«

Hi,

I have a PostgreSQL database behind a firewall which I can access from a
fixed IP address but obviously not while on the road where I must issue
something like:

ssh -N -C -L 5433/localhost/5432

and then run my script to generate the report.

I can in a slightly different context using Net::SSH issue commands
to the remote host, but I have been unable to figure out how to open a
tunnel from within the perl script (preferably with a module, but that's
not really the issue), then do my usual thing, and then close the tunnel
again.

Is this a unique problem? Or can someone point me to a code fragment
that does something like this...

el

On 2012-01-16 07:59, Dr Eberhard Lisse <> wrote:
> I have a PostgreSQL database behind a firewall which I can access from a
> fixed IP address but obviously not while on the road where I must issue
> something like:
>
> ssh -N -C -L 5433/localhost/5432
>
> and then run my script to generate the report.
>
> I can in a slightly different context using Net::SSH issue commands
> to the remote host, but I have been unable to figure out how to open a
> tunnel from within the perl script (preferably with a module, but that's
> not really the issue), then do my usual thing, and then close the tunnel
> again.

maybe I misunderstand the problem, but have you tried simply starting
ssh in the background (with open or fork/exec) at the start of your
script and killing it at the end?

hp

--
_ | Peter J. Holzer | Deprecating human carelessness and
|_|_) | Sysadmin WSR | ignorance has no successful track record.
| | | |
__/ | http://www.hjp.at/ | -- Bill Code on

Haven't been able to successfully do that.

Have you got a working code fragment?


el

On 2012-01-16 13:46 , Peter J. Holzer wrote:
> On 2012-01-16 07:59, Dr Eberhard Lisse <> wrote:
>> I have a PostgreSQL database behind a firewall which I
>> can access from a fixed IP address but obviously not
>> while on the road where I must issue something like:
>>
>> ssh -N -C -L
>> 5433/localhost/5432
>>
>> and then run my script to generate the report.
>>
>> I can in a slightly different context using Net::SSH
>> issue commands to the remote host, but I have been unable
>> to figure out how to open a tunnel from within the perl
>> script (preferably with a module, but that's not really
>> the issue), then do my usual thing, and then close the
>> tunnel again.
>
> maybe I misunderstand the problem, but have you tried
> simply starting ssh in the background (with open or
> fork/exec) at the start of your script and killing it at
> the end?
>
> hp
>


--
If you want to email me, replace nospam with el

Dr Eberhard W Lisse <> writes:

>> maybe I misunderstand the problem, but have you tried
>> simply starting ssh in the background (with open or
>> fork/exec) at the start of your script and killing it at
>> the end?
>
> Haven't been able to successfully do that.

What did you try? How did it fail?

> Have you got a working code fragment?

I have written a lot of code which rather naïvely uses IPC::Open3 to run
ssh as a background process. It should work for opening a tunnel.

The problems I don't usual handle is that the initial connection often
asks whether to accept the host key. In this scenario the process just
hangs. If you just accept the hostkey by hand it works correctly.

//Makholm

Peter,

reason for failure:

Stupidity and Ignorance of this elderly Gynaecologist -O

I have the key pairs organized -O

el

On 2012-01-17 12:17 , Peter Makholm wrote:
> Dr Eberhard W Lisse <> writes:
>
>>> maybe I misunderstand the problem, but have you tried
>>> simply starting ssh in the background (with open or
>>> fork/exec) at the start of your script and killing it at
>>> the end?
>>
>> Haven't been able to successfully do that.
>
> What did you try? How did it fail?
>
>> Have you got a working code fragment?
>
> I have written a lot of code which rather naïvely uses
> IPC::Open3 to run ssh as a background process. It should
> work for opening a tunnel.
>
> The problems I don't usual handle is that the initial
> connection often asks whether to accept the host key. In
> this scenario the process just hangs. If you just accept
> the hostkey by hand it works correctly.
>
> //Makholm
>


--
If you want to email me, replace nospam with el

On 2012-01-17 11:46, Ben Morrow <> wrote:
> Try system("ssh -f -L... ... sleep 10") instead of open3. It's important
> with -f to use 'sleep 10' rather than -N, otherwise the ssh process will
> never exit. (It doesn't seem to be very easy to find its pid to kill it
> manually.)

open($fh, '-|', ...) returns the pid, so does fork. The following script
works for me, at least on linux:


#!/usr/bin/perl
use warnings;
use strict;
use IO::Socket::INET;

$| = 1;
print "opening tunnel ... ";
my $pid = open(my $fh, '-|',
'ssh', '-N', '', '-L', '10007:chronos.DOMAIN:7'
) or die;
print " done (pid=$pid)\n";

sleep 5;
system('lsof', '-i', ':10007');
sleep 5;

print "opening socket ... ";
my $sock = IO::Socket::INET->new(PeerHost => 'localhost',
PeerPort => 10007,
Proto => 'tcp');
print " done\n";

print "sending request ... ";
print $sock "test123\n";
print " done\n";

print "reading response ... ";
my $resp = <$sock>;
print " done (resp = $resp)\n";

print "closing socket ... ";
close($sock);
print " done\n";

sleep(5);
system('lsof', '-i', ':10007');
sleep(5);

print "closing tunnel ... ";
kill(15, $pid);
my $rc = waitpid($pid, 0);
print " done (rc = $rc)\n";

sleep(5);
system('lsof', '-i', ':10007');
__END__

hp


--
_ | Peter J. Holzer | Deprecating human carelessness and
|_|_) | Sysadmin WSR | ignorance has no successful track record.
| | | |
__/ | http://www.hjp.at/ | -- Bill Code on

On 2012-01-21 17:35, Ben Morrow <> wrote:
> Quoth "Peter J. Holzer" <hjp->:
>> On 2012-01-17 11:46, Ben Morrow <> wrote:
>> > Try system("ssh -f -L... ... sleep 10") instead of open3. It's important
>> > with -f to use 'sleep 10' rather than -N, otherwise the ssh process will
>> > never exit. (It doesn't seem to be very easy to find its pid to kill it
>> > manually.)
>>
>> open($fh, '-|', ...) returns the pid, so does fork. The following script
>> works for me, at least on linux:
>
> I think you're not realising what the -f argument to ssh does. It makes
> ssh put itself in the background, but only after any possible need to
> prompt the user has been dealt with.

Yes, but there is no reason to use it. Perl can put processes in the
"background" just fine. You will notice that my little test program
doesn't use it.

hp


--
_ | Peter J. Holzer | Deprecating human carelessness and
|_|_) | Sysadmin WSR | ignorance has no successful track record.
| | | |
__/ | http://www.hjp.at/ | -- Bill Code on

On 2012-01-21 20:49, Ben Morrow <> wrote:
>
> Quoth "Peter J. Holzer" <hjp->:
>> On 2012-01-21 17:35, Ben Morrow <> wrote:
>> > Quoth "Peter J. Holzer" <hjp->:
>> >> On 2012-01-17 11:46, Ben Morrow <> wrote:
>> >> > Try system("ssh -f -L... ... sleep 10") instead of open3. It's important
>> >> > with -f to use 'sleep 10' rather than -N, otherwise the ssh process will
>> >> > never exit. (It doesn't seem to be very easy to find its pid to kill it
>> >> > manually.)
>> >>
>> >> open($fh, '-|', ...) returns the pid, so does fork. The following script
>> >> works for me, at least on linux:
>> >
>> > I think you're not realising what the -f argument to ssh does. It makes
>> > ssh put itself in the background, but only after any possible need to
>> > prompt the user has been dealt with.
>>
>> Yes, but there is no reason to use it. Perl can put processes in the
>> "background" just fine. You will notice that my little test program
>> doesn't use it.
>
> Perl can put processes in the background just fine, yes. That's not the
> issue. The issue is that sometimes ssh needs to prompt, and running it in
> the background from Perl doesn't handle that very well.

Prompting doesn't work if the script is run from cron, or from a web
server, or most other situations where I've ever needed to call ssh from
a perl script. Your assumption that it is possible to prompt isn't any
more reasonable than my assumption that the environment has been set up
correctly (remote host key in known_hosts, local public key in remote
authorized_keys, ...).


> I took the program you posted and made the following change:

"Doctor, it hurts when I do this!"

"Well, then don't do it!"


hp

--
_ | Peter J. Holzer | Deprecating human carelessness and
|_|_) | Sysadmin WSR | ignorance has no successful track record.
| | | |
__/ | http://www.hjp.at/ | -- Bill Code on

On Jan 17, 2:17*am, Peter Makholm <pe...@makholm.net> wrote:
> Dr Eberhard W Lisse <nos...@lisse.NA> writes:
>
> >> maybe I misunderstand the problem, but have you tried
> >> simply starting ssh in the background (with open or
> >> fork/exec) at the start of your script and killing it at
> >> the end?
>
> > Haven't been able to successfully do that.
>
> What did you try? How did it fail?
>
> > Have you got a working code fragment?
>
> I have written a lot of code which rather naïvely uses IPC::Open3 to run
> ssh as a background process. It should work for opening a tunnel.
>
> The problems I don't usual handle is that the initial connection often
> asks whether to accept the host key. In this scenario the process just
> hangs. If you just accept the hostkey by hand it works correctly.
>
> //Makholm

Off-topic a bit, but I seem to recall a workaround with /dev/null...
ah, here's
the incantation:

$ ssh -o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
...

--
Charles DeRykus

On 1/16/2012 1:59 AM, Dr Eberhard Lisse wrote:
> Hi,
>
> I have a PostgreSQL database behind a firewall which I can access from a
> fixed IP address but obviously not while on the road where I must issue
> something like:
>
> ssh -N -C -L 5433/localhost/5432
>
> and then run my script to generate the report.
>
> I can in a slightly different context using Net::SSH issue commands
> to the remote host, but I have been unable to figure out how to open a
> tunnel from within the perl script (preferably with a module, but that's
> not really the issue), then do my usual thing, and then close the tunnel
> again.
>
> Is this a unique problem? Or can someone point me to a code fragment
> that does something like this...
>
> el

How about trying Net::OpenSSH? I have not used this module.

http://search.cpan.org/~salva/Net-Op...SSH.pm#Tunnels

<quote>

tunnel => $bool

Instead of executing a command in the remote host, this option instruct
Net::OpenSSH to create a TCP tunnel. The arguments become the target IP
and port.

Example:

my ($in, $out, undef, $pid) = $ssh->open_ex({tunnel => 1}, $IP, $port);

</quote>

--
Len