/Net-SSH-Perl

Development on the Net::SSH::Perl module to support latest ciphers, key exchange mechanisms, etc.

Primary LanguagePerlOtherNOASSERTION

$Id: README,v 1.23 2008/10/02 18:53:54 turnstep Exp $

This is Net::SSH::Perl. It contains implementations of
both the SSH1 and SSH2 protocols.

PREREQUISITES

Protocol 1

    * Math::GMP (1.04 or greater)
    * String::CRC32 (1.2 or greater)
    * Digest::MD5
    * IO::Socket
    * Crypt::IDEA

Protocol 2

    * CryptX (0.032 or greater)
    * Crypt::Curve25519 (0.05 or greater)
    * IO::Socket

It optionally requires Digest::BubbleBabble for
generating bubble babble fingerprints.

INSTALLATION

Net::SSH::Perl installation is relatively straightforward. If
your CPAN shell is set up, you should just be able to do

    % perl -MCPAN -e 'install Net::SSH::Perl'

If you don't like that, you can download the distribution; the
latest version on CPAN can be found at

	https://metacpan.org/module/Net::SSH::Perl

Download it, unpack it, then build it as per the usual:

    % perl Makefile.PL
    % make && make test

Then install it:

    % make install

USAGE NOTES

The goal for V2 was to implement the latest SSH features while
providing very secure defaults.

The following Ciphers are available but not enabled by default
for SSH2 connections:
  - Legacy ciphers arcfour, blowfish, DES, DES3, IDEA, RC4
    (All considered obsolete and insecure)
  - AES in CBC mode

To enable AES256 in CBC mode, for example, pass the option:
'Ciphers +aes256-cbc' to Net::SSH::Perl->new().

The following Key Exchange (KEX) mechanisms are disabled by
default:
  - diffie-hellman-group1-sha1
  - diffie-hellman-group14-sha1
  - diffie-hellman-group-exchange-sha1

One can enable via the "KexAlgorithms" option.  For example:
'KexAlgorithms +diffie-hellman-group1-sha1'

The following MACs are disabled by default:
  - hmac-md5
  - hmac-sha1

One can enable via the "MACs" option.  For example:
'MACs +hmac-sha1'

SAMPLES/TUTORIALS

Take a look at the scripts in eg/ for help and examples of
using Net::SSH::Perl.

* eg/cmd.pl is just a simple example of some of the
functionality in the module;

# eg/pssh is an ssh-like client for running commands on
remote servers and connecting to a shell on remote servers;

* eg/pscp is a very simple scp-like script;

* eg/pssh-keygen is, as you might guess, an implementation of
ssh-keygen in Perl, using the Net::SSH::Perl key libraries.
It contains almost all of the functionality in the OpenSSH
version of ssh-keygen.

* eg/remoteinteract.pl is an example of using register_handler
to interact with a remote (interactive) command.

Both pssh and pscp support a subset of the command line options
that the actual tools support; obviously, only those options
supported by Net::SSH::Perl are supported by the two scripts.

David Robins / dbrobins@cpan.org

Support for the following features by:
Lance Kinley / lkinley@rythmos.com

Diffie-Hellman Group 14, 16, and 18 Key Exchange
Diffie-Hellman Group Exchange
Curve25519 Key Exchange (curve25519-sha256@libssh.org)
AES Cipher support (aes256-ctr,aes192-ctr,aes128-ctr)
Chacha20-Poly1305 cipher support (chacha20-poly1305@openssh.com)
hmac-sha2-256,hmac-sha2-512 MAC support
hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com
  Encrypt-then-MAC (ETM) MAC support
Ed25519 key support, including encrypted keys that are enciphered
  with supported crypto algorithms
ECDSA Elliptical Curve DSA key support: ecdsa-sha2-nistp256,
  ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
SHA2 RSA signature methods