Net::SSH::Perl::Agent(User Contributed Perl DocumentatNet::SSH::Perl::Agent(3)NAMENet::SSH::Perl::Agent - Client for agent authentication
SYNOPSIS
use Net::SSH::Perl::Agent;
my $agent = Net::SSH::Perl::Agent->new(2); ## SSH-2 protocol
my $iter = $agent->identity_iterator;
while (my($key, $comment) = $iter->()) {
## Do something with $key.
}
DESCRIPTIONNet::SSH::Perl::Agent provides a client for agent-based publickey
authentication. The idea behind agent authentication is that an auth
daemon is started as the parent of all of your other processes (eg. as
the parent of your shell process); all other processes thus inherit the
connection to the daemon.
After loading your public keys into the agent using ssh-add, the agent
listens on a Unix domain socket for requests for identities. When
requested it sends back the public portions of the keys, which the SSH
client (ie. Net::SSH::Perl, in this case) can send to the sshd, to
determine if the keys will be accepted on the basis of authorization.
If so, the client requests that the agent use the key to decrypt a
random challenge (SSH-1) or sign a piece of data (SSH-2).
Net::SSH::Perl::Agent implements the client portion of the
authentication agent; this is the piece that interfaces with
Net::SSH::Perl's authentication mechanism to contact the agent daemon
and ask for identities, etc. If you use publickey authentication (RSA
authentication in SSH-1, PublicKey authentication in SSH-2), an attempt
will automatically be made to contact the authentication agent. If the
attempt succeeds, Net::SSH::Perl will try to use the identities
returned from the agent, in addition to any identity files on disk.
USAGE
Net::SSH::Perl::Agent->new($version)
Constructs a new Agent object and returns that object.
$version should be either 1 or 2 and is a mandatory argument; it
specifies the protocol version that the agent client should use when
talking to the agent daemon.
$agent->identity_iterator
This is probably the easiest way to get at the identities provided by
the agent. identity_iterator returns an iterator function that, when
invoked, will returned the next identity in the list from the agent.
For example:
my $iter = $agent->identity_iterator;
while (my($key, $comment) = $iter->()) {
## Do something with $key.
}
If called in scalar context, the iterator function will return the next
key (a subclass of Net::SSH::Perl::Key). If called in list context (as
above), both the key and the comment are returned.
$agent->first_identity
Returns the first identity in the list provided by the auth agent.
If called in scalar context, the iterator function will return the next
key (a subclass of Net::SSH::Perl::Key). If called in list context,
both the key and the comment are returned.
$agent->next_identity
Returns the next identity in the list provided by the auth agent. You
must call this after first calling the first_identity method. For
example:
my($key, $comment) = $agent->first_identity;
## Do something.
while (($key, $comment) = $agent->next_identity) {
## Do something.
}
If called in scalar context, the iterator function will return the next
key (a subclass of Net::SSH::Perl::Key). If called in list context,
both the key and the comment are returned.
$agent->sign($key, $data)
Asks the agent $agent to sign the data $data using the private portion
of $key. The key and the data are sent to the agent, which returns the
signature; the signature is then sent to the sshd for verification.
This method is only applicable in SSH-2.
$agent->decrypt($key, $data, $session_id)
Asks the agent to which $agent holds an open connection to decrypt the
data $data using the private portion of $key. $data should be a big
integer (Math::GMP object), and is generally a challenge to a request
for RSA authentication. $session_id is the SSH session ID:
$ssh->session_id
where $ssh is a Net::SSH::Perl::SSH1 object.
This method is only applicable in SSH-1.
AUTHOR & COPYRIGHTS
Please see the Net::SSH::Perl manpage for author, copyright, and
license information.
perl v5.14.1 2009-01-26 Net::SSH::Perl::Agent(3)