hrr_rb_ssh 0.1.6 → 0.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 20686d9dca5a433f36d523d681d18ce280d0dca33f90ebe205d98a1f4dc80980
-  data.tar.gz: bd3c9514d667d7780735663ee258506455d6832ce85ee19d8c136aa4973832d3
+  metadata.gz: 10374bce9a4138bfa640400ced86d6579e368db9caa58db8303676620a8cde4b
+  data.tar.gz: 0f42005a94c125d8a403ab07e011bc3398f92604a497091855d5fd4cecc8256d
 SHA512:
-  metadata.gz: 89045342800f000833a172255d4ec4ed8b061898eb2f4c4780a211fdc3207385e3ede4b8542bbaf5ac7f65b34f128554bd73acfc05877aea74d3b6c95dfdfe98
-  data.tar.gz: 5fc28c6c9ddff4de8cd39d60b41aff4db8fb94d37d3dda98bf28d964ee0696b4c2040a7f33c92608c3f4b08fdb4ddb114e056b8206de20f3546782840de3c839
+  metadata.gz: c9bef9312be2875e17869c401fad888aaadd16936d90c069fd0a61313225b1f12b4ca7f0ea6307adff77520d63797a11de45e0569e48c3df987a1fa503138c7b
+  data.tar.gz: 1dd06737f9600c521fecfc158150cb766038b7afe160e16e9b6bc2e57ec1dd277fbbf659a4faa8990dbb292df2f49ea5e76b8714449ba28cf8f10dad346b6d69

data/README.md

@@ -29,11 +29,306 @@ $ gem install hrr_rb_ssh
 
 ## Usage
 
+### Writing standard SSH server
+
+#### Requiring `hrr_rb_ssh` library
+
+First of all, `hrr_rb_ssh` library needs to be loaded.
+
+```ruby
+require 'hrr_rb_ssh'
+```
+
+#### Starting server application
+
+The library is to run on a socket IO. To start SSH server, running a server IO and accepting a connection are required. The 10022 port number is just an example.
+
+```ruby
+options = Hash.new
+server = TCPServer.new 10022
+while true
+  t = Thread.new(server.accept) do |io|
+    tran = HrrRbSsh::Transport.new      io, HrrRbSsh::Transport::Mode::SERVER, options
+    auth = HrrRbSsh::Authentication.new tran, options
+    conn = HrrRbSsh::Connection.new     auth, options
+    conn.start
+    io.close
+  end
+end
+```
+
+Where, an `options` variable is an instance of `Hash`, which has optional (or sometimes almost necessary) values.
+
+#### Logging
+
+__IMPORTANT__: DEBUG log level outputs all communications between local and remote in human-readable plain-text including password and any secret. Be careful to use logging.
+
+The library provides logging functionality. To enable logging of the library, you are to initialize `HrrRbSsh::Logger` class.
+
+```ruby
+HrrRbSsh::Logger.initialize logger
+```
+
+Where, the `logger` variable can be an instance of standard Logger class or user-defined logger class. What `HrrRbSsh::Logger` class requires for `logger` variable is that the `logger` instance responds to `#fatal`, `#error`, `#warn`, `#info` and `#debug`.
+
+For instance, `logger` variable can be prepared like below.
+
+```ruby
+logger = Logger.new STDOUT
+logger.level = Logger::INFO
+```
+
+To disable logging, you can un-initialize `HrrRbSsh::Logger`.
+
+```ruby
+HrrRbSsh::Logger.uninitialize
+```
+
+#### Defining authentications
+
+By default, any authentications get failed. To allow users to login to the SSH service, at least one of the authentication methods must be defined and registered into the instance of HrrRbSsh::Authentication through `options` variable.
+
+##### Password authentication
+
+Password authentication is the most simple way to allow users to login to the SSH service. Password authentication requires user-name and password.
+
+To define a password authentication, the `HrrRbSsh::Authentication::Authenticator.new { |context| ... }` block is used. When the block returns `true`, then the authentication succeeded.
+
+```ruby
+auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
+  user_and_pass = [
+    ['user1',  'password1'],
+    ['user2',  'password2'],
+  ]
+  user_and_pass.any? { |user, pass|
+    context.verify user, pass
+  }
+}
+options['authentication_password_authenticator'] = auth_password
+```
+
+The `context` variable in password authentication context provides the followings.
+
+- `#username` : The username that a remote user tries to authenticate
+- `#password` : The password that a remote user tries to authenticate
+- `#verify(username, password)` : Returns `true` when username and password arguments match with the context's username and password. Or returns `false` when username and password arguments don't match.
+
+##### Publickey authentication
+
+The second one is public key authentication. Public key authentication requires user-name, public key algorithm name, and PEM or DER formed public key.
+
+To define a public key authentication, the `HrrRbSsh::Authentication::Authenticator.new { |context| ... }` block is used as well.  When the block returns `true`, then the authentication succeeded as well. However, `context` variable behaves differently.
+
+```ruby
+auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
+  username = 'user1'
+  ecdsa_sha2_nistp256_public_key_algorithm_name = 'ecdsa-sha2-nistp256'
+  ecdsa_sha2_nistp256_public_key = <<-'EOB'
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DPmu6CIA5VCBaN9wpUP2UUZQ+dw
+77mTZ7lD+z5cjzF7OL/cPL1/zklAsYaH7z7OcPYRbe24QCG5YfJQZjevJQ==
+-----END PUBLIC KEY-----
+  EOB
+  [
+    [username, ecdsa_sha2_nistp256_public_key_algorithm_name, ecdsa_sha2_nistp256_public_key],
+  ].any? { |username, public_key_algorithm_name, public_key|
+    context.verify username, public_key_algorithm_name, public_key
+  }
+}
+options['authentication_publickey_authenticator'] = auth_publickey
+```
+
+The `context` variable in public key authentication context provides the `#verify` method. The `#verify` method takes three arguments; username, public key algorithm name and PEM or DER formed public key.
+
+##### None authentication (NOT recomended)
+
+The third one is none authentication. None authentication is usually NOT used.
+
+To define a none authentication, the `HrrRbSsh::Authentication::Authenticator.new { |context| ... }` block is used as well.  When the block returns `true`, then the authentication succeeded as well. However, `context` variable behaves differently.
+
+```ruby
+auth_none = HrrRbSsh::Authentication::Authenticator.new { |context|
+  if context.username == 'user1'
+    true
+  else
+    false
+  end
+}
+options['authentication_none_authenticator'] = auth_none
+```
+
+In none authentication context, `context` variable provides the `#username` method.
+
+#### Handling session channel requests
+
+By default, any channel requests belonging to session channel are implicitly ignored. To handle the requests, defining request handlers are required.
+
+##### Reference request handlers
+
+There are pre-implemented request handlers available for reference as below.
+
+```ruby
+options['connection_channel_request_pty_req']       = HrrRbSsh::Connection::RequestHandler::ReferencePtyReqRequestHandler.new
+options['connection_channel_request_env']           = HrrRbSsh::Connection::RequestHandler::ReferenceEnvRequestHandler.new
+options['connection_channel_request_shell']         = HrrRbSsh::Connection::RequestHandler::ReferenceShellRequestHandler.new
+options['connection_channel_request_exec']          = HrrRbSsh::Connection::RequestHandler::ReferenceExecRequestHandler.new
+options['connection_channel_request_window_change'] = HrrRbSsh::Connection::RequestHandler::ReferenceWindowChangeRequestHandler.new
+```
+
+##### Custom request handlers
+
+It is also possible to define customized request handlers. For instance, echo server can be implemented very easily as below. In this case, echo server works instead of shell and PTY-req and env requests are undefined.
+
+```ruby
+conn_echo = HrrRbSsh::Connection::RequestHandler.new { |context|
+  context.io[2].close
+  context.chain_proc { |chain|
+    begin
+      loop do
+        buf = context.io[0].readpartial(10240)
+        break if buf.include?(0x04.chr) # break if ^D
+        context.io[1].write buf
+      end
+      exitstatus = 0
+    rescue => e
+      logger.error([e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join)
+      exitstatus = 1
+    ensure
+      context.io[1].close
+    end
+    exitstatus
+  }
+}
+options['connection_channel_request_shell'] = conn_echo
+```
+
+In `HrrRbSsh::Connection::RequestHandler.new` block, context variable basically provides the followings.
+
+- `#io => [in, out, err]` : `in` is readable and read data is sent by remote. `out` and `err` are writable. `out` is for standard output and written data is sent as channel data. `err` is for standard error and written data is sent as channel extended data.
+- `#chain_proc => {|chain| ... }` : When a session channel is opened, a background thread is started and is waitng for a chaned block registered. This `#chain_proc` is used to define how to handle subsequent communications between local and remote. The `chain` variable provides `#call_next` method. In `#proc_chain` block, it is possible to call subsequent block that is defined in another request handler. For instance, shell request must called after pty-req request. The `chain` in pty-req request handler's `#chain_proc` calls `#next_proc` and then subsequent shell request handler's `#chain_proc` will be called.
+
+And request handler's `context` variable also provides additional methods based on request type. See `lib/hrr_rb_ssh/connection/channel/channel_type/session/request_type/<request type>/context.rb`.
+
+#### Defining preferred algorithms (optional)
+
+Preferred encryption, server-host-key, KEX and compression algorithms can be selected and defined.
+
+```ruby
+options['transport_preferred_encryption_algorithms']      = %w(aes256-ctr aes128-cbc)
+options['transport_preferred_server_host_key_algorithms'] = %w(ecdsa-sha2-nistp256 ssh-rsa)
+options['transport_preferred_kex_algorithms']             = %w(ecdh-sha2-nistp256 diffie-hellman-group14-sha1)
+options['transport_preferred_mac_algorithms']             = %w(hmac-sha2-256 hmac-sha1)
+options['transport_preferred_compression_algorithms']     = %w(none)
+```
+
+Supported algorithms can be got with each algorithm class's `#list_supported` method, and default preferred algorithms can be got with each algorithm class's `#list_preferred` method.
+
+Outputs of `#list_preferred` method are ordered as preferred; i.e. the name listed at head is used as most preferred, and the name listed at tail is used as non-preferred.
+
+```ruby
+p HrrRbSsh::Transport::EncryptionAlgorithm.list_supported
+# => ["none", "3des-cbc", "blowfish-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "cast128-cbc", "aes128-ctr", "aes192-ctr", "aes256-ctr"]
+p HrrRbSsh::Transport::EncryptionAlgorithm.list_preferred
+# => ["aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-cbc", "3des-cbc", "blowfish-cbc", "cast128-cbc", "aes192-cbc", "aes256-cbc", "arcfour"]
+
+p HrrRbSsh::Transport::EncryptionAlgorithm.list_supported
+# => ["none", "3des-cbc", "blowfish-cbc", "aes128-cbc", "aes192-cbc", "aes256-cbc", "arcfour", "cast128-cbc", "aes128-ctr", "aes192-ctr", "aes256-ctr"]
+HrrRbSsh::Transport::ServerHostKeyAlgorithm.list_preferred
+# => ["ecdsa-sha2-nistp521", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp256", "ssh-rsa", "ssh-dss"]
+
+p HrrRbSsh::Transport::ServerHostKeyAlgorithm.list_supported
+# => ["ssh-dss", "ssh-rsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521"]
+p HrrRbSsh::Transport::KexAlgorithm.list_preferred
+# => ["ecdh-sha2-nistp521", "ecdh-sha2-nistp384", "ecdh-sha2-nistp256", "diffie-hellman-group18-sha512", "diffie-hellman-group17-sha512", "diffie-hellman-group16-sha512", "diffie-hellman-group15-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"]
+ 
+p HrrRbSsh::Transport::KexAlgorithm.list_supported
+# => ["diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group14-sha256", "diffie-hellman-group15-sha512", "diffie-hellman-group16-sha512", "diffie-hellman-group17-sha512", "diffie-hellman-group18-sha512", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521"]
+p HrrRbSsh::Transport::KexAlgorithm.list_preferred
+# => ["ecdh-sha2-nistp521", "ecdh-sha2-nistp384", "ecdh-sha2-nistp256", "diffie-hellman-group18-sha512", "diffie-hellman-group17-sha512", "diffie-hellman-group16-sha512", "diffie-hellman-group15-sha512", "diffie-hellman-group14-sha256", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1", "diffie-hellman-group1-sha1"]
+
+p HrrRbSsh::Transport::MacAlgorithm.list_supported
+# => ["none", "hmac-sha1", "hmac-sha1-96", "hmac-md5", "hmac-md5-96", "hmac-sha2-256", "hmac-sha2-512"]
+p HrrRbSsh::Transport::MacAlgorithm.list_preferred
+# => ["hmac-sha2-512", "hmac-sha2-256", "hmac-sha1", "hmac-md5", "hmac-sha1-96", "hmac-md5-96"]
+
+p HrrRbSsh::Transport::CompressionAlgorithm.list_supported
+# => ["none", "zlib"]
+p HrrRbSsh::Transport::CompressionAlgorithm.list_preferred
+# => ["none", "zlib"]
+```
+
+### Demo
+
 The `demo/server.rb` shows a good example on how to use the hrr_rb_ssh library in SSH server mode.
 
 ## Supported Features
 
-Now only server mode and login shell is working.
+The following features are currently supported.
+
+### Connection layer
+
+- Session channel
+    - Shell (PTY-req, env, shell, window-change) request
+    - Exec request
+    - Subsystem request
+- Local port forwarding (direct-tcpip channel)
+- Remote port forwarding (tcpip-forward global request and forwarded-tcpip channel)
+
+### Authentication layer
+
+- None authentication
+- Password authentication
+- Public key authentication
+    - ssh-dss
+    - ssh-rsa
+    - ecdsa-sha2-nistp256
+    - ecdsa-sha2-nistp384
+    - ecdsa-sha2-nistp521
+
+### Transport layer
+
+- Encryption algorithm
+    - none
+    - 3des-cbc
+    - blowfish-cbc
+    - aes128-cbc
+    - aes192-cbc
+    - aes256-cbc
+    - arcfour
+    - cast128-cbc
+    - aes128-ctr
+    - aes192-ctr
+    - aes256-ctr
+- Server host key algorithm
+    - ssh-dss
+    - ssh-rsa
+    - ecdsa-sha2-nistp256
+    - ecdsa-sha2-nistp384
+    - ecdsa-sha2-nistp521
+- Kex algorithm
+    - diffie-hellman-group1-sha1
+    - diffie-hellman-group14-sha1
+    - diffie-hellman-group-exchange-sha1
+    - diffie-hellman-group-exchange-sha256
+    - diffie-hellman-group14-sha256
+    - diffie-hellman-group15-sha512
+    - diffie-hellman-group16-sha512
+    - diffie-hellman-group17-sha512
+    - diffie-hellman-group18-sha512
+    - ecdh-sha2-nistp256
+    - ecdh-sha2-nistp384
+    - ecdh-sha2-nistp521
+- Mac algorithm
+    - none
+    - hmac-sha1
+    - hmac-sha1-96
+    - hmac-md5
+    - hmac-md5-96
+    - hmac-sha2-256
+    - hmac-sha2-512
+- Compression algorithm
+    - none
+    - zlib
 
 ## Contributing
 

data/demo/echo_server.rb

@@ -2,7 +2,6 @@
 # vim: et ts=2 sw=2
 
 require 'logger'
-require 'pty'
 require 'socket'
 
 begin
@@ -19,27 +18,24 @@ HrrRbSsh::Logger.initialize logger
 
 
 auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
-  user_and_pass = [
-    ['user1',  'password1'],
-    ['user2',  'password2'],
-  ]
-  user_and_pass.any? { |user, pass|
-    context.verify user, pass
-  }
+  true # accept any user and password
 }
 
 conn_echo = HrrRbSsh::Connection::RequestHandler.new { |context|
+  context.io[2].close
   context.chain_proc { |chain|
     begin
       loop do
-        buf = context.io.readpartial(10240)
+        buf = context.io[0].readpartial(10240)
         break if buf.include?(0x04.chr) # break if ^D
-        context.io.write buf
+        context.io[1].write buf
       end
       exitstatus = 0
     rescue => e
       logger.error([e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join)
       exitstatus = 1
+    ensure
+      context.io[1].close
     end
     exitstatus
   }

data/demo/server.rb

@@ -2,7 +2,6 @@
 # vim: et ts=2 sw=2
 
 require 'logger'
-require 'pty'
 require 'socket'
 
 begin

data/demo/subsystem_echo_server.rb

@@ -0,0 +1,72 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'logger'
+require 'socket'
+
+begin
+  require 'hrr_rb_ssh'
+rescue LoadError
+  $:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+  require 'hrr_rb_ssh'
+end
+
+
+logger = Logger.new STDOUT
+logger.level = Logger::INFO
+HrrRbSsh::Logger.initialize logger
+
+
+auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
+  true # accept any user and password
+}
+
+conn_echo = HrrRbSsh::Connection::RequestHandler.new { |context|
+  context.io[2].close
+  context.chain_proc { |chain|
+    case context.subsystem_name
+    when 'echo'
+      begin
+        loop do
+          begin
+            buf = context.io[0].readpartial(10240)
+          rescue EOFError
+            break
+          end
+          context.io[1].write buf
+        end
+        exitstatus = 0
+      rescue => e
+        logger.error([e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join)
+        exitstatus = 1
+      ensure
+        context.io[1].close
+      end
+    else
+      context.io[1].close
+      exitstatus = 0
+    end
+    exitstatus
+  }
+}
+
+options = {}
+options['authentication_password_authenticator'] = auth_password
+options['connection_channel_request_subsystem']  = conn_echo
+
+
+server = TCPServer.new 10022
+while true
+  t = Thread.new(server.accept) do |io|
+    begin
+      tran = HrrRbSsh::Transport.new      io, HrrRbSsh::Transport::Mode::SERVER
+      auth = HrrRbSsh::Authentication.new tran, options
+      conn = HrrRbSsh::Connection.new     auth, options
+      conn.start
+    rescue => e
+      logger.error([e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join)
+    ensure
+      io.close
+    end
+  end
+end

data/lib/hrr_rb_ssh/authentication/method/none/context.rb

@@ -17,8 +17,8 @@ module HrrRbSsh
           end
 
           def verify username
-            @logger.info("verify username")
-            @logger.debug("username is #{username}, @username is #{@username}")
+            @logger.info { "verify username" }
+            @logger.debug { "username is #{username}, @username is #{@username}" }
             username == @username
           end
         end

data/lib/hrr_rb_ssh/authentication/method/none.rb

@@ -16,8 +16,8 @@ module HrrRbSsh
         end
 
         def authenticate userauth_request_message
-          @logger.info("authenticate")
-          @logger.debug("userauth request: " + userauth_request_message.inspect)
+          @logger.info { "authenticate" }
+          @logger.debug { "userauth request: " + userauth_request_message.inspect }
           context = Context.new(userauth_request_message[:'user name'])
           @authenticator.authenticate context
         end

data/lib/hrr_rb_ssh/authentication/method/password/context.rb

@@ -18,8 +18,8 @@ module HrrRbSsh
           end
 
           def verify username, password
-            @logger.info("verify username and password")
-            @logger.debug("username is #{username}, @username is #{@username}, and password is #{password}, @password is #{@password}")
+            @logger.info { "verify username and password" }
+            @logger.debug { "username is #{username}, @username is #{@username}, and password is #{password}, @password is #{@password}" }
             username == @username and password == @password
           end
         end

data/lib/hrr_rb_ssh/authentication/method/password.rb

@@ -16,8 +16,8 @@ module HrrRbSsh
         end
 
         def authenticate userauth_request_message
-          @logger.info("authenticate")
-          @logger.debug("userauth request: " + userauth_request_message.inspect)
+          @logger.info { "authenticate" }
+          @logger.debug { "userauth request: " + userauth_request_message.inspect }
           username = userauth_request_message[:'user name']
           password = userauth_request_message[:'plaintext password']
           context = Context.new(username, password)

data/lib/hrr_rb_ssh/authentication/method/publickey.rb

@@ -19,15 +19,15 @@ module HrrRbSsh
         def authenticate userauth_request_message
           public_key_algorithm_name = userauth_request_message[:'public key algorithm name']
           unless Algorithm.list_preferred.include?(public_key_algorithm_name)
-            @logger.info("unsupported public key algorithm: #{public_key_algorithm_name}")
+            @logger.info { "unsupported public key algorithm: #{public_key_algorithm_name}" }
             return false
           end
           unless userauth_request_message[:'with signature']
-            @logger.info("public key algorithm is ok, require signature")
+            @logger.info { "public key algorithm is ok, require signature" }
             public_key_blob = userauth_request_message[:'public key blob']
             userauth_pk_ok_message public_key_algorithm_name, public_key_blob
           else
-            @logger.info("verify signature")
+            @logger.info { "verify signature" }
             username = userauth_request_message[:'user name']
             algorithm = Algorithm[public_key_algorithm_name].new
             context = Context.new(username, algorithm, @session_id, userauth_request_message)

data/lib/hrr_rb_ssh/authentication.rb

@@ -73,16 +73,16 @@ module HrrRbSsh
           result = method.authenticate(userauth_request_message)
           case result
           when TrueClass
-            @logger.info("verified")
+            @logger.info { "verified" }
             send_userauth_success
             @username = userauth_request_message[:'user name']
             @closed = false
             break
           when FalseClass
-            @logger.info("verify failed")
+            @logger.info { "verify failed" }
             send_userauth_failure
           when String
-            @logger.info("send method specific message to continue")
+            @logger.info { "send method specific message to continue" }
             send_method_specific_message result
           end
         else

data/lib/hrr_rb_ssh/codable.rb

@@ -22,14 +22,14 @@ module HrrRbSsh
     end
 
     def encode message, complementary_message={}
-      logger.debug('encoding message: ' + message.inspect)
+      logger.debug { 'encoding message: ' + message.inspect }
       definition = common_definition + conditional_definition(message.merge complementary_message)
       definition.map{ |data_type, field_name|
         begin
           field_value = if message[field_name].instance_of? ::Proc then message[field_name].call else message[field_name] end
           data_type.encode( field_value )
         rescue => e
-          logger.debug("'field_name', 'field_value': #{field_name.inspect}, #{field_value.inspect}")
+          logger.debug { "'field_name', 'field_value': #{field_name.inspect}, #{field_value.inspect}" }
           raise e
         end
       }.join
@@ -62,7 +62,7 @@ module HrrRbSsh
       if complementary_message.any?
         decoded_message.merge! decode_recursively(payload_io, complementary_message.to_a).to_h
       end
-      logger.debug('decoded message: ' + decoded_message.inspect)
+      logger.debug { 'decoded message: ' + decoded_message.inspect }
       decoded_message
     end
   end

data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb

@@ -29,13 +29,13 @@ module HrrRbSsh
           def close
             begin
               if @sender_thread_finished && @receiver_thread_finished
-                @logger.info("closing direct-tcpip")
+                @logger.info { "closing direct-tcpip" }
                 @socket.close
                 @channel.close from=:channel_type_instance
-                @logger.info("direct-tcpip closed")
+                @logger.info { "direct-tcpip closed" }
               end
             rescue => e
-              @logger.error([e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join)
+              @logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
             end
           end
 
@@ -46,24 +46,24 @@ module HrrRbSsh
                   begin
                     @channel.io[1].write s.readpartial(10240)
                   rescue EOFError
-                    @logger.info("socket is EOF")
+                    @logger.info { "socket is EOF" }
                     @channel.io[1].close
                     break
                   rescue IOError
-                    @logger.info("socket is closed")
+                    @logger.info { "socket is closed" }
                     @channel.io[1].close
                     break
                   rescue => e
-                    @logger.error([e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join)
+                    @logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
                     @channel.io[1].close
                     break
                   end
                 end
-                @logger.info("finishing sender thread")
+                @logger.info { "finishing sender thread" }
                 @sender_thread_finished = true
                 close
               ensure
-                @logger.info("sender thread finished")
+                @logger.info { "sender thread finished" }
               end
             }
           end
@@ -75,23 +75,23 @@ module HrrRbSsh
                   begin
                     s.write @channel.io[0].readpartial(10240)
                   rescue EOFError
-                    @logger.info("io is EOF")
+                    @logger.info { "io is EOF" }
                     s.close_write
                     break
                   rescue IOError
-                    @logger.info("socket is closed")
+                    @logger.info { "socket is closed" }
                     break
                   rescue => e
-                    @logger.error([e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join)
+                    @logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
                     s.close_write
                     break
                   end
                 end
-                @logger.info("finishing receiver thread")
+                @logger.info { "finishing receiver thread" }
                 @receiver_thread_finished = true
                 close
               ensure
-                @logger.info("receiver thread finished")
+                @logger.info { "receiver thread finished" }
               end
             }
           end