Steffen Schwigon > Net-SSH-Perl-2.09.01 > Net::SSH::Perl



Annotate this POD


Related Modules



New  26
Open  33
Stalled  1
View/Report Bugs
Module Version: 2.09   Source  


Net::SSH::Perl - Perl client Interface to SSH


    use Net::SSH::Perl;
    my $ssh = Net::SSH::Perl->new($host);
    $ssh->login($user, $pass);
    my($stdout, $stderr, $exit) = $ssh->cmd($cmd);


Net::SSH::Perl is an all-Perl module implementing an SSH (Secure Shell) client. It is compatible with both the SSH-1 and SSH-2 protocols.

Net::SSH::Perl enables you to simply and securely execute commands on remote machines, and receive the STDOUT, STDERR, and exit status of that remote command. It contains built-in support for various methods of authenticating with the server (password authentication, RSA challenge-response authentication, etc.). It completely implements the I/O buffering, packet transport, and user authentication layers of the SSH protocol, and makes use of external Perl libraries (in the Crypt:: family of modules) to handle encryption of all data sent across the insecure network. It can also read your existing SSH configuration files (/etc/ssh_config, etc.), RSA identity files, ECDSA identity files, Ed25519 identity files, known hosts files, etc.

One advantage to using Net::SSH::Perl over wrapper-style implementations of ssh clients is that it saves on process overhead: you no longer need to fork and execute a separate process in order to connect to an sshd. Depending on the amount of time and memory needed to fork a process, this win can be quite substantial; particularly if you're running in a persistent Perl environment (mod_perl, for example), where forking a new process is a drain on process and memory resources.

It also simplifies the process of using password-based authentications; when writing a wrapper around ssh you probably need to use Expect to control the ssh client and give it your password. Net::SSH::Perl has built-in support for the authentication protocols, so there's no longer any hassle of communicating with any external processes.

The SSH2 protocol support (present in Net::SSH::Perl as of version 1.00) is compatible with the SSH2 implementation in OpenSSH, and should also be fully compatible with the "official" SSH implementation. If you find an SSH2 implementation that is not compatible with Net::SSH::Perl, please let me know (email address down in AUTHOR & COPYRIGHTS); it turns out that some SSH2 implementations have subtle differences from others. AES-CTR (aes256-ctr, aes192-ctr, and aes128-ctr) and Chacha20-Poly1305 ciphers are currently supported for SSH2 encryption. Deprecated ciphers AES-CBC (aes256-cbc, aes192-cbc, and aes128-cbc) 3DES (3des-cbc), Blowfish (blowfish-cbc), and RC4 (arcfour) are available but not enabled by default.

Integrity checking is performed by the hmac-sha2-256, hmac-sha2-512,, or algorithms. The deprecated hmac-sha1 or hmac-md5 algorithms are available but not enabled by default.

Compression, if requested, is limited to Zlib.

Supported server host key algorithms are ssh-ed25519, rsa-sha2-512, rsa-sha2-256, ecdsa-sha2-nistp521, ecdsa-sha2-nistp384, ecdsa-sha2-nistp256, and ssh-rsa. Deprecated ssh-dss is supported but not enabled by default.

Supported SSH2 public key authentication algorithms are the same.

If you're looking for SFTP support, take a look at Net::SFTP, which provides a full-featured Perl implementation of SFTP, and sits on top of Net::SSH::Perl. SFTP requires the usage of the SSH2 protocol.


Usage of Net::SSH::Perl is very simple.

Net::SSH::Perl->new($host, %params)

To set up a new connection, call the new method, which connects to $host and returns a Net::SSH::Perl object.

new accepts the following named parameters in %params:

$ssh->login([ $user [, $password [, $suppress_shell ] ] ])

Sets the username and password to be used when authenticating with the sshd daemon. The username $user is required for all authentication protocols (to identify yourself to the remote server), but if you don't supply it the username of the user executing the program is used.

The password $password is needed only for password authentication (it's not used for passphrases on encrypted RSA/DSA identity files, though perhaps it should be). And if you're running in an interactive session and you've not provided a password, you'll be prompted for one.

By default, Net::SSH::Perl will open a channel with a shell on it. This is usually what you want. If you are tunneling another protocol over SSH, however, you may want to prevent this behavior. Passing a true value in $suppress_shell will prevent the shell channel from being opened (SSH2 only).

($out, $err, $exit) = $ssh->cmd($cmd, [ $stdin ])

Runs the command $cmd on the remote server and returns the stdout, stderr, and exit status of that command.

If $stdin is provided, it's supplied to the remote command $cmd on standard input.

NOTE: the SSH-1 protocol does not support running multiple commands per connection, unless those commands are chained together so that the remote shell can evaluate them. Because of this, a new socket connection is created each time you call cmd, and disposed of afterwards. In other words, this code:

    my $ssh = Net::SSH::Perl->new("host1");
    $ssh->login("user1", "pass1");


will actually connect to the sshd on the first invocation of cmd, then disconnect; then connect again on the second invocation of cmd, then disconnect again.

Note that this does not apply to the SSH-2 protocol. SSH-2 fully supports running more than one command over the same connection.


Opens up an interactive shell on the remote machine and connects it to your STDIN. This is most effective when used with a pseudo tty; otherwise you won't get a command line prompt, and it won't look much like a shell. For this reason--unless you've specifically declined one--a pty will be requested from the remote machine, even if you haven't set the use_pty argument to new (described above).

This is really only useful in an interactive program.

In addition, you'll probably want to set your terminal to raw input before calling this method. This lets Net::SSH::Perl process each character and send it off to the remote machine, as you type it.

To do so, use Term::ReadKey in your program:

    use Term::ReadKey;

In fact, you may want to place the restore line in an END block, in case your program exits prior to reaching that line.

If you need an example, take a look at eg/pssh, which uses almost this exact code to implement an ssh shell.

$ssh->register_handler($packet_type, $subref [, @args ])

Registers an anonymous subroutine handler $subref to handle packets of type $packet_type during the client loop. The subroutine will be called when packets of type $packet_type are received, and in addition to the standard arguments (see below), will receive any additional arguments in @args, if specified.

The client loop is entered after the client has sent a command to the remote server, and after any STDIN data has been sent; it consists of reading packets from the server (STDOUT packets, STDERR packets, etc.) until the server sends the exit status of the command executed remotely. At this point the client exits the client loop and disconnects from the server.

When you call the cmd method, the client loop by default simply sticks STDOUT packets into a scalar variable and returns that value to the caller. It does the same for STDERR packets, and for the process exit status. (See the docs for cmd).

You can, however, override that default behavior, and instead process the data itself as it is sent to the client. You do this by calling the register_handler method and setting up handlers to be called at specific times.

The behavior of the register_handler method differs between the Net::SSH::Perl SSH-1 and SSH-2 implementations. This is so because of the differences between the protocols (all client-server communications in SSH-2 go through the channel mechanism, which means that input packets are processed differently).


Your basic SSH needs will hopefully be met by the methods listed above. If they're not, however, you may want to use some of the additional methods listed here. Some of these are aimed at end-users, while others are probably more useful for actually writing an authentication module, or a cipher, etc.


Returns the Net::SSH::Perl::Config object managing the configuration data for this SSH object. This is constructed from data passed in to the constructor new (see above), merged with data read from the user and system configuration files. See the Net::SSH::Perl::Config docs for details on methods you can call on this object (you'll probably be more interested in the get and set methods).


Returns the socket connection to sshd. If your client is not connected, dies.


If debugging is turned on for this session (see the debug parameter to the new method, above), writes $msg to STDERR. Otherwise nothing is done.


Incoming data buffer, an object of type Net::SSH::Perl::Buffer. Returns the buffer object.

The idea behind this is that we our socket is non-blocking, so we buffer input and periodically check back to see if we've read a full packet. If we have a full packet, we rip it out of the incoming data buffer and process it, returning it to the caller who presumably asked for it.

This data "belongs" to the underlying packet layer in Net::SSH::Perl::Packet. Unless you really know what you're doing you probably don't want to disturb that data.


Returns the session ID, which is generated from the server's host and server keys, and from the check bytes that it sends along with the keys. The server may require the session ID to be passed along in other packets, as well (for example, when responding to RSA challenges).

$packet = $ssh->packet_start($packet_type)

Starts building a new packet of type $packet_type. This is just a handy method for lazy people. Internally it calls Net::SSH::Perl::Packet::new, so take a look at those docs for more details.


For samples/tutorials, take a look at the scripts in eg/ in the distribution directory.

Please report bugs at:


Development on V2 by Lance Kinley

Previous maintainers were: David Robins, Dave Rolsky,

Originally written by Benjamin Trott.


Copyright (c) 2015-2016 Rythmos, Inc. Copyright (c) 2001-2003 Benjamin Trott, Copyright (c) 2003-2008 David Rolsky. Copyright (c) David Robins. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

The full text of the license can be found in the LICENSE file included with this module.

syntax highlighting: