PackageDescription | _Net::SSH::Perl_ is an all-Perl module implementing an SSH (Secure Shell)
client. It is compatible with both the SSH-1 and SSH-2 protocols.
_Net::SSH::Perl_ enables you to simply and securely execute commands on
remote machines, and receive the STDOUT, STDERR, and exit status of that
remote command. It contains built-in support for various methods of
authenticating with the server (password authentication, RSA
challenge-response authentication, etc.). It completely implements the I/O
buffering, packet transport, and user authentication layers of the SSH
protocol, and makes use of external Perl libraries (in the Crypt:: family
of modules) to handle encryption of all data sent across the insecure
network. It can also read your existing SSH configuration files
(_/etc/ssh_config_, etc.), RSA identity files, ECDSA identity files,
Ed25519 identity files, known hosts files, etc.
One advantage to using _Net::SSH::Perl_ over wrapper-style implementations
of ssh clients is that it saves on process overhead: you no longer need to
fork and execute a separate process in order to connect to an sshd.
Depending on the amount of time and memory needed to fork a process, this
win can be quite substantial; particularly if you're running in a
persistent Perl environment (_mod_perl_, for example), where forking a new
process is a drain on process and memory resources.
It also simplifies the process of using password-based authentications;
when writing a wrapper around _ssh_ you probably need to use _Expect_ to
control the ssh client and give it your password. _Net::SSH::Perl_ has
built-in support for the authentication protocols, so there's no longer any
hassle of communicating with any external processes.
The SSH2 protocol support (present in _Net::SSH::Perl_ as of version 1.00)
is compatible with the SSH2 implementation in OpenSSH, and should also be
fully compatible with the "official" SSH implementation. If you find an
SSH2 implementation that is not compatible with _Net::SSH::Perl_, please
let me know (email address down in _AUTHOR & COPYRIGHTS_); it turns out
that some SSH2 implementations have subtle differences from others. AES-CTR
('aes256-ctr', 'aes192-ctr', and 'aes128-ctr') and Chacha20-Poly1305
ciphers are currently supported for SSH2 encryption. Deprecated ciphers
AES-CBC ('aes256-cbc', 'aes192-cbc', and 'aes128-cbc') 3DES ('3des-cbc'),
Blowfish ('blowfish-cbc'), and RC4 ('arcfour') are available but not
enabled by default. One can enable them by using the Ciphers options
parameter. For example:
options => [ "Ciphers +aes256-cbc" ]
Using the + notation will append a cipher to the default ciphers list.
Integrity checking is performed by the 'hmac-sha2-256', 'hmac-sha2-512',
'hmac-sha2-256-etm@openssh.com', or 'hmac-sha2-512-etm@openssh.com'
algorithms. The deprecated 'hmac-sha1' or 'hmac-md5' algorithms are
available but not enabled by default. Many older SSH server installations
still use hmac-sha1 as the main accepted MAC algorithm. To enable this, use
the following options parameter:
options => [ "MACs +hmac-sha1" ]
Compression, if requested, is limited to Zlib.
Supported server host key algorithms are 'ssh-ed25519', 'rsa-sha2-512',
'rsa-sha2-256', 'ecdsa-sha2-nistp521', 'ecdsa-sha2-nistp384',
'ecdsa-sha2-nistp256', and 'ssh-rsa'. Deprecated 'ssh-dss' is supported but
not enabled by default. It can be enabled with the options parameter:
options => [ "HostKeyAlgorithms +ssh-dss" ]
Supported SSH2 public key authentication algorithms are the same.
Supported Key Exchange (KEX) algorithms are 'diffie-hellman-group1-sha1',
'diffie-hellman-group14-sha1', c<diffie-hellman-group14-sha256>,
'diffie-hellman-group16-sha512', 'diffie-hellman-group18-sha512',
'diffie-hellman-group-exchange-sha256',
'diffie-hellman-group-exchange-sha1', and
'curve25519-sha256@libssh.org'/'curve25519-sha256'. The
'diffie-hellman-group1-sha1' algorithm is disabled by default, but can be
activated via the options parameter:
options => [ "KexAlgorithms +diffie-hellman-group1-sha1" ]
If you're looking for SFTP support, take a look at _Net::SFTP_, which
provides a full-featured Perl implementation of SFTP, and sits on top of
_Net::SSH::Perl_. SFTP requires the usage of the SSH2 protocol. |