete $opts{stdinout_dpipe_make_parent};
1213
1253
$stdinout_socket = 1;
1243
1283
$stderr_file = delete $opts{stderr_file} );
1245
1285
my $argument_encoding = $self->_delete_argument_encoding(\%opts);
1247
1286
my $ssh_opts = delete $opts{ssh_opts};
1248
1287
$ssh_opts = $self->{_default_ssh_opts} unless defined $ssh_opts;
1249
1288
my @ssh_opts = $self->_expand_vars(_array_or_scalar_to_list $ssh_opts);
1290
if ($self->{_forward_agent}) {
1291
my $forward_agent = delete $opts{forward_agent};
1292
push @ssh_opts, ($forward_agent ? '-A' : '-a') if defined $forward_agent;
1251
1295
my ($cmd, $close_slave_pty, @args);
1253
1297
@_ == 2 or croak 'bad number of arguments for tunnel, use $ssh->method(\\%opts, $host, $port)';
1363
1407
my $pid1 = fork;
1364
1408
defined $pid1 or POSIX::_exit(255);
1366
unless ($pid1 xor $stdinout_dpipe_is_parent) {
1410
unless ($pid1 xor $stdinout_dpipe_make_parent) {
1367
1411
eval { $self->_exec_dpipe($stdinout_dpipe, $win, $werr) };
1368
1412
POSIX::_exit(255);
1622
1666
_sub_options spawn => qw(stderr_to_stdout stdin_discard stdin_fh stdin_file stdout_discard
1623
1667
stdout_fh stdout_file stderr_discard stderr_fh stderr_file
1624
stdinout_dpipe stdintout_dpipe_is_parent quote_args tty ssh_opts tunnel
1625
encoding argument_encoding);
1668
stdinout_dpipe stdinout_dpipe_make_parent quote_args tty ssh_opts tunnel
1669
encoding argument_encoding forward_agent);
1627
1671
${^TAINT} and &_catch_tainted_args;
1628
1672
my $self = shift;
1714
1758
_sub_options system => qw(stdout_discard stdout_fh stdin_discard stdout_file stdin_fh stdin_file
1715
1759
quote_args stderr_to_stdout stderr_discard stderr_fh stderr_file
1716
stdinout_dpipe stdinout_dpipe_is_parent tty ssh_opts tunnel encoding
1760
stdinout_dpipe stdinout_dpipe_make_parent tty ssh_opts tunnel encoding
1761
argument_encoding forward_agent);
1719
1763
${^TAINT} and &_catch_tainted_args;
1720
1764
my $self = shift;
1743
1787
_sub_options test => qw(stdout_discard stdout_fh stdin_discard stdout_file stdin_fh stdin_file
1744
1788
quote_args stderr_to_stdout stderr_discard stderr_fh stderr_file
1745
stdinout_dpipe stdinout_dpipe_is_parent stdtty ssh_opts timeout stdin_data
1746
encoding stream_encoding argument_encoding);
1789
stdinout_dpipe stdinout_dpipe_make_parent tty ssh_opts timeout stdin_data
1790
encoding stream_encoding argument_encoding forward_agent);
1748
1792
${^TAINT} and &_catch_tainted_args;
1749
1793
my $self = shift;
1769
1813
_sub_options capture => qw(stderr_to_stdout stderr_discard stderr_fh stderr_file
1770
1814
stdin_discard stdin_fh stdin_file quote_args tty ssh_opts tunnel
1771
encoding argument_encoding);
1815
encoding argument_encoding forward_agent);
1773
1817
${^TAINT} and &_catch_tainted_args;
1774
1818
my $self = shift;
1798
_sub_options capture2 => qw(stdin_discard stdin_fh stdin_file quote_args tty ssh_opts encoding argument_encoding);
1842
_sub_options capture2 => qw(stdin_discard stdin_fh stdin_file
1843
quote_args tty ssh_opts encoding
1844
argument_encoding forward_agent);
1800
1846
${^TAINT} and &_catch_tainted_args;
1801
1847
my $self = shift;
1919
1965
${^TAINT} and &_catch_tainted_args;
1920
1966
my ($self, $opts, $target, @src) = _scp_put_args @_;
1967
return unless $self;
1921
1968
$self->_scp($opts, @src, $target);
1924
1971
sub rsync_put {
1925
1972
${^TAINT} and &_catch_tainted_args;
1926
1973
my ($self, $opts, $target, @src) = _scp_put_args @_;
1974
return unless $self;
1927
1975
$self->_rsync($opts, @src, $target);
1930
1978
_sub_options _scp => qw(stderr_to_stdout stderr_discard stderr_fh
1931
1979
stderr_file stdout_discard stdout_fh
1932
stdout_file encoding argument_encoding);
1980
stdout_file encoding argument_encoding
1934
1983
my $self = shift;
1935
1984
my %opts = (ref $_[0] eq 'HASH' ? %{shift()} : ());
2146
_sub_options sshfs_import => qw(stderr_discard stderr_fh stderr_file
2147
ssh_opts argument_encoding sshfs_opts);
2149
${^TAINT} and &_catch_tainted_args;
2151
my %opts = (ref $_[0] eq 'HASH' ? %{shift()} : ());
2152
@_ == 2 or croak 'Usage: $ssh->sshfs_import(\%opts, $remote, $local)';
2153
my ($from, $to) = @_;
2154
my @sshfs_opts = ( -o => 'slave',
2155
_array_or_scalar_to_list delete $opts{sshfs_opts} );
2156
_croak_bad_options %opts;
2158
$opts{ssh_opts} = ['-s', _array_or_scalar_to_list delete $opts{ssh_opts}];
2159
$opts{stdinout_dpipe} = [$self->{_sshfs_cmd}, "$self->{_host_squared}:$from", $to, @sshfs_opts];
2160
$opts{stdinout_dpipe_make_parent} = 1;
2161
$self->spawn(\%opts, 'sftp');
2164
_sub_options sshfs_export => qw(stderr_discard stderr_fh stderr_file
2165
ssh_opts argument_encoding sshfs_opts);
2167
${^TAINT} and &_catch_tainted_args;
2169
my %opts = (ref $_[0] eq 'HASH' ? %{shift()} : ());
2170
@_ == 2 or croak 'Usage: $ssh->sshfs_export(\%opts, $local, $remote)';
2171
my ($from, $to) = @_;
2172
my @sshfs_opts = ( -o => 'slave',
2173
_array_or_scalar_to_list delete $opts{sshfs_opts} );
2174
_croak_bad_options %opts;
2175
$opts{stdinout_dpipe} = $self->{_sftp_server_cmd};
2177
my $hostname = eval {
2178
require Sys::Hostname;
2179
Sys::Hostname::hostname();
2181
$hostname = 'remote' if (not defined $hostname or
2182
not length $hostname or
2183
$hostname=~/^localhost\b/);
2184
$self->spawn(\%opts, $self->{_sshfs_cmd}, "$hostname:$from", $to, @sshfs_opts);
2098
2188
my $self = shift;
2099
2189
my $pid = $self->{_pid};
2190
local ($@, $SIG{__DIE__});
2101
2191
$debug and $debug & 2 and _debug("DESTROY($self, pid: ", $pid, ")");
2102
2192
if ($pid and $self->{_perl_pid} == $$ and $self->{_thread_generation} == $thread_generation) {
2103
2193
$debug and $debug & 32 and _debug("killing master");
2107
2195
unless ($self->{_wfm_state}) {
2108
2196
# we have successfully created the master connection so we
2109
2197
# can send control commands:
2315
2403
bad idea. When possible, you should use public key authentication
2318
2407
=item passphrase => $passphrase
2320
Uses given passphrase to open private key.
2409
X<passphrase>Uses given passphrase to open private key.
2322
2411
=item key_path => $private_key_path
2438
2527
my $ssh = Net::OpenSSH->new($host,
2439
default_ssh_options => [-o => "ConnectionAttempts=0"]);
2528
default_ssh_opts => [-o => "ConnectionAttempts=0"]);
2530
=item forward_agent => 1
2532
Enables forwarding of the authentication agent.
2534
This option can not be used when passing a passphrase (via
2535
L</passphrase>) to unlock the login private key.
2441
2537
=item default_stdin_fh => $fh
2711
2807
See L</"Shell quoting"> below.
2809
=item forward_agent => $bool
2811
Enables/disables forwarding of the authentication agent.
2813
This option can only be used when agent forwarding has been previously
2814
requested on the constructor.
2713
2816
=item ssh_opts => \@opts
2715
2818
List of extra options for the C<ssh> command.
2864
2967
returns the output broken into lines (it honors C<$/>, see
2865
2968
L<perlvar/"$/">).
2970
The exit status of the remote command is returned in C<$?>.
2867
2972
When an error happens while capturing (for instance, the operation
2868
2973
times out), the partial captured output will be returned. Error
2869
2974
conditions have to be explicitly checked using the L</error>
3057
3162
=item quiet => 0
3059
3164
By default, C<scp> is called with the quiet flag C<-q> enabled in
3060
order to suppress progress information. This option allows reenabling
3061
the progress indication bar.
3165
order to suppress progress information. This option allows one to
3166
re-enable the progress indication bar.
3063
3168
=item verbose => 1
3159
3264
=item $sftp = $ssh->sftp(%sftp_opts)
3161
Creates a new L<Net::SFTP::Foreign|Net::SFTP::Foreign> object for SFTP interaction that
3162
runs through the ssh master connection.
3266
Creates a new L<Net::SFTP::Foreign|Net::SFTP::Foreign> object for SFTP
3267
interaction that runs through the ssh master connection.
3164
=item @call = $ssh->make_remote_command(%opts, @cmd)
3269
=item @call = $ssh->make_remote_command(\%opts, @cmd)
3166
3271
=item $call = $ssh->make_remote_command(\%opts, @cmd)
3177
3282
my $remote = $ssh->make_remote_comand("cd /tmp/ && tar xf -");
3178
3283
system "tar cf - . | $remote";
3285
The options accepted are as follows:
3291
Enables/disables allocation of a tty on the remote side.
3293
=item forward_agent => $bool
3295
Enables/disables forwarding of authentication agent.
3297
This option can only be used when agent forwarding has been previously
3298
requested on the constructor.
3302
Return a command to create a connection to some TCP server reachable
3303
from the remote host. In that case the arguments are the destination
3304
address and port. For instance:
3306
$cmd = $ssh->make_remote_command({tunnel => 1}, $host, $port);
3180
3310
=item $ssh->wait_for_master($async)
3182
3312
When the connection has been established by calling the constructor
3265
3395
the OS could reassign the PID to a new unrelated process and the
3266
3396
module would try to kill it at object destruction time.
3398
=item $pid = $ssh->sshfs_import(\%opts, $remote_fs, $local_mnt_point)
3400
=item $pid = $ssh->sshfs_export(\%opts, $local_fs, $remote_mnt_point)
3402
These methods use L<sshfs(1)> to import or export a file system
3403
through the SSH connection.
3405
They return the C<$pid> of the C<sshfs> process or of the slave C<ssh>
3406
process used to proxy it. Killing that process unmounts the file
3407
system, though, it may be probably better to use L<fusermount(1)>.
3409
The options acepted are as follows:
3413
=item ssh_opts => \@ssh_opts
3415
Options passed to the slave C<ssh> process.
3417
=item sshfs_opts => \@sshfs_opts
3419
Options passed to the C<sshfs> command. For instance, to mount the file
3420
system in read-only mode:
3422
my $pid = $ssh->sshfs_export({sshfs_opts => [-o => 'ro']},
3427
Note that this command requires a recent version of C<sshfs> to work (at
3428
the time of writing, it requires the yet unreleased version available
3429
from the FUSE git repository!).
3431
See also the L<sshfs(1)> man page and the C<sshfs> and FUSE web sites
3432
at L<http://fuse.sourceforge.net/sshfs.html> and
3433
L<http://fuse.sourceforge.net/> respectively.
3270
3437
=head2 Shell quoting
3439
3606
Besides running commands on the remote host, Net::OpenSSH also allows
3440
to tunnel TCP connections to remote machines reachable from the SSH
3607
one to tunnel TCP connections to remote machines reachable from the
3443
3610
That feature is made available through the C<tunnel> option of the
3444
3611
L</open_ex> method, and also through wrapper methods L</open_tunnel>
3596
3763
L<mod_perl> and L<mod_perl2> tie STDIN and STDOUT to objects that are
3597
3764
not backed up by real file descriptors at the operative system
3598
3765
level. Net::OpenSSH will fail if any of these handles is used
3599
explicetly or implicitly when calling some remote command.
3766
explicitly or implicitly when calling some remote command.
3601
3768
The workaround is to redirect them to C</dev/null> or to some file:
3963
Debugging of Net::OpenSSH internals is controlled through the variable
3964
C<$Net::OpenSSH::debug>. Every bit of this variable activates
3965
debugging of some subsystem as follows:
3969
=item bit 1 - errors
3971
Dumps changes on the internal object attribute where errors are stored.
3973
=item bit 2 - ctl_path
3975
Dumps information about ctl_path calculation and the tests performed
3976
on that directory in order to decide if it is secure to place the
3977
multiplexing socket inside.
3979
=item bit 4 - connecting
3981
Dumps information about the establishment of new master connections.
3983
=item bit 8 - commands and arguments
3985
Dumps the command and arguments for every system/exec call.
3987
=item bit 16 - command execution
3989
Dumps information about the progress of command execution.
3991
=item bit 32 - destruction
3993
Dumps information about the destruction of Net::OpenSSH objects and
3994
the termination of the SSH master processes.
3996
=item bit 64 - IO loop
3998
Dumps information about the progress of the IO loop on capture
4001
=item bit 128 - IO hexdumps
4003
Generates hexdumps of the information that travels through the SSH
4004
streams inside capture operations.
4006
=item bit 512 - OS tracing of the master process
4008
Use the module L<Net::OpenSSH::OSTracer> to trace the SSH master
4009
process at the OS level.
4013
For instance, in order to activate all the debugging flags, you can
4016
$Net::OpenSSH::debug = ~0;
4018
Note that the meaning of the flags and the information generated is
4019
only intended for debugging of the module and may change without
4020
notice between releases.
3796
4024
Frequent questions about the module:
3997
4225
with the C<-k> flag. You may also like to use the C<-p> flag to tell
3998
4226
C<sudo> to print an empty prompt. For instance:
4000
my @out = $ssh->capture({stdin_data => $sudo_passwd},
4228
my @out = $ssh->capture({stdin_data => "$sudo_passwd\n"},
4234
If the version of sudo installed on the remote host does not support
4235
the C<-S> flag (it tells sudo to read the password from its STDIN
4236
stream), you can do it as follows:
4238
my @out = $ssh->capture({tty => 1,
4239
stdin_data => "$sudo_passwd\n"},
4245
This may generate an spurious and harmless warning from the SSH master
4246
connection (because we are requesting allocation of a tty on the
4247
remote side and locally we are attaching it to a regular pair of
4250
If for whatever reason the methods described above fail, you can
4251
always revert to using Expect to talk to the remote C<sudo>. See the
4252
C<sample/expect.pl> script from this module distribution.
4008
4256
=head1 SEE ALSO
4040
4288
Other Perl SSH clients: L<Net::SSH::Perl|Net::SSH::Perl>,
4041
4289
L<Net::SSH2|Net::SSH2>, L<Net::SSH|Net::SSH>,
4042
L<Net::SSH::Expect|Net::SSH::Expect>, L<Net::SCP|Net::SCP>.
4290
L<Net::SSH::Expect|Net::SSH::Expect>, L<Net::SCP|Net::SCP>,
4291
L<Net::SSH::Mechanize|Net::SSH::Mechanize>.
4044
4293
L<Net::OpenSSH::Compat> is a package offering a set of compatibility
4045
4294
layers for other SSH modules on top of Net::OpenSSH.
4071
4320
the CPAN bug tracking system at L<http://rt.cpan.org>.
4073
4322
B<Post questions related to how to use the module in Perlmonks>
4074
L<http://perlmoks.org/>, you will probably get faster responses than
4323
L<http://perlmonks.org/>, you will probably get faster responses than
4075
4324
if you address me directly and I visit Perlmonks quite often, so I
4076
4325
will see your question anyway.