hrr_rb_ssh 0.1.8 → 0.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7c9084a6fa67c8c215d0fa795eef327f6f7b8c52c7a6bda4a33ab0e97b65560b
-  data.tar.gz: 655a99379cf97086e9d29f1fcb3ffcabeec8058c7c4cbede3ce5c06ddaa8c7a2
+  metadata.gz: 895f28010a8eb2c1e18c12369fd4c10922ba5a69ef0527ce165c97529eae0739
+  data.tar.gz: c6a0669ea1e9561e007ae22259d111ce011589e383cc0ac73b7678d5668b14cc
 SHA512:
-  metadata.gz: 240f03f04c51b1cb0671d15d7a0a89fdc9b64113cf0a5ba26ae2aa315dd77c107ec19213744065b7dd601e11937ad36a63085c5474bd4669e5e7b7f19499a2f5
-  data.tar.gz: ade3eac97ff8a9734a68336329c6cae56d5f427e73cdf96e65d3f8808b7128ac6a791c945fae975879a65e73b0565c56a6fd3c10ba5aa7c2dd89a3264db5f6e5
+  metadata.gz: 3e41e26012c69eab8dbc2324fd71cd1212ebb56d87b76a30b4c7e59a4eba8627301bcfc18a26d42b7742784034f8ffbcf9ed06ca770a4717e05b7aac47e7780c
+  data.tar.gz: efd75bcd9eb57930c867880010eb6ffc9cb307080f4478df3ffa6363cf46845be9f0aa13a273d1abc161cfab60250562ae8d87ab9db068f7afe6c76382244ed9

data/README.md

@@ -7,6 +7,32 @@
 
 hrr_rb_ssh is a pure Ruby SSH 2.0 server implementation.
 
+## Table of Contents
+
+- [Installation](#installation)
+- [Usage](#usage)
+    - [Writing standard SSH server](#writing-standard-ssh-server)
+        - [Requiring hrr\_rb\_ssh library](#requiring-hrr_rb_ssh-library)
+        - [Starting server application](#starting-server-application)
+        - [Logging](#logging)
+        - [Registering pre\-generated secret keys for server host key](#registering-pre-generated-secret-keys-for-server-host-key)
+        - [Defining authentications](#defining-authentications)
+            - [Password authentication](#password-authentication)
+            - [Publickey authentication](#publickey-authentication)
+            - [None authentication (NOT recomended)](#none-authentication-not-recomended)
+        - [Handling session channel requests](#handling-session-channel-requests)
+            - [Reference request handlers](#reference-request-handlers)
+            - [Custom request handlers](#custom-request-handlers)
+        - [Defining preferred algorithms (optional)](#defining-preferred-algorithms-optional)
+    - [Demo](#demo)
+- [Supported Features](#supported-features)
+    - [Connection layer](#connection-layer)
+    - [Authentication layer](#authentication-layer)
+    - [Transport layer](#transport-layer)
+- [Contributing](#contributing)
+- [Code of Conduct](#code-of-conduct)
+- [License](#license)
+
 ## Installation
 
 Add this line to your application's Gemfile:
@@ -84,6 +110,21 @@ To disable logging, you can un-initialize `HrrRbSsh::Logger`.
 HrrRbSsh::Logger.uninitialize
 ```
 
+#### Registering pre-generated secret keys for server host key
+
+By default, server host keys are generated everytime the gem is loaded. To use pre-generated keys, it is possible to register the keys in HrrRbSsh::Transport through `options` variable. The secret key value must be PEM or DER format string. The below is an example of registering ecdsa-sha2-nistp256 secret key. The supported server host key algorithms are listed later in this document.
+
+```ruby
+options['transport_server_secret_host_keys'] = {}
+options['transport_server_secret_host_keys']['ecdsa-sha2-nistp256'] = <<-'EOB'
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFFtGZHk6A8anZkLCJan9YBlB63uCIN/ZcQNCaJout8loAoGCCqGSM49
+AwEHoUQDQgAEk8m548Xga+XGEmRx7P71xGlxCfgjPj3XVOw+fXPXRgA03a5yDJEp
+OfeosJOO9twerD7pPhmXREkygblPsEXaVA==
+-----END EC PRIVATE KEY-----
+EOB
+```
+
 #### Defining authentications
 
 By default, any authentications get failed. To allow users to login to the SSH service, at least one of the authentication methods must be defined and registered into the instance of HrrRbSsh::Authentication through `options` variable.
@@ -225,16 +266,11 @@ p HrrRbSsh::Transport::EncryptionAlgorithm.list_supported
 p HrrRbSsh::Transport::EncryptionAlgorithm.list_preferred
 # => ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour"]
 
-p HrrRbSsh::Transport::EncryptionAlgorithm.list_supported
-# => ["none", "3des-cbc", "blowfish-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "cast128-cbc", "aes128-ctr", "aes192-ctr", "aes256-ctr"]
-HrrRbSsh::Transport::ServerHostKeyAlgorithm.list_preferred
-# => ["ecdsa-sha2-nistp521", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp256", "ssh-rsa", "ssh-dss"]
-
 p HrrRbSsh::Transport::ServerHostKeyAlgorithm.list_supported
 # => ["ssh-dss", "ssh-rsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521"]
-p HrrRbSsh::Transport::KexAlgorithm.list_preferred
-# => ["ecdh-sha2-nistp521", "ecdh-sha2-nistp384", "ecdh-sha2-nistp256", "diffie-hellman-group18-sha512", "diffie-hellman-group17-sha512", "diffie-hellman-group16-sha512", "diffie-hellman-group15-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"]
- 
+p HrrRbSsh::Transport::ServerHostKeyAlgorithm.list_preferred
+# => ["ecdsa-sha2-nistp521", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp256", "ssh-rsa", "ssh-dss"]
+
 p HrrRbSsh::Transport::KexAlgorithm.list_supported
 # => ["diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group14-sha256", "diffie-hellman-group15-sha512", "diffie-hellman-group16-sha512", "diffie-hellman-group17-sha512", "diffie-hellman-group18-sha512", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521"]
 p HrrRbSsh::Transport::KexAlgorithm.list_preferred

data/demo/server.rb

@@ -1,6 +1,7 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
 
+require 'etc'
 require 'logger'
 require 'socket'
 
@@ -27,10 +28,14 @@ auth_none = HrrRbSsh::Authentication::Authenticator.new { |context|
   false
 }
 auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
-  username = ENV['USER']
-  authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(Dir.home, '.ssh', 'authorized_keys')))
-  authorized_keys.any?{ |public_key|
-    context.verify username, public_key.algorithm_name, public_key.to_pem
+  users = ['user1', 'user2']
+  users.any?{ |username|
+    passwd = Etc.getpwnam(username)
+    homedir = passwd.dir
+    authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(homedir, '.ssh', 'authorized_keys')))
+    authorized_keys.any?{ |public_key|
+      context.verify username, public_key.algorithm_name, public_key.to_pem
+    }
   }
 }
 auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
@@ -52,6 +57,15 @@ options['transport_preferred_kex_algorithms']             = tran_preferred_kex_a
 options['transport_preferred_mac_algorithms']             = tran_preferred_mac_algorithms
 options['transport_preferred_compression_algorithms']     = tran_preferred_compression_algorithms
 
+options['transport_server_secret_host_keys'] = {}
+options['transport_server_secret_host_keys']['ecdsa-sha2-nistp256'] = <<-'EOB'
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIFFtGZHk6A8anZkLCJan9YBlB63uCIN/ZcQNCaJout8loAoGCCqGSM49
+AwEHoUQDQgAEk8m548Xga+XGEmRx7P71xGlxCfgjPj3XVOw+fXPXRgA03a5yDJEp
+OfeosJOO9twerD7pPhmXREkygblPsEXaVA==
+-----END EC PRIVATE KEY-----
+EOB
+
 options['authentication_none_authenticator']      = auth_none
 options['authentication_publickey_authenticator'] = auth_publickey
 options['authentication_password_authenticator']  = auth_password

data/lib/hrr_rb_ssh/codable.rb

@@ -35,28 +35,27 @@ module HrrRbSsh
       }.join
     end
 
-    def decode payload, complementary_message={}
-      def decode_recursively payload_io, message=nil
-        if message.class == Array and message.size == 0
-          []
-        else
-          definition = case message
-                       when nil
-                         common_definition
-                       when Array
-                         conditional_definition(message)
-                       end
-          decoded_message = definition.map{ |data_type, field_name|
-            [
-              field_name,
-              data_type.decode( payload_io )
-            ]
-          }
-
-          decoded_message + decode_recursively(payload_io, decoded_message)
-        end
+    def decode_recursively payload_io, message=nil
+      if message.class == Array and message.size == 0
+        []
+      else
+        definition = case message
+                     when nil
+                       common_definition
+                     when Array
+                       conditional_definition(message)
+                     end
+        decoded_message = definition.map{ |data_type, field_name|
+          [
+            field_name,
+            data_type.decode( payload_io )
+          ]
+        }
+        decoded_message + decode_recursively(payload_io, decoded_message)
       end
+    end
 
+    def decode payload, complementary_message={}
       payload_io = StringIO.new payload
       decoded_message = decode_recursively(payload_io).to_h
       if complementary_message.any?

data/lib/hrr_rb_ssh/connection/channel.rb

@@ -66,6 +66,13 @@ module HrrRbSsh
       end
 
       def wait_until_senders_closed
+        [@w_io_out, @w_io_err].each{ |io|
+          begin
+            io.close
+          rescue IOError # for compatibility for Ruby version < 2.3
+            Thread.pass
+          end
+        }
         [@out_sender_thread, @err_sender_thread].select{ |t| t.instance_of? Thread }.each(&:join)
       end
 
@@ -163,7 +170,7 @@ module HrrRbSsh
               break
             end
             begin
-              data = @r_io_out.readpartial(1024)
+              data = @r_io_out.readpartial(10240)
               sendable_size = [data.size, @remote_window_size].min
               sending_data = data[0, sendable_size]
               send_channel_data sending_data if sendable_size > 0
@@ -195,7 +202,7 @@ module HrrRbSsh
               break
             end
             begin
-              data = @r_io_err.readpartial(1024)
+              data = @r_io_err.readpartial(10240)
               sendable_size = [data.size, @remote_window_size].min
               sending_data = data[0, sendable_size]
               send_channel_extended_data sending_data if sendable_size > 0

data/lib/hrr_rb_ssh/connection/request_handler/reference_exec_request_handler.rb

@@ -1,6 +1,7 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
 
+require 'etc'
 require 'hrr_rb_ssh/logger'
 require 'hrr_rb_ssh/connection/request_handler'
 
@@ -11,15 +12,124 @@ module HrrRbSsh
         def initialize
           @logger = HrrRbSsh::Logger.new self.class.name
           @proc = Proc.new { |context|
+            ptm = context.vars[:ptm]
+            pts = context.vars[:pts]
+
             context.chain_proc { |chain|
+              passwd = Etc.getpwnam(context.username)
+
+              env = context.vars.fetch(:env, Hash.new)
+              env['USER']  = passwd.name
+              env['HOME']  = passwd.dir
+              env['SHELL'] = passwd.shell
+
+              program = context.command
+
+              args = Array.new
+
+              options = Hash.new
+              options[:unsetenv_others] = true
+              options[:close_others] = true
+              unless ptm
+                options[:in]  = context.io[0]
+                options[:out] = context.io[1]
+                options[:err] = context.io[2]
+              end
+
               pid = fork do
                 Process.setsid
-                context.vars[:env] ||= Hash.new
-                exec context.vars[:env], context.command, in: context.io[0], out: context.io[1], err: context.io[2]
+                Dir.chdir passwd.dir
+                Process.gid  = passwd.gid
+                Process.egid = passwd.gid
+                Process.uid  = passwd.uid
+                Process.euid = passwd.uid
+                if ptm
+                  STDIN.reopen  pts, 'r'
+                  STDOUT.reopen pts, 'w'
+                  STDERR.reopen pts, 'w'
+                  pts.close
+                end
+                exec env, program, *args, options
+              end
+
+              unless ptm
+                pid, status = Process.waitpid2 pid
+                status.exitstatus
+              else
+                pts.close
+
+                ptm_read_thread = Thread.start {
+                  loop do
+                    begin
+                      context.io[1].write ptm.readpartial(10240)
+                    rescue EOFError => e
+                      context.logger.info { "ptm is EOF in ptm_read_thread" }
+                      break
+                    rescue IOError => e
+                      context.logger.warn { "IO Error in ptm_read_thread" }
+                      break
+                    rescue Errno::EIO => e
+                      context.logger.info { "EIO Error in ptm_read_thread" }
+                      break
+                    rescue => e
+                      context.logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+                      break
+                    end
+                  end
+                }
+                ptm_write_thread = Thread.start {
+                  loop do
+                    begin
+                      ptm.write context.io[0].readpartial(10240)
+                    rescue EOFError => e
+                      context.logger.info { "IO is EOF in ptm_write_thread" }
+                      break
+                    rescue IOError => e
+                      context.logger.warn { "IO Error in ptm_write_thread" }
+                      break
+                    rescue Errno::EIO => e
+                      context.logger.info { "EIO Error in ptm_read_thread" }
+                      break
+                    rescue => e
+                      context.logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+                      break
+                    end
+                  end
+                }
+
+                begin
+                  pid, status = Process.waitpid2 pid
+                  context.logger.info { "program exited with status #{status.inspect}" }
+                  status.exitstatus
+                ensure
+                  unless status
+                    context.logger.info { "exiting program" }
+                    Process.kill :TERM, pid
+                    begin
+                      Timeout.timeout(1) do
+                        pid, status = Process.waitpid2 pid
+                      end
+                    rescue Timeout::Error
+                      context.logger.warn { "force exiting program" }
+                      Process.kill :KILL, pid
+                      pid, status = Process.waitpid2 pid
+                    end
+                    context.logger.info { "program exited with status #{status.inspect}" }
+                  end
+                  begin
+                    ptm_read_thread.join
+                  rescue => e
+                    context.logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+                  end
+                  begin
+                    ptm_write_thread.exit
+                    ptm_write_thread.join
+                  rescue => e
+                    context.logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+                  end
+                  context.logger.info { "proc chain finished" }
+                end
               end
-              context.io.each{ |io| io.close }
-              pid, status = Process.waitpid2 pid
-              status.exitstatus
             }
           }
         end

data/lib/hrr_rb_ssh/connection/request_handler/reference_pty_req_request_handler.rb

@@ -1,6 +1,8 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
 
+require 'etc'
+require 'fileutils'
 require 'pty'
 require 'io/console'
 require 'hrr_rb_ssh/logger'
@@ -13,20 +15,44 @@ module HrrRbSsh
         def initialize
           @logger = HrrRbSsh::Logger.new self.class.name
           @proc = Proc.new { |context|
-            ptm, pts = PTY.open
-            ptm.winsize = [context.terminal_height_rows, context.terminal_width_characters]
-            context.vars[:ptm] = ptm
-            context.vars[:pts] = pts
-            context.vars[:env] ||= Hash.new
-            context.vars[:env]['TERM'] = context.term_environment_variable_value
-            context.chain_proc { |chain|
+            begin
+              ptm, pts = PTY.open
+              passwd = Etc.getpwnam(context.username)
+              FileUtils.chown passwd.uid, -1, pts
+              FileUtils.chmod 'u+rw,g+w', pts
+              ptm.winsize = [context.terminal_height_rows, context.terminal_width_characters, context.terminal_width_pixels, context.terminal_height_pixels]
+              context.vars[:ptm] = ptm
+              context.vars[:pts] = pts
+              context.vars[:env] ||= Hash.new
+              context.vars[:env]['TERM'] = context.term_environment_variable_value
+              context.chain_proc { |chain|
+                begin
+                  chain.call_next
+                ensure
+                  begin
+                    context.vars[:ptm].close
+                  rescue
+                  end
+                  begin
+                    context.vars[:pts].close
+                  rescue
+                  end
+                end
+              }
+            rescue => e
               begin
-                chain.call_next
-              ensure
-                context.vars[:ptm].close
-                context.vars[:pts].close
+                ptm.close
+              rescue
               end
-            }
+              begin
+                pts.close
+              rescue
+              end
+              context.chain_proc{ |chain|
+                exitstatus = 1
+              }
+              raise e
+            end
           }
         end
       end

data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb

@@ -1,6 +1,7 @@
 # coding: utf-8
 # vim: et ts=2 sw=2
 
+require 'etc'
 require 'timeout'
 require 'hrr_rb_ssh/logger'
 require 'hrr_rb_ssh/connection/request_handler'
@@ -15,56 +16,76 @@ module HrrRbSsh
             ptm = context.vars[:ptm]
             pts = context.vars[:pts]
 
-            context.io[2].close # never use err output in shell handler
-
             context.chain_proc { |chain|
+              passwd = Etc.getpwnam(context.username)
+
+              env = context.vars.fetch(:env, Hash.new)
+              env['USER']  = passwd.name
+              env['HOME']  = passwd.dir
+              env['SHELL'] = passwd.shell
+
+              program = [passwd.shell, passwd.shell.split('/').last.sub(/^/,'-')]
+
+              args = Array.new
+
+              options = Hash.new
+              options[:unsetenv_others] = true
+              options[:close_others] = true
+
               pid = fork do
                 ptm.close
                 Process.setsid
+                Dir.chdir passwd.dir
+                Process.gid  = passwd.gid
+                Process.egid = passwd.gid
+                Process.uid  = passwd.uid
+                Process.euid = passwd.uid
                 STDIN.reopen  pts, 'r'
                 STDOUT.reopen pts, 'w'
                 STDERR.reopen pts, 'w'
                 pts.close
-                context.vars[:env] ||= Hash.new
-                exec context.vars[:env], 'login', '-pf', context.username
+                exec env, program, *args, options
               end
 
               pts.close
 
-              threads = []
-              threads.push Thread.start {
+              ptm_read_thread = Thread.start {
                 loop do
                   begin
-                    context.io[1].write ptm.readpartial(1024)
+                    context.io[1].write ptm.readpartial(10240)
                   rescue EOFError => e
-                    context.logger.info { "ptm is EOF" }
+                    context.logger.info { "ptm is EOF in ptm_read_thread" }
                     break
                   rescue IOError => e
-                    context.logger.warn { "IO is closed" }
+                    context.logger.warn { "IO Error in ptm_read_thread" }
+                    break
+                  rescue Errno::EIO => e
+                    context.logger.info { "EIO Error in ptm_read_thread" }
                     break
                   rescue => e
                     context.logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
                     break
                   end
                 end
-                context.io[1].close
               }
-              threads.push Thread.start {
+              ptm_write_thread = Thread.start {
                 loop do
                   begin
-                    ptm.write context.io[0].readpartial(1024)
+                    ptm.write context.io[0].readpartial(10240)
                   rescue EOFError => e
-                    context.logger.info { "IO is EOF" }
+                    context.logger.info { "IO is EOF in ptm_write_thread" }
                     break
                   rescue IOError => e
-                    context.logger.warn { "IO is closed" }
+                    context.logger.warn { "IO Error in ptm_write_thread" }
+                    break
+                  rescue Errno::EIO => e
+                    context.logger.info { "EIO Error in ptm_read_thread" }
                     break
                   rescue => e
                     context.logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
                     break
                   end
                 end
-                ptm.close
               }
 
               begin
@@ -86,13 +107,16 @@ module HrrRbSsh
                   end
                   context.logger.info { "shell exited with status #{status.inspect}" }
                 end
-                threads.each do |t|
-                  begin
-                    t.exit
-                    t.join
-                  rescue => e
-                    context.logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
-                  end
+                begin
+                  ptm_read_thread.join
+                rescue => e
+                  context.logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+                end
+                begin
+                  ptm_write_thread.exit
+                  ptm_write_thread.join
+                rescue => e
+                  context.logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
                 end
                 context.logger.info { "proc chain finished" }
               end

data/lib/hrr_rb_ssh/connection/request_handler/reference_window_change_request_handler.rb

@@ -12,7 +12,7 @@ module HrrRbSsh
         def initialize
           @logger = HrrRbSsh::Logger.new self.class.name
           @proc = Proc.new { |context|
-            context.vars[:ptm].winsize = [context.terminal_height_rows, context.terminal_width_columns]
+            context.vars[:ptm].winsize = [context.terminal_height_rows, context.terminal_width_columns, context.terminal_width_pixels, context.terminal_height_pixels]
           }
         end
       end

data/lib/hrr_rb_ssh/openssl_secure_random.rb

@@ -0,0 +1,12 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'securerandom'
+require 'openssl'
+
+module HrrRbSsh
+  module OpenSslSecureRandom
+    N_BYTES = 1024
+    OpenSSL::Random.seed SecureRandom.random_bytes(N_BYTES)
+  end
+end

data/lib/hrr_rb_ssh/transport.rb

@@ -53,6 +53,7 @@ module HrrRbSsh
     def initialize io, mode, options={}
       @io = io
       @mode = mode
+      @options = options
 
       @logger = HrrRbSsh::Logger.new self.class.name
 
@@ -76,7 +77,7 @@ module HrrRbSsh
       @acceptable_services = Array.new
 
       update_supported_algorithms
-      update_preferred_algorithms options
+      update_preferred_algorithms
       initialize_local_algorithms
       initialize_algorithms
     end
@@ -185,6 +186,8 @@ module HrrRbSsh
       @logger.info { "close transport" }
       @closed = true
       disconnect
+      @incoming_compression_algorithm.close
+      @outgoing_compression_algorithm.close
       @logger.info { "transport closed" }
     end
 
@@ -254,12 +257,12 @@ module HrrRbSsh
       @supported_compression_algorithms     = HrrRbSsh::Transport::CompressionAlgorithm.list_supported
     end
 
-    def update_preferred_algorithms options
-      @preferred_kex_algorithms             = options['transport_preferred_kex_algorithms']             || HrrRbSsh::Transport::KexAlgorithm.list_preferred
-      @preferred_server_host_key_algorithms = options['transport_preferred_server_host_key_algorithms'] || HrrRbSsh::Transport::ServerHostKeyAlgorithm.list_preferred
-      @preferred_encryption_algorithms      = options['transport_preferred_encryption_algorithms']      || HrrRbSsh::Transport::EncryptionAlgorithm.list_preferred
-      @preferred_mac_algorithms             = options['transport_preferred_mac_algorithms']             || HrrRbSsh::Transport::MacAlgorithm.list_preferred
-      @preferred_compression_algorithms     = options['transport_preferred_compression_algorithms']     || HrrRbSsh::Transport::CompressionAlgorithm.list_preferred
+    def update_preferred_algorithms
+      @preferred_kex_algorithms             = @options['transport_preferred_kex_algorithms']             || HrrRbSsh::Transport::KexAlgorithm.list_preferred
+      @preferred_server_host_key_algorithms = @options['transport_preferred_server_host_key_algorithms'] || HrrRbSsh::Transport::ServerHostKeyAlgorithm.list_preferred
+      @preferred_encryption_algorithms      = @options['transport_preferred_encryption_algorithms']      || HrrRbSsh::Transport::EncryptionAlgorithm.list_preferred
+      @preferred_mac_algorithms             = @options['transport_preferred_mac_algorithms']             || HrrRbSsh::Transport::MacAlgorithm.list_preferred
+      @preferred_compression_algorithms     = @options['transport_preferred_compression_algorithms']     || HrrRbSsh::Transport::CompressionAlgorithm.list_preferred
 
       check_if_preferred_algorithms_are_supported
     end
@@ -430,8 +433,9 @@ module HrrRbSsh
         server_host_key_algorithm_name = @local_server_host_key_algorithms.find{ |a| @remote_server_host_key_algorithms.include? a } or raise
       end
 
+      server_secret_host_key = @options.fetch('transport_server_secret_host_keys', {}).fetch(server_host_key_algorithm_name, nil)
       @kex_algorithm             = HrrRbSsh::Transport::KexAlgorithm[kex_algorithm_name].new
-      @server_host_key_algorithm = HrrRbSsh::Transport::ServerHostKeyAlgorithm[server_host_key_algorithm_name].new
+      @server_host_key_algorithm = HrrRbSsh::Transport::ServerHostKeyAlgorithm[server_host_key_algorithm_name].new server_secret_host_key
     end
 
     def update_encryption_mac_compression_algorithms
@@ -479,6 +483,8 @@ module HrrRbSsh
         incoming_compression_algorithm_name = compression_algorithm_c_to_s_name
         outgoing_compression_algorithm_name = compression_algorithm_s_to_c_name
       end
+      @incoming_compression_algorithm.close
+      @outgoing_compression_algorithm.close
       @incoming_compression_algorithm = HrrRbSsh::Transport::CompressionAlgorithm[incoming_compression_algorithm_name].new Direction::INCOMING
       @outgoing_compression_algorithm = HrrRbSsh::Transport::CompressionAlgorithm[outgoing_compression_algorithm_name].new Direction::OUTGOING
     end

data/lib/hrr_rb_ssh/transport/compression_algorithm/functionable.rb

@@ -25,6 +25,11 @@ module HrrRbSsh
         def inflate data
           @inflator.inflate(data)
         end
+
+        def close
+          @deflator.close if @deflator && @deflator.closed?.!
+          @inflator.close if @inflator && @inflator.closed?.!
+        end
       end
     end
   end

data/lib/hrr_rb_ssh/transport/compression_algorithm/unfunctionable.rb

@@ -18,6 +18,10 @@ module HrrRbSsh
         def inflate data
           data
         end
+
+        def close
+          nil
+        end
       end
     end
   end

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp256.rb

@@ -2,6 +2,7 @@
 # vim: et ts=2 sw=2
 
 require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/openssl_secure_random'
 
 module HrrRbSsh
   class Transport
@@ -11,17 +12,11 @@ module HrrRbSsh
         PREFERENCE = 30
         DIGEST = 'sha256'
         IDENTIFIER = 'nistp256'
-        SECRET_KEY = <<-EOB
------BEGIN EC PRIVATE KEY-----
-MHcCAQEEIB+8vCekxXfgw+Nz10ZykUGaI+X6ftdGG6b2UX2iz7oEoAoGCCqGSM49
-AwEHoUQDQgAEt1em9ko6A2kZFFwVtKgQ0xpggZg17EJQmhFz7ObGNsZ8VIFEc0Hg
-SpNC6qrqdhUfVAjsF9y5O/3Z/LGh/lNTig==
------END EC PRIVATE KEY-----
-        EOB
+        SECRET_KEY = OpenSSL::PKey::EC.new('prime256v1').generate_key.to_pem
 
-        def initialize
+        def initialize secret_key=nil
           @logger = HrrRbSsh::Logger.new(self.class.name)
-          @algorithm = OpenSSL::PKey::EC.new SECRET_KEY
+          @algorithm = OpenSSL::PKey::EC.new (secret_key || self.class::SECRET_KEY)
         end
 
         def server_public_host_key

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp384.rb

@@ -2,6 +2,7 @@
 # vim: et ts=2 sw=2
 
 require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/openssl_secure_random'
 
 module HrrRbSsh
   class Transport
@@ -11,18 +12,11 @@ module HrrRbSsh
         PREFERENCE = 40
         DIGEST = 'sha384'
         IDENTIFIER = 'nistp384'
-        SECRET_KEY = <<-EOB
------BEGIN EC PRIVATE KEY-----
-MIGkAgEBBDCKZ6ulBka9rUw+gqKiQdVBG6fzH1klswyMrxrzCcfwRfoc5CGnj8e7
-emk+IHyUsd6gBwYFK4EEACKhZANiAATnWMWRgfp3DFiBmdT7LunyBk9YIBYqPsrk
-Zil+AWvlISusiW2JcZVB+Hz79tyrgzfwp6n6k9r5s31EIGTGf/n7UMwISrUCfcx+
-xVrnYV8pOoy+dcUiGb9okf1jc41bLHc=
------END EC PRIVATE KEY-----
-        EOB
+        SECRET_KEY = OpenSSL::PKey::EC.new('secp384r1').generate_key.to_pem
 
-        def initialize
+        def initialize secret_key=nil
           @logger = HrrRbSsh::Logger.new(self.class.name)
-          @algorithm = OpenSSL::PKey::EC.new SECRET_KEY
+          @algorithm = OpenSSL::PKey::EC.new (secret_key || self.class::SECRET_KEY)
         end
 
         def server_public_host_key

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ecdsa_sha2_nistp521.rb

@@ -2,6 +2,7 @@
 # vim: et ts=2 sw=2
 
 require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/openssl_secure_random'
 
 module HrrRbSsh
   class Transport
@@ -11,19 +12,11 @@ module HrrRbSsh
         PREFERENCE = 50
         DIGEST = 'sha512'
         IDENTIFIER = 'nistp521'
-        SECRET_KEY = <<-EOB
------BEGIN EC PRIVATE KEY-----
-MIHcAgEBBEIByLZ82qYoJid43PwFAdhr3mSH7SalBTdrK8H6h4p3RKEisAsVhmVb
-Sx+uGtgKVxxZT5s9tjr7W7Aqc6We5Fg9z7igBwYFK4EEACOhgYkDgYYABAFLHJ3H
-6HBJyJFsN2PRsjJyRMfYE57BB8dmZgwTsHuSAXBkj+2g4ucwtF240zAWw6JOYdqE
-V5O4BMNxGfYj+0ceKABJ4MgfUXQ3a1cXn8Dk2Q2uibbfVi7tQ7ET4k/A6B9f/Zwq
-/zEM5OVWhfyc+vuEg+TfTtTqgVI2zJpLI7+mSjB/5Q==
------END EC PRIVATE KEY-----
-        EOB
+        SECRET_KEY = OpenSSL::PKey::EC.new('secp521r1').generate_key.to_pem
 
-        def initialize
+        def initialize secret_key=nil
           @logger = HrrRbSsh::Logger.new(self.class.name)
-          @algorithm = OpenSSL::PKey::EC.new SECRET_KEY
+          @algorithm = OpenSSL::PKey::EC.new (secret_key || self.class::SECRET_KEY)
         end
 
         def server_public_host_key

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_dss.rb

@@ -3,6 +3,7 @@
 
 require 'hrr_rb_ssh/logger'
 require 'hrr_rb_ssh/data_type'
+require 'hrr_rb_ssh/openssl_secure_random'
 
 module HrrRbSsh
   class Transport
@@ -11,24 +12,11 @@ module HrrRbSsh
         NAME = 'ssh-dss'
         PREFERENCE = 10
         DIGEST = 'sha1'
-        SECRET_KEY = <<-EOB
------BEGIN DSA PRIVATE KEY-----
-MIIBuwIBAAKBgQD3fQ6cwTtOJpVI0iASOQZxkhwPRNy7UwovQkEK6bXW33HaCebO
-PnNiY/rR4uFhjvHRzF8KnC8xk3fNo4ZJQJlaEHv6qySiXHeX1fw/eo/uzM5WafLd
-oaRtE2muky1i3FBCiboXDlNcwuA/efsOE5qsGBbk6svw+8pGolHmOZFSvQIVAN2G
-ZxtE9Kqqh6z48/VulQZsrh5hAoGAH3191okH8kUwP3dinp5j5YtNzrJ20sBXNNZG
-0aWjtS2xjSjIXjnlkiwhhvcUcCEkUQ507exvSLgf4dyV/V4+nf5Q5zjLztiSMe9D
-qhTRIR23lsDu0OdITQihTu+Y4GEvNLUL9r2P1aoF/sde97xzzqmXPKx0UL1nNzcL
-dnAdjjMCgYAa1dRvXe65jufPk0kRwhewRSScfg+YK4DOLUYGalsjHZbXtXqHKNpB
-YkTlWKMg6QVREN0+5aNY1z1aJAbNboLz55YBnS9tOBYzvsXQF7ZP1ECMO6m4I8DI
-wxt35i8hEVOJc+8x/xtmogzbjepar+1UycJQTMjhvqCW7RF4LuepvwIVANELTvnl
-MRl/p42OrQzL/chRPvRf
------END DSA PRIVATE KEY-----
-        EOB
+        SECRET_KEY = OpenSSL::PKey::DSA.new(1024).to_pem
 
-        def initialize
+        def initialize secret_key=nil
           @logger = HrrRbSsh::Logger.new(self.class.name)
-          @dss = OpenSSL::PKey::DSA.new SECRET_KEY
+          @dss = OpenSSL::PKey::DSA.new (secret_key || self.class::SECRET_KEY)
         end
 
         def server_public_host_key

data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/ssh_rsa.rb

@@ -2,6 +2,7 @@
 # vim: et ts=2 sw=2
 
 require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/openssl_secure_random'
 
 module HrrRbSsh
   class Transport
@@ -10,39 +11,11 @@ module HrrRbSsh
         NAME = 'ssh-rsa'
         PREFERENCE = 20
         DIGEST = 'sha1'
-        SECRET_KEY = <<-EOB
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA71zHt9RvbXmxuOCWPKR65iBHO+a8M7Mfo4vRCs/dorZN7XL1
-lYwjclvo0X1T39BRX+qJ2m4HB+7Vlef9YF7spYKm6czuSCYmJjD5X+PW5QYSGED1
-fFSXwjTdDwJi1OKS4kL0Dd6zcSjlFxfjVLNCyUcix36XgDpoBLBFkDZd5P2ow3J6
-WNanBasXrckjCk4M3kFclvmxl1O56bbV9VZq51ZqLjv/ZhOrE3WIPfrJGdZssODa
-DnI6tM1puwZGVba9VaI8FfnuJcacJ3T9oEoXPY5W+kPZAw6dOARXnJTg+oZk/dBD
-Bgej0aMO+1XM7HKz5BiqbhGGSXGas5zoefHbNwIDAQABAoIBAQDP2aQ/2EOuL8eI
-/9TV8goafRr+RB1XU4r8zHOIzPnryhyfPX1OEDPToUXpa8gCiPWwsYxlVbfbRqTH
-mHzoS2V5T5u7WE3t7tqfvVU+1C0OERhzYS0KeraRWLBA0VSbAeiEe5lL1f/CGr3c
-MM0iBsvO1mu4ChBqs80RjTPKx7r/FStpWtqWN4kn+Bhj06qCqhftnudZdYFTHa/G
-ia4YWOUH6dSIZKpE7oG53Gm/2ZdK2YiAgMOdrTQkvRzxuIa/RHaETj21hKpetmI7
-TfS26RbU2t1Bf/fdFhtTqoAz+CrZEH7Z407ZO45fdc31zJAFIK2Zf3CDVnKwih3t
-O0bEVSSpAoGBAP/zEWaTivdQtcemMRhFQBySgnStov+dsxnGBnTkWxVIU7VoFgyg
-mgNRlWUxMf12mlfqBVRpx0/ALggHf5KFmbAZ+3qvKSLmfIVM5E9l5NKbZnCWtIqq
-1DN9kHPPOZn3uYvOs9Cpn7S6sa+rVZ82Mg8EZMsPesvFMOjrgNbMQxt7AoGBAO9o
-38VM0+M09sAgOhmqv+Esa2gUGw5n18o/fdmlZdnA+D2ntgr70AD6JUCSYrZgTJRq
-HNMuKrbD6HyaPjVaxYJVCFJIcfV+nViZdE8cHh9WXQ/JP/T6nvNajCC8StvoQg4I
-vAZFTzChoe2yrOsWXezn9QAecQ8L2WHDLImpayR1AoGADoc1jaUCVld2egas8ru7
-j+OhFA5nGitRZz0eULRFl0eruLhXyA+1rkqLOFs6gzCgQi0+cDQw5A38jugeDasX
-ti9DXwtiQmDi4I4kx3z5KBs6DVoAlX5s3R9be7dfhaXSGmV5P3bhYdjXDSmkio0A
-+mk9b2lJhxeCVzZG8epWRNECgYB2KzGoVQ+Q6ieRFVcYLCuhnSc2rBXeumrMrSIV
-N4paPOFKrWkxarF0igOxJ5AJrOafqvCnW/ZBV9l9BzUFaNRsTERbON7m6aQIg1Xh
-ZmOH3Dz6+b7T0JB8VYks70OT38Qa4TzNa5B21JD0nmizcMrTkHphoKT1ZEfb9VYa
-bMExsQKBgQDoSpo/ZP8+dwR1A/gcu2K5Ie47c3WgKw7qQMarxqzTeS8Xu6/KAn+J
-Ka2zIvoHhxlhXFBRhp+FIaFlYRR38gHeNxCoUylpboCUyMkHOsOP43AiKsmbNK20
-vzTNM3SFzgt3bHkdEtDLc64aoBX+dHOot6u71XLZrshnHPtiZ0C/ZA==
------END RSA PRIVATE KEY-----
-        EOB
+        SECRET_KEY = OpenSSL::PKey::RSA.new(2048).to_pem
 
-        def initialize
+        def initialize secret_key=nil
           @logger = HrrRbSsh::Logger.new(self.class.name)
-          @rsa = OpenSSL::PKey::RSA.new SECRET_KEY
+          @rsa = OpenSSL::PKey::RSA.new (secret_key || self.class::SECRET_KEY)
         end
 
         def server_public_host_key

data/lib/hrr_rb_ssh/version.rb

@@ -2,5 +2,5 @@
 # vim: et ts=2 sw=2
 
 module HrrRbSsh
-  VERSION = "0.1.8"
+  VERSION = "0.1.9"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hrr_rb_ssh
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.1.9
 platform: ruby
 authors:
 - hirura
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-05-01 00:00:00.000000000 Z
+date: 2018-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -193,6 +193,7 @@ files:
 - lib/hrr_rb_ssh/message/098_ssh_msg_channel_request.rb
 - lib/hrr_rb_ssh/message/099_ssh_msg_channel_success.rb
 - lib/hrr_rb_ssh/message/100_ssh_msg_channel_failure.rb
+- lib/hrr_rb_ssh/openssl_secure_random.rb
 - lib/hrr_rb_ssh/subclass_with_preference_listable.rb
 - lib/hrr_rb_ssh/transport.rb
 - lib/hrr_rb_ssh/transport/compression_algorithm.rb