Quick note for me: How to use Net::SSH::Perl to have a remote SSH key sign something, and then verify that signature later.
use Net::SSH::Perl::Key
use Net::SSH::Perl::Agent
$a = Net::SSH::Perl::Agent->new(2);
$i = $a->identity_iterator;
$m = "My message here";
while (my ($k,$c) = $i->()) {
print "Key '$c'\n";
$s = $a->sign($k,$m);
next unless defined($s);
print "Message signed!";
# The next line is needed, or else the key can't be parsed.
$k->{datafellows} = \0;
$z=$k->verify($s,$m);
print 'Message ', ($z ? '' : 'not '), "verified\n";
}
Maybe use this, with SSH agent forwarding, as a challenge-response method of saying “Hey, end-user, are you still there?”
NOTE: The signature you get back from this method is not something that you can feed into Crypt::RSA unmodified. It includes SSH-specific stuff (like, for example, “ssh-rsa” at the start of the signature).