SSH prompt

[gromst]

I'm using the simple code from the example connect to network firewall. $ssh = Net::SSH::Perl->new($hostname); $ssh->login($username,$password); And login is Ok.

But ($stdout, $stderr, $exit) = $ssh->cmd('show ver') Hangs in the terminal for a long time while timeout. At the same time interactive $ssh->shell works great. And I can see shell prompt: username@MA-3054-SM-LLK> A think the problem is in a special prompt. On UNIX system server I have not get a problem.

Can I specify other type of prompt in my perl script to resolve this problem?

[lkinley]

Can you turn debug on and post the output from the 'show ver'? $ssh = Net::SSH::Perl->new($hostname,debug => 1)

What kind of firewall appliance is this?

[gromst]

Palo-Alto Next Generation Firewall

[root@logsrv pa]# perl ssh_perl logsrv.chel.su: Reading configuration data /root/.ssh/config logsrv.chel.su: Reading configuration data /etc/ssh_config logsrv.chel.su: Allocated local port 1023. logsrv.chel.su: Connecting to 192.168.28.177, port 22. logsrv.chel.su: Remote version string: SSH-2.0-OpenSSH_12.1 logsrv.chel.su: Remote protocol version 2.0, remote software version OpenSSH_12.1 logsrv.chel.su: Net::SSH::Perl Version 2.09, protocol version 2.0. logsrv.chel.su: No compat match: OpenSSH_12.1. logsrv.chel.su: Connection established. logsrv.chel.su: Sent key-exchange init (KEXINIT), waiting for response. logsrv.chel.su: Using diffie-hellman-group-exchange-sha256 for key exchange logsrv.chel.su: Host key algorithm: ssh-rsa logsrv.chel.su: Algorithms, c->s: aes256-ctr hmac-sha2-512-etm@openssh.com none logsrv.chel.su: Algorithms, s->c: aes256-ctr hmac-sha2-512-etm@openssh.com none logsrv.chel.su: Entering Diffie-Hellman Group Exchange. logsrv.chel.su: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<4096<8192) sent logsrv.chel.su: Sent DH Group Exchange request, waiting for reply. logsrv.chel.su: Received 4096 bit DH Group Exchange reply. logsrv.chel.su: Generating new Diffie-Hellman keys. logsrv.chel.su: Entering Diffie-Hellman key exchange. logsrv.chel.su: Sent DH public key, waiting for reply. logsrv.chel.su: Received host key, type 'ssh-rsa'. logsrv.chel.su: Host '192.168.28.177' is known and matches the host key. logsrv.chel.su: Verifying server signature. logsrv.chel.su: Send NEWKEYS. logsrv.chel.su: Waiting for NEWKEYS message. logsrv.chel.su: Enabling encryption/MAC/compression. logsrv.chel.su: Sending request for user-authentication service. logsrv.chel.su: Service accepted: ssh-userauth. logsrv.chel.su: Trying empty user-authentication request. logsrv.chel.su: Authentication methods that can continue: publickey,password,keyboard-interactive. logsrv.chel.su: Next method to try is publickey. logsrv.chel.su: Next method to try is password. logsrv.chel.su: Trying password authentication. logsrv.chel.su: Login completed, opening dummy shell channel. logsrv.chel.su: channel 0: new [client-session] logsrv.chel.su: Requesting channel_open for channel 0. logsrv.chel.su: channel 0: open confirm rwindow 0 rmax 32768 logsrv.chel.su: Got channel open confirmation, requesting shell. logsrv.chel.su: Requesting service shell on channel 0. logsrv.chel.su: channel 1: new [client-session] logsrv.chel.su: Requesting channel_open for channel 1. logsrv.chel.su: Entering interactive session. logsrv.chel.su: Requesting service exec on channel 1. logsrv.chel.su: channel 1: open confirm rwindow 0 rmax 32768

Further the terminal hangs for long time after my($stdout, $stderr, $exit) = $ssh->cmd("show ver");

[lkinley]

Try:

$ssh = Net::SSH::Perl->new($hostname, use_pty => 1, interactive => 'yes')

[gromst]

[root@logsrv pa]# perl ssh_perl Informservis LLC (Limited Liability Company)

Further the terminal hangs for long time This is the initial greeting for entering the password

[lkinley]

So you tried with use_pty and interactive enabled?

[gromst]

yes

my $ssh = Net::SSH::Perl->new($hostname, use_pty => 1, interactive => 'yes'); $ssh->login($username,$password); my($stdout, $stderr, $exit) = $ssh->cmd("show ver"); print $stdout;

[lkinley]

Ok, get rid of interactive and keep use_pty.

If that doesn't work try: my($stdout, $stderr, $exit) = $ssh->cmd("show ver </dev/null");

[gromst]

If I use $ssh->shell

my $ssh = Net::SSH::Perl->new($hostname, use_pty => 1, interactive => 'yes'); $ssh->login($username,$password); ReadMode('raw'); $ssh->shell; ReadMode('restore');

[root@logsrv pa]# perl ssh_perl Informservis LLC (Limited Liability Company)

Last login: Wed May 24 22:51:01 2017 from 10.1.0117

Number of failed attempts since last successful login: 0

username@MA-3054-SM-LLK> username@MA-3054-SM-LLK> exit [root@logsrv pa]#

[gromst]

If I use my($stdout, $stderr, $exit) = $ssh->cmd("show ver </dev/null");

[root@logsrv pa]# perl ssh_perl

It's all - hangs for long time

[lkinley]

It's all.... what?

[gromst]

hangs for long time

[lkinley]

I don't think this is a Net::SSH::Perl problem. The server side is not closing the session because it thinks the connection is still active. Can you try via openssh command line and see if the same thing happens?

[gromst]

[root@logsrv pa]# ssh username@192.168.28.177 show ver Informservis LLC (Limited Liability Company) Password:

And hangs for long time

apparently is the case

[gromst]

Can you explain what exactly is wrong. I will try to configure the firewall.

[lkinley]

Usually it is something with the tty and how the command you are running interacts with it.

That's why I tried </dev/null so STDIN wasn't being held open. You could also try 2>/dev/null to send STDERR to /dev/null. Beyond that, I don't know what to suggest. I assume you need to grab the output of the 'show ver'?

[lkinley]

See if this command line: ssh -tt username@192.168.28.177 show ver

works

The -tt forces tty allocation

[gromst]

[root@logsrv pa]# ssh -tt username@192.168.28.177 show ver Informservis LLC (Limited Liability Company)

Number of failed attempts since last successful login: 0

username@MA-3054-SM-LLK> exit [root@logsrv pa]#

The command is not run

Thanks for the info. I will contact technical support

[gromst]

I use ($stdout, $stderr, $exit) = $ssh->cmd(pty => 'show ver'); And I receve needed answer :-)