++ed by:
8 non-PAUSE users
Author image Steffen Schwigon
and 2 contributors


Net::SSH::Perl::Auth::Rhosts_RSA - Perform Rhosts-RSA authentication


    use Net::SSH::Perl::Auth;
    my $auth = Net::SSH::Perl::Auth->new('Rhosts_RSA', $ssh);
    print "Valid auth" if $auth->authenticate;


Net::SSH::Perl::Auth::Rhosts_RSA performs Rhosts with RSA authentication with a remote sshd server. This is standard Rhosts authentication, plus a challenge-response phase where the server RSA-authenticates the client based on its host key. When you create a new Rhosts_RSA auth object, you give it an $ssh object, which should contain an open connection to an ssh daemon, as well as any data that the authentication module needs to proceed. In this case, the $ssh object must contain the name of the user trying to open the connection.

Note that the sshd server will require two things from your client:

1. Privileged Port

sshd will require your client to be running on a privileged port (below 1024); this will, in turn, likely require your client to be running as root. If your client is not running on a privileged port, the Rhosts-RSA authentication request will be denied.

If you're running as root, Net::SSH::Perl should automatically detect that and try to start up on a privileged port. If for some reason that isn't happening, take a look at the Net::SSH::Perl docs.

2. Private Host Key

In order to do RSA-authentication on your host key, your client must be able to read the host key. This will likely be impossible unless you're running as root, because the private host key file (/etc/ssh_host_key) is readable only by root.

With that aside, to use Rhosts-RSA authentication the client sends a request to the server to authenticate it, including the name of the user trying to authenticate, as well as the public parts of the host key. The server first ensures that the host can be authenticated using standard Rhosts authentication (shosts.equiv, hosts.equiv, etc.). If the client passes this test, the server sends an encrypted challenge to the client. The client must decrypt this challenge using its private host key, then respond to the server with its response.

Once the response has been sent, the server responds with success or failure.


Please see the Net::SSH::Perl manpage for author, copyright, and license information.