minmb-net-ssh 2.5.1

data/lib/net/ssh/connection/term.rb

@@ -0,0 +1,178 @@
+module Net; module SSH; module Connection
+      
+  # These constants are used when requesting a pseudo-terminal (via
+  # Net::SSH::Connection::Channel#request_pty). The descriptions for each are
+  # taken directly from RFC 4254 ("The Secure Shell (SSH) Connection Protocol"),
+  # http://tools.ietf.org/html/rfc4254.
+  module Term
+    # Interrupt character; 255 if none. Similarly for the other characters.
+    # Not all of these characters are supported on all systems.
+    VINTR = 1
+
+    # The quit character (sends SIGQUIT signal on POSIX systems).
+    VQUIT = 2
+
+    # Erase the character to left of the cursor.
+    VERASE = 3
+
+    # Kill the current input line.
+    VKILL = 4
+
+    # End-of-file character (sends EOF from the terminal).
+    VEOF = 5
+
+    # End-of-line character in addition to carriage return and/or linefeed.
+    VEOL = 6
+
+    # Additional end-of-line character.
+    VEOL2 = 7
+
+    # Continues paused output (normally control-Q).
+    VSTART = 8
+
+    # Pauses output (normally control-S).
+    VSTOP = 9
+
+    # Suspends the current program.
+    VSUSP = 10
+
+    # Another suspend character.
+    VDSUSP = 11
+
+    # Reprints the current input line.
+    VREPRINT = 12
+
+    # Erases a word left of cursor.
+    VWERASE = 13
+
+    # Enter the next character typed literally, even if it is a special
+    # character.
+    VLNEXT = 14
+
+    # Character to flush output.
+    VFLUSH = 15
+
+    # Switch to a different shell layer.
+    VSWITCH = 16
+
+    # Prints system status line (load, command, pid, etc).
+    VSTATUS = 17
+
+    # Toggles the flushing of terminal output.
+    VDISCARD = 18
+
+    # The ignore parity flag. The parameter SHOULD be 0 if this flag is FALSE,
+    # and 1 if it is TRUE.
+    IGNPAR = 30
+
+    # Mark parity and framing errors.
+    PARMRK = 31
+
+    # Enable checking of parity errors.
+    INPCK = 32
+
+    # Strip 8th bit off characters.
+    ISTRIP = 33
+
+    # Map NL into CR on input.
+    INCLR = 34
+
+    # Ignore CR on input.
+    IGNCR = 35
+
+    # Map CR to NL on input.
+    ICRNL = 36
+
+    # Translate uppercase characters to lowercase.
+    IUCLC = 37
+
+    # Enable output flow control.
+    IXON = 38
+
+    # Any char will restart after stop.
+    IXANY = 39
+
+    # Enable input flow control.
+    IXOFF = 40
+
+    # Ring bell on input queue full.
+    IMAXBEL = 41
+
+    # Enable signals INTR, QUIT, [D]SUSP.
+    ISIG = 50
+
+    # Canonicalize input lines.
+    ICANON = 51
+
+    # Enable input and output of uppercase characters by preceding their
+    # lowercase equivalents with "\".
+    XCASE = 52
+
+    # Enable echoing.
+    ECHO = 53
+
+    # Visually erase chars.
+    ECHOE = 54
+
+    # Kill character discards current line.
+    ECHOK = 55
+
+    # Echo NL even if ECHO is off.
+    ECHONL = 56
+
+    # Don't flush after interrupt.
+    NOFLSH = 57
+
+    # Stop background jobs from output.
+    TOSTOP= 58
+
+    # Enable extensions.
+    IEXTEN = 59
+
+    # Echo control characters as ^(Char).
+    ECHOCTL = 60
+
+    # Visual erase for line kill.
+    ECHOKE = 61
+
+    # Retype pending input.
+    PENDIN = 62
+
+    # Enable output processing.
+    OPOST = 70
+
+    # Convert lowercase to uppercase.
+    OLCUC = 71
+
+    # Map NL to CR-NL.
+    ONLCR = 72
+
+    # Translate carriage return to newline (output).
+    OCRNL = 73
+
+    # Translate newline to carriage return-newline (output).
+    ONOCR = 74
+
+    # Newline performs a carriage return (output).
+    ONLRET = 75
+
+    # 7 bit mode.
+    CS7 = 90
+
+    # 8 bit mode.
+    CS8 = 91
+
+    # Parity enable.
+    PARENB = 92
+
+    # Odd parity, else even.
+    PARODD = 93
+
+    # Specifies the input baud rate in bits per second.
+    TTY_OP_ISPEED = 128
+
+    # Specifies the output baud rate in bits per second.
+    TTY_OP_OSPEED = 129
+  end
+
+end; end; end

data/lib/net/ssh/errors.rb

@@ -0,0 +1,88 @@
+module Net; module SSH
+  # A general exception class, to act as the ancestor of all other Net::SSH
+  # exception classes.
+  class Exception < ::RuntimeError; end
+
+  # This exception is raised when authentication fails (whether it be
+  # public key authentication, password authentication, or whatever).
+  class AuthenticationFailed < Exception; end
+
+  # This exception is raised when a connection attempt times out.
+  class ConnectionTimeout < Exception; end
+
+  # This exception is raised when the remote host has disconnected
+  # unexpectedly.
+  class Disconnect < Exception; end
+
+  # This exception is primarily used internally, but if you have a channel
+  # request handler (see Net::SSH::Connection::Channel#on_request) that you
+  # want to fail in such a way that the server knows it failed, you can
+  # raise this exception in the handler and Net::SSH will translate that into
+  # a "channel failure" message.
+  class ChannelRequestFailed < Exception; end
+
+  # This is exception is primarily used internally, but if you have a channel
+  # open handler (see Net::SSH::Connection::Session#on_open_channel) and you
+  # want to fail in such a way that the server knows it failed, you can
+  # raise this exception in the handler and Net::SSH will translate that into
+  # a "channel open failed" message.
+  class ChannelOpenFailed < Exception
+    attr_reader :code, :reason
+
+    def initialize(code, reason)
+      @code, @reason = code, reason
+      super "#{reason} (#{code})"
+    end
+  end
+
+  # Raised when the cached key for a particular host does not match the
+  # key given by the host, which can be indicative of a man-in-the-middle
+  # attack. When rescuing this exception, you can inspect the key fingerprint
+  # and, if you want to proceed anyway, simply call the remember_host!
+  # method on the exception, and then retry.
+  class HostKeyMismatch < Exception
+    # the callback to use when #remember_host! is called
+    attr_writer :callback #:nodoc:
+
+    # situation-specific data describing the host (see #host, #port, etc.)
+    attr_writer :data #:nodoc:
+
+    # An accessor for getting at the data that was used to look up the host
+    # (see also #fingerprint, #host, #port, #ip, and #key).
+    def [](key)
+      @data && @data[key]
+    end
+
+    # Returns the fingerprint of the key for the host, which either was not
+    # found or did not match.
+    def fingerprint
+      @data && @data[:fingerprint]
+    end
+
+    # Returns the host name for the remote host, as reported by the socket.
+    def host
+      @data && @data[:peer] && @data[:peer][:host]
+    end
+
+    # Returns the port number for the remote host, as reported by the socket.
+    def port
+      @data && @data[:peer] && @data[:peer][:port]
+    end
+
+    # Returns the IP address of the remote host, as reported by the socket.
+    def ip
+      @data && @data[:peer] && @data[:peer][:ip]
+    end
+
+    # Returns the key itself, as reported by the remote host.
+    def key
+      @data && @data[:key]
+    end
+
+    # Tell Net::SSH to record this host and key in the known hosts file, so
+    # that subsequent connections will remember them.
+    def remember_host!
+      @callback.call
+    end
+  end
+end; end

data/lib/net/ssh/key_factory.rb

@@ -0,0 +1,107 @@
+require 'net/ssh/transport/openssl'
+require 'net/ssh/prompt'
+
+module Net; module SSH
+
+  # A factory class for returning new Key classes. It is used for obtaining
+  # OpenSSL key instances via their SSH names, and for loading both public and
+  # private keys. It used used primarily by Net::SSH itself, internally, and
+  # will rarely (if ever) be directly used by consumers of the library.
+  #
+  #   klass = Net::SSH::KeyFactory.get("rsa")
+  #   assert klass.is_a?(OpenSSL::PKey::RSA)
+  #
+  #   key = Net::SSH::KeyFactory.load_public_key("~/.ssh/id_dsa.pub")
+  class KeyFactory
+    # Specifies the mapping of SSH names to OpenSSL key classes.
+    MAP = {
+      "dh"  => OpenSSL::PKey::DH,
+      "rsa" => OpenSSL::PKey::RSA,
+      "dsa" => OpenSSL::PKey::DSA,
+    }
+    if defined?(OpenSSL::PKey::EC)
+      MAP["ecdsa"] = OpenSSL::PKey::EC
+    end
+
+    class <<self
+      include Prompt
+
+      # Fetch an OpenSSL key instance by its SSH name. It will be a new,
+      # empty key of the given type.
+      def get(name)
+        MAP.fetch(name).new
+      end
+
+      # Loads a private key from a file. It will correctly determine
+      # whether the file describes an RSA or DSA key, and will load it
+      # appropriately. The new key is returned. If the key itself is
+      # encrypted (requiring a passphrase to use), the user will be
+      # prompted to enter their password unless passphrase works. 
+      def load_private_key(filename, passphrase=nil, ask_passphrase=true)
+        data = File.read(File.expand_path(filename))
+        load_data_private_key(data, passphrase, ask_passphrase, filename)
+      end
+
+      # Loads a private key. It will correctly determine
+      # whether the file describes an RSA or DSA key, and will load it
+      # appropriately. The new key is returned. If the key itself is
+      # encrypted (requiring a passphrase to use), the user will be
+      # prompted to enter their password unless passphrase works. 
+      def load_data_private_key(data, passphrase=nil, ask_passphrase=true, filename="")
+        if data.match(/-----BEGIN DSA PRIVATE KEY-----/)
+          key_type = OpenSSL::PKey::DSA
+        elsif data.match(/-----BEGIN RSA PRIVATE KEY-----/)
+          key_type = OpenSSL::PKey::RSA
+	elsif data.match(/-----BEGIN EC PRIVATE KEY-----/) && defined?(OpenSSL::PKey::EC)
+          key_type = OpenSSL::PKey::EC
+        elsif data.match(/-----BEGIN (.*) PRIVATE KEY-----/)
+          raise OpenSSL::PKey::PKeyError, "not a supported key type '#{$1}'"
+        else
+          raise OpenSSL::PKey::PKeyError, "not a private key (#{filename})"
+        end
+
+        encrypted_key = data.match(/ENCRYPTED/)
+        tries = 0
+
+        begin
+          return key_type.new(data, passphrase || 'invalid')
+        rescue OpenSSL::PKey::RSAError, OpenSSL::PKey::DSAError, OpenSSL::PKey::ECError => e
+          if encrypted_key && ask_passphrase
+            tries += 1
+            if tries <= 3
+              passphrase = prompt("Enter passphrase for #{filename}:", false)
+              retry
+            else
+              raise
+            end
+          else
+            raise
+          end
+        end
+      end
+
+      # Loads a public key from a file. It will correctly determine whether
+      # the file describes an RSA or DSA key, and will load it
+      # appropriately. The new public key is returned.
+      def load_public_key(filename)
+        data = File.read(File.expand_path(filename))
+        load_data_public_key(data, filename)
+      end
+
+      # Loads a public key. It will correctly determine whether
+      # the file describes an RSA or DSA key, and will load it
+      # appropriately. The new public key is returned.
+      def load_data_public_key(data, filename="")
+        type, blob = data.split(/ /)
+
+        raise Net::SSH::Exception, "public key at #{filename} is not valid" if blob.nil?
+
+        blob = blob.unpack("m*").first
+        reader = Net::SSH::Buffer.new(blob)
+        reader.read_key or raise OpenSSL::PKey::PKeyError, "not a public key #{filename.inspect}"
+      end
+    end
+
+  end
+
+end; end

data/lib/net/ssh/known_hosts.rb

@@ -0,0 +1,141 @@
+require 'strscan'
+require 'net/ssh/buffer'
+
+module Net; module SSH
+
+  # Searches an OpenSSH-style known-host file for a given host, and returns all
+  # matching keys. This is used to implement host-key verification, as well as
+  # to determine what key a user prefers to use for a given host.
+  #
+  # This is used internally by Net::SSH, and will never need to be used directly
+  # by consumers of the library.
+  class KnownHosts
+
+    if defined?(OpenSSL::PKey::EC)
+      SUPPORTED_TYPE = %w(ssh-rsa ssh-dss
+                          ecdsa-sha2-nistp256
+                          ecdsa-sha2-nistp384
+                          ecdsa-sha2-nistp521)
+    else
+      SUPPORTED_TYPE = %w(ssh-rsa ssh-dss)
+    end
+
+
+    class <<self
+
+      # Searches all known host files (see KnownHosts.hostfiles) for all keys
+      # of the given host. Returns an array of keys found.
+      def search_for(host, options={})
+        search_in(hostfiles(options), host)
+      end
+
+      # Search for all known keys for the given host, in every file given in
+      # the +files+ array. Returns the list of keys.
+      def search_in(files, host)
+        files.map { |file| KnownHosts.new(file).keys_for(host) }.flatten
+      end
+
+      # Looks in the given +options+ hash for the :user_known_hosts_file and
+      # :global_known_hosts_file keys, and returns an array of all known
+      # hosts files. If the :user_known_hosts_file key is not set, the
+      # default is returned (~/.ssh/known_hosts and ~/.ssh/known_hosts2). If
+      # :global_known_hosts_file is not set, the default is used
+      # (/etc/ssh/known_hosts and /etc/ssh/known_hosts2).
+      #
+      # If you only want the user known host files, you can pass :user as
+      # the second option.
+      def hostfiles(options, which=:all)
+        files = []
+
+        if which == :all || which == :user
+          files += Array(options[:user_known_hosts_file] || %w(~/.ssh/known_hosts ~/.ssh/known_hosts2))
+        end
+
+        if which == :all || which == :global
+          files += Array(options[:global_known_hosts_file] || %w(/etc/ssh/known_hosts /etc/ssh/known_hosts2))
+        end
+
+        return files
+      end
+
+      # Looks in all user known host files (see KnownHosts.hostfiles) and tries to
+      # add an entry for the given host and key to the first file it is able
+      # to.
+      def add(host, key, options={})
+        hostfiles(options, :user).each do |file|
+          begin
+            KnownHosts.new(file).add(host, key)
+            return
+          rescue SystemCallError
+            # try the next hostfile
+          end
+        end
+      end
+    end
+
+    # The host-key file name that this KnownHosts instance will use to search
+    # for keys.
+    attr_reader :source
+
+    # Instantiate a new KnownHosts instance that will search the given known-hosts
+    # file. The path is expanded file File.expand_path.
+    def initialize(source)
+      @source = File.expand_path(source)
+    end
+
+    # Returns an array of all keys that are known to be associatd with the
+    # given host. The +host+ parameter is either the domain name or ip address
+    # of the host, or both (comma-separated). Additionally, if a non-standard
+    # port is being used, it may be specified by putting the host (or ip, or
+    # both) in square brackets, and appending the port outside the brackets
+    # after a colon. Possible formats for +host+, then, are;
+    #
+    #   "net.ssh.test"
+    #   "1.2.3.4"
+    #   "net.ssh.test,1.2.3.4"
+    #   "[net.ssh.test]:5555"
+    #   "[1,2,3,4]:5555"
+    #   "[net.ssh.test]:5555,[1.2.3.4]:5555
+    def keys_for(host)
+      keys = []
+      return keys unless File.readable?(source)
+
+      entries = host.split(/,/)
+
+      File.open(source) do |file|
+        scanner = StringScanner.new("")
+        file.each_line do |line|
+          scanner.string = line
+
+          scanner.skip(/\s*/)
+          next if scanner.match?(/$|#/)
+
+          hostlist = scanner.scan(/\S+/).split(/,/)
+          next unless entries.all? { |entry| hostlist.include?(entry) }
+
+          scanner.skip(/\s*/)
+          type = scanner.scan(/\S+/)
+
+          next unless SUPPORTED_TYPE.include?(type)
+
+          scanner.skip(/\s*/)
+          blob = scanner.rest.unpack("m*").first
+          keys << Net::SSH::Buffer.new(blob).read_key
+        end
+      end
+
+      keys
+    end
+
+    # Tries to append an entry to the current source file for the given host
+    # and key. If it is unable to (because the file is not writable, for
+    # instance), an exception will be raised.
+    def add(host, key)
+      File.open(source, "a") do |file|
+        blob = [Net::SSH::Buffer.from(:key, key).to_s].pack("m*").gsub(/\s/, "")
+        file.puts "#{host} #{key.ssh_type} #{blob}"
+      end
+    end
+
+  end
+end; end