NAME

Net::SSH::Perl::Agent - Client for agent authentication

SYNOPSIS

use Net::SSH::Perl::Agent;
my $agent = Net::SSH::Perl::Agent->new(2);  ## SSH-2 protocol
my $iter = $agent->identity_iterator;
while (my($key, $comment) = $iter->()) {
    ## Do something with $key.
}

DESCRIPTION

Net::SSH::Perl::Agent provides a client for agent-based publickey authentication. The idea behind agent authentication is that an auth daemon is started as the parent of all of your other processes (eg. as the parent of your shell process); all other processes thus inherit the connection to the daemon.

After loading your public keys into the agent using ssh-add, the agent listens on a Unix domain socket for requests for identities. When requested it sends back the public portions of the keys, which the SSH client (ie. Net::SSH::Perl, in this case) can send to the sshd, to determine if the keys will be accepted on the basis of authorization. If so, the client requests that the agent use the key to decrypt a random challenge (SSH-1) or sign a piece of data (SSH-2).

Net::SSH::Perl::Agent implements the client portion of the authentication agent; this is the piece that interfaces with Net::SSH::Perl's authentication mechanism to contact the agent daemon and ask for identities, etc. If you use publickey authentication (RSA authentication in SSH-1, PublicKey authentication in SSH-2), an attempt will automatically be made to contact the authentication agent. If the attempt succeeds, Net::SSH::Perl will try to use the identities returned from the agent, in addition to any identity files on disk.

USAGE

Net::SSH::Perl::Agent->new($version)

Constructs a new Agent object and returns that object.

$version should be either 1 or 2 and is a mandatory argument; it specifies the protocol version that the agent client should use when talking to the agent daemon.

$agent->identity_iterator

This is probably the easiest way to get at the identities provided by the agent. identity_iterator returns an iterator function that, when invoked, will returned the next identity in the list from the agent. For example:

my $iter = $agent->identity_iterator;
while (my($key, $comment) = $iter->()) {
     ## Do something with $key.
}

If called in scalar context, the iterator function will return the next key (a subclass of Net::SSH::Perl::Key). If called in list context (as above), both the key and the comment are returned.

$agent->first_identity

Returns the first identity in the list provided by the auth agent.

If called in scalar context, the iterator function will return the next key (a subclass of Net::SSH::Perl::Key). If called in list context, both the key and the comment are returned.

$agent->next_identity

Returns the next identity in the list provided by the auth agent. You must call this after first calling the first_identity method. For example:

my($key, $comment) = $agent->first_identity;
## Do something.

while (($key, $comment) = $agent->next_identity) {
    ## Do something.
}

If called in scalar context, the iterator function will return the next key (a subclass of Net::SSH::Perl::Key). If called in list context, both the key and the comment are returned.

$agent->sign($key, $data)

Asks the agent $agent to sign the data $data using the private portion of $key. The key and the data are sent to the agent, which returns the signature; the signature is then sent to the sshd for verification.

This method is only applicable in SSH-2.

$agent->decrypt($key, $data, $session_id)

Asks the agent to which $agent holds an open connection to decrypt the data $data using the private portion of $key. $data should be a big integer (Math::GMP object), and is generally a challenge to a request for RSA authentication. $session_id is the SSH session ID:

$ssh->session_id

where $ssh is a Net::SSH::Perl::SSH1 object.

This method is only applicable in SSH-1.

AUTHOR & COPYRIGHTS

Please see the Net::SSH::Perl manpage for author, copyright, and license information.