hrr_rb_ssh 0.1.7 → 0.1.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -12
- data/demo/server.rb +4 -41
- data/lib/hrr_rb_ssh/compat/openssh/authorized_keys.rb +24 -0
- data/lib/hrr_rb_ssh/compat/openssh/public_key.rb +65 -0
- data/lib/hrr_rb_ssh/compat/openssh.rb +12 -0
- data/lib/hrr_rb_ssh/compat.rb +2 -0
- data/lib/hrr_rb_ssh/version.rb +1 -1
- metadata +4 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7c9084a6fa67c8c215d0fa795eef327f6f7b8c52c7a6bda4a33ab0e97b65560b
|
4
|
+
data.tar.gz: 655a99379cf97086e9d29f1fcb3ffcabeec8058c7c4cbede3ce5c06ddaa8c7a2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 240f03f04c51b1cb0671d15d7a0a89fdc9b64113cf0a5ba26ae2aa315dd77c107ec19213744065b7dd601e11937ad36a63085c5474bd4669e5e7b7f19499a2f5
|
7
|
+
data.tar.gz: ade3eac97ff8a9734a68336329c6cae56d5f427e73cdf96e65d3f8808b7128ac6a791c945fae975879a65e73b0565c56a6fd3c10ba5aa7c2dd89a3264db5f6e5
|
data/README.md
CHANGED
@@ -121,18 +121,10 @@ To define a public key authentication, the `HrrRbSsh::Authentication::Authentica
|
|
121
121
|
|
122
122
|
```ruby
|
123
123
|
auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
|
124
|
-
username = '
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DPmu6CIA5VCBaN9wpUP2UUZQ+dw
|
129
|
-
77mTZ7lD+z5cjzF7OL/cPL1/zklAsYaH7z7OcPYRbe24QCG5YfJQZjevJQ==
|
130
|
-
-----END PUBLIC KEY-----
|
131
|
-
EOB
|
132
|
-
[
|
133
|
-
[username, ecdsa_sha2_nistp256_public_key_algorithm_name, ecdsa_sha2_nistp256_public_key],
|
134
|
-
].any? { |username, public_key_algorithm_name, public_key|
|
135
|
-
context.verify username, public_key_algorithm_name, public_key
|
124
|
+
username = ENV['USER']
|
125
|
+
authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(Dir.home, '.ssh', 'authorized_keys')))
|
126
|
+
authorized_keys.any?{ |public_key|
|
127
|
+
context.verify username, public_key.algorithm_name, public_key.to_pem
|
136
128
|
}
|
137
129
|
}
|
138
130
|
options['authentication_publickey_authenticator'] = auth_publickey
|
@@ -140,6 +132,8 @@ options['authentication_publickey_authenticator'] = auth_publickey
|
|
140
132
|
|
141
133
|
The `context` variable in public key authentication context provides the `#verify` method. The `#verify` method takes three arguments; username, public key algorithm name and PEM or DER formed public key.
|
142
134
|
|
135
|
+
And public keys that is in OpenSSH public key format is now available. To use OpenSSH public keys, it is easy to use $USER_HOME/.ssh/authorized_keys file.
|
136
|
+
|
143
137
|
##### None authentication (NOT recomended)
|
144
138
|
|
145
139
|
The third one is none authentication. None authentication is usually NOT used.
|
data/demo/server.rb
CHANGED
@@ -27,47 +27,10 @@ auth_none = HrrRbSsh::Authentication::Authenticator.new { |context|
|
|
27
27
|
false
|
28
28
|
}
|
29
29
|
auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
|
30
|
-
username = '
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
MIIBtzCCASwGByqGSM44BAEwggEfAoGBAKh2ZJp4ao8Xaexa0sk68VqMCaOaTi19
|
35
|
-
YIqo2+t2t8ve4QSHvk/NbFIDTGq90lHziakTqwKaaswWLB7cSRPTcXjLv16Zmazg
|
36
|
-
JRvh1jZ3ikuBME2G/B+EptlQ00dMa+5W/Acp2P6Cv5NRgA/tx0AyCJaItSpLXG+k
|
37
|
-
B+HMp9LQ8WotAhUAk/yyvpsY9sVSyeN3lHvg5Nsl568CgYEAj4rqF241ROP2olNh
|
38
|
-
VJUF0K5N4dSBCfcPnSPYuGPCi7qV229RISET3LOwrCXEUwSwlKoe/lLb2mcaeC84
|
39
|
-
NIeN6pQnRTE6zajJ9UUeGErOFRm1x6E+FMtlVp/fwUE1Ra+AscHVKwMUehz7sA6A
|
40
|
-
ZxJK7UvLs+R6s1eYhrES0bcorLIDgYQAAoGAd6XKzevlwzt6aCYdBRdN+BT4BQUw
|
41
|
-
/L3MVYG0kDV9WqPcyAFvLO54xAUf9LxYM0e8X8J5ECp4oEGOcK1ilXEw3LPMJGmY
|
42
|
-
IB56R9izS1t636kxnJTYNGQY+XvjAeuP7nC2WVNHNz7vXprT4Sq+hQaNkaKPu/3/
|
43
|
-
48xJs2mYbxfyHCQ=
|
44
|
-
-----END PUBLIC KEY-----
|
45
|
-
EOB
|
46
|
-
rsa_public_key_algorithm_name = 'ssh-rsa'
|
47
|
-
rsa_public_key = <<-'EOB'
|
48
|
-
-----BEGIN PUBLIC KEY-----
|
49
|
-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OnIQcRTdeTZFjhGcx8f
|
50
|
-
ssCgeqzY47p5KhT/gKMz2nOANNLCBr9e6IGaRePew03St3Cn0ApikuGzPnWxSlBT
|
51
|
-
H6OpR/EnUmBttlvcL28CGOsZIwYJtAdVsGXpIXtiPLl2eEzaM9aBsS/LGWKgQNo3
|
52
|
-
86UGa5j20yGJfsL9WIMCVoGvsA06+4VX1/zlWXwVJSNep674bmSWPcVtXWWZIk19
|
53
|
-
T6b+xuqhfiUpbc/stfdmgDc3B/ZgpFsQh5oWBoAfkL6kAEa4oQBFhqF0QM5ej6h5
|
54
|
-
wqbQt4paM0aEuypWE+CaizA0I+El7f0y+59sUqTAN/7F9UlXaOBdd9SZkhACBrAR
|
55
|
-
nQIDAQAB
|
56
|
-
-----END PUBLIC KEY-----
|
57
|
-
EOB
|
58
|
-
ecdsa_sha2_nistp256_public_key_algorithm_name = 'ecdsa-sha2-nistp256'
|
59
|
-
ecdsa_sha2_nistp256_public_key = <<-'EOB'
|
60
|
-
-----BEGIN PUBLIC KEY-----
|
61
|
-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DPmu6CIA5VCBaN9wpUP2UUZQ+dw
|
62
|
-
77mTZ7lD+z5cjzF7OL/cPL1/zklAsYaH7z7OcPYRbe24QCG5YfJQZjevJQ==
|
63
|
-
-----END PUBLIC KEY-----
|
64
|
-
EOB
|
65
|
-
[
|
66
|
-
[dss_public_key_algorithm_name, dss_public_key],
|
67
|
-
[rsa_public_key_algorithm_name, rsa_public_key],
|
68
|
-
[ecdsa_sha2_nistp256_public_key_algorithm_name, ecdsa_sha2_nistp256_public_key],
|
69
|
-
].any? { |public_key_algorithm_name, public_key|
|
70
|
-
context.verify username, public_key_algorithm_name, public_key
|
30
|
+
username = ENV['USER']
|
31
|
+
authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(Dir.home, '.ssh', 'authorized_keys')))
|
32
|
+
authorized_keys.any?{ |public_key|
|
33
|
+
context.verify username, public_key.algorithm_name, public_key.to_pem
|
71
34
|
}
|
72
35
|
}
|
73
36
|
auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
|
@@ -0,0 +1,24 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
module HrrRbSsh
|
5
|
+
module Compat
|
6
|
+
module OpenSSH
|
7
|
+
class AuthorizedKeys
|
8
|
+
def initialize data_str
|
9
|
+
@public_keys = data_str.each_line.map{ |line|
|
10
|
+
PublicKey.new line
|
11
|
+
}
|
12
|
+
end
|
13
|
+
|
14
|
+
def each
|
15
|
+
@public_keys.each{ |public_key|
|
16
|
+
yield public_key
|
17
|
+
}
|
18
|
+
end
|
19
|
+
|
20
|
+
include Enumerable
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
# vim: et ts=2 sw=2
|
3
|
+
|
4
|
+
require 'base64'
|
5
|
+
require 'openssl'
|
6
|
+
|
7
|
+
module HrrRbSsh
|
8
|
+
module Compat
|
9
|
+
module OpenSSH
|
10
|
+
class PublicKey
|
11
|
+
def initialize data_line
|
12
|
+
splitted = data_line.split(' ')
|
13
|
+
@algorithm_name = splitted[0]
|
14
|
+
public_key_blob = Authentication::Method::Publickey::Algorithm[@algorithm_name]::PublicKeyBlob.decode Base64.decode64(splitted[1])
|
15
|
+
case @algorithm_name
|
16
|
+
when 'ssh-dss'
|
17
|
+
@algorithm = OpenSSL::PKey::DSA.new
|
18
|
+
if @algorithm.respond_to?(:set_pqg)
|
19
|
+
@algorithm.set_pqg public_key_blob[:'p'], public_key_blob[:'q'], public_key_blob[:'g']
|
20
|
+
else
|
21
|
+
@algorithm.p = public_key_blob[:'p']
|
22
|
+
@algorithm.q = public_key_blob[:'q']
|
23
|
+
@algorithm.g = public_key_blob[:'g']
|
24
|
+
end
|
25
|
+
if @algorithm.respond_to?(:set_key)
|
26
|
+
@algorithm.set_key public_key_blob[:'y'], nil
|
27
|
+
else
|
28
|
+
@algorithm.pub_key = public_key_blob[:'y']
|
29
|
+
end
|
30
|
+
@pem = @algorithm.public_key.to_pem
|
31
|
+
when 'ssh-rsa'
|
32
|
+
@algorithm = OpenSSL::PKey::RSA.new
|
33
|
+
if @algorithm.respond_to?(:set_key)
|
34
|
+
@algorithm.set_key public_key_blob[:'n'], public_key_blob[:'e'], nil
|
35
|
+
else
|
36
|
+
@algorithm.e = public_key_blob[:'e']
|
37
|
+
@algorithm.n = public_key_blob[:'n']
|
38
|
+
end
|
39
|
+
@pem = @algorithm.public_key.to_pem
|
40
|
+
when 'ecdsa-sha2-nistp256'
|
41
|
+
@algorithm = OpenSSL::PKey::EC.new('prime256v1')
|
42
|
+
@algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
|
43
|
+
@pem = @algorithm.to_pem
|
44
|
+
when 'ecdsa-sha2-nistp384'
|
45
|
+
@algorithm = OpenSSL::PKey::EC.new('secp384r1')
|
46
|
+
@algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
|
47
|
+
@pem = @algorithm.to_pem
|
48
|
+
when 'ecdsa-sha2-nistp521'
|
49
|
+
@algorithm = OpenSSL::PKey::EC.new('secp521r1')
|
50
|
+
@algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
|
51
|
+
@pem = @algorithm.to_pem
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def algorithm_name
|
56
|
+
@algorithm_name
|
57
|
+
end
|
58
|
+
|
59
|
+
def to_pem
|
60
|
+
@pem
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
data/lib/hrr_rb_ssh/compat.rb
CHANGED
data/lib/hrr_rb_ssh/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hrr_rb_ssh
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- hirura
|
@@ -124,6 +124,9 @@ files:
|
|
124
124
|
- lib/hrr_rb_ssh/closed_transport_error.rb
|
125
125
|
- lib/hrr_rb_ssh/codable.rb
|
126
126
|
- lib/hrr_rb_ssh/compat.rb
|
127
|
+
- lib/hrr_rb_ssh/compat/openssh.rb
|
128
|
+
- lib/hrr_rb_ssh/compat/openssh/authorized_keys.rb
|
129
|
+
- lib/hrr_rb_ssh/compat/openssh/public_key.rb
|
127
130
|
- lib/hrr_rb_ssh/connection.rb
|
128
131
|
- lib/hrr_rb_ssh/connection/channel.rb
|
129
132
|
- lib/hrr_rb_ssh/connection/channel/channel_type.rb
|