Bug #107099 for Net-OpenSSH: Connect with -N key

Tue Sep 15 04:11:02 2015 madlord [...] list.ru - Ticket created

Subject:	Connect with -N key
Date:	Tue, 15 Sep 2015 11:10:44 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

Greetings! Using Net::OpenSSH package to connect to BBRAS Juniper ERX-1400 ran into a problem when the SSH server is not able to work with the option -N. This option (-x2MN) is passed in the function _connect() of package and you can not change it. I would like to have the option package, which could be asked what options to pass when connecting. Ie at the time of connection to transmit instead string ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -x2MN -S socket host this string ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=30 -x2M -S socket host Example: #exec_rc - send execute a remote command on connect (default 0). Send or not -N option on connect. my $ssh = Net::OpenSSH->new($host, exec_rc => 1); (OpenSSH.pm, ver. 0.57): 234-235 + my $exec_rc = delete $opts{exec_rc}; my $batch_mode = delete $opts{batch_mode}; 379-380 $self->{_master_opts} = [$self->_expand_vars(@master_opts)]; +$self->{_master_opts} = {@{$self->{_master_opts}}, '-N'} if (! $exec_rc); 631-638 sub _connect { my ($self, $async) = @_; $self->_set_error; my $timeout = int((($self->{_timeout} || 90) + 2)/3); - my @master_opts = (@{$self->{_master_opts}}, -o => "ServerAliveInterval=$timeout", '-x2MN'); + my @master_opts = (@{$self->{_master_opts}}, -o => "ServerAliveInterval=$timeout", '-x2M'); С уважением, Павлов Алексей :-)

Tue Sep 15 06:46:07 2015 sfandino [...] yahoo.com - Correspondence added

Subject:	Re: [rt.cpan.org #107099] Connect with -N key
Date:	Tue, 15 Sep 2015 10:45:46 +0000 (UTC)
To:	"bug-Net-OpenSSH [...] rt.cpan.org" <bug-Net-OpenSSH [...] rt.cpan.org>
From:	Salvador Fandino <sfandino [...] yahoo.com>

Show quoted text

>________________________________ > From: Алексей Павлов via RT <bug-Net-OpenSSH@rt.cpan.org> >To: >Sent: Tuesday, September 15, 2015 10:11 AM >Subject: [rt.cpan.org #107099] Connect with -N key > > >Tue Sep 15 04:11:02 2015: Request 107099 was acted upon. >Transaction: Ticket created by madlord@list.ru > Queue: Net-OpenSSH > Subject: Connect with -N key > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: madlord@list.ru > Status: new >Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 >

Before placing a workaround in the module I would like to know why the connection fails when -N is used. Could you run both versions with ssh in verbose mode and send me the output? $ssh = Net::OpenSSH->new($host, master_opts => [qw(-vvv)]); $ssh->system;

Tue Sep 15 06:46:07 2015 The RT System itself - Status changed from 'new' to 'open'

Tue Sep 15 07:03:21 2015 madlord [...] list.ru - Correspondence added

Subject:	Re[2]: [rt.cpan.org #107099] Connect with -N key
Date:	Tue, 15 Sep 2015 14:02:52 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

/etc/ssh/ssh_config Host * GSSAPIAuthentication yes SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE SendEnv XMODIFIERS With -N key OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 213.228.116.181 [213.228.116.181] port 22. debug1: Connection established. debug1: identity file /home/dslam/.ssh/id_rsa type -1 debug1: identity file /home/dslam/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version 2.0.12 debug1: match: 2.0.12 pat 2.0.11*,2.0.12* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 792 bytes for a total of 813 debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client 3des-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server 3des-cbc hmac-md5 none debug2: dh_gen_key: priv key bits set: 190/384 debug2: bits set: 496/1024 debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug3: Wrote 144 bytes for a total of 957 debug3: check_host_in_hostfile: filename /home/dslam/.ssh/known_hosts2 debug3: check_host_in_hostfile: match line 1 debug1: Host '213.228.116.181' is known and matches the DSA host key. debug1: Found key in /home/dslam/.ssh/known_hosts2:1 debug2: bits set: 506/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: Wrote 16 bytes for a total of 973 debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug3: Wrote 48 bytes for a total of 1021 debug2: buggy server: service_accept w/o service debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/dslam/.ssh/id_rsa ((nil)) debug2: key: /home/dslam/.ssh/id_dsa ((nil)) debug3: Wrote 64 bytes for a total of 1085 debug1: Authentication succeeded (none). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: setting up multiplex master socket debug2: fd 7 setting O_NONBLOCK debug1: Entering interactive session. debug3: Wrote 56 bytes for a total of 1141 debug3: fd 8 is not O_NONBLOCK debug3: ssh_msg_recv entering debug3: ssh_msg_send: type 2 debug3: fd 8 is not O_NONBLOCK debug3: ssh_msg_recv entering debug3: ssh_msg_send: type 2 debug3: ssh_msg_recv entering debug3: muxserver_accept_control: receiving 1 env vars debug2: muxserver_accept_control: accepted tty 1, subsys 0, cmd debug2: muxserver_accept_control: got fds stdin 9, stdout 10, stderr 11 debug3: ssh_msg_send: type 2 debug2: fd 8 setting O_NONBLOCK debug1: channel 1: new [client-session] debug3: muxserver_accept_control: channel_new: 1 debug2: channel 1: send open debug3: Wrote 56 bytes for a total of 1197 debug2: channel 0: open confirm rwindow 12288 rmax 512 Received disconnect from 213.228.116.181: 2: Shared connection to 213.228.116.181 closed. Without -N key OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 213.228.116.181 [213.228.116.181] port 22. debug1: Connection established. debug1: identity file /home/dslam/.ssh/id_rsa type -1 debug1: identity file /home/dslam/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version 2.0.12 debug1: match: 2.0.12 pat 2.0.11*,2.0.12* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 792 bytes for a total of 813 debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client 3des-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server 3des-cbc hmac-md5 none debug2: dh_gen_key: priv key bits set: 196/384 debug2: bits set: 494/1024 debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug3: Wrote 144 bytes for a total of 957 debug3: check_host_in_hostfile: filename /home/dslam/.ssh/known_hosts2 debug3: check_host_in_hostfile: match line 1 debug1: Host '213.228.116.181' is known and matches the DSA host key. debug1: Found key in /home/dslam/.ssh/known_hosts2:1 debug2: bits set: 525/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: Wrote 16 bytes for a total of 973 debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug3: Wrote 48 bytes for a total of 1021 debug2: buggy server: service_accept w/o service debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/dslam/.ssh/id_rsa ((nil)) debug2: key: /home/dslam/.ssh/id_dsa ((nil)) debug3: Wrote 64 bytes for a total of 1085 debug1: Authentication succeeded (none). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: setting up multiplex master socket debug2: fd 7 setting O_NONBLOCK debug1: Entering interactive session. debug3: Wrote 56 bytes for a total of 1141 debug3: fd 8 is not O_NONBLOCK debug3: ssh_msg_recv entering debug3: ssh_msg_send: type 2 debug3: fd 8 is not O_NONBLOCK debug3: ssh_msg_recv entering debug3: ssh_msg_send: type 2 debug3: ssh_msg_recv entering debug3: muxserver_accept_control: receiving 1 env vars debug2: muxserver_accept_control: accepted tty 1, subsys 0, cmd debug2: muxserver_accept_control: got fds stdin 9, stdout 10, stderr 11 debug3: ssh_msg_send: type 2 debug2: fd 8 setting O_NONBLOCK debug1: channel 1: new [client-session] debug3: muxserver_accept_control: channel_new: 1 debug2: channel 1: send open debug3: Wrote 56 bytes for a total of 1197 debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug3: Ignored env HOSTNAME debug3: Ignored env TERM debug3: Ignored env SHELL debug3: Ignored env HISTSIZE debug3: Ignored env SSH_CLIENT debug3: Ignored env QTDIR debug3: Ignored env QTINC debug3: Ignored env SSH_TTY debug3: Ignored env USER debug3: Ignored env LS_COLORS debug3: Ignored env MAIL debug3: Ignored env PATH debug3: Ignored env PWD debug1: Sending env LANG = ru_RU.KOI8-R debug2: channel 0: request env confirm 0 debug3: Ignored env HISTCONTROL debug3: Ignored env SHLVL debug3: Ignored env HOME debug3: Ignored env LOGNAME debug3: Ignored env QTLIB debug3: Ignored env CVS_RSH debug3: Ignored env SSH_CONNECTION debug3: Ignored env LESSOPEN debug3: Ignored env G_BROKEN_FILENAMES debug3: Ignored env _ debug3: Ignored env OLDPWD debug2: channel 0: request shell confirm 1 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 12288 rmax 512 debug3: Wrote 432 bytes for a total of 1629 Received disconnect from 213.228.116.181: 2: Shared connection to 213.228.116.181 closed. Show quoted text

>Вторник, 15 сентября 2015, 6:46 -04:00 от "Salvador \"Fandiño\" via RT" <bug-Net-OpenSSH@rt.cpan.org>: > ><URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > > > >

>>________________________________ >> From: Алексей Павлов via RT < bug-Net-OpenSSH@rt.cpan.org > >>To: >>Sent: Tuesday, September 15, 2015 10:11 AM >>Subject: [rt.cpan.org #107099] Connect with -N key >> >> >>Tue Sep 15 04:11:02 2015: Request 107099 was acted upon. >>Transaction: Ticket created by madlord@list.ru >> Queue: Net-OpenSSH >> Subject: Connect with -N key >> Broken in: (no value) >> Severity: (no value) >> Owner: Nobody >> Requestors: madlord@list.ru >> Status: new >>Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 >

> > >Before placing a workaround in the module I would like to know why the connection fails when -N is used. > > >Could you run both versions with ssh in verbose mode and send me the output? > > $ssh = Net::OpenSSH->new($host, master_opts => [qw(-vvv)]); > $ssh->system; >

С уважением, Павлов Алексей :-)

Message body is not shown because it is too large.

Tue Sep 15 07:34:07 2015 sfandino [...] yahoo.com - Correspondence added

Subject:	Re: Re[2]: [rt.cpan.org #107099] Connect with -N key
Date:	Tue, 15 Sep 2015 11:33:50 +0000 (UTC)
To:	"bug-Net-OpenSSH [...] rt.cpan.org" <bug-Net-OpenSSH [...] rt.cpan.org>
From:	Salvador Fandino <sfandino [...] yahoo.com>

Show quoted text

----- Original Message -----

> From: Алексей Павлов via RT <bug-Net-OpenSSH@rt.cpan.org> > To: > Cc: > Sent: Tuesday, September 15, 2015 1:03 PM > Subject: Re[2]: [rt.cpan.org #107099] Connect with -N key > > Queue: Net-OpenSSH > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > /etc/ssh/ssh_config > > Host * > GSSAPIAuthentication yes > SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES > SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT > SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE > SendEnv XMODIFIERS > With -N key > > OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 > ... > debug2: channel 0: open confirm rwindow 12288 rmax 512 > Received disconnect from 213.228.116.181: 2: > Shared connection to 213.228.116.181 closed. > Without -N key > > OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 > ... > debug2: channel 0: open confirm rwindow 12288 rmax 512 > debug3: Wrote 432 bytes for a total of 1629 > Received disconnect from 213.228.116.181: 2: > Shared connection to 213.228.116.181 closed.

So, it doesn't seem to be working without the -N flag either... Maybe the remote machine can only handle channels requiring a tty: $ssh = Net::OpenSSH->new($host, master_opts => [qw(-vvv)]); $ssh->system({tty => 1});

Wed Sep 16 03:18:49 2015 madlord [...] list.ru - Correspondence added

Subject:	Re[4]: [rt.cpan.org #107099] Connect with -N key
Date:	Wed, 16 Sep 2015 10:18:25 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

No, this not work. With -N key debug3: ssh_msg_send: type 2 debug2: fd 8 setting O_NONBLOCK debug1: channel 1: new [client-session] debug3: muxserver_accept_control: channel_new: 1 debug2: channel 1: send open debug3: Wrote 56 bytes for a total of 1197 debug2: channel 0: open confirm rwindow 12288 rmax 512 Received disconnect from 213.228.116.181: 2: Shared connection to 213.228.116.181 closed. Without -N key debug3: ssh_msg_send: type 2 debug2: fd 8 setting O_NONBLOCK debug1: channel 1: new [client-session] debug3: muxserver_accept_control: channel_new: 1 debug2: channel 1: send open debug3: Wrote 56 bytes for a total of 1197 debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug3: Ignored env HOSTNAME debug3: Ignored env TERM debug3: Ignored env SHELL debug3: Ignored env HISTSIZE debug3: Ignored env SSH_CLIENT debug3: Ignored env QTDIR debug3: Ignored env OLDPWD debug3: Ignored env QTINC debug3: Ignored env SSH_TTY debug3: Ignored env USER debug3: Ignored env LS_COLORS debug3: Ignored env MAIL debug3: Ignored env PATH debug3: Ignored env PWD debug1: Sending env LANG = ru_RU.KOI8-R debug2: channel 0: request env confirm 0 debug3: Ignored env HISTCONTROL debug3: Ignored env SHLVL debug3: Ignored env HOME debug3: Ignored env LOGNAME debug3: Ignored env QTLIB debug3: Ignored env CVS_RSH debug3: Ignored env SSH_CONNECTION debug3: Ignored env LESSOPEN debug3: Ignored env G_BROKEN_FILENAMES debug3: Ignored env _ debug2: channel 0: request shell confirm 1 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 12288 rmax 512 debug3: Wrote 432 bytes for a total of 1629 Received disconnect from 213.228.116.181: 2: Shared connection to 213.228.116.181 closed. Simply, if connect with this: ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -vvv -p 22 host work ok if connect with this: ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -vvv -N -p 22 host no data from host and connection not closed by timeout debug1: Authentication succeeded (none). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug3: Wrote 56 bytes for a total of 1141 debug2: channel 0: open confirm rwindow 12288 rmax 512 debug3: Wrote 56 bytes for a total of 1197 debug3: Wrote 56 bytes for a total of 1253 debug3: Wrote 56 bytes for a total of 1309 debug3: Wrote 56 bytes for a total of 1365 ...... Show quoted text

>Вторник, 15 сентября 2015, 7:34 -04:00 от "Salvador \"Fandiño\" via RT" < bug-Net-OpenSSH@rt.cpan.org >: > ><URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > > > > >----- Original Message -----

>> From: Алексей Павлов via RT < bug-Net-OpenSSH@rt.cpan.org > >> To: >> Cc: >> Sent: Tuesday, September 15, 2015 1:03 PM >> Subject: Re[2]: [rt.cpan.org #107099] Connect with -N key >> >> Queue: Net-OpenSSH >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > >> >> /etc/ssh/ssh_config >> >> Host * >> GSSAPIAuthentication yes >> SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES >> SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT >> SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE >> SendEnv XMODIFIERS >> With -N key >> >> OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 >> ... >> debug2: channel 0: open confirm rwindow 12288 rmax 512 >> Received disconnect from 213.228.116.181: 2: >> Shared connection to 213.228.116.181 closed. >> Without -N key >> >> OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 >> ... >> debug2: channel 0: open confirm rwindow 12288 rmax 512 >> debug3: Wrote 432 bytes for a total of 1629 >> Received disconnect from 213.228.116.181: 2: >> Shared connection to 213.228.116.181 closed.

> > >So, it doesn't seem to be working without the -N flag either... > > >Maybe the remote machine can only handle channels requiring a tty: > > $ssh = Net::OpenSSH->new($host, master_opts => [qw(-vvv)]); > $ssh->system({tty => 1}); >

С уважением, Павлов Алексей :-) ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -p 22 213.228.116.181

Wed Sep 16 04:59:48 2015 sfandino [...] yahoo.com - Correspondence added

Subject:	Re: Re[4]: [rt.cpan.org #107099] Connect with -N key
Date:	Wed, 16 Sep 2015 08:59:36 +0000 (UTC)
To:	"bug-Net-OpenSSH [...] rt.cpan.org" <bug-Net-OpenSSH [...] rt.cpan.org>
From:	Salvador Fandino <sfandino [...] yahoo.com>

Show quoted text

----- Original Message -----

> From: Алексей Павлов via RT <bug-Net-OpenSSH@rt.cpan.org> > To: > Cc: > Sent: Wednesday, September 16, 2015 9:18 AM > Subject: Re[4]: [rt.cpan.org #107099] Connect with -N key

> Simply, if connect with this: > ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -vvv -p 22 host > work ok > if connect with this: > ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -vvv -N -p 22 host > no data from host and connection not closed by timeout

Yes, but that is the expected behavior. Your problem is not the -N flag. Can you post the output from the following command run from the command line: ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -vvv -p 22 host

Wed Sep 16 05:12:10 2015 madlord [...] list.ru - Correspondence added

Subject:	Re[6]: [rt.cpan.org #107099] Connect with -N key
Date:	Wed, 16 Sep 2015 12:11:46 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

When the "Username:" string is shown, i send Ctrl+C: OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 213.228.116.181 [213.228.116.181] port 22. debug1: Connection established. debug1: identity file /home/dslam/.ssh/identity type -1 debug1: identity file /home/dslam/.ssh/id_rsa type -1 debug1: identity file /home/dslam/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version 2.0.12 debug1: match: 2.0.12 pat 2.0.11*,2.0.12* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 792 bytes for a total of 813 debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client 3des-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server 3des-cbc hmac-md5 none debug2: dh_gen_key: priv key bits set: 187/384 debug2: bits set: 510/1024 debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug3: Wrote 144 bytes for a total of 957 debug3: check_host_in_hostfile: filename /home/dslam/.ssh/known_hosts2 debug3: check_host_in_hostfile: match line 1 debug1: Host '213.228.116.181' is known and matches the DSA host key. debug1: Found key in /home/dslam/.ssh/known_hosts2:1 debug2: bits set: 538/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: Wrote 16 bytes for a total of 973 debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug3: Wrote 48 bytes for a total of 1021 debug2: buggy server: service_accept w/o service debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/dslam/.ssh/identity ((nil)) debug2: key: /home/dslam/.ssh/id_rsa ((nil)) debug2: key: /home/dslam/.ssh/id_dsa ((nil)) debug3: Wrote 64 bytes for a total of 1085 debug1: Authentication succeeded (none). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug3: Wrote 56 bytes for a total of 1141 debug2: callback start debug2: client_session2_setup: id 0 debug2: channel 0: request pty-req confirm 1 debug1: Sending environment. debug3: Ignored env HOSTNAME debug3: Ignored env TERM debug3: Ignored env SHELL debug3: Ignored env HISTSIZE debug3: Ignored env SSH_CLIENT debug3: Ignored env QTDIR debug3: Ignored env OLDPWD debug3: Ignored env QTINC debug3: Ignored env SSH_TTY debug3: Ignored env USER debug3: Ignored env LS_COLORS debug3: Ignored env MAIL debug3: Ignored env PATH debug3: Ignored env PWD debug1: Sending env LANG = ru_RU.KOI8-R debug2: channel 0: request env confirm 0 debug3: Ignored env HISTCONTROL debug3: Ignored env SHLVL debug3: Ignored env HOME debug3: Ignored env LOGNAME debug3: Ignored env QTLIB debug3: Ignored env CVS_RSH debug3: Ignored env SSH_CONNECTION debug3: Ignored env LESSOPEN debug3: Ignored env G_BROKEN_FILENAMES debug3: Ignored env _ debug2: channel 0: request shell confirm 1 debug2: fd 3 setting TCP_NODELAY debug2: callback done debug2: channel 0: open confirm rwindow 12288 rmax 512 debug3: Wrote 432 bytes for a total of 1573 debug2: channel_input_status_confirm: type 99 id 0 debug2: PTY allocation request accepted on channel 0 ************************************************************************ WARNING! This is a private system, and is the property of Sibirtelecom JSC. Access is restricted to authorized users and to authorized purposes. Users (authorized and unauthorized) have no explicit or implicit expectation of privacy. Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site, Sibirtelecom JSC, and law enforcement personnel. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of authorized site or Sibirtelecom JSC personnel. UNAUTHORIZED OR IMPROPER USE OF THIS SYSTEM MAY RESULT IN ADMINISTRATIVE DISCIPLINARY ACTION AND CIVIL AND CRIMINAL PENALTIES. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the condidebug2: channel_input_status_confirm: type 99 id 0 debug2: shell request accepted on channel 0 tions stated in this warning. ************************************************************************ Username: debug3: Wrote 40 bytes for a total of 1613 ^C debug2: channel 0: rcvd close debug2: channel 0: output open -> drain debug2: channel 0: close_read debug2: channel 0: input open -> closed debug3: channel 0: will not send data after close debug2: channel 0: obuf empty debug2: channel 0: close_write debug2: channel 0: output drain -> closed debug2: channel 0: almost dead debug2: channel 0: gc: notify user debug2: channel 0: gc: user detached debug2: channel 0: send close debug2: channel 0: is dead debug2: channel 0: garbage collecting debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t4 r5340 i3/0 o3/0 fd -1/-1 cfd -1) debug3: channel 0: close_fds r -1 w -1 e 6 c -1 debug3: Wrote 32 bytes for a total of 1645 debug3: Wrote 56 bytes for a total of 1701 Connection to 213.228.116.181 closed. Transferred: sent 1536, received 2440 bytes, in 4.2 seconds Bytes per second: sent 367.2, received 583.4 debug1: Exit status -1 Show quoted text

>Среда, 16 сентября 2015, 4:59 -04:00 от "Salvador \"Fandiño\" via RT" <bug-Net-OpenSSH@rt.cpan.org>: > ><URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > > > > >----- Original Message -----

>> From: Алексей Павлов via RT < bug-Net-OpenSSH@rt.cpan.org > >> To: >> Cc: >> Sent: Wednesday, September 16, 2015 9:18 AM >> Subject: Re[4]: [rt.cpan.org #107099] Connect with -N key

>> Simply, if connect with this: >> ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -vvv -p 22 host >> work ok >> if connect with this: >> ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -vvv -N -p 22 host >> no data from host and connection not closed by timeout

> > >Yes, but that is the expected behavior. Your problem is not the -N flag. > >Can you post the output from the following command run from the command line: > > > ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -vvv -p 22 host >

С уважением, Павлов Алексей :-)

Wed Sep 16 06:45:43 2015 sfandino [...] yahoo.com - Correspondence added

Subject:	Re: Re[6]: [rt.cpan.org #107099] Connect with -N key
Date:	Wed, 16 Sep 2015 10:45:20 +0000 (UTC)
To:	"bug-Net-OpenSSH [...] rt.cpan.org" <bug-Net-OpenSSH [...] rt.cpan.org>
From:	Salvador Fandino <sfandino [...] yahoo.com>

And finally, can you also post the full debugging output for $ssh = Net::OpenSSH->new($host, master_opts => [qw(-vvv)]); $ssh->system({tty => 1}); Because, this should be equivalent to the previous command and it should work. In case it doesn't, looking at the differences may hopefully allow us to see why.

Wed Sep 16 06:54:49 2015 madlord [...] list.ru - Correspondence added

Subject:	Re[8]: [rt.cpan.org #107099] Connect with -N key
Date:	Wed, 16 Sep 2015 13:54:19 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

Message body is not shown because it is too large.

Wed Sep 16 08:45:38 2015 sfandino [...] yahoo.com - Correspondence added

Subject:	Re: Re[8]: [rt.cpan.org #107099] Connect with -N key
Date:	Wed, 16 Sep 2015 12:45:29 +0000 (UTC)
To:	"bug-Net-OpenSSH [...] rt.cpan.org" <bug-Net-OpenSSH [...] rt.cpan.org>
From:	Salvador Fandino <sfandino [...] yahoo.com>

1) Can you ensure you are using a clean version of Net::OpenSSH as downloaded from CPAN, without any modifications. 2) It looks as if the traces (from the ssh command run at the terminal and from Net::OpenSSH) were from different machines. Could you run both proves in the same environment?

Wed Sep 16 23:58:40 2015 madlord [...] list.ru - Correspondence added

Subject:	Re[10]: [rt.cpan.org #107099] Connect with -N key
Date:	Thu, 17 Sep 2015 06:58:21 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

Message body is not shown because it is too large.

Thu Sep 17 04:43:42 2015 sfandino [...] yahoo.com - Correspondence added

Subject:	Re: Re[10]: [rt.cpan.org #107099] Connect with -N key
Date:	Thu, 17 Sep 2015 08:43:19 +0000 (UTC)
To:	"bug-Net-OpenSSH [...] rt.cpan.org" <bug-Net-OpenSSH [...] rt.cpan.org>
From:	Salvador Fandino <sfandino [...] yahoo.com>

Show quoted text

----- Original Message -----

> From: Алексей Павлов via RT <bug-Net-OpenSSH@rt.cpan.org> > To: > Cc: > Sent: Thursday, September 17, 2015 5:58 AM > Subject: Re[10]: [rt.cpan.org #107099] Connect with -N key > > Queue: Net-OpenSSH > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > 1) I now install last version (0.64) from CPAN. No any modifications > 2) No, ssh client and Net::OpenSSH script run on same machine (Linux hostname > 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 > GNU/Linux) and environment witn this packages:

There are subtle differences between both traces... oh, wait, could your server be accepting SSH v1 only? Does the following command work? ssh -2 -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -vvv -p 22 host

Thu Sep 17 05:24:35 2015 madlord [...] list.ru - Correspondence added

Subject:	Re[12]: [rt.cpan.org #107099] Connect with -N key
Date:	Thu, 17 Sep 2015 12:24:21 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

Yes, this command work. From previous my answer: debug1: Remote protocol version 2.0, remote software version 2.0.12 Show quoted text

>Четверг, 17 сентября 2015, 4:43 -04:00 от "Salvador \"Fandiño\" via RT" <bug-Net-OpenSSH@rt.cpan.org>: > ><URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > > > > >----- Original Message -----

>> From: Алексей Павлов via RT < bug-Net-OpenSSH@rt.cpan.org > >> To: >> Cc: >> Sent: Thursday, September 17, 2015 5:58 AM >> Subject: Re[10]: [rt.cpan.org #107099] Connect with -N key >> >> Queue: Net-OpenSSH >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > >> >> 1) I now install last version (0.64) from CPAN. No any modifications >> 2) No, ssh client and Net::OpenSSH script run on same machine (Linux hostname >> 2.6.32-358.el6.x86_64 #1 SMP Tue Jan 29 11:47:41 EST 2013 x86_64 x86_64 x86_64 >> GNU/Linux) and environment witn this packages:

> > >There are subtle differences between both traces... oh, wait, could your server be accepting SSH v1 only? > >Does the following command work? > > ssh -2 -o StrictHostKeyChecking=no -o ServerAliveInterval=20 -vvv -p 22 host >

С уважением, Павлов Алексей :-)

Thu Sep 17 06:27:19 2015 sfandino [...] yahoo.com - Correspondence added

Subject:	Re: Re[12]: [rt.cpan.org #107099] Connect with -N key
Date:	Thu, 17 Sep 2015 10:24:21 +0000 (UTC)
To:	"bug-Net-OpenSSH [...] rt.cpan.org" <bug-Net-OpenSSH [...] rt.cpan.org>
From:	Salvador Fandino <sfandino [...] yahoo.com>

Show quoted text

----- Original Message -----

> From: Алексей Павлов via RT <bug-Net-OpenSSH@rt.cpan.org> > To: > Cc: > Sent: Thursday, September 17, 2015 11:24 AM > Subject: Re[12]: [rt.cpan.org #107099] Connect with -N key > > Queue: Net-OpenSSH > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > Yes, this command work. From previous my answer:

> debug1: Remote protocol version 2.0, remote software version 2.0.12

Yes, but OpenSSH has several workarounds inside for servers that do not implement the protocol correctly and forcing v2 could be disabling some. Anyway, after looking at all the traces you have posted I am pretty sure the real problem is that the remote server doesn't accept running more than one channel concurrently per SSH connection. Just to ensure that this is the case, could you run the following script: use Net::OpenSSH; $Net::OpenSSH::debug=-1; $ssh = Net::OpenSSH->new(localhost, master_opts => [qw(-vvv)]); warn "hello!"; sleep 4; warn "bye!"; $ssh->system("exit") If that hypothesis turns to be true, then Net::OpenSSH can't not be made to work because it requires multiple channels. Maybe you could use my other module Net::SSH::Any (go for the development version in GitHub https://github.com/salva/p5-Net-SSH-Any) whose usage is pretty similar to that of Net::OpenSSH, or Net::SSH2 (ensure you get the latest development version 0.54_02). Also, there are several modules on CPAN specific for talking to network equipment.

Thu Sep 17 06:42:23 2015 madlord [...] list.ru - Correspondence added

Subject:	Re[14]: [rt.cpan.org #107099] Connect with -N key
Date:	Thu, 17 Sep 2015 13:42:00 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

"remote server doesn't accept running more than one channel concurrently per SSH connection" Yes, i think about it. But don`t know how to check this. May be this check can be realize in Net::OpenSSH? Result: # open_ex: ['ssh','-V'] # io3 mloop, cin: 0, cout: 1, cerr: 0 # io3 fast, cin: 0, cout: 1, cerr: 0 # stdout, bytes read: 46 at offset 0 #> 4f 70 65 6e 53 53 48 5f 35 2e 33 70 31 2c 20 4f 70 65 6e 53 53 4c 20 31 2e 30 2e 30 2d 66 69 70 | OpenSSH_5.3p1, OpenSSL 1.0.0-fip #> 73 20 32 39 20 4d 61 72 20 32 30 31 30 0a | s 29 Mar 2010. # io3 fast, cin: 0, cout: 1, cerr: 0 # stdout, bytes read: 0 at offset 46 # leaving _io3() # _waitpid(3317) => pid: 3317, rc: 0, err: # OpenSSH verion is 5.3p1, # ctl_path: /home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411, ctl_dir: /home/dslam/.libnet-openssh-perl/ # _is_secure_path(dir: /home/dslam/.libnet-openssh-perl, file mode: 16877, file uid: 1056, euid: 1056 # _is_secure_path(dir: /home/dslam, file mode: 16877, file uid: 1056, euid: 1056 # set_error(0 - 0) # call args: ['ssh','-vvvv','-o','ServerAliveInterval=20','-2MNx','-S','/home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411','213.228.116.181','--'] # master state jumping from _STATE_START to _STATE_AWAITING_MUX # file object not yet found at /home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411, state:_STATE_AWAITING_MUX # file object not yet found at /home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411, state:_STATE_AWAITING_MUX # file object not yet found at /home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411, state:_STATE_AWAITING_MUX # file object not yet found at /home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411, state:_STATE_AWAITING_MUX # file object not yet found at /home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411, state:_STATE_AWAITING_MUX # file object not yet found at /home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411, state:_STATE_AWAITING_MUX # tracer attached, ssh pid: 3318, tracer pid: 3319 OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 213.228.116.181 [213.228.116.181] port 22. debug1: Connection established. debug1: identity file /home/dslam/.ssh/id_rsa type -1 debug1: identity file /home/dslam/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version 2.0.12 debug1: match: 2.0.12 pat 2.0.11*,2.0.12* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug2: fd 3 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug3: Wrote 792 bytes for a total of 813 debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group1-sha1 debug2: kex_parse_kexinit: ssh-dss debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: hmac-sha1,hmac-md5 debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: none debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_setup: found hmac-md5 debug1: kex: server->client 3des-cbc hmac-md5 none debug2: mac_setup: found hmac-md5 debug1: kex: client->server 3des-cbc hmac-md5 none debug2: dh_gen_key: priv key bits set: 193/384 debug2: bits set: 530/1024 debug1: sending SSH2_MSG_KEXDH_INIT debug1: expecting SSH2_MSG_KEXDH_REPLY debug3: Wrote 144 bytes for a total of 957 debug3: check_host_in_hostfile: filename /home/dslam/.ssh/known_hosts2 debug3: check_host_in_hostfile: match line 1 debug1: Host '213.228.116.181' is known and matches the DSA host key. debug1: Found key in /home/dslam/.ssh/known_hosts2:1 debug2: bits set: 530/1024 debug1: ssh_dss_verify: signature correct debug2: kex_derive_keys debug2: set_newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug3: Wrote 16 bytes for a total of 973 debug2: set_newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug3: Wrote 48 bytes for a total of 1021 debug2: buggy server: service_accept w/o service debug1: SSH2_MSG_SERVICE_ACCEPT received debug2: key: /home/dslam/.ssh/id_rsa ((nil)) debug2: key: /home/dslam/.ssh/id_dsa ((nil)) debug3: Wrote 64 bytes for a total of 1085 debug1: Authentication succeeded (none). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: setting up multiplex master socket debug2: fd 7 setting O_NONBLOCK debug1: Entering interactive session. debug3: Wrote 56 bytes for a total of 1141 # file object found at /home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411 # master state jumping from _STATE_AWAITING_MUX to _STATE_RUNNING # call args: ['ssh','-O','check','-T','-S','/home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411','213.228.116.181','--'] # open_ex: ['ssh','-O','check','-T','-S','/home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411','213.228.116.181','--'] # io3 mloop, cin: 0, cout: 1, cerr: 0 # io3 fast, cin: 0, cout: 1, cerr: 0 debug3: fd 8 is not O_NONBLOCK debug3: ssh_msg_recv entering debug3: ssh_msg_send: type 2 # stdout, bytes read: 27 at offset 0 #> 4d 61 73 74 65 72 20 72 75 6e 6e 69 6e 67 20 28 70 69 64 3d 33 33 31 38 29 0d 0a | Master running (pid=3318).. # io3 fast, cin: 0, cout: 1, cerr: 0 # stdout, bytes read: 0 at offset 27 # leaving _io3() # _waitpid(3322) => pid: 3322, rc: 0, err: hello! at testssh.pl line 43. debug2: channel 0: open confirm rwindow 12288 rmax 512 bye! at testssh.pl line 45. # call args: ['ssh','-S','/home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411','213.228.116.181','--','exit'] # open_ex: ['ssh','-S','/home/dslam/.libnet-openssh-perl/213.228.116.181-3316-998411','213.228.116.181','--','exit'] debug3: fd 8 is not O_NONBLOCK debug3: ssh_msg_recv entering debug3: ssh_msg_send: type 2 debug3: ssh_msg_recv entering debug3: muxserver_accept_control: receiving 1 env vars debug2: muxserver_accept_control: accepted tty 0, subsys 0, cmd exit debug2: muxserver_accept_control: got fds stdin 9, stdout 10, stderr 11 debug3: ssh_msg_send: type 2 debug2: fd 8 setting O_NONBLOCK debug1: channel 1: new [client-session] debug3: muxserver_accept_control: channel_new: 1 debug2: channel 1: send open debug3: Wrote 56 bytes for a total of 1197 Received disconnect from 213.228.116.181: 2: # _waitpid(3325) => pid: 3325, rc: 65280, err: Прерван системный вызов # set_error(5 - child exited with code 255) # DESTROY(Net::OpenSSH=HASH(0x2b583d8), pid: 3318) # sending exit control to master # master 3318 exited, rc:65280, err: # set_error(1 - control command failed: master process exited unexpectedly) # master state jumping from _STATE_RUNNING to _STATE_GONE # master state jumping from _STATE_GONE to _STATE_GONE Show quoted text

>Четверг, 17 сентября 2015, 6:27 -04:00 от "Salvador \"Fandiño\" via RT" <bug-Net-OpenSSH@rt.cpan.org>: > ><URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > > > > >----- Original Message -----

>> From: Алексей Павлов via RT < bug-Net-OpenSSH@rt.cpan.org > >> To: >> Cc: >> Sent: Thursday, September 17, 2015 11:24 AM >> Subject: Re[12]: [rt.cpan.org #107099] Connect with -N key >> >> Queue: Net-OpenSSH >> Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > >> >> Yes, this command work. From previous my answer:

>> debug1: Remote protocol version 2.0, remote software version 2.0.12

> >Yes, but OpenSSH has several workarounds inside for servers that do not implement the protocol correctly and forcing v2 could be disabling some. > >Anyway, after looking at all the traces you have posted I am pretty sure the real problem is that the remote server doesn't accept running more than one channel concurrently per SSH connection. > >Just to ensure that this is the case, could you run the following script: > > use Net::OpenSSH; > $Net::OpenSSH::debug=-1; > $ssh = Net::OpenSSH->new(localhost, master_opts => [qw(-vvv)]); > warn "hello!"; > sleep 4; > warn "bye!"; > $ssh->system("exit") > >If that hypothesis turns to be true, then Net::OpenSSH can't not be made to work because it requires multiple channels. > >Maybe you could use my other module Net::SSH::Any (go for the development version in GitHub >https://github.com/salva/p5-Net-SSH-Any ) whose usage is pretty similar to that of Net::OpenSSH, or Net::SSH2 (ensure you get the latest development version 0.54_02). > >Also, there are several modules on CPAN specific for talking to network equipment. >

С уважением, Павлов Алексей :-)

Thu Sep 17 06:56:44 2015 sfandino [...] yahoo.com - Correspondence added

Subject:	Re: Re[14]: [rt.cpan.org #107099] Connect with -N key
Date:	Thu, 17 Sep 2015 10:53:40 +0000 (UTC)
To:	"bug-Net-OpenSSH [...] rt.cpan.org" <bug-Net-OpenSSH [...] rt.cpan.org>
From:	Salvador Fandino <sfandino [...] yahoo.com>

Show quoted text

----- Original Message -----

> From: Алексей Павлов via RT <bug-Net-OpenSSH@rt.cpan.org> > To: > Cc: > Sent: Thursday, September 17, 2015 12:42 PM > Subject: Re[14]: [rt.cpan.org #107099] Connect with -N key > > Queue: Net-OpenSSH > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > "remote server doesn't accept running more than one channel > concurrently per SSH connection" > Yes, i think about it. But don`t know how to check this. May be this check can > be realize in Net::OpenSSH? > > Result: > > # open_ex: ['ssh','-V']

>... > debug2: channel 1: send open> debug3: Wrote 56 bytes for a total of 1197

> Received disconnect from 213.228.116.181: 2:

It is pretty obvious the problem is that. As soon as a second channel is requested the remote side drops the connection.

Mon Sep 21 05:21:06 2015 salva [...] cpan.org - Correspondence added

Show quoted text

> > Received disconnect from 213.228.116.181: 2:

> > It is pretty obvious the problem is that. As soon as a second channel > is requested the remote side drops the connection.

I have found that OpenSSH has a work around for that particular version of SSH used on the server. It opens a dummy channel upon connection. We could try disabling that work around, but that would mean patching OpenSSH. So, would you be able to compile a patched ssh client and use it to run some tests against your network equipment if I send you the patch for OpenSSH?

Mon Sep 21 05:36:46 2015 madlord [...] list.ru - Correspondence added

Subject:	Re: [rt.cpan.org #107099] Connect with -N key
Date:	Mon, 21 Sep 2015 12:36:29 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

Yes, i can. Show quoted text

>Понедельник, 21 сентября 2015, 5:21 -04:00 от "Salvador Fandino Garcia via RT" <bug-Net-OpenSSH@rt.cpan.org>: > ><URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > >

>> > Received disconnect from 213.228.116.181: 2:

>> >> It is pretty obvious the problem is that. As soon as a second channel >> is requested the remote side drops the connection.

> >I have found that OpenSSH has a work around for that particular version of SSH used on the server. It opens a dummy channel upon connection. We could try disabling that work around, but that would mean patching OpenSSH. > >So, would you be able to compile a patched ssh client and use it to run some tests against your network equipment if I send you the patch for OpenSSH? > >

С уважением, Павлов Алексей :-)

Mon Sep 21 06:06:05 2015 salva [...] cpan.org - Correspondence added

On Mon Sep 21 05:36:46 2015, madlord@list.ru wrote: Show quoted text

> Yes, i can.

Ok, here it goes. You will have to download the openssh package from some mirror (i.e. http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-7.1p1.tar.gz) and apply the attached patch to ssh.c, run configure and make, prepend the full path for the openssh-7.1p1 directory to $PATH so that the patched version of ssh is found first, and then run again the following perl script: use Net::OpenSSH; $Net::OpenSSH::debug = -1; $ssh = Net::OpenSSH->new($host, master_opts => [qw(-vvv)]); $ssh->system({tty => 1}); Does it work? If it does I will write a more elaborated patch and send it upstream.

Mon Sep 21 06:08:44 2015 salva [...] cpan.org - Correspondence added

On Mon Sep 21 06:06:05 2015, SALVA wrote: Show quoted text

> On Mon Sep 21 05:36:46 2015, madlord@list.ru wrote:

> > Yes, i can.

> > Ok, here it goes.

And now, with the actual patch!

Subject:

ssh.c.patch

--- ssh.c~ 2015-08-21 06:49:03.000000000 +0200 +++ ssh.c 2015-09-21 11:57:51.462905891 +0200 @@ -1896,9 +1896,11 @@ if (options.control_persist && muxserver_sock == -1) ssh_init_stdio_forwarding(); - if (!no_shell_flag || (datafellows & SSH_BUG_DUMMYCHAN)) + if (!no_shell_flag) /* || (datafellows & SSH_BUG_DUMMYCHAN)) */ id = ssh_session2_open(); else { + if (datafellows & SSH_BUG_DUMMYCHAN) + debug("Skipping work around for bug dummychan"); packet_set_interactive( options.control_master == SSHCTL_MASTER_NO, options.ip_qos_interactive, options.ip_qos_bulk);

Mon Sep 21 06:19:45 2015 madlord [...] list.ru - Correspondence added

Subject:	Re: [rt.cpan.org #107099] Connect with -N key
Date:	Mon, 21 Sep 2015 13:19:30 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

Can i use ssh_cmd option of Net::OpenSSH instead full path in $PATH? Show quoted text

>Понедельник, 21 сентября 2015, 6:06 -04:00 от "Salvador Fandino Garcia via RT" <bug-Net-OpenSSH@rt.cpan.org>: > ><URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > >On Mon Sep 21 05:36:46 2015, madlord@list.ru wrote:

>> Yes, i can.

> >Ok, here it goes. > >You will have to download the openssh package from some mirror (i.e. http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh-7.1p1.tar.gz ) and apply the attached patch to ssh.c, run configure and make, prepend the full path for the openssh-7.1p1 directory to $PATH so that the patched version of ssh is found first, and then run again the following perl script: > > use Net::OpenSSH; > $Net::OpenSSH::debug = -1; > $ssh = Net::OpenSSH->new($host, master_opts => [qw(-vvv)]); > $ssh->system({tty => 1}); > >Does it work? > >If it does I will write a more elaborated patch and send it upstream.

С уважением, Павлов Алексей :-)

Mon Sep 21 06:36:41 2015 salva [...] cpan.org - Correspondence added

On Mon Sep 21 06:19:45 2015, madlord@list.ru wrote: Show quoted text

> Can i use ssh_cmd option of Net::OpenSSH instead full path in $PATH?

yes, you can.

Mon Sep 21 06:44:13 2015 madlord [...] list.ru - Correspondence added

Subject:	Re: [rt.cpan.org #107099] Connect with -N key
Date:	Mon, 21 Sep 2015 13:43:50 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

Message body is not shown because it is too large.

Mon Sep 21 09:13:09 2015 salva [...] cpan.org - Correspondence added

On Mon Sep 21 06:44:13 2015, madlord@list.ru wrote: Show quoted text

> Ок, i patched and make this - > http://mirror.internode.on.net/pub/OpenBSD/OpenSSH/portable/openssh- > 7.1p1.tar.gz > But for openssh 7.1 i add options: > my $ssh = Net::OpenSSH->new($ip, master_opts => [qw(-vvv), -o => > 'KexAlgorithms=+diffie-hellman-group1-sha1', -o => > 'HostKeyAlgorithms=+ssh-dss']); > because i had error: no matching key exchange method found > > Result (it works):

Ok, just a last test, can you check whether that server allows you to open several channels in sequence over the same SSH connection: my $ssh = Net::OpenSSH->new($ip, master_opts => [qw(-vvv), ...]); $ssh->system({tty => 1}); $ssh->system({tty => 1}); Do you see the two sessions opening or on the other hand, does the remote server drop the connection after the first one finish?

Tue Sep 22 00:59:10 2015 madlord [...] list.ru - Correspondence added

Subject:	Re: [rt.cpan.org #107099] Connect with -N key
Date:	Tue, 22 Sep 2015 07:58:46 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

Message body is not shown because it is too large.

Wed Sep 23 02:33:45 2015 sfandino [...] yahoo.com - Correspondence added

Subject:	Re: [rt.cpan.org #107099] Connect with -N key
Date:	Wed, 23 Sep 2015 06:30:28 +0000 (UTC)
To:	"bug-Net-OpenSSH [...] rt.cpan.org" <bug-Net-OpenSSH [...] rt.cpan.org>
From:	Salvador Fandino <sfandino [...] yahoo.com>

Show quoted text

>________________________________ > From: Алексей Павлов via RT <bug-Net-OpenSSH@rt.cpan.org> >To: >Sent: Tuesday, September 22, 2015 6:59 AM >Subject: Re: [rt.cpan.org #107099] Connect with -N key > > > Queue: Net-OpenSSH >Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > >How can i see this? In debug of Net::OpenSSH? I have limited access to server logs.

The ssh verbose output shows it: Show quoted text

>...

Show quoted text

>debug1: channel 2: new [client-session]>debug2: process_mux_new_session: channel_new: 2 linked to control channel 1 >debug2: channel 2: send open

Show quoted text

>Received disconnect from 213.228.116.181: 2:

You see, once the request for opening a second channel is sent, the remote side closes the connection inmediately. That means that even with the workaround you will not be able to call more than one Net::OpenSSH method. Also, your server is asking you to authenticate from inside the shell instead of at the SSH protocol level. In summary, the implementation of SSH on your device does almost everything wrong. Probably it is the same server they have for telnet access running on top of an unauthenticated SSH connection, and it is missing all the features of SSH that make it a much better protocol for system administration automation. Net::OpenSSH is mostly useless for your case. Net::Telnet or just raw Expect are going to be better options for you.

Wed Sep 23 02:44:16 2015 madlord [...] list.ru - Correspondence added

Subject:	Re[2]: [rt.cpan.org #107099] Connect with -N key
Date:	Wed, 23 Sep 2015 09:43:58 +0300
To:	bug-Net-OpenSSH [...] rt.cpan.org
From:	Алексей Павлов <madlord [...] list.ru>

Ок, thanks. I already use Net::Telnet and IO::Pty for this. But why connection timeouted whith -N key? Show quoted text

>Среда, 23 сентября 2015, 2:33 -04:00 от "Salvador \"Fandiño\" via RT" <bug-Net-OpenSSH@rt.cpan.org>: > ><URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > > > >

>>________________________________ >> From: Алексей Павлов via RT < bug-Net-OpenSSH@rt.cpan.org > >>To: >>Sent: Tuesday, September 22, 2015 6:59 AM >>Subject: Re: [rt.cpan.org #107099] Connect with -N key >> >> >> Queue: Net-OpenSSH >>Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > >> >>How can i see this? In debug of Net::OpenSSH? I have limited access to server logs.

> > >The ssh verbose output shows it: > >

>>...

>>debug1: channel 2: new [client-session]>debug2: process_mux_new_session: channel_new: 2 linked to control channel 1 >>debug2: channel 2: send open

>>Received disconnect from 213.228.116.181: 2:

> >You see, once the request for opening a second channel is sent, the remote side closes the connection inmediately. > >That means that even with the workaround you will not be able to call more than one Net::OpenSSH method. Also, your server is asking you to authenticate from inside the shell instead of at the SSH protocol level. > >In summary, the implementation of SSH on your device does almost everything wrong. Probably it is the same server they have for telnet access running on top of an unauthenticated SSH connection, and it is missing all the features of SSH that make it a much better protocol for system administration automation. > >Net::OpenSSH is mostly useless for your case. Net::Telnet or just raw Expect are going to be better options for you. >

С уважением, Павлов Алексей :-)

Wed Sep 23 02:55:50 2015 sfandino [...] yahoo.com - Correspondence added

Subject:	Re: Re[2]: [rt.cpan.org #107099] Connect with -N key
Date:	Wed, 23 Sep 2015 06:50:07 +0000 (UTC)
To:	"bug-Net-OpenSSH [...] rt.cpan.org" <bug-Net-OpenSSH [...] rt.cpan.org>
From:	Salvador Fandino <sfandino [...] yahoo.com>

Show quoted text

----- Original Message -----

> From: Алексей Павлов via RT <bug-Net-OpenSSH@rt.cpan.org> > To: > Cc: > Sent: Wednesday, September 23, 2015 8:44 AM > Subject: Re[2]: [rt.cpan.org #107099] Connect with -N key > > Queue: Net-OpenSSH > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=107099 > > > Ок, thanks. I already use Net::Telnet and IO::Pty for this. But why connection > timeouted whith -N key?

Well, the connection didn't timeout, the session did. It was waiting for you to authenticate but you didn't do that in the expected time frame. Anyway, timestamps are not included on the output, so maybe I am missing something there.

Thu Oct 01 03:29:15 2015 salva [...] cpan.org - Status changed from 'open' to 'rejected'