News

2023-08-05
Rex-1.14.3

Rex-1.14.3 is now available on CPAN. It contains bug fixes for local package installation, command existence checks, and Git tests.

2023-05-05
Rex-1.14.2

The Rex-1.14.2 release is now available on CPAN. It contains bug fixes for running local commands on Windows, cloning git repositories, and test suite fixes for the upcoming perl-5.38.0 release.

2023-03-17
Call for papers TPRC 2023

Dean Hamstead from the The Perl and Raku Foundation Marketing Committee has sent an invitation to present about Rex at TPRC 2023. I’m posting it here to increase visibility.

2023-03-05
Rex-1.14.1

The Rex-1.14.1 release is now available on CPAN. It contains bug fixes and documentation updates.

2023-02-05
Rex-1.14.0

The Rex-1.14.0 release is now available on CPAN. It contains improved Rexfile loading, documentation updates, and bumps the minimum required Perl version to 5.12.5.

Events

2021-03-08
Learning automation using Rex

Ferenc Erki (FErki) will be the guest of Gábor Szabó on the next Code Maven live stream to learn about automation using Rex. Register for the free event via Code Maven or Meetup, and join the discussion!

2020-03-05
Unexpected use cases with Rex

Unexpected use cases with Rex at the 22nd German Perl/Raku Workshop 2020 in Erlangen by Ferenc Erki (FErki).

2019-11-09
Rex & Friends

Rex & Friends talk at the Barcelona Perl & Friends 2019 by Ferenc Erki (FErki).

» Home » Docs » Rex book » The rex dsl » Authentication

Authentication

Rex is capable to use two different SSH implementations under the hood: Net::SSH2 which is default on Windows, and the combination of Net::OpenSSH and Net::SFTP::Foreign on other platforms.

Those SSH implementations support many different authentication methods like passwords, key based or Kerberos authentication, or using and forwarding SSH agent. If you don't specify one of them explicitly, Rex will try to figure out which one to use, but that may or may not work for you, or be the one you expected. Rex also tries to use the current user's username for authentication if it's not specified with user.

All in all, despite the comfort the above behaviour might provide, we recommend to be explicit about the authentication method to be used as some servers may be configured to drop the connection after a couple of failed authentication attempts.

You can find examples on how to configure them below.

Password authentication

The simplest way to authenticate against your servers is to use password authentication. For this you need a valid user and a password on the remote host.

user 'root';
password 'my_password';
pass_auth;

Specifying pass_auth is optional.

Key based authentication

Another simple way is to use a pair of private and public keys to authenticate against your servers.

If you don't have a pair of keys yet you can create them with ssh-keygen on Unix-like systems and with PuTTYgen on Windows.

Due to the differences of their implementations, the key here (pun intended) is that you have to include the path to both of your keys when using Net::SSH2, but you can omit them when using Net::OpenSSH.

Net::SSH2

user 'root';
private_key '/path/to/your/private.key';
public_key '/path/to/your/public.key';
key_auth;

Net::OpenSSH

user 'root';
key_auth;

If you use a passphrase with your private key, you can specify it simply as if it was a password:

Net::SSH2

user 'root';
private_key '/path/to/your/private.key';
public_key '/path/to/your/public.key';
password 'my_password';
key_auth;

Net::OpenSSH

user 'root';
password 'my_password';
key_auth;

Using an SSH agent

If you can't or don't want to use any of the above methods, you can use agent authentication. Configuration for it is very similar to key based authentication, you only need to omit key_auth.

Net::SSH2

user 'root';
private_key '/path/to/your/private.key';
public_key '/path/to/your/public.key';

Net::OpenSSH

user 'root';

Important notes:

1. For agent authentication to work, make sure the agent is running on your system.
2. Agent forwarding only works with Net::OpenSSH.

Kerberos authentication

As of version 0.42.0, Rex supports Kerberos authentication through Net::OpenSSH:

user 'root';
krb5_auth;