evented-ssh 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1b74dc6a3af01c7c24fe72960ce9a64928f850d9
+  data.tar.gz: dccac2ad2cfbbcdfbbd9639deb6df27b210656f1
+SHA512:
+  metadata.gz: 0f2bb02a4a7c4731b883d4155c66175bc3c77485294b6d06993be6d14110faf917b3a2fe5502f3a49f3dde209aa1127bbc744e98fb1b5647c35b6a693295def1
+  data.tar.gz: 3c22dced0445134e2f2e2001ce71827094ce2b7fb2fce52df74dc994f3bd046eed1cc0c43c652972be3d7d11c1ba3519533e69993c777705b09fab09ccb44c7f

data/README.md

@@ -0,0 +1,11 @@
+# Evented SSH
+
+evented-ssh is a net-ssh adapter for Libuv. For the most part you can take any net-ssh code you have and run it in the Libuv reactor.
+
+It runs almost entirely on net-ssh code, replacing parts of the transport and using futures in place of IO select calls.
+
+
+## Installation
+
+  gem install evented-ssh
+

data/lib/evented-ssh/connection/channel.rb

@@ -0,0 +1,33 @@
+
+require 'net/ssh/connection/channel'
+
+module Net; module SSH; module Connection
+    class Channel
+        alias_method :original_initialize, :initialize
+        def initialize(connection, *args, &block)
+            original_initialize(connection, *args, &block)
+            @defer = connection.transport.reactor.defer
+        end
+
+        attr_reader :defer
+
+        # Use promise resolution instead of a loop
+        def wait
+            @defer.promise.value
+        end
+
+        # Allow direct access to the promise.
+        # Means we can do parallel tasks and then grab
+        # the results of multiple executions.
+        def promise
+            @defer.promise
+        end
+
+        alias_method :original_do_close, :do_close
+        def do_close
+            # Resolve the promise and anything waiting
+            @defer.resolve(nil)
+            original_do_close
+        end
+    end
+end; end; end

data/lib/evented-ssh/connection/event_loop.rb

@@ -0,0 +1,16 @@
+
+require 'net/ssh/connection/event_loop'
+
+module Net; module SSH; module Connection
+    class EventLoop
+
+        # Same as Net::SSH except it never tries to wait on IO. This
+        # basically always blocks the current fiber now until a packet
+        # is available. Connection#loop is called in a dedicated fiber
+        # who's purpose is to distribute the packets as they come in.
+        def process(wait = nil, &block)
+            return false unless ev_preprocess(&block)
+            #ev_select_and_postprocess(wait)
+        end
+    end
+end; end; end

data/lib/evented-ssh/connection/session.rb

@@ -0,0 +1,49 @@
+
+require 'net/ssh/connection/session'
+
+module Net; module SSH; module Connection
+    class Session
+        alias_method :original_initialize, :initialize
+        def initialize(transport, options = {})
+            original_initialize(transport, options)
+
+            # This processes the incoming packets
+            # Replacing the IO select calls
+            # Next tick so we don't block the current fiber
+            transport.reactor.next_tick {
+                loop { true }
+            }
+        end
+
+        def close
+            info { "closing remaining channels (#{channels.length} open)" }
+            waiting = channels.collect { |id, channel|
+                channel.close
+                channel.defer.promise
+            }
+            begin
+                # We use promise resolution here instead of a loop
+                ::Libuv.all(waiting).value if channels.any?
+            rescue Net::SSH::Disconnect
+                raise unless channels.empty?
+            end
+            transport.close
+        end
+
+        # similar to exec! however it returns a promise instead of
+        # blocking the flow of execution.
+        def p_exec!(command, status: nil)
+            status ||= {}
+            channel = exec(command, status: status) do |ch, type, data|
+                ch[:result] ||= String.new
+                ch[:result] << data
+            end
+            channel.promise.then do
+                channel[:result] ||= ""
+                channel[:result] &&= channel[:result].force_encoding("UTF-8")
+
+                StringWithExitstatus.new(channel[:result], status[:exit_code])
+            end
+        end
+    end
+end; end; end

data/lib/evented-ssh/transport/algorithms.rb

@@ -0,0 +1,443 @@
+
+module ESSH; module Transport
+    # Implements the higher-level logic behind an SSH key-exchange. It handles
+    # both the initial exchange, as well as subsequent re-exchanges (as needed).
+    # It also encapsulates the negotiation of the algorithms, and provides a
+    # single point of access to the negotiated algorithms.
+    #
+    # You will never instantiate or reference this directly. It is used
+    # internally by the transport layer.
+    class Algorithms
+        include ::Net::SSH::Transport::Constants
+        include ::Net::SSH::Loggable
+
+        # Define the default algorithms, in order of preference, supported by
+        # Net::SSH.
+        ALGORITHMS = {
+            host_key: %w(ssh-rsa ssh-dss
+                        ssh-rsa-cert-v01@openssh.com
+                        ssh-rsa-cert-v00@openssh.com),
+            kex: %w(diffie-hellman-group-exchange-sha1
+                    diffie-hellman-group1-sha1
+                    diffie-hellman-group14-sha1
+                    diffie-hellman-group-exchange-sha256),
+            encryption: %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
+                        aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
+                        idea-cbc arcfour128 arcfour256 arcfour
+                        aes128-ctr aes192-ctr aes256-ctr
+                        cast128-ctr blowfish-ctr 3des-ctr none),
+
+            hmac: %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96
+                    hmac-ripemd160 hmac-ripemd160@openssh.com
+                    hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96
+                    hmac-sha2-512-96 none),
+
+            compression: %w(none zlib@openssh.com zlib),
+            language: %w()
+        }
+        if defined?(::OpenSSL::PKey::EC)
+            ALGORITHMS[:host_key] += %w(ecdsa-sha2-nistp256
+                                    ecdsa-sha2-nistp384
+                                    ecdsa-sha2-nistp521)
+
+            if ::Net::SSH::Authentication::ED25519Loader::LOADED
+                ALGORITHMS[:host_key] += %w(ssh-ed25519)
+            end
+
+            ALGORITHMS[:kex] += %w(ecdh-sha2-nistp256
+                                ecdh-sha2-nistp384
+                                ecdh-sha2-nistp521)
+        end
+
+        # The underlying transport layer session that supports this object
+        attr_reader :session
+
+        # The hash of options used to initialize this object
+        attr_reader :options
+
+        # The kex algorithm to use settled on between the client and server.
+        attr_reader :kex
+
+        # The type of host key that will be used for this session.
+        attr_reader :host_key
+
+        # The type of the cipher to use to encrypt packets sent from the client to
+        # the server.
+        attr_reader :encryption_client
+
+        # The type of the cipher to use to decrypt packets arriving from the server.
+        attr_reader :encryption_server
+
+        # The type of HMAC to use to sign packets sent by the client.
+        attr_reader :hmac_client
+
+        # The type of HMAC to use to validate packets arriving from the server.
+        attr_reader :hmac_server
+
+        # The type of compression to use to compress packets being sent by the client.
+        attr_reader :compression_client
+
+        # The type of compression to use to decompress packets arriving from the server.
+        attr_reader :compression_server
+
+        # The language that will be used in messages sent by the client.
+        attr_reader :language_client
+
+        # The language that will be used in messages sent from the server.
+        attr_reader :language_server
+
+        # The hash of algorithms preferred by the client, which will be told to
+        # the server during algorithm negotiation.
+        attr_reader :algorithms
+
+        # The session-id for this session, as decided during the initial key exchange.
+        attr_reader :session_id
+
+        # Returns true if the given packet can be processed during a key-exchange.
+        def self.allowed_packet?(packet)
+            ( 1.. 4).include?(packet.type) ||
+            ( 6..19).include?(packet.type) ||
+            (21..49).include?(packet.type)
+        end
+
+        # Instantiates a new Algorithms object, and prepares the hash of preferred
+        # algorithms based on the options parameter and the ALGORITHMS constant.
+        def initialize(session, options={})
+            @session = session
+            @logger = session.logger
+            @options = options
+            @algorithms = {}
+            @ready = @session.reactor.defer
+            @pending = nil
+            @initialized = false
+            @client_packet = @server_packet = nil
+            prepare_preferred_algorithms!
+        end
+
+        # Start the algorithm negotation
+        def start
+            raise ArgumentError, "Cannot call start if it's negotiation started or done" if @pending || @initialized
+            send_kexinit unless @server_data
+        end
+
+        def ready
+            @ready.promise.value
+        end
+
+        def reject(error)
+            @ready.reject(error)
+            @pending.reject(error) if @pending
+        end
+
+        # Request a rekey operation. This will return immediately, and does not
+        # actually perform the rekey operation. It does cause the session to change
+        # state, however--until the key exchange finishes, no new packets will be
+        # processed.
+        def rekey!
+            @client_packet = @server_packet = nil
+            @initialized = false
+            send_kexinit
+        end
+
+        # Called by the transport layer when a KEXINIT packet is received, indicating
+        # that the server wants to exchange keys. This can be spontaneous, or it
+        # can be in response to a client-initiated rekey request (see #rekey!). Either
+        # way, this will block until the key exchange completes.
+        def accept_kexinit(packet)
+            info { "got KEXINIT from server" }
+            @server_data = parse_server_algorithm_packet(packet)
+            @server_packet = @server_data[:raw]
+            if @pending.nil?
+                send_kexinit
+            else
+                proceed!
+            end
+        end
+
+        # A convenience method for accessing the list of preferred types for a
+        # specific algorithm (see #algorithms).
+        def [](key)
+            algorithms[key]
+        end
+
+        # Returns +true+ if a key-exchange is pending. This will be true from the
+        # moment either the client or server requests the key exchange, until the
+        # exchange completes. While an exchange is pending, only a limited number
+        # of packets are allowed, so event processing essentially stops during this
+        # period.
+        def pending?
+            @pending
+        end
+
+        # Returns true if no exchange is pending, and otherwise returns true or
+        # false depending on whether the given packet is of a type that is allowed
+        # during a key exchange.
+        def allow?(packet)
+            !pending? || Algorithms.allowed_packet?(packet)
+        end
+
+        # Returns true if the algorithms have been negotiated at all.
+        def initialized?
+            @initialized
+        end
+
+        private
+
+        # Sends a KEXINIT packet to the server. If a server KEXINIT has already
+        # been received, this will then invoke #proceed! to proceed with the key
+        # exchange, otherwise it returns immediately (but sets the object to the
+        # pending state).
+        def send_kexinit
+            @pending = @session.reactor.defer
+            @pending.promise.finally do
+                @pending = nil
+            end
+            @ready.resolve(@pending.promise)
+
+            info { "sending KEXINIT" }
+
+            packet = build_client_algorithm_packet
+            @client_packet = packet.to_s
+            session.enqueue_message(packet)
+            proceed! if @server_packet
+        end
+
+        # After both client and server have sent their KEXINIT packets, this
+        # will do the algorithm negotiation and key exchange. Once both finish,
+        # the object leaves the pending state and the method returns.
+        def proceed!
+            info { "negotiating algorithms" }
+            negotiate_algorithms
+            exchange_keys
+        rescue Exception => e
+            @pending.reject(e)
+        end
+
+        # Prepares the list of preferred algorithms, based on the options hash
+        # that was given when the object was constructed, and the ALGORITHMS
+        # constant. Also, when determining the host_key type to use, the known
+        # hosts files are examined to see if the host has ever sent a host_key
+        # before, and if so, that key type is used as the preferred type for
+        # communicating with this server.
+        def prepare_preferred_algorithms!
+            options[:compression] = %w(zlib@openssh.com zlib) if options[:compression] == true
+
+            ALGORITHMS.each do |algorithm, supported|
+                algorithms[algorithm] = compose_algorithm_list(supported, options[algorithm], options[:append_all_supported_algorithms])
+            end
+
+            # for convention, make sure our list has the same keys as the server
+            # list
+
+            algorithms[:encryption_client ] = algorithms[:encryption_server ] = algorithms[:encryption]
+            algorithms[:hmac_client       ] = algorithms[:hmac_server       ] = algorithms[:hmac]
+            algorithms[:compression_client] = algorithms[:compression_server] = algorithms[:compression]
+            algorithms[:language_client   ] = algorithms[:language_server   ] = algorithms[:language]
+
+            if !options.key?(:host_key)
+                # make sure the host keys are specified in preference order, where any
+                # existing known key for the host has preference.
+
+                existing_keys = session.host_keys
+                host_keys = existing_keys.map { |key| key.ssh_type }.uniq
+                algorithms[:host_key].each do |name|
+                    host_keys << name unless host_keys.include?(name)
+                end
+                algorithms[:host_key] = host_keys
+            end
+        end
+
+        # Composes the list of algorithms by taking supported algorithms and matching with supplied options.
+        def compose_algorithm_list(supported, option, append_all_supported_algorithms = false)
+            return supported.dup unless option
+
+            list = []
+            option = Array(option).compact.uniq
+
+            if option.first && option.first.start_with?('+')
+                list = supported.dup
+                list << option.first[1..-1]
+                list.concat(option[1..-1])
+                list.uniq!
+            else
+                list = option
+
+                if append_all_supported_algorithms
+                    supported.each { |name| list << name unless list.include?(name) }
+                end
+            end
+
+            unsupported = []
+            list.select! do |name|
+                is_supported = supported.include?(name)
+                unsupported << name unless is_supported
+                is_supported
+            end
+
+            lwarn { %(unsupported algorithm: `#{unsupported}') } unless unsupported.empty?
+
+            list
+        end
+
+        # Parses a KEXINIT packet from the server.
+        def parse_server_algorithm_packet(packet)
+            data = { raw: packet.content }
+
+            packet.read(16) # skip the cookie value
+
+            data[:kex]                = packet.read_string.split(/,/)
+            data[:host_key]           = packet.read_string.split(/,/)
+            data[:encryption_client]  = packet.read_string.split(/,/)
+            data[:encryption_server]  = packet.read_string.split(/,/)
+            data[:hmac_client]        = packet.read_string.split(/,/)
+            data[:hmac_server]        = packet.read_string.split(/,/)
+            data[:compression_client] = packet.read_string.split(/,/)
+            data[:compression_server] = packet.read_string.split(/,/)
+            data[:language_client]    = packet.read_string.split(/,/)
+            data[:language_server]    = packet.read_string.split(/,/)
+
+            # TODO: if first_kex_packet_follows, we need to try to skip the
+            # actual kexinit stuff and try to guess what the server is doing...
+            # need to read more about this scenario.
+            # first_kex_packet_follows = packet.read_bool
+
+            return data
+        end
+
+        # Given the #algorithms map of preferred algorithm types, this constructs
+        # a KEXINIT packet to send to the server. It does not actually send it,
+        # it simply builds the packet and returns it.
+        def build_client_algorithm_packet
+            kex         = algorithms[:kex        ].join(",")
+            host_key    = algorithms[:host_key   ].join(",")
+            encryption  = algorithms[:encryption ].join(",")
+            hmac        = algorithms[:hmac       ].join(",")
+            compression = algorithms[:compression].join(",")
+            language    = algorithms[:language   ].join(",")
+
+            ::Net::SSH::Buffer.from(:byte, KEXINIT,
+                :long, [rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF)],
+                :mstring, [kex, host_key, encryption, encryption, hmac, hmac],
+                :mstring, [compression, compression, language, language],
+                :bool, false, :long, 0)
+        end
+
+        # Given the parsed server KEX packet, and the client's preferred algorithm
+        # lists in #algorithms, determine which preferred algorithms each has
+        # in common and set those as the selected algorithms. If, for any algorithm,
+        # no type can be settled on, an exception is raised.
+        def negotiate_algorithms
+            @kex                = negotiate(:kex)
+            @host_key           = negotiate(:host_key)
+            @encryption_client  = negotiate(:encryption_client)
+            @encryption_server  = negotiate(:encryption_server)
+            @hmac_client        = negotiate(:hmac_client)
+            @hmac_server        = negotiate(:hmac_server)
+            @compression_client = negotiate(:compression_client)
+            @compression_server = negotiate(:compression_server)
+            @language_client    = negotiate(:language_client) rescue ""
+            @language_server    = negotiate(:language_server) rescue ""
+
+            debug do
+                "negotiated:\n" +
+                    [:kex, :host_key, :encryption_server, :encryption_client, :hmac_client, :hmac_server, :compression_client, :compression_server, :language_client, :language_server].map do |key|
+                      "* #{key}: #{instance_variable_get("@#{key}")}"
+                    end.join("\n")
+            end
+        end
+
+        # Negotiates a single algorithm based on the preferences reported by the
+        # server and those set by the client. This is called by
+        # #negotiate_algorithms.
+        def negotiate(algorithm)
+            match = self[algorithm].find { |item| @server_data[algorithm].include?(item) }
+            if match.nil?
+                raise ::Net::SSH::Exception, "could not settle on #{algorithm} algorithm"
+            end
+            return match
+        end
+
+        # Considers the sizes of the keys and block-sizes for the selected ciphers,
+        # and the lengths of the hmacs, and returns the largest as the byte requirement
+        # for the key-exchange algorithm.
+        def kex_byte_requirement
+            sizes = [8] # require at least 8 bytes
+
+            sizes.concat(::Net::SSH::Transport::CipherFactory.get_lengths(encryption_client))
+            sizes.concat(::Net::SSH::Transport::CipherFactory.get_lengths(encryption_server))
+
+            sizes << ::Net::SSH::Transport::HMAC.key_length(hmac_client)
+            sizes << ::Net::SSH::Transport::HMAC.key_length(hmac_server)
+
+            sizes.max
+        end
+
+        # Instantiates one of the Transport::Kex classes (based on the negotiated
+        # kex algorithm), and uses it to exchange keys. Then, the ciphers and
+        # HMACs are initialized and fed to the transport layer, to be used in
+        # further communication with the server.
+        def exchange_keys
+            debug { "exchanging keys" }
+
+            algorithm = ::Net::SSH::Transport::Kex::MAP[kex].new(self, session,
+                client_version_string: ::Net::SSH::Transport::ServerVersion::PROTO_VERSION,
+                server_version_string: session.server_version.version,
+                server_algorithm_packet: @server_packet,
+                client_algorithm_packet: @client_packet,
+                need_bytes: kex_byte_requirement,
+                minimum_dh_bits: options[:minimum_dh_bits],
+                logger: logger)
+            result = algorithm.exchange_keys
+
+            secret   = result[:shared_secret].to_ssh
+            hash     = result[:session_id]
+            digester = result[:hashing_algorithm]
+
+            @session_id ||= hash
+
+            key = Proc.new { |salt| digester.digest(secret + hash + salt + @session_id) }
+
+            iv_client = key["A"]
+            iv_server = key["B"]
+            key_client = key["C"]
+            key_server = key["D"]
+            mac_key_client = key["E"]
+            mac_key_server = key["F"]
+
+            parameters = { shared: secret, hash: hash, digester: digester }
+
+            cipher_client = ::Net::SSH::Transport::CipherFactory.get(encryption_client, parameters.merge(iv: iv_client, key: key_client, encrypt: true))
+            cipher_server = ::Net::SSH::Transport::CipherFactory.get(encryption_server, parameters.merge(iv: iv_server, key: key_server, decrypt: true))
+
+            mac_client = ::Net::SSH::Transport::HMAC.get(hmac_client, mac_key_client, parameters)
+            mac_server = ::Net::SSH::Transport::HMAC.get(hmac_server, mac_key_server, parameters)
+
+            session.configure_client cipher: cipher_client, hmac: mac_client,
+                compression: normalize_compression_name(compression_client),
+                compression_level: options[:compression_level],
+                rekey_limit: options[:rekey_limit],
+                max_packets: options[:rekey_packet_limit],
+                max_blocks: options[:rekey_blocks_limit]
+
+            session.configure_server cipher: cipher_server, hmac: mac_server,
+                compression: normalize_compression_name(compression_server),
+                rekey_limit: options[:rekey_limit],
+                max_packets: options[:rekey_packet_limit],
+                max_blocks: options[:rekey_blocks_limit]
+
+            @pending.resolve(self)
+            @initialized = true
+        end
+
+        # Given the SSH name for some compression algorithm, return a normalized
+        # name as a symbol.
+        def normalize_compression_name(name)
+            case name
+            when "none"             then false
+            when "zlib"             then :standard
+            when "zlib@openssh.com" then :delayed
+            else raise ArgumentError, "unknown compression type `#{name}'"
+            end
+        end
+    end
+end; end

data/lib/evented-ssh/transport/packet_stream.rb

@@ -0,0 +1,322 @@
+require 'libuv'
+
+require 'net/ssh/errors'
+require 'net/ssh/loggable'
+require 'net/ssh/transport/constants'
+require 'net/ssh/transport/state'
+require 'net/ssh/buffer'
+require 'net/ssh/packet'
+
+module ESSH; module Transport
+    class PacketStream < ::Libuv::TCP
+        include ::Net::SSH::Transport::Constants
+        include ::Net::SSH::Loggable
+
+        def initialize(session, **options)
+            @hints  = {}
+            @server = ::Net::SSH::Transport::State.new(self, :server)
+            @client = ::Net::SSH::Transport::State.new(self, :client)
+            @packet = nil
+            @packets = []
+            @packets = []
+            @pending_packets = []
+            @process_pending = nil
+            @awaiting = []
+            @input = ::Net::SSH::Buffer.new
+
+            @session = session
+            @have_header = false
+
+            self.logger = options[:logger]
+            super(session.reactor, **options)
+
+            progress method(:check_packet)
+        end
+
+        def prepare(buff)
+            progress method(:check_packet)
+            check_packet(buff, self) unless buff.empty?
+            #start_read
+        end
+
+        attr_accessor :algorithms
+
+        # The map of "hints" that can be used to modify the behavior of the packet
+        # stream. For instance, when authentication succeeds, an "authenticated"
+        # hint is set, which is used to determine whether or not to compress the
+        # data when using the "delayed" compression algorithm.
+        attr_reader :hints
+
+        # The server state object, which encapsulates the algorithms used to interpret
+        # packets coming from the server.
+        attr_reader :server
+
+        # The client state object, which encapsulates the algorithms used to build
+        # packets to send to the server.
+        attr_reader :client
+
+        # The name of the client (local) end of the socket, as reported by the
+        # socket.
+        def client_name
+            sockname[0]
+        end
+
+        # The IP address of the peer (remote) end of the socket, as reported by
+        # the socket.
+        def peer_ip
+            peername[0]
+        end
+
+        # Enqueues a packet to be sent, but does not immediately send the packet.
+        # The given payload is pre-processed according to the algorithms specified
+        # in the client state (compression, cipher, and hmac).
+        def enqueue_packet(payload)
+            # try to compress the packet
+            payload = client.compress(payload)
+
+            # the length of the packet, minus the padding
+            actual_length = 4 + payload.bytesize + 1
+
+            # compute the padding length
+            padding_length = client.block_size - (actual_length % client.block_size)
+            padding_length += client.block_size if padding_length < 4
+
+            # compute the packet length (sans the length field itself)
+            packet_length = payload.bytesize + padding_length + 1
+
+            if packet_length < 16
+                padding_length += client.block_size
+                packet_length = payload.bytesize + padding_length + 1
+            end
+
+            padding = Array.new(padding_length) { rand(256) }.pack("C*")
+
+            unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
+            mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+
+            encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+            message = "#{encrypted_data}#{mac}"
+
+            debug { "queueing packet nr #{client.sequence_number} type #{payload.getbyte(0)} len #{packet_length}" }
+
+            client.increment(packet_length)
+            direct_write(message)
+
+            self
+        end
+
+        def get_packet(mode = :block)
+            case mode
+            when :nonblock
+                return @packets.shift
+            when :block
+                packet = @packets.shift
+                return packet unless packet.nil?
+                defer = @reactor.defer
+                @awaiting << defer
+                return defer.promise.value
+            else
+                raise ArgumentError, "expected :block or :nonblock, got #{mode.inspect}"
+            end
+        rescue
+            nil
+        end
+
+        def queue_packet(packet)
+            pending = @algorithms.pending?
+            if not pending
+                @packets << packet
+            elsif Algorithms.allowed_packet?(packet)
+                @packets << packet
+            else
+                @pending_packets << packet
+                if @process_pending.nil?
+                    @process_pending = pending
+                    @process_pending.promise.finally do
+                        @process_pending = nil
+                        @packets.concat(@pending_packets)
+                        @pending_packets.clear
+                        process_waiting
+                    end
+                end
+            end
+        end
+
+        def process_waiting
+            loop do
+                break if @packets.empty?
+                waiting = @awaiting.shift
+                break unless waiting
+                waiting.resolve(@packets.shift)
+            end
+        end
+
+        # If the IO object requires a rekey operation (as indicated by either its
+        # client or server state objects, see State#needs_rekey?), this will
+        # yield. Otherwise, this does nothing.
+        def if_needs_rekey?
+            if client.needs_rekey? || server.needs_rekey?
+                yield
+                client.reset! if client.needs_rekey?
+                server.reset! if server.needs_rekey?
+            end
+        end
+
+        # Read up to +length+ bytes from the input buffer. If +length+ is nil,
+        # all available data is read from the buffer. (See #available.)
+        def read_available(length = nil)
+            @input.read(length || available)
+        end
+
+        # Returns the number of bytes available to be read from the input buffer.
+        # (See #read_available.)
+        def available
+            @input.available
+        end
+
+        def read_buffer #:nodoc:
+            @input.to_s
+        end
+
+
+        private
+
+
+        def check_packet(data, _)
+            data.force_encoding(Encoding::BINARY)
+            @input.append(data)
+
+            if @have_header
+                process_buffer
+            else
+                version = @input.read_to(/SSH-.+\n/)
+                return unless version
+
+                if version.match(/SSH-(1\.99|2\.0)-/)
+                    @input = @input.remainder_as_buffer
+
+                    # Grab just the version string (some older implementation don't send the \r char)
+                    # This is then used as part of the Diffie-Hellman Key Exchange
+                    parts = version.split("\n")
+                    @session.server_version.header = parts[0..-2].map { |part| part.chomp }.join("\n")
+                    @session.server_version.version = parts[-1].chomp
+
+                    @have_header = true
+                    @algorithms.start
+                    process_buffer if @input.length > 0
+                else
+                    reject_and_raise(::Net::SSH::Exception, "incompatible SSH version: #{version}")
+                end
+            end
+        end
+
+        def process_buffer
+            packets = []
+
+            # Extract packets from the input stream
+            loop do
+                packet = next_packet
+                break if packet.nil?
+                packets << packet
+            end
+
+            # Pre-process packets
+            packets.each do |packet|
+                case packet.type
+                when DISCONNECT
+                    reject_and_raise(::Net::SSH::Disconnect, "disconnected: #{packet[:description]} (#{packet[:reason_code]})")
+
+                when IGNORE
+                    debug { "IGNORE packet received: #{packet[:data].inspect}" }
+
+                when UNIMPLEMENTED
+                    lwarn { "UNIMPLEMENTED: #{packet[:number]}" }
+
+                when DEBUG
+                    __send__(packet[:always_display] ? :fatal : :debug) { packet[:message] }
+
+                when KEXINIT
+                    @algorithms.accept_kexinit(packet)
+
+                else
+                    queue_packet(packet)
+                end
+            end
+
+            # Process what we can
+            process_waiting
+        end
+
+        def next_packet
+            if @packet.nil?
+                minimum = server.block_size < 4 ? 4 : server.block_size
+                return nil if available < minimum
+                data = read_available(minimum)
+
+                # decipher it
+                @packet = ::Net::SSH::Buffer.new(server.update_cipher(data))
+                @packet_length = @packet.read_long
+            end
+
+            need = @packet_length + 4 - server.block_size
+            if need % server.block_size != 0
+                reject_and_raise(::Net::SSH::Exception, "padding error, need #{need} block #{server.block_size}")
+            end
+
+            return nil if available < need + server.hmac.mac_length
+
+            if need > 0
+                # read the remainder of the packet and decrypt it.
+                data = read_available(need)
+                @packet.append(server.update_cipher(data))
+            end
+
+            # get the hmac from the tail of the packet (if one exists), and
+            # then validate it.
+            real_hmac = read_available(server.hmac.mac_length) || ""
+
+            @packet.append(server.final_cipher)
+            padding_length = @packet.read_byte
+
+            payload = @packet.read(@packet_length - padding_length - 1)
+
+            my_computed_hmac = server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
+            if real_hmac != my_computed_hmac
+                reject_and_raise(::Net::SSH::Exception, "corrupted mac detected")
+            end
+
+            # try to decompress the payload, in case compression is active
+            payload = server.decompress(payload)
+
+            debug { "received packet nr #{server.sequence_number} type #{payload.getbyte(0)} len #{@packet_length}" }
+
+            server.increment(@packet_length)
+            @packet = nil
+
+            return ::Net::SSH::Packet.new(payload)
+        end
+
+        def on_close(pointer)
+            super(pointer)
+            client.cleanup
+            server.cleanup
+
+            @reactor.next_tick do
+                reject_reason = @close_error || 'connection closed'
+                @awaiting.each do |wait|
+                    wait.reject(reject_reason)
+                end
+                @awaiting.clear
+                @algorithms.reject(reject_reason)
+            end
+        rescue => e
+            error { e }
+        end
+
+        def reject_and_raise(klass, msg)
+            error = klass.new(msg)
+            reject(error)
+            raise error
+        end
+    end
+end; end

data/lib/evented-ssh/transport/session.rb

@@ -0,0 +1,251 @@
+require 'ipaddress'
+
+require 'net/ssh/errors'
+require 'net/ssh/loggable'
+require 'net/ssh/version'
+require 'net/ssh/transport/constants'
+require 'net/ssh/transport/server_version'
+require 'net/ssh/verifiers/null'
+require 'net/ssh/verifiers/secure'
+require 'net/ssh/verifiers/strict'
+require 'net/ssh/verifiers/lenient'
+
+require 'evented-ssh/transport/packet_stream'
+require 'evented-ssh/transport/algorithms'
+
+module ESSH; module Transport
+
+    # The transport layer represents the lowest level of the SSH protocol, and
+    # implements basic message exchanging and protocol initialization. It will
+    # never be instantiated directly (unless you really know what you're about),
+    # but will instead be created for you automatically when you create a new
+    # SSH session via Net::SSH.start.
+    class Session
+        include ::Net::SSH::Transport::Constants
+        include ::Net::SSH::Loggable
+
+        ServerVersion = Struct.new(:header, :version)
+
+        # The standard port for the SSH protocol.
+        DEFAULT_PORT = 22
+
+        # The host to connect to, as given to the constructor.
+        attr_reader :host
+
+        # The port number to connect to, as given in the options to the constructor.
+        # If no port number was given, this will default to DEFAULT_PORT.
+        attr_reader :port
+
+        # The underlying socket object being used to communicate with the remote
+        # host.
+        attr_reader :socket
+
+        # The ServerVersion instance that encapsulates the negotiated protocol
+        # version.
+        attr_reader :server_version
+
+        # The Algorithms instance used to perform key exchanges.
+        attr_reader :algorithms
+
+        # The host-key verifier object used to verify host keys, to ensure that
+        # the connection is not being spoofed.
+        attr_reader :host_key_verifier
+
+        # The hash of options that were given to the object at initialization.
+        attr_reader :options
+
+        # The event loop that this SSH session is running on
+        attr_reader :reactor
+
+        # Instantiates a new transport layer abstraction. This will block until
+        # the initial key exchange completes, leaving you with a ready-to-use
+        # transport session.
+        def initialize(host, **options)
+            self.logger = options[:logger]
+
+            @reactor = ::Libuv.reactor
+
+            @host = host
+            @port = options[:port] || DEFAULT_PORT
+            @bind_address = options[:bind_address] || '0.0.0.0'
+            @options = options
+
+            debug { "establishing connection to #{@host}:#{@port}" }
+
+            actual_host = if IPAddress.valid?(@host)
+                @host
+            else
+                @reactor.lookup(@host)[0][0]
+            end
+
+            @socket = PacketStream.new(self, **options)
+            @socket.connect(actual_host, @port)
+
+            debug { "connection established" }
+
+            @host_key_verifier = select_host_key_verifier(options[:paranoid])
+            @algorithms = Algorithms.new(self, options)
+            @server_version = ServerVersion.new
+            @socket.algorithms = @algorithms
+
+            socket.direct_write "#{::Net::SSH::Transport::ServerVersion::PROTO_VERSION}\r\n"
+            socket.start_read
+
+            @algorithms.ready # Wait for this to complete
+        end
+
+        def host_keys
+            @host_keys ||= begin
+                known_hosts = options.fetch(:known_hosts, ::Net::SSH::KnownHosts)
+                known_hosts.search_for(options[:host_key_alias] || host_as_string, options)
+            end
+        end
+
+        # Returns the host (and possibly IP address) in a format compatible with
+        # SSH known-host files.
+        def host_as_string
+            @host_as_string ||= begin
+                string = "#{host}"
+                string = "[#{string}]:#{port}" if port != DEFAULT_PORT
+
+                peer_ip = socket.peer_ip
+
+                if peer_ip != host
+                    string2 = peer_ip
+                    string2 = "[#{string2}]:#{port}" if port != DEFAULT_PORT
+                    string << "," << string2
+                end
+
+                string
+            end
+        end
+
+        # Returns true if the underlying socket has been closed.
+        def closed?
+            socket.closed?
+        end
+
+        # Cleans up (see PacketStream#cleanup) and closes the underlying socket.
+        def close
+            info { "closing connection" }
+            socket.shutdown
+        end
+
+        # Performs a "hard" shutdown of the connection. In general, this should
+        # never be done, but it might be necessary (in a rescue clause, for instance,
+        # when the connection needs to close but you don't know the status of the
+        # underlying protocol's state).
+        def shutdown!
+            error { "forcing connection closed" }
+            socket.close
+        end
+
+        # Returns a new service_request packet for the given service name, ready
+        # for sending to the server.
+        def service_request(service)
+            ::Net::SSH::Buffer.from(:byte, SERVICE_REQUEST, :string, service)
+        end
+
+        # Requests a rekey operation, and blocks until the operation completes.
+        # If a rekey is already pending, this returns immediately, having no
+        # effect.
+        def rekey!
+            if !algorithms.pending?
+                algorithms.rekey!
+                @algorithms.pending?&.promise&.value # Wait for this to complete
+            end
+        end
+
+        # Returns immediately if a rekey is already in process. Otherwise, if a
+        # rekey is needed (as indicated by the socket, see PacketStream#if_needs_rekey?)
+        # one is performed, causing this method to block until it completes.
+        def rekey_as_needed
+            return if algorithms.pending?
+            socket.if_needs_rekey? { rekey! }
+        end
+
+        # Returns a hash of information about the peer (remote) side of the socket,
+        # including :ip, :port, :host, and :canonized (see #host_as_string).
+        def peer
+            @peer ||= { ip: socket.peer_ip, port: @port.to_i, host: @host, canonized: host_as_string }
+        end
+
+        # Blocks until a new packet is available to be read, and returns that
+        # packet. See #poll_message.
+        def next_message
+            socket.get_packet
+        end
+
+        def poll_message
+            socket.get_packet
+        end
+
+        # Adds the given packet to the packet queue. If the queue is non-empty,
+        # #poll_message will return packets from the queue in the order they
+        # were received.
+        def push(packet)
+            socket.queue_packet(packet)
+            process_waiting
+        end
+
+        # Sends the given message via the packet stream, blocking until the
+        # entire message has been sent.
+        def send_message(message)
+            socket.enqueue_packet(message)
+        end
+
+        # Enqueues the given message, such that it will be sent at the earliest
+        # opportunity. This does not block, but returns immediately.
+        def enqueue_message(message)
+            socket.enqueue_packet(message)
+        end
+
+        # Configure's the packet stream's client state with the given set of
+        # options. This is typically used to define the cipher, compression, and
+        # hmac algorithms to use when sending packets to the server.
+        def configure_client(options={})
+            socket.client.set(options)
+        end
+
+        # Configure's the packet stream's server state with the given set of
+        # options. This is typically used to define the cipher, compression, and
+        # hmac algorithms to use when reading packets from the server.
+        def configure_server(options={})
+            socket.server.set(options)
+        end
+
+        # Sets a new hint for the packet stream, which the packet stream may use
+        # to change its behavior. (See PacketStream#hints).
+        def hint(which, value=true)
+            socket.hints[which] = value
+        end
+
+        private
+
+        # Instantiates a new host-key verification class, based on the value of
+        # the parameter. When true or nil, the default Lenient verifier is
+        # returned. If it is false, the Null verifier is returned, and if it is
+        # :very, the Strict verifier is returned. If it is :secure, the even more
+        # strict Secure verifier is returned. If the argument happens to respond
+        # to :verify, it is returned directly. Otherwise, an exception
+        # is raised.
+        def select_host_key_verifier(paranoid)
+            case paranoid
+            when true, nil
+                ::Net::SSH::Verifiers::Lenient.new
+            when false
+                ::Net::SSH::Verifiers::Null.new
+            when :very
+                ::Net::SSH::Verifiers::Strict.new
+            when :secure
+                ::Net::SSH::Verifiers::Secure.new
+            else
+                if paranoid.respond_to?(:verify)
+                    paranoid
+                else
+                    raise ArgumentError, "argument to :paranoid is not valid: #{paranoid.inspect}"
+                end
+            end
+        end
+    end
+end; end

data/lib/evented-ssh/version.rb

@@ -0,0 +1,3 @@
+module ESSH
+    VERSION='0.0.1'
+end

data/lib/evented-ssh.rb

@@ -0,0 +1,124 @@
+require 'net/ssh'
+
+require 'evented-ssh/transport/packet_stream'
+require 'evented-ssh/transport/algorithms'
+require 'evented-ssh/transport/session'
+
+require 'evented-ssh/connection/event_loop'
+require 'evented-ssh/connection/channel'
+require 'evented-ssh/connection/session'
+
+module ESSH
+    VALID_OPTIONS = [
+      :auth_methods, :bind_address, :compression, :compression_level, :config,
+      :encryption, :forward_agent, :hmac, :host_key, :remote_user,
+      :keepalive, :keepalive_interval, :keepalive_maxcount, :kex, :keys, :key_data,
+      :languages, :logger, :paranoid, :password, :port, :proxy,
+      :rekey_blocks_limit,:rekey_limit, :rekey_packet_limit, :timeout, :verbose,
+      :known_hosts, :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
+      :host_name, :user, :properties, :passphrase, :keys_only, :max_pkt_size,
+      :max_win_size, :send_env, :use_agent, :number_of_password_prompts,
+      :append_all_supported_algorithms, :non_interactive, :password_prompt,
+      :agent_socket_factory, :minimum_dh_bits
+    ]
+
+    def self.start(host, user = nil, **options, &block)
+        invalid_options = options.keys - VALID_OPTIONS
+        if invalid_options.any?
+            raise ArgumentError, "invalid option(s): #{invalid_options.join(', ')}"
+        end
+
+        assign_defaults(options)
+        _sanitize_options(options)
+
+        options[:user] = user if user
+        options = configuration_for(host, options.fetch(:config, true)).merge(options)
+        host = options.fetch(:host_name, host)
+
+        if options[:non_interactive]
+            options[:number_of_password_prompts] = 0
+        end
+
+        if options[:verbose]
+            options[:logger].level = case options[:verbose]
+                when Integer then options[:verbose]
+                when :debug then Logger::DEBUG
+                when :info  then Logger::INFO
+                when :warn  then Logger::WARN
+                when :error then Logger::ERROR
+                when :fatal then Logger::FATAL
+                else raise ArgumentError, "can't convert #{options[:verbose].inspect} to any of the Logger level constants"
+                end
+        end
+
+        transport = Transport::Session.new(host, options)
+        auth = ::Net::SSH::Authentication::Session.new(transport, options)
+
+        user = options.fetch(:user, user) || Etc.getlogin
+        if auth.authenticate("ssh-connection", user, options[:password])
+            connection = ::Net::SSH::Connection::Session.new(transport, options)
+            if block_given?
+                begin
+                    yield connection
+                ensure
+                    connection.close unless connection.closed?
+                end
+            else
+                return connection
+            end
+        else
+            transport.close
+            raise AuthenticationFailed, "Authentication failed for user #{user}@#{host}"
+        end
+    rescue => e
+        transport.socket.__send__(:reject, e) if transport
+        raise
+    end
+
+    # Start using a promise
+    def self.p_start(host, user = nil, **options)
+        thread = ::Libuv.reactor
+        defer = thread.defer
+        thread.next_tick do
+            begin
+                connection = start(host, user, **options)
+                defer.resolve(connection)
+            rescue Exception => e
+                defer.reject(e)
+            end
+        end
+        defer.promise
+    end
+
+    def self.configuration_for(host, use_ssh_config)
+        files = case use_ssh_config
+            when true then ::Net::SSH::Config.expandable_default_files
+            when false, nil then return {}
+            else Array(use_ssh_config)
+            end
+
+        ::Net::SSH::Config.for(host, files)
+    end
+
+    def self.assign_defaults(options)
+        if !options[:logger]
+            options[:logger] = Logger.new(STDERR)
+            options[:logger].level = Logger::FATAL
+        end
+
+        options[:password_prompt] ||= ::Net::SSH::Prompt.default(options)
+
+        [:password, :passphrase].each do |key|
+            options.delete(key) if options.key?(key) && options[key].nil?
+        end
+    end
+
+    def self._sanitize_options(options)
+        invalid_option_values = [nil,[nil]]
+        unless (options.values & invalid_option_values).empty?
+            nil_options = options.select { |_k,v| invalid_option_values.include?(v) }.map(&:first)
+            Kernel.warn "#{caller_locations(2, 1)[0]}: Passing nil, or [nil] to Net::SSH.start is deprecated for keys: #{nil_options.join(', ')}"
+        end
+    end
+    private_class_method :_sanitize_options
+end

metadata

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification
+name: evented-ssh
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Stephen von Takach
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-07-07 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: net-ssh
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.1'
+- !ruby/object:Gem::Dependency
+  name: ipaddress
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.8'
+- !ruby/object:Gem::Dependency
+  name: libuv
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+description: SSH on the Ruby platform using event driven IO
+email:
+- steve@aca.im
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/evented-ssh.rb
+- lib/evented-ssh/connection/channel.rb
+- lib/evented-ssh/connection/event_loop.rb
+- lib/evented-ssh/connection/session.rb
+- lib/evented-ssh/transport/algorithms.rb
+- lib/evented-ssh/transport/packet_stream.rb
+- lib/evented-ssh/transport/session.rb
+- lib/evented-ssh/version.rb
+homepage: http://github.com/acaprojects/evented-ssh
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 1.3.6
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.12
+signing_key: 
+specification_version: 4
+summary: SSH on event driven IO
+test_files: []