hrr_rb_ssh 0.4.0.pre1 → 0.4.0.pre2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +16 -8
- data/demo/client.rb +1 -3
- data/demo/echo_server.rb +1 -3
- data/demo/more_flexible_auth.rb +1 -3
- data/demo/multi_step_auth.rb +1 -3
- data/demo/server.rb +1 -3
- data/demo/subsystem_echo_server.rb +1 -3
- data/hrr_rb_ssh.gemspec +1 -1
- data/lib/hrr_rb_ssh/algorithm/publickey/ecdsa_sha2.rb +12 -9
- data/lib/hrr_rb_ssh/algorithm/publickey/ssh_dss.rb +10 -7
- data/lib/hrr_rb_ssh/algorithm/publickey/ssh_rsa.rb +9 -6
- data/lib/hrr_rb_ssh/authentication/method/keyboard_interactive/context.rb +9 -8
- data/lib/hrr_rb_ssh/authentication/method/keyboard_interactive/info_request.rb +6 -5
- data/lib/hrr_rb_ssh/authentication/method/keyboard_interactive/info_response.rb +5 -2
- data/lib/hrr_rb_ssh/authentication/method/keyboard_interactive.rb +12 -10
- data/lib/hrr_rb_ssh/authentication/method/none/context.rb +7 -6
- data/lib/hrr_rb_ssh/authentication/method/none.rb +10 -8
- data/lib/hrr_rb_ssh/authentication/method/password/context.rb +7 -6
- data/lib/hrr_rb_ssh/authentication/method/password.rb +10 -8
- data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/functionable.rb +13 -11
- data/lib/hrr_rb_ssh/authentication/method/publickey/context.rb +5 -2
- data/lib/hrr_rb_ssh/authentication/method/publickey.rb +16 -14
- data/lib/hrr_rb_ssh/authentication.rb +28 -27
- data/lib/hrr_rb_ssh/client.rb +58 -56
- data/lib/hrr_rb_ssh/codable.rb +20 -10
- data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb +20 -18
- data/lib/hrr_rb_ssh/connection/channel/channel_type/forwarded_tcpip.rb +20 -18
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain/chain_context.rb +0 -3
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/proc_chain.rb +0 -2
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env/context.rb +5 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/env.rb +2 -5
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec/context.rb +5 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/exec.rb +2 -5
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req/context.rb +5 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/pty_req.rb +2 -5
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/shell/context.rb +5 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/shell.rb +2 -5
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem/context.rb +5 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/subsystem.rb +2 -5
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change/context.rb +5 -4
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/window_change.rb +2 -5
- data/lib/hrr_rb_ssh/connection/channel/channel_type/session.rb +14 -12
- data/lib/hrr_rb_ssh/connection/channel.rb +73 -71
- data/lib/hrr_rb_ssh/connection/global_request_handler.rb +14 -12
- data/lib/hrr_rb_ssh/connection/request_handler/reference_env_request_handler.rb +0 -2
- data/lib/hrr_rb_ssh/connection/request_handler/reference_exec_request_handler.rb +4 -6
- data/lib/hrr_rb_ssh/connection/request_handler/reference_pty_req_request_handler.rb +10 -12
- data/lib/hrr_rb_ssh/connection/request_handler/reference_shell_request_handler.rb +4 -6
- data/lib/hrr_rb_ssh/connection/request_handler/reference_window_change_request_handler.rb +0 -2
- data/lib/hrr_rb_ssh/connection/request_handler.rb +1 -3
- data/lib/hrr_rb_ssh/connection.rb +53 -53
- data/lib/hrr_rb_ssh/loggable.rb +42 -0
- data/lib/hrr_rb_ssh/server.rb +11 -9
- data/lib/hrr_rb_ssh/transport/compression_algorithm/functionable.rb +5 -3
- data/lib/hrr_rb_ssh/transport/compression_algorithm/unfunctionable.rb +5 -3
- data/lib/hrr_rb_ssh/transport/encryption_algorithm/functionable.rb +5 -3
- data/lib/hrr_rb_ssh/transport/encryption_algorithm/unfunctionable.rb +5 -3
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman.rb +9 -8
- data/lib/hrr_rb_ssh/transport/kex_algorithm/diffie_hellman_group_exchange.rb +13 -12
- data/lib/hrr_rb_ssh/transport/kex_algorithm/elliptic_curve_diffie_hellman.rb +9 -8
- data/lib/hrr_rb_ssh/transport/mac_algorithm/functionable.rb +5 -3
- data/lib/hrr_rb_ssh/transport/mac_algorithm/unfunctionable.rb +5 -3
- data/lib/hrr_rb_ssh/transport/receiver.rb +8 -7
- data/lib/hrr_rb_ssh/transport/sender.rb +5 -3
- data/lib/hrr_rb_ssh/transport/sequence_number.rb +0 -4
- data/lib/hrr_rb_ssh/transport/server_host_key_algorithm/functionable.rb +5 -3
- data/lib/hrr_rb_ssh/transport.rb +41 -40
- data/lib/hrr_rb_ssh/version.rb +1 -1
- data/lib/hrr_rb_ssh.rb +0 -1
- metadata +6 -6
- data/lib/hrr_rb_ssh/logger.rb +0 -56
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c30f9080fe870a47276559ae2d1588f29b2f3d9c90cdaea619e0c970d9c26c6e
|
4
|
+
data.tar.gz: 7c35bae6dd374c12c0931d260ce3304ea7e81a3922a47cc3c0ecb8f90b2bf595
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ebb98c0c172d302717ae84340693257eca78bba519901654b36913feb2f411a3dbb68e3bd11aa6aa42e14c9387173d860fa2992bec9e9a0dcc9fe6cc6233c2be
|
7
|
+
data.tar.gz: 79f2911726153c16c0acecc9fa34794bf734dfcd1bead634fab377816d0410ed113d5f229e2edc70eafd17fdccda86fad19eaa4a7fc06a2e0d61db190d478ab2
|
data/README.md
CHANGED
@@ -82,25 +82,33 @@ require 'hrr_rb_ssh'
|
|
82
82
|
|
83
83
|
__IMPORTANT__: DEBUG log level outputs all communications between local and remote in human-readable plain-text including password and any secret. Be careful to use logging.
|
84
84
|
|
85
|
-
The library provides logging functionality. To enable logging
|
85
|
+
The library provides logging functionality. To enable logging in the library, you are to give a `logger` to `Server.new` or `Client.new`.
|
86
86
|
|
87
87
|
```ruby
|
88
|
-
HrrRbSsh::
|
88
|
+
HrrRbSsh::Server.new options, logger: logger
|
89
89
|
```
|
90
90
|
|
91
|
-
|
91
|
+
or
|
92
92
|
|
93
|
-
|
93
|
+
```ruby
|
94
|
+
HrrRbSsh::Client.new target, options, logger: logger
|
95
|
+
```
|
96
|
+
|
97
|
+
Where, the `logger` variable can be an instance of standard Logger class or user-defined logger class. What the library requires for `logger` variable is that the `logger` instance responds to `#fatal`, `#error`, `#warn`, `#info` and `#debug` with the following syntax.
|
94
98
|
|
95
99
|
```ruby
|
96
|
-
logger
|
97
|
-
logger.
|
100
|
+
logger.fatal(progname){ message }
|
101
|
+
logger.error(progname){ message }
|
102
|
+
logger.warn(progname){ message }
|
103
|
+
logger.info(progname){ message }
|
104
|
+
logger.debug(progname){ message }
|
98
105
|
```
|
99
106
|
|
100
|
-
|
107
|
+
For instance, `logger` variable can be prepared like below.
|
101
108
|
|
102
109
|
```ruby
|
103
|
-
|
110
|
+
logger = Logger.new STDOUT
|
111
|
+
logger.level = Logger::INFO
|
104
112
|
```
|
105
113
|
|
106
114
|
### Writing standard SSH server
|
data/demo/client.rb
CHANGED
@@ -11,9 +11,7 @@ rescue LoadError
|
|
11
11
|
end
|
12
12
|
|
13
13
|
logger = Logger.new STDOUT
|
14
|
-
logger.level = Logger::INFO
|
15
14
|
logger.level = Logger::DEBUG
|
16
|
-
HrrRbSsh::Logger.initialize logger
|
17
15
|
|
18
16
|
target = ['localhost', 10022]
|
19
17
|
options = {
|
@@ -25,7 +23,7 @@ options = {
|
|
25
23
|
#'password2' # when keyboard-interactive authentication requires 2nd response
|
26
24
|
],
|
27
25
|
}
|
28
|
-
HrrRbSsh::Client.start(target, options){ |conn|
|
26
|
+
HrrRbSsh::Client.start(target, options, logger: logger){ |conn|
|
29
27
|
puts conn.exec!('ls -l') # => [out, err]
|
30
28
|
|
31
29
|
puts conn.exec!('ls -l', pty: true) # => [out, err] # "ls -l" command will be run on PTY
|
data/demo/echo_server.rb
CHANGED
@@ -12,8 +12,6 @@ def start_service io, logger=nil
|
|
12
12
|
require 'hrr_rb_ssh'
|
13
13
|
end
|
14
14
|
|
15
|
-
HrrRbSsh::Logger.initialize logger if logger
|
16
|
-
|
17
15
|
auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
|
18
16
|
true # accept any user and password
|
19
17
|
}
|
@@ -39,7 +37,7 @@ def start_service io, logger=nil
|
|
39
37
|
options['authentication_password_authenticator'] = auth_password
|
40
38
|
options['connection_channel_request_shell'] = conn_echo
|
41
39
|
|
42
|
-
server = HrrRbSsh::Server.new options
|
40
|
+
server = HrrRbSsh::Server.new options, logger: logger
|
43
41
|
server.start io
|
44
42
|
end
|
45
43
|
|
data/demo/more_flexible_auth.rb
CHANGED
@@ -15,8 +15,6 @@ def start_service io, logger=nil
|
|
15
15
|
require 'hrr_rb_ssh'
|
16
16
|
end
|
17
17
|
|
18
|
-
HrrRbSsh::Logger.initialize logger if logger
|
19
|
-
|
20
18
|
auth_none = HrrRbSsh::Authentication::Authenticator.new { |context|
|
21
19
|
context.authentication_methods.push 'publickey'
|
22
20
|
HrrRbSsh::Authentication::PARTIAL_SUCCESS
|
@@ -66,7 +64,7 @@ def start_service io, logger=nil
|
|
66
64
|
options['connection_channel_request_exec'] = HrrRbSsh::Connection::RequestHandler::ReferenceExecRequestHandler.new
|
67
65
|
options['connection_channel_request_window_change'] = HrrRbSsh::Connection::RequestHandler::ReferenceWindowChangeRequestHandler.new
|
68
66
|
|
69
|
-
server = HrrRbSsh::Server.new options
|
67
|
+
server = HrrRbSsh::Server.new options, logger: logger
|
70
68
|
server.start io
|
71
69
|
end
|
72
70
|
|
data/demo/multi_step_auth.rb
CHANGED
@@ -15,8 +15,6 @@ def start_service io, logger=nil
|
|
15
15
|
require 'hrr_rb_ssh'
|
16
16
|
end
|
17
17
|
|
18
|
-
HrrRbSsh::Logger.initialize logger if logger
|
19
|
-
|
20
18
|
auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
|
21
19
|
users = ['user1', 'user2']
|
22
20
|
is_verified = users.any?{ |username|
|
@@ -60,7 +58,7 @@ def start_service io, logger=nil
|
|
60
58
|
options['connection_channel_request_exec'] = HrrRbSsh::Connection::RequestHandler::ReferenceExecRequestHandler.new
|
61
59
|
options['connection_channel_request_window_change'] = HrrRbSsh::Connection::RequestHandler::ReferenceWindowChangeRequestHandler.new
|
62
60
|
|
63
|
-
server = HrrRbSsh::Server.new options
|
61
|
+
server = HrrRbSsh::Server.new options, logger: logger
|
64
62
|
server.start io
|
65
63
|
end
|
66
64
|
|
data/demo/server.rb
CHANGED
@@ -15,8 +15,6 @@ def start_service io, logger=nil
|
|
15
15
|
require 'hrr_rb_ssh'
|
16
16
|
end
|
17
17
|
|
18
|
-
HrrRbSsh::Logger.initialize logger if logger
|
19
|
-
|
20
18
|
tran_preferred_encryption_algorithms = %w(aes128-ctr aes192-ctr aes256-ctr aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc arcfour)
|
21
19
|
tran_preferred_server_host_key_algorithms = %w(ecdsa-sha2-nistp521 ecdsa-sha2-nistp384 ecdsa-sha2-nistp256 ssh-rsa ssh-dss)
|
22
20
|
tran_preferred_kex_algorithms = %w(ecdh-sha2-nistp521 ecdh-sha2-nistp384 ecdh-sha2-nistp256 diffie-hellman-group14-sha1 diffie-hellman-group1-sha1)
|
@@ -89,7 +87,7 @@ OfeosJOO9twerD7pPhmXREkygblPsEXaVA==
|
|
89
87
|
options['connection_channel_request_exec'] = HrrRbSsh::Connection::RequestHandler::ReferenceExecRequestHandler.new
|
90
88
|
options['connection_channel_request_window_change'] = HrrRbSsh::Connection::RequestHandler::ReferenceWindowChangeRequestHandler.new
|
91
89
|
|
92
|
-
server = HrrRbSsh::Server.new options
|
90
|
+
server = HrrRbSsh::Server.new options, logger: logger
|
93
91
|
server.start io
|
94
92
|
end
|
95
93
|
|
@@ -12,8 +12,6 @@ def start_service io, logger=nil
|
|
12
12
|
require 'hrr_rb_ssh'
|
13
13
|
end
|
14
14
|
|
15
|
-
HrrRbSsh::Logger.initialize logger if logger
|
16
|
-
|
17
15
|
auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
|
18
16
|
true # accept any user and password
|
19
17
|
}
|
@@ -47,7 +45,7 @@ def start_service io, logger=nil
|
|
47
45
|
options['authentication_password_authenticator'] = auth_password
|
48
46
|
options['connection_channel_request_subsystem'] = conn_echo
|
49
47
|
|
50
|
-
server = HrrRbSsh::Server.new options
|
48
|
+
server = HrrRbSsh::Server.new options, logger: logger
|
51
49
|
server.start io
|
52
50
|
end
|
53
51
|
|
data/hrr_rb_ssh.gemspec
CHANGED
@@ -22,7 +22,7 @@ Gem::Specification.new do |spec|
|
|
22
22
|
|
23
23
|
spec.required_ruby_version = '>= 2.0.0'
|
24
24
|
|
25
|
-
spec.add_development_dependency "rake", "~>
|
25
|
+
spec.add_development_dependency "rake", "~> 12.0"
|
26
26
|
spec.add_development_dependency "rspec", "~> 3.0"
|
27
27
|
spec.add_development_dependency "simplecov", "~> 0.16"
|
28
28
|
end
|
@@ -1,14 +1,17 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
4
|
+
require 'hrr_rb_ssh/loggable'
|
5
5
|
require 'hrr_rb_ssh/data_type'
|
6
6
|
|
7
7
|
module HrrRbSsh
|
8
8
|
module Algorithm
|
9
9
|
class Publickey
|
10
10
|
module EcdsaSha2
|
11
|
-
|
11
|
+
include Loggable
|
12
|
+
|
13
|
+
def initialize arg, logger: nil
|
14
|
+
self.logger = logger
|
12
15
|
begin
|
13
16
|
new_by_key_str arg
|
14
17
|
rescue OpenSSL::PKey::ECError
|
@@ -21,7 +24,7 @@ module HrrRbSsh
|
|
21
24
|
end
|
22
25
|
|
23
26
|
def new_by_public_key_blob public_key_blob
|
24
|
-
public_key_blob_h = PublicKeyBlob.decode
|
27
|
+
public_key_blob_h = PublicKeyBlob.decode public_key_blob, logger: logger
|
25
28
|
@publickey = OpenSSL::PKey::EC.new(self.class::CURVE_NAME)
|
26
29
|
@publickey.public_key = OpenSSL::PKey::EC::Point.new(@publickey.group, OpenSSL::BN.new(public_key_blob_h[:'Q'], 2))
|
27
30
|
end
|
@@ -36,20 +39,20 @@ module HrrRbSsh
|
|
36
39
|
:'identifier' => self.class::IDENTIFIER,
|
37
40
|
:'Q' => @publickey.public_key.to_bn.to_s(2)
|
38
41
|
}
|
39
|
-
PublicKeyBlob.encode
|
42
|
+
PublicKeyBlob.encode public_key_blob_h, logger: logger
|
40
43
|
end
|
41
44
|
|
42
45
|
def ecdsa_signature_blob signature_blob
|
43
46
|
hash = OpenSSL::Digest.digest(self.class::DIGEST, signature_blob)
|
44
47
|
sign_der = @publickey.dsa_sign_asn1(hash)
|
45
|
-
sign_asn1 = OpenSSL::ASN1.decode
|
48
|
+
sign_asn1 = OpenSSL::ASN1.decode sign_der
|
46
49
|
r = sign_asn1.value[0].value.to_i
|
47
50
|
s = sign_asn1.value[1].value.to_i
|
48
51
|
ecdsa_signature_blob_h = {
|
49
52
|
:'r' => r,
|
50
53
|
:'s' => s,
|
51
54
|
}
|
52
|
-
EcdsaSignatureBlob.encode ecdsa_signature_blob_h
|
55
|
+
EcdsaSignatureBlob.encode ecdsa_signature_blob_h, logger: logger
|
53
56
|
end
|
54
57
|
|
55
58
|
def sign signature_blob
|
@@ -57,12 +60,12 @@ module HrrRbSsh
|
|
57
60
|
:'public key algorithm name' => self.class::NAME,
|
58
61
|
:'ecdsa signature blob' => ecdsa_signature_blob(signature_blob),
|
59
62
|
}
|
60
|
-
Signature.encode signature_h
|
63
|
+
Signature.encode signature_h, logger: logger
|
61
64
|
end
|
62
65
|
|
63
66
|
def verify signature, signature_blob
|
64
|
-
signature_h = Signature.decode signature
|
65
|
-
ecdsa_signature_blob_h = EcdsaSignatureBlob.decode signature_h[:'ecdsa signature blob']
|
67
|
+
signature_h = Signature.decode signature, logger: logger
|
68
|
+
ecdsa_signature_blob_h = EcdsaSignatureBlob.decode signature_h[:'ecdsa signature blob'], logger: logger
|
66
69
|
r = ecdsa_signature_blob_h[:'r']
|
67
70
|
s = ecdsa_signature_blob_h[:'s']
|
68
71
|
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
@@ -1,16 +1,19 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
4
|
+
require 'hrr_rb_ssh/loggable'
|
5
5
|
|
6
6
|
module HrrRbSsh
|
7
7
|
module Algorithm
|
8
8
|
class Publickey
|
9
9
|
class SshDss < Publickey
|
10
|
+
include Loggable
|
11
|
+
|
10
12
|
NAME = 'ssh-dss'
|
11
13
|
DIGEST = 'sha1'
|
12
14
|
|
13
|
-
def initialize arg
|
15
|
+
def initialize arg, logger: nil
|
16
|
+
self.logger = logger
|
14
17
|
begin
|
15
18
|
new_by_key_str arg
|
16
19
|
rescue OpenSSL::PKey::DSAError
|
@@ -23,7 +26,7 @@ module HrrRbSsh
|
|
23
26
|
end
|
24
27
|
|
25
28
|
def new_by_public_key_blob public_key_blob
|
26
|
-
public_key_blob_h = PublicKeyBlob.decode
|
29
|
+
public_key_blob_h = PublicKeyBlob.decode public_key_blob, logger: logger
|
27
30
|
@publickey = OpenSSL::PKey::DSA.new
|
28
31
|
if @publickey.respond_to?(:set_pqg)
|
29
32
|
@publickey.set_pqg public_key_blob_h[:'p'], public_key_blob_h[:'q'], public_key_blob_h[:'g']
|
@@ -51,24 +54,24 @@ module HrrRbSsh
|
|
51
54
|
:'g' => @publickey.g.to_i,
|
52
55
|
:'y' => @publickey.pub_key.to_i,
|
53
56
|
}
|
54
|
-
PublicKeyBlob.encode
|
57
|
+
PublicKeyBlob.encode public_key_blob_h, logger: logger
|
55
58
|
end
|
56
59
|
|
57
60
|
def sign signature_blob
|
58
61
|
hash = OpenSSL::Digest.digest(self.class::DIGEST, signature_blob)
|
59
62
|
sign_der = @publickey.syssign(hash)
|
60
|
-
sign_asn1 = OpenSSL::ASN1.decode
|
63
|
+
sign_asn1 = OpenSSL::ASN1.decode sign_der
|
61
64
|
sign_r = sign_asn1.value[0].value.to_s(2).rjust(20, ["00"].pack("H"))
|
62
65
|
sign_s = sign_asn1.value[1].value.to_s(2).rjust(20, ["00"].pack("H"))
|
63
66
|
signature_h = {
|
64
67
|
:'public key algorithm name' => self.class::NAME,
|
65
68
|
:'signature blob' => (sign_r + sign_s),
|
66
69
|
}
|
67
|
-
Signature.encode signature_h
|
70
|
+
Signature.encode signature_h, logger: logger
|
68
71
|
end
|
69
72
|
|
70
73
|
def verify signature, signature_blob
|
71
|
-
signature_h = Signature.decode signature
|
74
|
+
signature_h = Signature.decode signature, logger: logger
|
72
75
|
sign_r = signature_h[:'signature blob'][ 0, 20]
|
73
76
|
sign_s = signature_h[:'signature blob'][20, 20]
|
74
77
|
sign_asn1 = OpenSSL::ASN1::Sequence.new(
|
@@ -1,16 +1,19 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
4
|
+
require 'hrr_rb_ssh/loggable'
|
5
5
|
|
6
6
|
module HrrRbSsh
|
7
7
|
module Algorithm
|
8
8
|
class Publickey
|
9
9
|
class SshRsa < Publickey
|
10
|
+
include Loggable
|
11
|
+
|
10
12
|
NAME = 'ssh-rsa'
|
11
13
|
DIGEST = 'sha1'
|
12
14
|
|
13
|
-
def initialize arg
|
15
|
+
def initialize arg, logger: nil
|
16
|
+
self.logger = logger
|
14
17
|
begin
|
15
18
|
new_by_key_str arg
|
16
19
|
rescue OpenSSL::PKey::RSAError
|
@@ -23,7 +26,7 @@ module HrrRbSsh
|
|
23
26
|
end
|
24
27
|
|
25
28
|
def new_by_public_key_blob public_key_blob
|
26
|
-
public_key_blob_h = PublicKeyBlob.decode
|
29
|
+
public_key_blob_h = PublicKeyBlob.decode public_key_blob, logger: logger
|
27
30
|
@publickey = OpenSSL::PKey::RSA.new
|
28
31
|
if @publickey.respond_to?(:set_key)
|
29
32
|
@publickey.set_key public_key_blob_h[:'n'], public_key_blob_h[:'e'], nil
|
@@ -43,7 +46,7 @@ module HrrRbSsh
|
|
43
46
|
:'e' => @publickey.e.to_i,
|
44
47
|
:'n' => @publickey.n.to_i,
|
45
48
|
}
|
46
|
-
PublicKeyBlob.encode
|
49
|
+
PublicKeyBlob.encode public_key_blob_h, logger: logger
|
47
50
|
end
|
48
51
|
|
49
52
|
def sign signature_blob
|
@@ -51,11 +54,11 @@ module HrrRbSsh
|
|
51
54
|
:'public key algorithm name' => self.class::NAME,
|
52
55
|
:'signature blob' => @publickey.sign(self.class::DIGEST, signature_blob),
|
53
56
|
}
|
54
|
-
Signature.encode signature_h
|
57
|
+
Signature.encode signature_h, logger: logger
|
55
58
|
end
|
56
59
|
|
57
60
|
def verify signature, signature_blob
|
58
|
-
signature_h = Signature.decode signature
|
61
|
+
signature_h = Signature.decode signature, logger: logger
|
59
62
|
signature_h[:'public key algorithm name'] == self.class::NAME && @publickey.verify(self.class::DIGEST, signature_h[:'signature blob'], signature_blob)
|
60
63
|
end
|
61
64
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
4
|
+
require 'hrr_rb_ssh/loggable'
|
5
5
|
require 'hrr_rb_ssh/authentication/method/keyboard_interactive/info_request'
|
6
6
|
require 'hrr_rb_ssh/authentication/method/keyboard_interactive/info_response'
|
7
7
|
|
@@ -10,6 +10,8 @@ module HrrRbSsh
|
|
10
10
|
class Method
|
11
11
|
class KeyboardInteractive
|
12
12
|
class Context
|
13
|
+
include Loggable
|
14
|
+
|
13
15
|
attr_reader \
|
14
16
|
:username,
|
15
17
|
:submethods,
|
@@ -18,22 +20,21 @@ module HrrRbSsh
|
|
18
20
|
:vars,
|
19
21
|
:authentication_methods
|
20
22
|
|
21
|
-
def initialize transport, username, submethods, variables, authentication_methods
|
23
|
+
def initialize transport, username, submethods, variables, authentication_methods, logger: nil
|
24
|
+
self.logger = logger
|
22
25
|
@transport = transport
|
23
26
|
@username = username
|
24
27
|
@submethods = submethods
|
25
28
|
@variables = variables
|
26
29
|
@vars = variables
|
27
30
|
@authentication_methods = authentication_methods
|
28
|
-
|
29
|
-
@logger = Logger.new self.class.name
|
30
31
|
end
|
31
32
|
|
32
33
|
def info_request name, instruction, language_tag, prompts
|
33
|
-
|
34
|
-
@transport.send InfoRequest.new(name, instruction, language_tag, prompts).to_payload
|
35
|
-
|
36
|
-
@info_response = InfoResponse.new @transport.receive
|
34
|
+
log_info { "send userauth info request" }
|
35
|
+
@transport.send InfoRequest.new(name, instruction, language_tag, prompts, logger: logger).to_payload
|
36
|
+
log_info { "receive userauth info response" }
|
37
|
+
@info_response = InfoResponse.new @transport.receive, logger: logger
|
37
38
|
end
|
38
39
|
end
|
39
40
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
4
|
+
require 'hrr_rb_ssh/loggable'
|
5
5
|
require 'hrr_rb_ssh/message'
|
6
6
|
|
7
7
|
module HrrRbSsh
|
@@ -9,13 +9,14 @@ module HrrRbSsh
|
|
9
9
|
class Method
|
10
10
|
class KeyboardInteractive
|
11
11
|
class InfoRequest
|
12
|
-
|
12
|
+
include Loggable
|
13
|
+
|
14
|
+
def initialize name, instruction, language_tag, prompts, logger: nil
|
15
|
+
self.logger = logger
|
13
16
|
@name = name
|
14
17
|
@instruction = instruction
|
15
18
|
@language_tag = language_tag
|
16
19
|
@prompts = prompts
|
17
|
-
|
18
|
-
@logger = Logger.new self.class.name
|
19
20
|
end
|
20
21
|
|
21
22
|
def to_message
|
@@ -36,7 +37,7 @@ module HrrRbSsh
|
|
36
37
|
end
|
37
38
|
|
38
39
|
def to_payload
|
39
|
-
Message::SSH_MSG_USERAUTH_INFO_REQUEST.encode self.to_message
|
40
|
+
Message::SSH_MSG_USERAUTH_INFO_REQUEST.encode self.to_message, logger: logger
|
40
41
|
end
|
41
42
|
end
|
42
43
|
end
|
@@ -8,14 +8,17 @@ module HrrRbSsh
|
|
8
8
|
class Method
|
9
9
|
class KeyboardInteractive
|
10
10
|
class InfoResponse
|
11
|
+
include Loggable
|
12
|
+
|
11
13
|
attr_reader \
|
12
14
|
:num_responses,
|
13
15
|
:responses
|
14
16
|
|
15
|
-
def initialize payload
|
17
|
+
def initialize payload, logger: nil
|
18
|
+
self.logger = logger
|
16
19
|
case payload[0,1].unpack("C")[0]
|
17
20
|
when Message::SSH_MSG_USERAUTH_INFO_RESPONSE::VALUE
|
18
|
-
message = Message::SSH_MSG_USERAUTH_INFO_RESPONSE.decode payload
|
21
|
+
message = Message::SSH_MSG_USERAUTH_INFO_RESPONSE.decode payload, logger: logger
|
19
22
|
@num_responses = message[:'num-responses']
|
20
23
|
@responses = Array.new(message[:'num-responses']){ |i| message[:"response[#{i+1}]"] }
|
21
24
|
else
|
@@ -1,30 +1,32 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
4
|
+
require 'hrr_rb_ssh/loggable'
|
5
5
|
|
6
6
|
module HrrRbSsh
|
7
7
|
class Authentication
|
8
8
|
class Method
|
9
9
|
class KeyboardInteractive < Method
|
10
|
+
include Loggable
|
11
|
+
|
10
12
|
NAME = 'keyboard-interactive'
|
11
13
|
PREFERENCE = 30
|
12
14
|
|
13
|
-
def initialize transport, options, variables, authentication_methods
|
14
|
-
|
15
|
+
def initialize transport, options, variables, authentication_methods, logger: nil
|
16
|
+
self.logger = logger
|
15
17
|
@transport = transport
|
16
18
|
@options = options
|
17
|
-
@authenticator = options.fetch( 'authentication_keyboard_interactive_authenticator', Authenticator.new
|
19
|
+
@authenticator = options.fetch( 'authentication_keyboard_interactive_authenticator', Authenticator.new{ false } )
|
18
20
|
@variables = variables
|
19
21
|
@authentication_methods = authentication_methods
|
20
22
|
end
|
21
23
|
|
22
24
|
def authenticate userauth_request_message
|
23
|
-
|
24
|
-
|
25
|
+
log_info { "authenticate" }
|
26
|
+
log_debug { "userauth request: " + userauth_request_message.inspect }
|
25
27
|
username = userauth_request_message[:'user name']
|
26
28
|
submethods = userauth_request_message[:'submethods']
|
27
|
-
context = Context.new(@transport, username, submethods, @variables, @authentication_methods)
|
29
|
+
context = Context.new(@transport, username, submethods, @variables, @authentication_methods, logger: logger)
|
28
30
|
@authenticator.authenticate context
|
29
31
|
end
|
30
32
|
|
@@ -37,13 +39,13 @@ module HrrRbSsh
|
|
37
39
|
:"language tag" => "",
|
38
40
|
:'submethods' => "",
|
39
41
|
}
|
40
|
-
payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message
|
42
|
+
payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message, logger: logger
|
41
43
|
@transport.send payload
|
42
44
|
|
43
45
|
payload = @transport.receive
|
44
46
|
case payload[0,1].unpack("C")[0]
|
45
47
|
when Message::SSH_MSG_USERAUTH_INFO_REQUEST::VALUE
|
46
|
-
message = Message::SSH_MSG_USERAUTH_INFO_REQUEST.decode payload
|
48
|
+
message = Message::SSH_MSG_USERAUTH_INFO_REQUEST.decode payload, logger: logger
|
47
49
|
num_responses = @options['client_authentication_keyboard_interactive'].size
|
48
50
|
message = {
|
49
51
|
:'message number' => Message::SSH_MSG_USERAUTH_INFO_RESPONSE::VALUE,
|
@@ -53,7 +55,7 @@ module HrrRbSsh
|
|
53
55
|
{:"response[#{i+1}]" => response}
|
54
56
|
}.inject(Hash.new){ |a, b| a.merge(b) }
|
55
57
|
message.update(message_responses)
|
56
|
-
payload = Message::SSH_MSG_USERAUTH_INFO_RESPONSE.encode message
|
58
|
+
payload = Message::SSH_MSG_USERAUTH_INFO_RESPONSE.encode message, logger: logger
|
57
59
|
@transport.send payload
|
58
60
|
@transport.receive
|
59
61
|
else
|
@@ -1,31 +1,32 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
4
|
+
require 'hrr_rb_ssh/loggable'
|
5
5
|
|
6
6
|
module HrrRbSsh
|
7
7
|
class Authentication
|
8
8
|
class Method
|
9
9
|
class None
|
10
10
|
class Context
|
11
|
+
include Loggable
|
12
|
+
|
11
13
|
attr_reader \
|
12
14
|
:username,
|
13
15
|
:variables,
|
14
16
|
:vars,
|
15
17
|
:authentication_methods
|
16
18
|
|
17
|
-
def initialize username, variables, authentication_methods
|
19
|
+
def initialize username, variables, authentication_methods, logger: nil
|
20
|
+
self.logger = logger
|
18
21
|
@username = username
|
19
22
|
@variables = variables
|
20
23
|
@vars = variables
|
21
24
|
@authentication_methods = authentication_methods
|
22
|
-
|
23
|
-
@logger = Logger.new self.class.name
|
24
25
|
end
|
25
26
|
|
26
27
|
def verify username
|
27
|
-
|
28
|
-
|
28
|
+
log_info { "verify username" }
|
29
|
+
log_debug { "username is #{username}, @username is #{@username}" }
|
29
30
|
username == @username
|
30
31
|
end
|
31
32
|
end
|
@@ -1,27 +1,29 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
4
|
+
require 'hrr_rb_ssh/loggable'
|
5
5
|
|
6
6
|
module HrrRbSsh
|
7
7
|
class Authentication
|
8
8
|
class Method
|
9
9
|
class None < Method
|
10
|
+
include Loggable
|
11
|
+
|
10
12
|
NAME = 'none'
|
11
13
|
PREFERENCE = 0
|
12
14
|
|
13
|
-
def initialize transport, options, variables, authentication_methods
|
14
|
-
|
15
|
+
def initialize transport, options, variables, authentication_methods, logger: nil
|
16
|
+
self.logger = logger
|
15
17
|
@transport = transport
|
16
|
-
@authenticator = options.fetch( 'authentication_none_authenticator', Authenticator.new
|
18
|
+
@authenticator = options.fetch( 'authentication_none_authenticator', Authenticator.new{ false } )
|
17
19
|
@variables = variables
|
18
20
|
@authentication_methods = authentication_methods
|
19
21
|
end
|
20
22
|
|
21
23
|
def authenticate userauth_request_message
|
22
|
-
|
23
|
-
|
24
|
-
context = Context.new(userauth_request_message[:'user name'], @variables, @authentication_methods)
|
24
|
+
log_info { "authenticate" }
|
25
|
+
log_debug { "userauth request: " + userauth_request_message.inspect }
|
26
|
+
context = Context.new(userauth_request_message[:'user name'], @variables, @authentication_methods, logger: logger)
|
25
27
|
@authenticator.authenticate context
|
26
28
|
end
|
27
29
|
|
@@ -32,7 +34,7 @@ module HrrRbSsh
|
|
32
34
|
:"service name" => service_name,
|
33
35
|
:"method name" => NAME,
|
34
36
|
}
|
35
|
-
payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message
|
37
|
+
payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message, logger: logger
|
36
38
|
@transport.send payload
|
37
39
|
payload = @transport.receive
|
38
40
|
end
|
@@ -1,13 +1,15 @@
|
|
1
1
|
# coding: utf-8
|
2
2
|
# vim: et ts=2 sw=2
|
3
3
|
|
4
|
-
require 'hrr_rb_ssh/
|
4
|
+
require 'hrr_rb_ssh/loggable'
|
5
5
|
|
6
6
|
module HrrRbSsh
|
7
7
|
class Authentication
|
8
8
|
class Method
|
9
9
|
class Password
|
10
10
|
class Context
|
11
|
+
include Loggable
|
12
|
+
|
11
13
|
attr_reader \
|
12
14
|
:username,
|
13
15
|
:password,
|
@@ -15,19 +17,18 @@ module HrrRbSsh
|
|
15
17
|
:vars,
|
16
18
|
:authentication_methods
|
17
19
|
|
18
|
-
def initialize username, password, variables, authentication_methods
|
20
|
+
def initialize username, password, variables, authentication_methods, logger: nil
|
21
|
+
self.logger = logger
|
19
22
|
@username = username
|
20
23
|
@password = password
|
21
24
|
@variables = variables
|
22
25
|
@vars = variables
|
23
26
|
@authentication_methods = authentication_methods
|
24
|
-
|
25
|
-
@logger = Logger.new self.class.name
|
26
27
|
end
|
27
28
|
|
28
29
|
def verify username, password
|
29
|
-
|
30
|
-
|
30
|
+
log_info { "verify username and password" }
|
31
|
+
log_debug { "username is #{username}, @username is #{@username}, and password is #{password}, @password is #{@password}" }
|
31
32
|
username == @username and password == @password
|
32
33
|
end
|
33
34
|
end
|