hrr_rb_ssh 0.1.7 → 0.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +6 -12
- data/demo/server.rb +4 -41
- data/lib/hrr_rb_ssh/compat/openssh/authorized_keys.rb +24 -0
- data/lib/hrr_rb_ssh/compat/openssh/public_key.rb +65 -0
- data/lib/hrr_rb_ssh/compat/openssh.rb +12 -0
- data/lib/hrr_rb_ssh/compat.rb +2 -0
- data/lib/hrr_rb_ssh/version.rb +1 -1
- metadata +4 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7c9084a6fa67c8c215d0fa795eef327f6f7b8c52c7a6bda4a33ab0e97b65560b
|
|
4
|
+
data.tar.gz: 655a99379cf97086e9d29f1fcb3ffcabeec8058c7c4cbede3ce5c06ddaa8c7a2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 240f03f04c51b1cb0671d15d7a0a89fdc9b64113cf0a5ba26ae2aa315dd77c107ec19213744065b7dd601e11937ad36a63085c5474bd4669e5e7b7f19499a2f5
|
|
7
|
+
data.tar.gz: ade3eac97ff8a9734a68336329c6cae56d5f427e73cdf96e65d3f8808b7128ac6a791c945fae975879a65e73b0565c56a6fd3c10ba5aa7c2dd89a3264db5f6e5
|
data/README.md
CHANGED
|
@@ -121,18 +121,10 @@ To define a public key authentication, the `HrrRbSsh::Authentication::Authentica
|
|
|
121
121
|
|
|
122
122
|
```ruby
|
|
123
123
|
auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
|
|
124
|
-
username = '
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DPmu6CIA5VCBaN9wpUP2UUZQ+dw
|
|
129
|
-
77mTZ7lD+z5cjzF7OL/cPL1/zklAsYaH7z7OcPYRbe24QCG5YfJQZjevJQ==
|
|
130
|
-
-----END PUBLIC KEY-----
|
|
131
|
-
EOB
|
|
132
|
-
[
|
|
133
|
-
[username, ecdsa_sha2_nistp256_public_key_algorithm_name, ecdsa_sha2_nistp256_public_key],
|
|
134
|
-
].any? { |username, public_key_algorithm_name, public_key|
|
|
135
|
-
context.verify username, public_key_algorithm_name, public_key
|
|
124
|
+
username = ENV['USER']
|
|
125
|
+
authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(Dir.home, '.ssh', 'authorized_keys')))
|
|
126
|
+
authorized_keys.any?{ |public_key|
|
|
127
|
+
context.verify username, public_key.algorithm_name, public_key.to_pem
|
|
136
128
|
}
|
|
137
129
|
}
|
|
138
130
|
options['authentication_publickey_authenticator'] = auth_publickey
|
|
@@ -140,6 +132,8 @@ options['authentication_publickey_authenticator'] = auth_publickey
|
|
|
140
132
|
|
|
141
133
|
The `context` variable in public key authentication context provides the `#verify` method. The `#verify` method takes three arguments; username, public key algorithm name and PEM or DER formed public key.
|
|
142
134
|
|
|
135
|
+
And public keys that is in OpenSSH public key format is now available. To use OpenSSH public keys, it is easy to use $USER_HOME/.ssh/authorized_keys file.
|
|
136
|
+
|
|
143
137
|
##### None authentication (NOT recomended)
|
|
144
138
|
|
|
145
139
|
The third one is none authentication. None authentication is usually NOT used.
|
data/demo/server.rb
CHANGED
|
@@ -27,47 +27,10 @@ auth_none = HrrRbSsh::Authentication::Authenticator.new { |context|
|
|
|
27
27
|
false
|
|
28
28
|
}
|
|
29
29
|
auth_publickey = HrrRbSsh::Authentication::Authenticator.new { |context|
|
|
30
|
-
username = '
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
MIIBtzCCASwGByqGSM44BAEwggEfAoGBAKh2ZJp4ao8Xaexa0sk68VqMCaOaTi19
|
|
35
|
-
YIqo2+t2t8ve4QSHvk/NbFIDTGq90lHziakTqwKaaswWLB7cSRPTcXjLv16Zmazg
|
|
36
|
-
JRvh1jZ3ikuBME2G/B+EptlQ00dMa+5W/Acp2P6Cv5NRgA/tx0AyCJaItSpLXG+k
|
|
37
|
-
B+HMp9LQ8WotAhUAk/yyvpsY9sVSyeN3lHvg5Nsl568CgYEAj4rqF241ROP2olNh
|
|
38
|
-
VJUF0K5N4dSBCfcPnSPYuGPCi7qV229RISET3LOwrCXEUwSwlKoe/lLb2mcaeC84
|
|
39
|
-
NIeN6pQnRTE6zajJ9UUeGErOFRm1x6E+FMtlVp/fwUE1Ra+AscHVKwMUehz7sA6A
|
|
40
|
-
ZxJK7UvLs+R6s1eYhrES0bcorLIDgYQAAoGAd6XKzevlwzt6aCYdBRdN+BT4BQUw
|
|
41
|
-
/L3MVYG0kDV9WqPcyAFvLO54xAUf9LxYM0e8X8J5ECp4oEGOcK1ilXEw3LPMJGmY
|
|
42
|
-
IB56R9izS1t636kxnJTYNGQY+XvjAeuP7nC2WVNHNz7vXprT4Sq+hQaNkaKPu/3/
|
|
43
|
-
48xJs2mYbxfyHCQ=
|
|
44
|
-
-----END PUBLIC KEY-----
|
|
45
|
-
EOB
|
|
46
|
-
rsa_public_key_algorithm_name = 'ssh-rsa'
|
|
47
|
-
rsa_public_key = <<-'EOB'
|
|
48
|
-
-----BEGIN PUBLIC KEY-----
|
|
49
|
-
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3OnIQcRTdeTZFjhGcx8f
|
|
50
|
-
ssCgeqzY47p5KhT/gKMz2nOANNLCBr9e6IGaRePew03St3Cn0ApikuGzPnWxSlBT
|
|
51
|
-
H6OpR/EnUmBttlvcL28CGOsZIwYJtAdVsGXpIXtiPLl2eEzaM9aBsS/LGWKgQNo3
|
|
52
|
-
86UGa5j20yGJfsL9WIMCVoGvsA06+4VX1/zlWXwVJSNep674bmSWPcVtXWWZIk19
|
|
53
|
-
T6b+xuqhfiUpbc/stfdmgDc3B/ZgpFsQh5oWBoAfkL6kAEa4oQBFhqF0QM5ej6h5
|
|
54
|
-
wqbQt4paM0aEuypWE+CaizA0I+El7f0y+59sUqTAN/7F9UlXaOBdd9SZkhACBrAR
|
|
55
|
-
nQIDAQAB
|
|
56
|
-
-----END PUBLIC KEY-----
|
|
57
|
-
EOB
|
|
58
|
-
ecdsa_sha2_nistp256_public_key_algorithm_name = 'ecdsa-sha2-nistp256'
|
|
59
|
-
ecdsa_sha2_nistp256_public_key = <<-'EOB'
|
|
60
|
-
-----BEGIN PUBLIC KEY-----
|
|
61
|
-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9DPmu6CIA5VCBaN9wpUP2UUZQ+dw
|
|
62
|
-
77mTZ7lD+z5cjzF7OL/cPL1/zklAsYaH7z7OcPYRbe24QCG5YfJQZjevJQ==
|
|
63
|
-
-----END PUBLIC KEY-----
|
|
64
|
-
EOB
|
|
65
|
-
[
|
|
66
|
-
[dss_public_key_algorithm_name, dss_public_key],
|
|
67
|
-
[rsa_public_key_algorithm_name, rsa_public_key],
|
|
68
|
-
[ecdsa_sha2_nistp256_public_key_algorithm_name, ecdsa_sha2_nistp256_public_key],
|
|
69
|
-
].any? { |public_key_algorithm_name, public_key|
|
|
70
|
-
context.verify username, public_key_algorithm_name, public_key
|
|
30
|
+
username = ENV['USER']
|
|
31
|
+
authorized_keys = HrrRbSsh::Compat::OpenSSH::AuthorizedKeys.new(File.read(File.join(Dir.home, '.ssh', 'authorized_keys')))
|
|
32
|
+
authorized_keys.any?{ |public_key|
|
|
33
|
+
context.verify username, public_key.algorithm_name, public_key.to_pem
|
|
71
34
|
}
|
|
72
35
|
}
|
|
73
36
|
auth_password = HrrRbSsh::Authentication::Authenticator.new { |context|
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# coding: utf-8
|
|
2
|
+
# vim: et ts=2 sw=2
|
|
3
|
+
|
|
4
|
+
module HrrRbSsh
|
|
5
|
+
module Compat
|
|
6
|
+
module OpenSSH
|
|
7
|
+
class AuthorizedKeys
|
|
8
|
+
def initialize data_str
|
|
9
|
+
@public_keys = data_str.each_line.map{ |line|
|
|
10
|
+
PublicKey.new line
|
|
11
|
+
}
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def each
|
|
15
|
+
@public_keys.each{ |public_key|
|
|
16
|
+
yield public_key
|
|
17
|
+
}
|
|
18
|
+
end
|
|
19
|
+
|
|
20
|
+
include Enumerable
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
# coding: utf-8
|
|
2
|
+
# vim: et ts=2 sw=2
|
|
3
|
+
|
|
4
|
+
require 'base64'
|
|
5
|
+
require 'openssl'
|
|
6
|
+
|
|
7
|
+
module HrrRbSsh
|
|
8
|
+
module Compat
|
|
9
|
+
module OpenSSH
|
|
10
|
+
class PublicKey
|
|
11
|
+
def initialize data_line
|
|
12
|
+
splitted = data_line.split(' ')
|
|
13
|
+
@algorithm_name = splitted[0]
|
|
14
|
+
public_key_blob = Authentication::Method::Publickey::Algorithm[@algorithm_name]::PublicKeyBlob.decode Base64.decode64(splitted[1])
|
|
15
|
+
case @algorithm_name
|
|
16
|
+
when 'ssh-dss'
|
|
17
|
+
@algorithm = OpenSSL::PKey::DSA.new
|
|
18
|
+
if @algorithm.respond_to?(:set_pqg)
|
|
19
|
+
@algorithm.set_pqg public_key_blob[:'p'], public_key_blob[:'q'], public_key_blob[:'g']
|
|
20
|
+
else
|
|
21
|
+
@algorithm.p = public_key_blob[:'p']
|
|
22
|
+
@algorithm.q = public_key_blob[:'q']
|
|
23
|
+
@algorithm.g = public_key_blob[:'g']
|
|
24
|
+
end
|
|
25
|
+
if @algorithm.respond_to?(:set_key)
|
|
26
|
+
@algorithm.set_key public_key_blob[:'y'], nil
|
|
27
|
+
else
|
|
28
|
+
@algorithm.pub_key = public_key_blob[:'y']
|
|
29
|
+
end
|
|
30
|
+
@pem = @algorithm.public_key.to_pem
|
|
31
|
+
when 'ssh-rsa'
|
|
32
|
+
@algorithm = OpenSSL::PKey::RSA.new
|
|
33
|
+
if @algorithm.respond_to?(:set_key)
|
|
34
|
+
@algorithm.set_key public_key_blob[:'n'], public_key_blob[:'e'], nil
|
|
35
|
+
else
|
|
36
|
+
@algorithm.e = public_key_blob[:'e']
|
|
37
|
+
@algorithm.n = public_key_blob[:'n']
|
|
38
|
+
end
|
|
39
|
+
@pem = @algorithm.public_key.to_pem
|
|
40
|
+
when 'ecdsa-sha2-nistp256'
|
|
41
|
+
@algorithm = OpenSSL::PKey::EC.new('prime256v1')
|
|
42
|
+
@algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
|
|
43
|
+
@pem = @algorithm.to_pem
|
|
44
|
+
when 'ecdsa-sha2-nistp384'
|
|
45
|
+
@algorithm = OpenSSL::PKey::EC.new('secp384r1')
|
|
46
|
+
@algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
|
|
47
|
+
@pem = @algorithm.to_pem
|
|
48
|
+
when 'ecdsa-sha2-nistp521'
|
|
49
|
+
@algorithm = OpenSSL::PKey::EC.new('secp521r1')
|
|
50
|
+
@algorithm.public_key = OpenSSL::PKey::EC::Point.new(@algorithm.group, OpenSSL::BN.new(public_key_blob[:'Q'], 2))
|
|
51
|
+
@pem = @algorithm.to_pem
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
def algorithm_name
|
|
56
|
+
@algorithm_name
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
def to_pem
|
|
60
|
+
@pem
|
|
61
|
+
end
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
end
|
|
65
|
+
end
|
data/lib/hrr_rb_ssh/compat.rb
CHANGED
data/lib/hrr_rb_ssh/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hrr_rb_ssh
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- hirura
|
|
@@ -124,6 +124,9 @@ files:
|
|
|
124
124
|
- lib/hrr_rb_ssh/closed_transport_error.rb
|
|
125
125
|
- lib/hrr_rb_ssh/codable.rb
|
|
126
126
|
- lib/hrr_rb_ssh/compat.rb
|
|
127
|
+
- lib/hrr_rb_ssh/compat/openssh.rb
|
|
128
|
+
- lib/hrr_rb_ssh/compat/openssh/authorized_keys.rb
|
|
129
|
+
- lib/hrr_rb_ssh/compat/openssh/public_key.rb
|
|
127
130
|
- lib/hrr_rb_ssh/connection.rb
|
|
128
131
|
- lib/hrr_rb_ssh/connection/channel.rb
|
|
129
132
|
- lib/hrr_rb_ssh/connection/channel/channel_type.rb
|