Skip Menu |

This queue is for tickets about the Net-SFTP-Foreign CPAN distribution.

Report information
The Basics
Id: 52533
Status: rejected
Worked: 10 min
Priority: 0/
Queue: Net-SFTP-Foreign
People
Owner: Nobody in particular
Requestors: peter [...] dragonstaff.co.uk
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 1.55
Fixed in: (no value)

History Show all quoted text
  Mon Dec 07 11:13:35 2009 peter [...] dragonstaff.co.uk - Ticket created
Subject: socksify SOCKS proxy support
When I connect directly to an ssh server using an ssh_cmd like '/usr/bin/ssh', it works. When I connect via a SOCKS proxy using socksify with an ssh_cmd like '/usr/local/bin/socksify /usr/bin/ssh' then I get a _conn_lost on the first read from child. Attached 1) ssh_problem.txt shows debug tracing with/without use of socksify wrapper for ssh to use SOCKS proxy 2) proxy.t unit test run 'perl proxy.t' uses proxy, shows fail run 'NO_TEST=1 perl proxy.t' goes direct, shows success
Subject: ssh_problem.txt
1. direct connection succeeds #20508 1260200381.00000 new: ssh cmd: /usr/bin/ssh -l devpublish -v wsnmas00 -s sftp #20508 1260200381.00000 _queue_msg: queueing msg len: 5, code:1, id:3 ... [1] 00 00 00 05 01 00 00 00 03 | ......... #20508 1260200381.00000 _get_msg: waiting for message... [1] #20508 1260200381.00000 _do_io_unix: _do_io connected: 1 #20508 1260200381.00000 _do_io_unix: _do_io select(-,-,-, undef) #20508 1260200381.00000 _do_io_unix: _do_io write queue: 9, syswrite: 9, max: 65536 00 00 00 05 01 00 00 00 03 | ......... #20508 1260200381.00000 _do_io_unix: _do_io select(-,-,-, undef) OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003 debug1: Reading configuration data /home/edwarp11/.ssh/config ... #20508 1260200388.00000 _do_io_unix: _do_io read sysread: 9, total read: 9 00 00 00 05 02 00 00 00 03 | ......... #20508 1260200388.00000 _get_msg: got it!, len:5, code:2, id:-, status: - 02 00 00 00 03 | ..... 2. socksified connection fails #20744 1260200403.00000 new: ssh cmd: /home/edwarp11/local/bin/socksify /usr/bin/ssh -l devpublish -v wsnmas00 -s sftp #20744 1260200403.00000 _queue_msg: queueing msg len: 5, code:1, id:3 ... [1] 00 00 00 05 01 00 00 00 03 | ......... #20744 1260200403.00000 _get_msg: waiting for message... [1] #20744 1260200403.00000 _do_io_unix: _do_io connected: 1 #20744 1260200403.00000 _do_io_unix: _do_io select(-,-,-, undef) #20744 1260200403.00000 _do_io_unix: _do_io write queue: 9, syswrite: undef, max: 65536 #20744 1260200403.00000 _conn_lost: _conn_lost #20744 1260200403.00000 _set_status: _set_status code: 7, str: Connection lost #20744 1260200403.00000 _set_error: _set_err code: 37, str: Connection to remote server is broken #20744 1260200403.00000 _conn_lost: _conn_lost Unable to stablish SFTP connection: Connection to remote server is broken at basic_sftp.t line 52. #20744 1260200403.00000 DESTROY: Net::SFTP::Foreign=HASH(0x943b0dc)->DESTROY called (current pid: 20744, disconnect_by_pid: ) #20744 1260200403.00000 disconnect: Net::SFTP::Foreign=HASH(0x943b0dc)->disconnect called (ssh pid: 20748) #20744 1260200403.00000 _conn_lost: _conn_lost
Subject: proxy.t
#!/usr/bin/perl # test Net::SFTP::Foreign via SOCKS proxy # author peter@dragonstaff.co.uk use strict; use warnings; use Test::More tests => 2; use File::Which; my $SOCKSIFY = which('socksify') or die 'cannot find "socksify" program'; my $SSH = which('ssh') or die 'cannot find "ssh" program'; my $ssh_cmd; if ( $ENV{NO_PROXY} ) { $ssh_cmd = $SSH; } else { $ssh_cmd = $SOCKSIFY . ' ' . $SSH; } my $host = 'somehost.com'; my $user = 'someuser'; my $pass = 'somepassword'; my ($sftp, $cwd); diag "trying to connect"; my %args = ( host => $host, user => $user, #password => $pass, # hangs if set and no password required - maybe fixed in Net::SFTP::Foreign version 1.56_03 more => '-v', ssh_cmd => $ssh_cmd, ); use_ok('Net::SFTP::Foreign'); { no warnings 'once'; $Net::SFTP::Foreign::debug = 0xffff; } $sftp = Net::SFTP::Foreign->new( %args ); $sftp->error and die "Unable to stablish SFTP connection: " . $sftp->error; my $msg = "connected to $user\@$host"; $msg .= " via SOCKS proxy" unless $ENV{NO_PROXY}; diag $msg; $cwd = $sftp->cwd; diag "cwd: $cwd"; ok( $cwd, 'cwd' );
  Mon Dec 07 11:43:20 2009 sfandino [...] yahoo.com - Correspondence added
Subject: Re: [rt.cpan.org #52533] socksify SOCKS proxy support
Date: Mon, 7 Dec 2009 08:43:02 -0800 (PST)
To: bug-Net-SFTP-Foreign [...] rt.cpan.org
From: Salvador Fandino <sfandino [...] yahoo.com>
Show quoted text
----- Original Message ----
> From: Peter Edwards via RT <bug-Net-SFTP-Foreign@rt.cpan.org> > Sent: Mon, December 7, 2009 5:13:37 PM > Subject: [rt.cpan.org #52533] socksify SOCKS proxy support > > Mon Dec 07 11:13:35 2009: Request 52533 was acted upon. > Transaction: Ticket created by PEDWARDS > Queue: Net-SFTP-Foreign > Subject: socksify SOCKS proxy support > Broken in: 1.55 > Severity: Important > Owner: Nobody > Requestors: peter@dragonstaff.co.uk > Status: new > Ticket > > > When I connect directly to an ssh server using an ssh_cmd like > '/usr/bin/ssh', it works. > When I connect via a SOCKS proxy using socksify with an ssh_cmd like > '/usr/local/bin/socksify /usr/bin/ssh' then I get a _conn_lost on the > first read from child. > > Attached > 1) ssh_problem.txt shows debug tracing with/without use of socksify > wrapper for ssh to use SOCKS proxy > 2) proxy.t unit test > run 'perl proxy.t' uses proxy, shows fail > run 'NO_TEST=1 perl proxy.t' goes direct, shows success
Net::SFTP::Foreign expects ssh_cmd to be a real command, not a fragment of a shell line. You can overcome that limitation in several ways, probably the easiest is to just write a wrapper for ssh (say socksified_ssh) that socksofies it and then ask Net::SFTP::Foreign to use it as the ssh binary:
----- socksified_ssh ----------------------------------------------- #!/usr/bin/perl exec '/usr/bin/ssh/socksify', /usr/bin/ssh', @ARGV and then from your script: $sftp = Net::SFTP::Foreign->new(ssh_cmd => '/path/to/socksified_ssh', ...); Another option is to set $ENV{LD_PRELOAD} to point to the corresponding socksifing library (that's what socksify does under the hood). And you can also instruct SSH to use socat(1) to stablish the connection through a SOCKS proxy using the ProxyCommand configuration option. Cheers, - Salva
  Mon Dec 07 11:43:21 2009 The RT System itself - Status changed from 'new' to 'open'
  Mon Dec 07 11:45:32 2009 salva [...] cpan.org - TimeWorked changed from (no value) to '10'
  Mon Dec 07 11:45:32 2009 salva [...] cpan.org - Status changed from 'open' to 'rejected'
  Mon Dec 07 12:28:48 2009 peter [...] dragonstaff.co.uk - Correspondence added
Subject: Re: [rt.cpan.org #52533] socksify SOCKS proxy support
Date: Mon, 7 Dec 2009 17:28:06 +0000
To: bug-Net-SFTP-Foreign [...] rt.cpan.org
From: Peter Edwards <peter [...] dragonstaff.co.uk>
2009/12/7 Salvador \"FandiƱo\" via RT <bug-Net-SFTP-Foreign@rt.cpan.org> Show quoted text
> <URL: http://rt.cpan.org/Ticket/Display.html?id=52533 > > > > - Salva > > Thanks Salva for your detailed and excellent reply.
I see now from the code that the call to exec() won't work with what I was doing. I will use your suggestion of a helper shell script. Regards, Peter
  Mon Dec 07 12:28:49 2009 The RT System itself - Status changed from 'rejected' to 'open'
  Mon Dec 07 13:09:04 2009 salva [...] cpan.org - Status changed from 'open' to 'rejected'