hrr_rb_ssh 0.1.7 → 0.1.8

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +6 -12
  3. data/demo/server.rb +4 -41
  4. data/lib/hrr_rb_ssh/compat/openssh/authorized_keys.rb +24 -0
  5. data/lib/hrr_rb_ssh/compat/openssh/public_key.rb +65 -0
  6. data/lib/hrr_rb_ssh/compat/openssh.rb +12 -0
  7. data/lib/hrr_rb_ssh/compat.rb +2 -0
  8. data/lib/hrr_rb_ssh/version.rb +1 -1
  9. metadata +4 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 10374bce9a4138bfa640400ced86d6579e368db9caa58db8303676620a8cde4b
4
- data.tar.gz: 0f42005a94c125d8a403ab07e011bc3398f92604a497091855d5fd4cecc8256d
3
+ metadata.gz: 7c9084a6fa67c8c215d0fa795eef327f6f7b8c52c7a6bda4a33ab0e97b65560b
4
+ data.tar.gz: 655a99379cf97086e9d29f1fcb3ffcabeec8058c7c4cbede3ce5c06ddaa8c7a2
5
5
  SHA512:
6
- metadata.gz: c9bef9312be2875e17869c401fad888aaadd16936d90c069fd0a61313225b1f12b4ca7f0ea6307adff77520d63797a11de45e0569e48c3df987a1fa503138c7b
7
- data.tar.gz: 1dd06737f9600c521fecfc158150cb766038b7afe160e16e9b6bc2e57ec1dd277fbbf659a4faa8990dbb292df2f49ea5e76b8714449ba28cf8f10dad346b6d69
6
+ metadata.gz: 240f03f04c51b1cb0671d15d7a0a89fdc9b64113cf0a5ba26ae2aa315dd77c107ec19213744065b7dd601e11937ad36a63085c5474bd4669e5e7b7f19499a2f5
7
+ data.tar.gz: ade3eac97ff8a9734a68336329c6cae56d5f427e73cdf96e65d3f8808b7128ac6a791c945fae975879a65e73b0565c56a6fd3c10ba5aa7c2dd89a3264db5f6e5
data/README.md CHANGED
@@ -121,18 +121,10 @@ To define a public key authentication, the `HrrRbSsh::Authentication::Authentica
121
121
 
122
122
  ```ruby
123
123
  auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
124
- username = 'user1'
125
- ecdsa_sha2_nistp256_public_key_algorithm_name = 'ecdsa-sha2-nistp256'
126
- ecdsa_sha2_nistp256_public_key = <<-'EOB'
127
- -----BEGIN PUBLIC KEY-----
128
- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DPmu6CIA5VCBaN9wpUP2UUZQ+dw
129
- 77mTZ7lD+z5cjzF7OL/cPL1/zklAsYaH7z7OcPYRbe24QCG5YfJQZjevJQ==
130
- -----END PUBLIC KEY-----
131
- EOB
132
- [
133
- [username, ecdsa_sha2_nistp256_public_key_algorithm_name, ecdsa_sha2_nistp256_public_key],
134
- ].any? { |username, public_key_algorithm_name, public_key|
135
- context.verify username, public_key_algorithm_name, public_key
124
+ username = ENV['USER']
125
+ authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(Dir.home, '.ssh', 'authorized_keys')))
126
+ authorized_keys.any?{ |public_key|
127
+ context.verify username, public_key.algorithm_name, public_key.to_pem
136
128
  }
137
129
  }
138
130
  options['authentication_publickey_authenticator'] = auth_publickey
@@ -140,6 +132,8 @@ options['authentication_publickey_authenticator'] = auth_publickey
140
132
 
141
133
  The `context` variable in public key authentication context provides the `#verify` method. The `#verify` method takes three arguments; username, public key algorithm name and PEM or DER formed public key.
142
134
 
135
+ And public keys that is in OpenSSH public key format is now available. To use OpenSSH public keys, it is easy to use $USER_HOME/.ssh/authorized_keys file.
136
+
143
137
  ##### None authentication (NOT recomended)
144
138
 
145
139
  The third one is none authentication. None authentication is usually NOT used.
data/demo/server.rb CHANGED
@@ -27,47 +27,10 @@ auth_none = HrrRbSsh::Authentication::Authenticator.new { |context|
27
27
  false
28
28
  }
29
29
  auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
30
- username = 'user1'
31
- dss_public_key_algorithm_name = 'ssh-dss'
32
- dss_public_key = <<-'EOB'
33
- -----BEGIN PUBLIC KEY-----
34
- MIIBtzCCASwGByqGSM44BAEwggEfAoGBAKh2ZJp4ao8Xaexa0sk68VqMCaOaTi19
35
- YIqo2+t2t8ve4QSHvk/NbFIDTGq90lHziakTqwKaaswWLB7cSRPTcXjLv16Zmazg
36
- JRvh1jZ3ikuBME2G/B+EptlQ00dMa+5W/Acp2P6Cv5NRgA/tx0AyCJaItSpLXG+k
37
- B+HMp9LQ8WotAhUAk/yyvpsY9sVSyeN3lHvg5Nsl568CgYEAj4rqF241ROP2olNh
38
- VJUF0K5N4dSBCfcPnSPYuGPCi7qV229RISET3LOwrCXEUwSwlKoe/lLb2mcaeC84
39
- NIeN6pQnRTE6zajJ9UUeGErOFRm1x6E+FMtlVp/fwUE1Ra+AscHVKwMUehz7sA6A
40
- ZxJK7UvLs+R6s1eYhrES0bcorLIDgYQAAoGAd6XKzevlwzt6aCYdBRdN+BT4BQUw
41
- /L3MVYG0kDV9WqPcyAFvLO54xAUf9LxYM0e8X8J5ECp4oEGOcK1ilXEw3LPMJGmY
42
- IB56R9izS1t636kxnJTYNGQY+XvjAeuP7nC2WVNHNz7vXprT4Sq+hQaNkaKPu/3/
43
- 48xJs2mYbxfyHCQ=
44
- -----END PUBLIC KEY-----
45
- EOB
46
- rsa_public_key_algorithm_name = 'ssh-rsa'
47
- rsa_public_key = <<-'EOB'
48
- -----BEGIN PUBLIC KEY-----
49
- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OnIQcRTdeTZFjhGcx8f
50
- ssCgeqzY47p5KhT/gKMz2nOANNLCBr9e6IGaRePew03St3Cn0ApikuGzPnWxSlBT
51
- H6OpR/EnUmBttlvcL28CGOsZIwYJtAdVsGXpIXtiPLl2eEzaM9aBsS/LGWKgQNo3
52
- 86UGa5j20yGJfsL9WIMCVoGvsA06+4VX1/zlWXwVJSNep674bmSWPcVtXWWZIk19
53
- T6b+xuqhfiUpbc/stfdmgDc3B/ZgpFsQh5oWBoAfkL6kAEa4oQBFhqF0QM5ej6h5
54
- wqbQt4paM0aEuypWE+CaizA0I+El7f0y+59sUqTAN/7F9UlXaOBdd9SZkhACBrAR
55
- nQIDAQAB
56
- -----END PUBLIC KEY-----
57
- EOB
58
- ecdsa_sha2_nistp256_public_key_algorithm_name = 'ecdsa-sha2-nistp256'
59
- ecdsa_sha2_nistp256_public_key = <<-'EOB'
60
- -----BEGIN PUBLIC KEY-----
61
- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DPmu6CIA5VCBaN9wpUP2UUZQ+dw
62
- 77mTZ7lD+z5cjzF7OL/cPL1/zklAsYaH7z7OcPYRbe24QCG5YfJQZjevJQ==
63
- -----END PUBLIC KEY-----
64
- EOB
65
- [
66
- [dss_public_key_algorithm_name, dss_public_key],
67
- [rsa_public_key_algorithm_name, rsa_public_key],
68
- [ecdsa_sha2_nistp256_public_key_algorithm_name, ecdsa_sha2_nistp256_public_key],
69
- ].any? { |public_key_algorithm_name, public_key|
70
- context.verify username, public_key_algorithm_name, public_key
30
+ username = ENV['USER']
31
+ authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(Dir.home, '.ssh', 'authorized_keys')))
32
+ authorized_keys.any?{ |public_key|
33
+ context.verify username, public_key.algorithm_name, public_key.to_pem
71
34
  }
72
35
  }
73
36
  auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
data/lib/hrr_rb_ssh/compat/openssh/authorized_keys.rb ADDED
@@ -0,0 +1,24 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ module HrrRbSsh
5
+ module Compat
6
+ module OpenSSH
7
+ class AuthorizedKeys
8
+ def initialize data_str
9
+ @public_keys = data_str.each_line.map{ |line|
10
+ PublicKey.new line
11
+ }
12
+ end
13
+
14
+ def each
15
+ @public_keys.each{ |public_key|
16
+ yield public_key
17
+ }
18
+ end
19
+
20
+ include Enumerable
21
+ end
22
+ end
23
+ end
24
+ end
data/lib/hrr_rb_ssh/compat/openssh/public_key.rb ADDED
@@ -0,0 +1,65 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ require 'base64'
5
+ require 'openssl'
6
+
7
+ module HrrRbSsh
8
+ module Compat
9
+ module OpenSSH
10
+ class PublicKey
11
+ def initialize data_line
12
+ splitted = data_line.split(' ')
13
+ @algorithm_name = splitted[0]
14
+ public_key_blob = Authentication::Method::Publickey::Algorithm[@algorithm_name]::PublicKeyBlob.decode Base64.decode64(splitted[1])
15
+ case @algorithm_name
16
+ when 'ssh-dss'
17
+ @algorithm = OpenSSL::PKey::DSA.new
18
+ if @algorithm.respond_to?(:set_pqg)
19
+ @algorithm.set_pqg public_key_blob[:'p'], public_key_blob[:'q'], public_key_blob[:'g']
20
+ else
21
+ @algorithm.p = public_key_blob[:'p']
22
+ @algorithm.q = public_key_blob[:'q']
23
+ @algorithm.g = public_key_blob[:'g']
24
+ end
25
+ if @algorithm.respond_to?(:set_key)
26
+ @algorithm.set_key public_key_blob[:'y'], nil
27
+ else
28
+ @algorithm.pub_key = public_key_blob[:'y']
29
+ end
30
+ @pem = @algorithm.public_key.to_pem
31
+ when 'ssh-rsa'
32
+ @algorithm = OpenSSL::PKey::RSA.new
33
+ if @algorithm.respond_to?(:set_key)
34
+ @algorithm.set_key public_key_blob[:'n'], public_key_blob[:'e'], nil
35
+ else
36
+ @algorithm.e = public_key_blob[:'e']
37
+ @algorithm.n = public_key_blob[:'n']
38
+ end
39
+ @pem = @algorithm.public_key.to_pem
40
+ when 'ecdsa-sha2-nistp256'
41
+ @algorithm = OpenSSL::PKey::EC.new('prime256v1')
42
+ @algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
43
+ @pem = @algorithm.to_pem
44
+ when 'ecdsa-sha2-nistp384'
45
+ @algorithm = OpenSSL::PKey::EC.new('secp384r1')
46
+ @algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
47
+ @pem = @algorithm.to_pem
48
+ when 'ecdsa-sha2-nistp521'
49
+ @algorithm = OpenSSL::PKey::EC.new('secp521r1')
50
+ @algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
51
+ @pem = @algorithm.to_pem
52
+ end
53
+ end
54
+
55
+ def algorithm_name
56
+ @algorithm_name
57
+ end
58
+
59
+ def to_pem
60
+ @pem
61
+ end
62
+ end
63
+ end
64
+ end
65
+ end
data/lib/hrr_rb_ssh/compat/openssh.rb ADDED
@@ -0,0 +1,12 @@
1
+ # coding: utf-8
2
+ # vim: et ts=2 sw=2
3
+
4
+ module HrrRbSsh
5
+ module Compat
6
+ module OpenSSH
7
+ end
8
+ end
9
+ end
10
+
11
+ require 'hrr_rb_ssh/compat/openssh/public_key'
12
+ require 'hrr_rb_ssh/compat/openssh/authorized_keys'
data/lib/hrr_rb_ssh/compat.rb CHANGED
@@ -1,6 +1,8 @@
1
1
  # coding: utf-8
2
2
  # vim: et ts=2 sw=2
3
3
 
4
+ require 'hrr_rb_ssh/compat/openssh'
5
+
4
6
  if RUBY_VERSION < "2.1"
5
7
  class Array
6
8
  def to_h
data/lib/hrr_rb_ssh/version.rb CHANGED
@@ -2,5 +2,5 @@
2
2
  # vim: et ts=2 sw=2
3
3
 
4
4
  module HrrRbSsh
5
- VERSION = "0.1.7"
5
+ VERSION = "0.1.8"
6
6
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hrr_rb_ssh
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.7
4
+ version: 0.1.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - hirura
@@ -124,6 +124,9 @@ files:
124
124
  - lib/hrr_rb_ssh/closed_transport_error.rb
125
125
  - lib/hrr_rb_ssh/codable.rb
126
126
  - lib/hrr_rb_ssh/compat.rb
127
+ - lib/hrr_rb_ssh/compat/openssh.rb
128
+ - lib/hrr_rb_ssh/compat/openssh/authorized_keys.rb
129
+ - lib/hrr_rb_ssh/compat/openssh/public_key.rb
127
130
  - lib/hrr_rb_ssh/connection.rb
128
131
  - lib/hrr_rb_ssh/connection/channel.rb
129
132
  - lib/hrr_rb_ssh/connection/channel/channel_type.rb