Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Net::SSH::Perl failure via Apache

Status
Not open for further replies.

perld

ISP
Oct 21, 2005
5
MT
Have a script using Net::SSH::perl that connects to remote machines and executes commands. Running the script via a shell as user apache returns as expected. When trying to run the script from a web browser (running as user apache) the script fails at the the line $session->login($user, $pass).

Debug output from the remote server shows the folloing during a successful connection attempt:

*** START ***
Oct 21 16:55:06 remotehost sshd[2880]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Oct 21 16:55:06 remotehost sshd[2880]: debug1: inetd sockets after dupping: 3, 3
Oct 21 16:55:06 remotehost sshd[2880]: Connection from x.y.z.21 port 1023
Oct 21 16:55:06 remotehost sshd[2880]: debug1: Client protocol version 2.0; client software version 1.29
Oct 21 16:55:06 remotehost sshd[2880]: debug1: no match: 1.29
Oct 21 16:55:06 remotehost sshd[2880]: debug1: Enabling compatibility mode for protocol 2.0
Oct 21 16:55:06 remotehost sshd[2880]: debug1: Local version string SSH-2.0-OpenSSH_3.9p1
Oct 21 16:55:08 remotehost sshd[2880]: debug1: PAM: initializing for "root"
Oct 21 16:55:08 remotehost sshd[2880]: debug1: PAM: setting PAM_RHOST to "x.y.z.21"
Oct 21 16:55:08 remotehost sshd[2880]: debug1: PAM: setting PAM_TTY to "ssh"
Oct 21 16:55:08 remotehost sshd[2880]: debug1: temporarily_use_uid: 0/0 (e=0/0)
Oct 21 16:55:08 remotehost sshd[2880]: debug1: trying public key file /root/.ssh/authorized_keys
Oct 21 16:55:08 remotehost sshd[2880]: debug1: matching key found: file /root/.ssh/authorized_keys, line 3
Oct 21 16:55:08 remotehost sshd[2880]: Found matching DSA key:
*** END ***

However, via the browser, the following debug log is produced:

*** START ***
Oct 21 16:53:10 remotehost sshd[1268]: debug1: rexec start in 4 out 4 newsock 4 pipe 6 sock 7
Oct 21 16:53:10 remotehost sshd[31443]: debug1: Forked child 1268.
Oct 21 16:53:10 remotehost sshd[1268]: debug1: inetd sockets after dupping: 3, 3
Oct 21 16:53:10 remotehost sshd[1268]: Connection from x.y.z.21 port 40015
Oct 21 16:53:10 remotehost sshd[1268]: debug1: Client protocol version 2.0; client software version 1.29
Oct 21 16:53:10 remotehost sshd[1268]: debug1: no match: 1.29
Oct 21 16:53:10 remotehost sshd[1268]: debug1: Enabling compatibility mode for protocol 2.0
Oct 21 16:53:10 remotehost sshd[1268]: debug1: Local version string SSH-2.0-OpenSSH_3.9p1
Oct 21 16:53:11 remotehost sshd[1268]: debug1: PAM: initializing for "root"
Oct 21 16:53:11 remotehost sshd[1268]: debug1: PAM: setting PAM_RHOST to "x.y.z.21"
Oct 21 16:53:11 remotehost sshd[1268]: debug1: PAM: setting PAM_TTY to "ssh"
Oct 21 16:53:11 remotehost sshd[1268]: debug1: do_cleanup
Oct 21 16:53:11 remotehost sshd[1268]: debug1: PAM: cleanup
*** END ***

As this all works fine at the shell, I'm a bit lost as to what the difference could be. Any pointers?

Regs.

Iain.
 
Apache is running as user 'apache' and has a homedir under /home. As mentioned, the script runs fine from shell. I can:

$ su - apache
$ ./script arg=value

...and all works great, pumping back all the HTML output as expected. It's only when the script is called via the httpd process (running as user apache) that it fails.

Regs.

Iain.
 
Nothing really seems to jump out here...or do you see something??

*** START SHELL ***
HOME: /home/apache
LESSOPEN: |/usr/bin/lesspipe.sh %s
MAIL: /var/spool/mail/apache
PWD: /var/LANG: en_GB
USER: apache
LOGNAME: apache
G_BROKEN_FILENAMES: 1
HOSTNAME: hostname
SHLVL: 1
INPUTRC: /etc/inputrc
OLDPWD: /home/apache
_: ./pushmail3.pl
PATH: /sbin:
LS_COLORS: no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:eek:r
=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:
*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:
*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=
00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=
00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=
00;35:
SHELL: /bin/bash
HISTSIZE: 1000
TERM: xterm
*** END SHELL ***

And from the browser...

*** START CGI ***
<address>Apache/2.0.40 Server at hostname.mydomain Port 80</address>
:
HTTP_ACCEPT_LANGUAGE: en-us,en;q=0.5
REMOTE_ADDR: x.y.z.54
HTTP_KEEP_ALIVE: 300
SERVER_PROTOCOL: HTTP/1.1
PATH: /sbin:
REQUEST_URI: /cgi-bin/pushmail3.pl
GATEWAY_INTERFACE: CGI/1.1
SERVER_ADDR: x.y.z.21
DOCUMENT_ROOT: /var/HTTP_HOST: hostname.mydomain
UNIQUE_ID: 7tfpbMLMYBUAAF9@DYIAAAAG
*** END WEB ***

Regs.

Iain.
 
Hi

No HOME and USER. Maybe this become a problem when try to read the public key file. I would try to let them be passed or set them manually. But this is just a pale idea.
Code:
[gray]# first try[/gray]
PassEnv HOME USER

[gray]# otherwise[/gray]
SetEnv HOME /home/apache
SetEnv USER apache

Feherke.
 
Your 'pale idea' was spot on!

Added the following to the start of the script:

$ENV{HOME} = "/home/apache";
$ENV{USER} = "apache";

...and it all kicked in!

Many thanks.

Iain.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top