hrr_rb_ssh 0.3.0.pre3 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e5758ec1e3457a1aaa41ec25677bd85711eb176fa9478d786c70c885e2206c58
-  data.tar.gz: 37e411ed657bceca996dcaf71c4b36c706984738005dce48043649a55d6ba022
+  metadata.gz: 5069234076e5c4f106d9ef733fd232fd0df99497fc64b948e9014d74a688f608
+  data.tar.gz: 0f88f74186bf0c86aa0dd6e76770d0e028231105bb06bc4ea5870f97841194d3
 SHA512:
-  metadata.gz: a2ebfcb6fad617c0c8201ff30815e03d28e9e688f43fedbb14e3dd67d83426f3d9c06145392c1d84f4bb3e16d7daf78adf83fc57ba1d152136070b74cb0b93ba
-  data.tar.gz: 9dcc34deaca035e461c98a9891f4e1d0876fcdf379e08438cc01e97e9965526dbf7a6306f0bbd87b090ce815e079a7f407aca3a3c9c5138c4d4ac5707b24be3e
+  metadata.gz: 5937b53c91ce899fbc3b0d0b97de9c336ad14fecda882ca24f6e9fc3184ec6b07123ae78bc7fdf3a11560ad3b268cb23277453d3f1ced91a5b1fb5054e3106f3
+  data.tar.gz: c757a877562b34ca17a8015fc9829ad6babfa89dbb197b451a0a23a1c372bc2ba1ba0ce77e2756da6b63157384be7774d15dd569b8b349ed898186e8f8f1818d

data/README.md

@@ -5,9 +5,9 @@
 [![Test Coverage](https://api.codeclimate.com/v1/badges/f5dfdb97d72f24ca5939/test_coverage)](https://codeclimate.com/github/hirura/hrr_rb_ssh/test_coverage)
 [![Gem Version](https://badge.fury.io/rb/hrr_rb_ssh.svg)](https://badge.fury.io/rb/hrr_rb_ssh)
 
-hrr_rb_ssh is a pure Ruby SSH 2.0 server implementation.
+hrr_rb_ssh is a pure Ruby SSH 2.0 server and client implementation.
 
-With hrr_rb_ssh, it is possible to write an SSH server easily, and also possible to write an original server side application on secure connection provided by SSH protocol.
+With hrr_rb_ssh, it is possible to write an SSH server easily, and also possible to write an original server side application on secure connection provided by SSH protocol. And it supports to write SSH client as well.
 
 ## Table of Contents
 
@@ -31,6 +31,7 @@ With hrr_rb_ssh, it is possible to write an SSH server easily, and also possible
             - [Custom request handlers](#custom-request-handlers)
         - [Defining preferred algorithms (optional)](#defining-preferred-algorithms-optional)
         - [Hiding and/or simulating local SSH version](#hiding-and-or-simulating-local-ssh-version)
+    - [Writing SSH client (Experimental)](#writing-ssh-client-experimental)
     - [Demo](#demo)
 - [Supported Features](#supported-features)
     - [Connection layer](#connection-layer)
@@ -420,9 +421,66 @@ options['local_version'] = "SSH-2.0-OpenSSH"
 
 Please note that the beginning of the string must be `SSH-2.0-`. Otherwise SSH 2.0 remote peer cannot continue negotiation with the local peer.
 
+### Writing SSH client (Experimental)
+
+#### Requiring `hrr_rb_ssh` library
+
+First of all, `hrr_rb_ssh` library needs to be loaded.
+
+```ruby
+require 'hrr_rb_ssh'
+```
+
+#### Starting SSH connection
+
+The client mode can be started with `HrrRbSsh::Client.start`. The method takes `address` and `options` arguments. The `address` is the target host address that the SSH client connects to. And the `options` contains various parameters for the SSH connection. At least `username` key must be set in the `options`. Also at least one of `password`, `publickey`, or `keyboard-interactive` needs to be set for authentication instead of authenticators that are used in server mode. Also as similar to server mode, it is possible to specify preferred transport algorithms and preferred authentication methods with the same keywords.
+
+```ruby
+address = 'remotehost'
+options = {
+  port: 22,
+  username: 'user1',
+  password: 'password1',
+  publickey: ['ssh-rsa', "/home/user1/.ssh/id_rsa")],
+  authentication_preferred_authentication_methods = ['publickey', 'password'],
+}
+HrrRbSsh::Client.start(address, options) do |conn|
+  # Do something here
+  # For instance: conn.exec "command"
+end
+```
+
+#### Executing remote commands
+
+There are some methods supported in client mode. The methods works as a receiver of `conn` block variable.
+
+##### exec method
+
+The `exec` and `exec!` methods execute command on a remote host. Both takes a command argument that is executed in the remote host. And they can take optional `pty` and `env` arguments. When `pty: true` is set, then the command will be executed on a pseudo-TTY. When `env: {'key' => 'value'}` is set, then the environmental variables are set before the command is executed.
+
+The `exec!` method returns `[stdout, stderr]` outputs. Once the command is executed and the outputs are completed, then the method returns the value.
+
+On the other hand, `exec` method takes block like the below example and returns exit status of the command. When the command is executed and the outputs and reading them are finished, then `io_out` and `io_err` return EOF.
+
+```ruby
+conn.exec "command" do |io_in, io_out, io_err|
+  # Do something here
+end
+```
+
+##### shell method
+
+The `shell` method provides a shell access on a remote host. As similar to `exec` method, it takes block and its block variable is also `io_in, io_out, io_err`. `shell` is always on pseudo-TTY, so it doesn't take `pty` optional argument. It takes `env` optional argument. Exiting shell will leads `io_out` and `io_err` EOF.
+
+```ruby
+conn.shell do |io_in, io_out, io_err|
+  # Do something here
+end
+```
+
 ### Demo
 
-The `demo/server.rb` shows a good example on how to use the hrr_rb_ssh library in SSH server mode.
+The `demo/server.rb` shows a good example on how to use the hrr_rb_ssh library in SSH server mode. And the `demo/client.rb` shows an example on how to use the hrr_rb_ssh library in SSH client mode.
 
 ## Supported Features
 

data/demo/client.rb

@@ -0,0 +1,58 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'logger'
+
+begin
+  require 'hrr_rb_ssh'
+rescue LoadError
+  $:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+  require 'hrr_rb_ssh'
+end
+
+logger = Logger.new STDOUT
+logger.level = Logger::INFO
+logger.level = Logger::DEBUG
+HrrRbSsh::Logger.initialize logger
+
+address = 'localhost'
+options = {
+  port: 10022,
+  username: 'user1',
+  password: 'password1',
+  publickey: ['ssh-rsa', "/home/user1/.ssh/id_rsa")],
+  keyboard_interactive: [
+    'password1',
+    #'password2' # when keyboard-interactive authentication requires 2nd response
+  ],
+}
+HrrRbSsh::Client.start(address, options){ |conn|
+  puts conn.exec!('ls -l') # => [out, err]
+
+  puts conn.exec!('ls -l', pty: true) # => [out, err] # "ls -l" command will be run on PTY
+
+  conn.exec('ls -l', pty: true){ |io_in, io_out, io_err| # => exit status
+    while true
+      begin
+        print io_out.readpartial(10240)
+      rescue EOFError
+        break
+      end
+    end
+  }
+
+  conn.shell{ |io_in, io_out, io_err| # => exit status
+    t = Thread.new {
+      while true
+        begin
+          print io_out.readpartial(10240)
+        rescue EOFError
+          break
+        end
+      end
+    }
+    io_in.puts "ls -l"
+    io_in.puts "exit"
+    t.join
+  }
+}

data/hrr_rb_ssh.gemspec

@@ -9,8 +9,8 @@ Gem::Specification.new do |spec|
   spec.name          = "hrr_rb_ssh"
   spec.version       = HrrRbSsh::VERSION
   spec.license       = 'Apache-2.0'
-  spec.summary       = %q{Pure Ruby SSH 2.0 server implementation}
-  spec.description   = %q{Pure Ruby SSH 2.0 server implementation}
+  spec.summary       = %q{Pure Ruby SSH 2.0 server and client implementation}
+  spec.description   = %q{Pure Ruby SSH 2.0 server and client implementation}
   spec.authors       = ["hirura"]
   spec.email         = ["hirura@gmail.com"]
   spec.homepage      = "https://github.com/hirura/hrr_rb_ssh"

data/lib/hrr_rb_ssh/authentication/method/keyboard_interactive.rb

@@ -13,6 +13,7 @@ module HrrRbSsh
         def initialize transport, options, variables, authentication_methods
           @logger = Logger.new(self.class.name)
           @transport = transport
+          @options = options
           @authenticator = options.fetch( 'authentication_keyboard_interactive_authenticator', Authenticator.new { false } )
           @variables = variables
           @authentication_methods = authentication_methods
@@ -26,6 +27,39 @@ module HrrRbSsh
           context = Context.new(@transport, username, submethods, @variables, @authentication_methods)
           @authenticator.authenticate context
         end
+
+        def request_authentication username, service_name
+          message = {
+            :'message number' => Message::SSH_MSG_USERAUTH_REQUEST::VALUE,
+            :"user name"      => username,
+            :"service name"   => service_name,
+            :"method name"    => NAME,
+            :"language tag"   => "",
+            :'submethods'     => "",
+          }
+          payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message
+          @transport.send payload
+
+          payload = @transport.receive
+          case payload[0,1].unpack("C")[0]
+          when Message::SSH_MSG_USERAUTH_INFO_REQUEST::VALUE
+            message = Message::SSH_MSG_USERAUTH_INFO_REQUEST.decode payload
+            num_responses = @options['client_authentication_keyboard_interactive'].size
+            message = {
+              :'message number' => Message::SSH_MSG_USERAUTH_INFO_RESPONSE::VALUE,
+              :'num-responses'  => num_responses,
+            }
+            message_responses = @options['client_authentication_keyboard_interactive'].map.with_index{ |response, i|
+              {:"response[#{i+1}]" => response}
+            }.inject(Hash.new){ |a, b| a.merge(b) }
+            message.update(message_responses)
+            payload = Message::SSH_MSG_USERAUTH_INFO_RESPONSE.encode message
+            @transport.send payload
+            @transport.receive
+          else
+            payload
+          end
+        end
       end
     end
   end

data/lib/hrr_rb_ssh/authentication/method/none.rb

@@ -12,6 +12,7 @@ module HrrRbSsh
 
         def initialize transport, options, variables, authentication_methods
           @logger = Logger.new(self.class.name)
+          @transport = transport
           @authenticator = options.fetch( 'authentication_none_authenticator', Authenticator.new { false } )
           @variables = variables
           @authentication_methods = authentication_methods
@@ -23,6 +24,18 @@ module HrrRbSsh
           context = Context.new(userauth_request_message[:'user name'], @variables, @authentication_methods)
           @authenticator.authenticate context
         end
+
+        def request_authentication username, service_name
+          message = {
+            :'message number' => Message::SSH_MSG_USERAUTH_REQUEST::VALUE,
+            :"user name"      => username,
+            :"service name"   => service_name,
+            :"method name"    => NAME,
+          }
+          payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message
+          @transport.send payload
+          payload = @transport.receive
+        end
       end
     end
   end

data/lib/hrr_rb_ssh/authentication/method/password.rb

@@ -12,7 +12,9 @@ module HrrRbSsh
 
         def initialize transport, options, variables, authentication_methods
           @logger = Logger.new(self.class.name)
+          @transport = transport
           @authenticator = options.fetch( 'authentication_password_authenticator', Authenticator.new { false } )
+          @options = options
           @variables = variables
           @authentication_methods = authentication_methods
         end
@@ -25,6 +27,22 @@ module HrrRbSsh
           context = Context.new(username, password, @variables, @authentication_methods)
           @authenticator.authenticate context
         end
+
+        def request_authentication username, service_name
+          password = @options['client_authentication_password']
+          message = {
+            :'message number'     => Message::SSH_MSG_USERAUTH_REQUEST::VALUE,
+            :"user name"          => username,
+            :"service name"       => service_name,
+            :"method name"        => NAME,
+            :"FALSE"              => false,
+            :"plaintext password" => password,
+          }
+          payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message
+          @transport.send payload
+
+          payload = @transport.receive
+        end
       end
     end
   end

data/lib/hrr_rb_ssh/authentication/method/publickey/algorithm/functionable.rb

@@ -44,6 +44,28 @@ module HrrRbSsh
                 false
               end
             end
+
+            def generate_public_key_blob secret_key
+              publickey = HrrRbSsh::Algorithm::Publickey[self.class::NAME].new secret_key
+              publickey.to_public_key_blob
+            end
+
+            def generate_signature session_id, username, service_name, method_name, secret_key
+              publickey = HrrRbSsh::Algorithm::Publickey[self.class::NAME].new secret_key
+              publickey_blob = publickey.to_public_key_blob
+              signature_blob_h = {
+                :'session identifier'        => session_id,
+                :'message number'            => Message::SSH_MSG_USERAUTH_REQUEST::VALUE,
+                :'user name'                 => username,
+                :'service name'              => service_name,
+                :'method name'               => method_name,
+                :'with signature'            => true,
+                :'public key algorithm name' => self.class::NAME,
+                :'public key blob'           => publickey_blob
+              }
+              signature_blob = SignatureBlob.encode signature_blob_h
+              publickey.sign signature_blob
+            end
           end
         end
       end

data/lib/hrr_rb_ssh/authentication/method/publickey.rb

@@ -12,6 +12,8 @@ module HrrRbSsh
 
         def initialize transport, options, variables, authentication_methods
           @logger = Logger.new(self.class.name)
+          @transport = transport
+          @options = options
           @session_id = options['session id']
           @authenticator = options.fetch( 'authentication_publickey_authenticator', Authenticator.new { false } )
           @variables = variables
@@ -45,6 +47,53 @@ module HrrRbSsh
           }
           payload = Message::SSH_MSG_USERAUTH_PK_OK.encode message
         end
+
+        def request_authentication username, service_name
+          public_key_algorithm_name, secret_key = @options['client_authentication_publickey']
+          send_request_without_signature username, service_name, public_key_algorithm_name, secret_key
+          payload = @transport.receive
+          case payload[0,1].unpack("C")[0]
+          when Message::SSH_MSG_USERAUTH_PK_OK::VALUE
+            send_request_with_signature username, service_name, public_key_algorithm_name, secret_key
+            @transport.receive
+          else
+            payload
+          end
+        end
+
+        def send_request_without_signature username, service_name, public_key_algorithm_name, secret_key
+          algorithm = Algorithm[public_key_algorithm_name].new
+          public_key_blob = algorithm.generate_public_key_blob(secret_key)
+          message = {
+            :'message number'            => Message::SSH_MSG_USERAUTH_REQUEST::VALUE,
+            :"user name"                 => username,
+            :"service name"              => service_name,
+            :"method name"               => NAME,
+            :"with signature"            => false,
+            :'public key algorithm name' => public_key_algorithm_name,
+            :'public key blob'           => public_key_blob,
+          }
+          payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message
+          @transport.send payload
+        end
+
+        def send_request_with_signature username, service_name, public_key_algorithm_name, secret_key
+          algorithm = Algorithm[public_key_algorithm_name].new
+          public_key_blob = algorithm.generate_public_key_blob(secret_key)
+          signature = algorithm.generate_signature(@session_id, username, service_name, 'publickey', secret_key)
+          message = {
+            :'message number'            => Message::SSH_MSG_USERAUTH_REQUEST::VALUE,
+            :"user name"                 => username,
+            :"service name"              => service_name,
+            :"method name"               => NAME,
+            :"with signature"            => true,
+            :'public key algorithm name' => public_key_algorithm_name,
+            :'public key blob'           => public_key_blob,
+            :'signature'                 => signature,
+          }
+          payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message
+          @transport.send payload
+        end
       end
     end
   end

data/lib/hrr_rb_ssh/authentication.rb

@@ -12,8 +12,9 @@ module HrrRbSsh
   class Authentication
     include Constant
 
-    def initialize transport, options={}
+    def initialize transport, mode, options={}
       @transport = transport
+      @mode = mode
       @options = options
 
       @logger = Logger.new self.class.name
@@ -70,6 +71,15 @@ module HrrRbSsh
     end
 
     def authenticate
+      case @mode
+      when Mode::SERVER
+        respond_to_authentication
+      when Mode::CLIENT
+        request_authentication
+      end
+    end
+
+    def respond_to_authentication
       authentication_methods = (@options['authentication_preferred_authentication_methods'].dup rescue nil) || Method.list_preferred # rescue nil.dup for Ruby version < 2.4
       @logger.info { "preferred authentication methods: #{authentication_methods}" }
       loop do
@@ -116,6 +126,42 @@ module HrrRbSsh
       end
     end
 
+    def request_authentication
+      authentication_methods = (@options['authentication_preferred_authentication_methods'].dup rescue nil) || Method.list_preferred # rescue nil.dup for Ruby version < 2.4
+      @logger.info { "preferred authentication methods: #{authentication_methods}" }
+      next_method_name = "none"
+      @logger.info { "authentication request begins with none method" }
+      loop do
+        @logger.info { "authentication method: #{next_method_name}" }
+        method = Method[next_method_name].new(@transport, {'session id' => @transport.session_id}.merge(@options), @variables, authentication_methods)
+        payload = method.request_authentication @options['username'], "ssh-connection"
+        case payload[0,1].unpack("C")[0]
+        when Message::SSH_MSG_USERAUTH_SUCCESS::VALUE
+          @logger.info { "verified" }
+          @username = @options['username']
+          @closed = false
+          break
+        when Message::SSH_MSG_USERAUTH_FAILURE::VALUE
+          message = Message::SSH_MSG_USERAUTH_FAILURE.decode payload
+          partial_success = message[:'partial success']
+          if partial_success
+            @logger.info { "partially verified" }
+          end
+          authentication_methods_that_can_continue = message[:'authentications that can continue']
+          @logger.debug { "authentication methods that can continue: #{authentication_methods_that_can_continue}" }
+          next_method_name = authentication_methods.find{ |local_m| authentication_methods_that_can_continue.find{ |remote_m| local_m == remote_m } }
+          if next_method_name
+            authentication_methods.delete next_method_name
+            @logger.info { "continue" }
+          else
+            @logger.info { "no more available authentication methods" }
+            @closed = true
+            raise "failed authentication"
+          end
+        end
+      end
+    end
+
     def send_userauth_failure authentication_methods, partial_success
       message = {
         :'message number'                    => Message::SSH_MSG_USERAUTH_FAILURE::VALUE,

data/lib/hrr_rb_ssh/client.rb

@@ -0,0 +1,198 @@
+# coding: utf-8
+# vim: et ts=2 sw=2
+
+require 'socket'
+require 'stringio'
+require 'hrr_rb_ssh/logger'
+require 'hrr_rb_ssh/mode'
+require 'hrr_rb_ssh/transport'
+require 'hrr_rb_ssh/authentication'
+require 'hrr_rb_ssh/connection'
+
+module HrrRbSsh
+  class Client
+    def self.start address, options={}
+      client = self.new address, options
+      client.start
+      if block_given?
+        begin
+          yield client
+        ensure
+          client.close unless client.closed?
+        end
+      else
+        client
+      end
+    end
+
+    def initialize address, tmp_options={}
+      @logger = Logger.new self.class.name
+      @closed = true
+      options = initialize_options tmp_options
+      io = TCPSocket.new address, options['port']
+      transport      = HrrRbSsh::Transport.new      io, HrrRbSsh::Mode::CLIENT, options
+      authentication = HrrRbSsh::Authentication.new transport, HrrRbSsh::Mode::CLIENT, options
+      @connection    = HrrRbSsh::Connection.new     authentication, HrrRbSsh::Mode::CLIENT, options
+    end
+
+    def initialize_options tmp_options
+      tmp_options = Hash[tmp_options.map{|k, v| [k.to_s, v]}]
+      options = {}
+      options['port'] = tmp_options['port'] || 22
+      options['username'] = tmp_options['username']
+      options['authentication_preferred_authentication_methods'] = tmp_options['authentication_preferred_authentication_methods']
+      options['client_authentication_password']             = tmp_options['password']
+      options['client_authentication_publickey']            = tmp_options['publickey']
+      options['client_authentication_keyboard_interactive'] = tmp_options['keyboard_interactive']
+      options['transport_preferred_encryption_algorithms']      = tmp_options['transport_preferred_encryption_algorithms']
+      options['transport_preferred_server_host_key_algorithms'] = tmp_options['transport_preferred_server_host_key_algorithms']
+      options['transport_preferred_kex_algorithms']             = tmp_options['transport_preferred_kex_algorithms']
+      options['transport_preferred_mac_algorithms']             = tmp_options['transport_preferred_mac_algorithms']
+      options['transport_preferred_compression_algorithms']     = tmp_options['transport_preferred_compression_algorithms']
+      options
+    end
+
+    def start
+      @connection.start foreground: false
+      @closed = false
+    end
+
+    def loop
+      @connection.loop
+    end
+
+    def closed?
+      @closed
+    end
+
+    def close
+      @logger.debug { "closing client" }
+      @closed = true
+      @connection.close
+      @logger.debug { "client closed" }
+    end
+
+    def exec! command, pty: false, env: {}
+      @logger.debug { "start exec!: #{command}" }
+      out_buf = StringIO.new
+      err_buf = StringIO.new
+      begin
+        @logger.info { "Opning channel" }
+        channel = @connection.request_channel_open "session"
+        @logger.info { "Channel opened" }
+        if pty
+          channel.send_channel_request_pty_req 'xterm', 80, 24, 580, 336, ''
+        end
+        env.each{ |variable_name, variable_value|
+          channel.send_channel_request_env variable_name, variable_value
+        }
+        channel.send_channel_request_exec command
+        out_t = Thread.new {
+          while true
+            begin
+              out_buf.write channel.io[1].readpartial(10240)
+            rescue
+              break
+            end
+          end
+        }
+        err_t = Thread.new {
+          while true
+            begin
+              err_buf.write channel.io[2].readpartial(10240)
+            rescue
+              break
+            end
+          end
+        }
+        [out_t, err_t].each{ |t|
+          begin
+            t.join
+          rescue => e
+            @logger.warn { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+          end
+        }
+      rescue => e
+        @logger.error { "Failed opening channel" }
+        @logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+        raise "Error in exec!"
+      ensure
+        if channel
+          @logger.info { "closing channel IOs" }
+          channel.io.each{ |io| io.close rescue nil }
+          @logger.info { "channel IOs closed" }
+          @logger.info { "closing channel" }
+          @logger.info { "wait until threads closed in channel" }
+          channel.wait_until_closed
+          channel.close
+          @logger.info { "channel closed" }
+        end
+      end
+      [out_buf.string, err_buf.string]
+    end
+
+    def exec command, pty: false, env: {}
+      @logger.debug { "start exec: #{command}" }
+      begin
+        @logger.info { "Opning channel" }
+        channel = @connection.request_channel_open "session"
+        @logger.info { "Channel opened" }
+        if pty
+          channel.send_channel_request_pty_req 'xterm', 80, 24, 580, 336, ''
+        end
+        env.each{ |variable_name, variable_value|
+          channel.send_channel_request_env variable_name, variable_value
+        }
+        channel.send_channel_request_exec command
+        yield channel.io
+      rescue => e
+        @logger.error { "Failed opening channel" }
+        @logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+        raise "Error in shell"
+      ensure
+        if channel
+          @logger.info { "closing channel IOs" }
+          channel.io.each{ |io| io.close rescue nil }
+          @logger.info { "channel IOs closed" }
+          @logger.info { "closing channel" }
+          @logger.info { "wait until threads closed in channel" }
+          channel.wait_until_closed
+          channel.close
+          @logger.info { "channel closed" }
+        end
+      end
+      channel_exit_status = channel.exit_status rescue nil
+    end
+
+    def shell env: {}
+      @logger.debug { "start shell" }
+      begin
+        @logger.info { "Opning channel" }
+        channel = @connection.request_channel_open "session"
+        @logger.info { "Channel opened" }
+        channel.send_channel_request_pty_req 'xterm', 80, 24, 580, 336, ''
+        env.each{ |variable_name, variable_value|
+          channel.send_channel_request_env variable_name, variable_value
+        }
+        channel.send_channel_request_shell
+        yield channel.io
+      rescue => e
+        @logger.error { "Failed opening channel" }
+        @logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
+        raise "Error in shell"
+      ensure
+        if channel
+          @logger.info { "closing channel IOs" }
+          channel.io.each{ |io| io.close rescue nil }
+          @logger.info { "channel IOs closed" }
+          @logger.info { "closing channel" }
+          @logger.info { "wait until threads closed in channel" }
+          channel.wait_until_closed
+          channel.close
+          @logger.info { "channel closed" }
+        end
+      end
+      channel_exit_status = channel.exit_status rescue nil
+    end
+  end
+end

data/lib/hrr_rb_ssh/connection/channel/channel_type/direct_tcpip.rb

@@ -31,6 +31,9 @@ module HrrRbSsh
               if @sender_thread_finished && @receiver_thread_finished
                 @logger.info { "closing direct-tcpip" }
                 @socket.close
+                @logger.info { "closing channel IOs" }
+                @channel.io.each{ |io| io.close rescue nil }
+                @logger.info { "channel IOs closed" }
                 @channel.close from=:channel_type_instance
                 @logger.info { "direct-tcpip closed" }
               end
@@ -47,15 +50,15 @@ module HrrRbSsh
                     @channel.io[1].write s.readpartial(10240)
                   rescue EOFError
                     @logger.info { "socket is EOF" }
-                    @channel.io[1].close
+                    @channel.io[1].close rescue nil
                     break
                   rescue IOError
                     @logger.info { "socket is closed" }
-                    @channel.io[1].close
+                    @channel.io[1].close rescue nil
                     break
                   rescue => e
                     @logger.error { [e.backtrace[0], ": ", e.message, " (", e.class.to_s, ")\n\t", e.backtrace[1..-1].join("\n\t")].join }
-                    @channel.io[1].close
+                    @channel.io[1].close rescue nil
                     break
                   end
                 end