net-ssh-net-ssh 2.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (105) hide show
  1. data/CHANGELOG.rdoc +137 -0
  2. data/Manifest +104 -0
  3. data/README.rdoc +110 -0
  4. data/Rakefile +79 -0
  5. data/THANKS.rdoc +16 -0
  6. data/lib/net/ssh.rb +215 -0
  7. data/lib/net/ssh/authentication/agent.rb +176 -0
  8. data/lib/net/ssh/authentication/constants.rb +18 -0
  9. data/lib/net/ssh/authentication/key_manager.rb +193 -0
  10. data/lib/net/ssh/authentication/methods/abstract.rb +60 -0
  11. data/lib/net/ssh/authentication/methods/hostbased.rb +71 -0
  12. data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +66 -0
  13. data/lib/net/ssh/authentication/methods/password.rb +39 -0
  14. data/lib/net/ssh/authentication/methods/publickey.rb +92 -0
  15. data/lib/net/ssh/authentication/pageant.rb +183 -0
  16. data/lib/net/ssh/authentication/session.rb +134 -0
  17. data/lib/net/ssh/buffer.rb +340 -0
  18. data/lib/net/ssh/buffered_io.rb +149 -0
  19. data/lib/net/ssh/config.rb +181 -0
  20. data/lib/net/ssh/connection/channel.rb +625 -0
  21. data/lib/net/ssh/connection/constants.rb +33 -0
  22. data/lib/net/ssh/connection/session.rb +596 -0
  23. data/lib/net/ssh/connection/term.rb +178 -0
  24. data/lib/net/ssh/errors.rb +85 -0
  25. data/lib/net/ssh/key_factory.rb +102 -0
  26. data/lib/net/ssh/known_hosts.rb +129 -0
  27. data/lib/net/ssh/loggable.rb +61 -0
  28. data/lib/net/ssh/packet.rb +102 -0
  29. data/lib/net/ssh/prompt.rb +93 -0
  30. data/lib/net/ssh/proxy/errors.rb +14 -0
  31. data/lib/net/ssh/proxy/http.rb +94 -0
  32. data/lib/net/ssh/proxy/socks4.rb +70 -0
  33. data/lib/net/ssh/proxy/socks5.rb +129 -0
  34. data/lib/net/ssh/ruby_compat.rb +7 -0
  35. data/lib/net/ssh/service/forward.rb +267 -0
  36. data/lib/net/ssh/test.rb +89 -0
  37. data/lib/net/ssh/test/channel.rb +129 -0
  38. data/lib/net/ssh/test/extensions.rb +152 -0
  39. data/lib/net/ssh/test/kex.rb +44 -0
  40. data/lib/net/ssh/test/local_packet.rb +51 -0
  41. data/lib/net/ssh/test/packet.rb +81 -0
  42. data/lib/net/ssh/test/remote_packet.rb +38 -0
  43. data/lib/net/ssh/test/script.rb +157 -0
  44. data/lib/net/ssh/test/socket.rb +59 -0
  45. data/lib/net/ssh/transport/algorithms.rb +384 -0
  46. data/lib/net/ssh/transport/cipher_factory.rb +84 -0
  47. data/lib/net/ssh/transport/constants.rb +30 -0
  48. data/lib/net/ssh/transport/hmac.rb +31 -0
  49. data/lib/net/ssh/transport/hmac/abstract.rb +78 -0
  50. data/lib/net/ssh/transport/hmac/md5.rb +12 -0
  51. data/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
  52. data/lib/net/ssh/transport/hmac/none.rb +15 -0
  53. data/lib/net/ssh/transport/hmac/sha1.rb +13 -0
  54. data/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
  55. data/lib/net/ssh/transport/identity_cipher.rb +55 -0
  56. data/lib/net/ssh/transport/kex.rb +13 -0
  57. data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
  58. data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +77 -0
  59. data/lib/net/ssh/transport/openssl.rb +128 -0
  60. data/lib/net/ssh/transport/packet_stream.rb +230 -0
  61. data/lib/net/ssh/transport/server_version.rb +69 -0
  62. data/lib/net/ssh/transport/session.rb +276 -0
  63. data/lib/net/ssh/transport/state.rb +206 -0
  64. data/lib/net/ssh/verifiers/lenient.rb +30 -0
  65. data/lib/net/ssh/verifiers/null.rb +12 -0
  66. data/lib/net/ssh/verifiers/strict.rb +53 -0
  67. data/lib/net/ssh/version.rb +62 -0
  68. data/net-ssh.gemspec +128 -0
  69. data/setup.rb +1585 -0
  70. data/test/authentication/methods/common.rb +28 -0
  71. data/test/authentication/methods/test_abstract.rb +51 -0
  72. data/test/authentication/methods/test_hostbased.rb +114 -0
  73. data/test/authentication/methods/test_keyboard_interactive.rb +98 -0
  74. data/test/authentication/methods/test_password.rb +50 -0
  75. data/test/authentication/methods/test_publickey.rb +127 -0
  76. data/test/authentication/test_agent.rb +205 -0
  77. data/test/authentication/test_key_manager.rb +105 -0
  78. data/test/authentication/test_session.rb +93 -0
  79. data/test/common.rb +106 -0
  80. data/test/configs/eqsign +3 -0
  81. data/test/configs/exact_match +8 -0
  82. data/test/configs/wild_cards +14 -0
  83. data/test/connection/test_channel.rb +452 -0
  84. data/test/connection/test_session.rb +488 -0
  85. data/test/test_all.rb +6 -0
  86. data/test/test_buffer.rb +336 -0
  87. data/test/test_buffered_io.rb +63 -0
  88. data/test/test_config.rb +84 -0
  89. data/test/test_key_factory.rb +67 -0
  90. data/test/transport/hmac/test_md5.rb +39 -0
  91. data/test/transport/hmac/test_md5_96.rb +25 -0
  92. data/test/transport/hmac/test_none.rb +34 -0
  93. data/test/transport/hmac/test_sha1.rb +34 -0
  94. data/test/transport/hmac/test_sha1_96.rb +25 -0
  95. data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +146 -0
  96. data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +92 -0
  97. data/test/transport/test_algorithms.rb +302 -0
  98. data/test/transport/test_cipher_factory.rb +171 -0
  99. data/test/transport/test_hmac.rb +34 -0
  100. data/test/transport/test_identity_cipher.rb +40 -0
  101. data/test/transport/test_packet_stream.rb +435 -0
  102. data/test/transport/test_server_version.rb +68 -0
  103. data/test/transport/test_session.rb +315 -0
  104. data/test/transport/test_state.rb +173 -0
  105. metadata +162 -0
@@ -0,0 +1,30 @@
1
+ module Net; module SSH; module Transport
2
+ module Constants
3
+
4
+ #--
5
+ # Transport layer generic messages
6
+ #++
7
+
8
+ DISCONNECT = 1
9
+ IGNORE = 2
10
+ UNIMPLEMENTED = 3
11
+ DEBUG = 4
12
+ SERVICE_REQUEST = 5
13
+ SERVICE_ACCEPT = 6
14
+
15
+ #--
16
+ # Algorithm negotiation messages
17
+ #++
18
+
19
+ KEXINIT = 20
20
+ NEWKEYS = 21
21
+
22
+ #--
23
+ # Key exchange method specific messages
24
+ #++
25
+
26
+ KEXDH_INIT = 30
27
+ KEXDH_REPLY = 31
28
+
29
+ end
30
+ end; end; end
@@ -0,0 +1,31 @@
1
+ require 'net/ssh/transport/hmac/md5'
2
+ require 'net/ssh/transport/hmac/md5_96'
3
+ require 'net/ssh/transport/hmac/sha1'
4
+ require 'net/ssh/transport/hmac/sha1_96'
5
+ require 'net/ssh/transport/hmac/none'
6
+
7
+ # Implements a simple factory interface for fetching hmac implementations, or
8
+ # for finding the key lengths for hmac implementations.s
9
+ module Net::SSH::Transport::HMAC
10
+ # The mapping of SSH hmac algorithms to their implementations
11
+ MAP = {
12
+ 'hmac-md5' => MD5,
13
+ 'hmac-md5-96' => MD5_96,
14
+ 'hmac-sha1' => SHA1,
15
+ 'hmac-sha1-96' => SHA1_96,
16
+ 'none' => None
17
+ }
18
+
19
+ # Retrieves a new hmac instance of the given SSH type (+name+). If +key+ is
20
+ # given, the new instance will be initialized with that key.
21
+ def self.get(name, key="")
22
+ impl = MAP[name] or raise ArgumentError, "hmac not found: #{name.inspect}"
23
+ impl.new(key)
24
+ end
25
+
26
+ # Retrieves the key length for the hmac of the given SSH type (+name+).
27
+ def self.key_length(name)
28
+ impl = MAP[name] or raise ArgumentError, "hmac not found: #{name.inspect}"
29
+ impl.key_length
30
+ end
31
+ end
@@ -0,0 +1,78 @@
1
+ require 'openssl'
2
+
3
+ module Net; module SSH; module Transport; module HMAC
4
+
5
+ # The base class of all OpenSSL-based HMAC algorithm wrappers.
6
+ class Abstract
7
+
8
+ class <<self
9
+ def key_length(*v)
10
+ @key_length = nil if !defined?(@key_length)
11
+ if v.empty?
12
+ @key_length = superclass.key_length if @key_length.nil? && superclass.respond_to?(:key_length)
13
+ return @key_length
14
+ elsif v.length == 1
15
+ @key_length = v.first
16
+ else
17
+ raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
18
+ end
19
+ end
20
+
21
+ def mac_length(*v)
22
+ @mac_length = nil if !defined?(@mac_length)
23
+ if v.empty?
24
+ @mac_length = superclass.mac_length if @mac_length.nil? && superclass.respond_to?(:mac_length)
25
+ return @mac_length
26
+ elsif v.length == 1
27
+ @mac_length = v.first
28
+ else
29
+ raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
30
+ end
31
+ end
32
+
33
+ def digest_class(*v)
34
+ @digest_class = nil if !defined?(@digest_class)
35
+ if v.empty?
36
+ @digest_class = superclass.digest_class if @digest_class.nil? && superclass.respond_to?(:digest_class)
37
+ return @digest_class
38
+ elsif v.length == 1
39
+ @digest_class = v.first
40
+ else
41
+ raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
42
+ end
43
+ end
44
+ end
45
+
46
+ def key_length
47
+ self.class.key_length
48
+ end
49
+
50
+ def mac_length
51
+ self.class.mac_length
52
+ end
53
+
54
+ def digest_class
55
+ self.class.digest_class
56
+ end
57
+
58
+ # The key in use for this instance.
59
+ attr_reader :key
60
+
61
+ def initialize(key=nil)
62
+ self.key = key
63
+ end
64
+
65
+ # Sets the key to the given value, truncating it so that it is the correct
66
+ # length.
67
+ def key=(value)
68
+ @key = value ? value.to_s[0,key_length] : nil
69
+ end
70
+
71
+ # Compute the HMAC digest for the given data string.
72
+ def digest(data)
73
+ OpenSSL::HMAC.digest(digest_class.new, key, data)[0,mac_length]
74
+ end
75
+
76
+ end
77
+
78
+ end; end; end; end
@@ -0,0 +1,12 @@
1
+ require 'net/ssh/transport/hmac/abstract'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The MD5 HMAC algorithm.
6
+ class MD5 < Abstract
7
+ mac_length 16
8
+ key_length 16
9
+ digest_class OpenSSL::Digest::MD5
10
+ end
11
+
12
+ end
@@ -0,0 +1,11 @@
1
+ require 'net/ssh/transport/hmac/md5'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The MD5-96 HMAC algorithm. This returns only the first 12 bytes of
6
+ # the digest.
7
+ class MD5_96 < MD5
8
+ mac_length 12
9
+ end
10
+
11
+ end
@@ -0,0 +1,15 @@
1
+ require 'net/ssh/transport/hmac/abstract'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The "none" algorithm. This has a key and mac length of 0.
6
+ class None < Abstract
7
+ key_length 0
8
+ mac_length 0
9
+
10
+ def digest(data)
11
+ ""
12
+ end
13
+ end
14
+
15
+ end
@@ -0,0 +1,13 @@
1
+ require 'net/ssh/transport/hmac/abstract'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The SHA1 HMAC algorithm. This has a mac and key length of 20, and
6
+ # uses the SHA1 digest algorithm.
7
+ class SHA1 < Abstract
8
+ mac_length 20
9
+ key_length 20
10
+ digest_class OpenSSL::Digest::SHA1
11
+ end
12
+
13
+ end
@@ -0,0 +1,11 @@
1
+ require 'net/ssh/transport/hmac/sha1'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The SHA1-96 HMAC algorithm. This returns only the first 12 bytes of
6
+ # the digest.
7
+ class SHA1_96 < SHA1
8
+ mac_length 12
9
+ end
10
+
11
+ end
@@ -0,0 +1,55 @@
1
+ module Net; module SSH; module Transport
2
+
3
+ # A cipher that does nothing but pass the data through, unchanged. This
4
+ # keeps things in the code nice and clean when a cipher has not yet been
5
+ # determined (i.e., during key exchange).
6
+ class IdentityCipher
7
+ class <<self
8
+ # A default block size of 8 is required by the SSH2 protocol.
9
+ def block_size
10
+ 8
11
+ end
12
+
13
+ # Returns an arbitrary integer.
14
+ def iv_len
15
+ 4
16
+ end
17
+
18
+ # Does nothing. Returns self.
19
+ def encrypt
20
+ self
21
+ end
22
+
23
+ # Does nothing. Returns self.
24
+ def decrypt
25
+ self
26
+ end
27
+
28
+ # Passes its single argument through unchanged.
29
+ def update(text)
30
+ text
31
+ end
32
+
33
+ # Returns the empty string.
34
+ def final
35
+ ""
36
+ end
37
+
38
+ # The name of this cipher, which is "identity".
39
+ def name
40
+ "identity"
41
+ end
42
+
43
+ # Does nothing. Returns nil.
44
+ def iv=(v)
45
+ nil
46
+ end
47
+
48
+ # Does nothing. Returns self.
49
+ def reset
50
+ self
51
+ end
52
+ end
53
+ end
54
+
55
+ end; end; end
@@ -0,0 +1,13 @@
1
+ require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
2
+ require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
3
+
4
+ module Net::SSH::Transport
5
+ module Kex
6
+ # Maps the supported key-exchange algorithms as named by the SSH protocol
7
+ # to their corresponding implementors.
8
+ MAP = {
9
+ 'diffie-hellman-group-exchange-sha1' => DiffieHellmanGroupExchangeSHA1,
10
+ 'diffie-hellman-group1-sha1' => DiffieHellmanGroup1SHA1
11
+ }
12
+ end
13
+ end
@@ -0,0 +1,208 @@
1
+ require 'net/ssh/buffer'
2
+ require 'net/ssh/errors'
3
+ require 'net/ssh/loggable'
4
+ require 'net/ssh/transport/openssl'
5
+ require 'net/ssh/transport/constants'
6
+
7
+ module Net; module SSH; module Transport; module Kex
8
+
9
+ # A key-exchange service implementing the "diffie-hellman-group1-sha1"
10
+ # key-exchange algorithm.
11
+ class DiffieHellmanGroup1SHA1
12
+ include Constants, Loggable
13
+
14
+ # The value of 'P', as a string, in hexadecimal
15
+ P_s = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" +
16
+ "C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" +
17
+ "020BBEA6" "3B139B22" "514A0879" "8E3404DD" +
18
+ "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" +
19
+ "4FE1356D" "6D51C245" "E485B576" "625E7EC6" +
20
+ "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" +
21
+ "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" +
22
+ "49286651" "ECE65381" "FFFFFFFF" "FFFFFFFF"
23
+
24
+ # The radix in which P_s represents the value of P
25
+ P_r = 16
26
+
27
+ # The group constant
28
+ G = 2
29
+
30
+ attr_reader :p
31
+ attr_reader :g
32
+ attr_reader :digester
33
+ attr_reader :algorithms
34
+ attr_reader :connection
35
+ attr_reader :data
36
+ attr_reader :dh
37
+
38
+ # Create a new instance of the DiffieHellmanGroup1SHA1 algorithm.
39
+ # The data is a Hash of symbols representing information
40
+ # required by this algorithm, which was acquired during earlier
41
+ # processing.
42
+ def initialize(algorithms, connection, data)
43
+ @p = OpenSSL::BN.new(P_s, P_r)
44
+ @g = G
45
+
46
+ @digester = OpenSSL::Digest::SHA1
47
+ @algorithms = algorithms
48
+ @connection = connection
49
+
50
+ @data = data.dup
51
+ @dh = generate_key
52
+ @logger = @data.delete(:logger)
53
+ end
54
+
55
+ # Perform the key-exchange for the given session, with the given
56
+ # data. This method will return a hash consisting of the
57
+ # following keys:
58
+ #
59
+ # * :session_id
60
+ # * :server_key
61
+ # * :shared_secret
62
+ # * :hashing_algorithm
63
+ #
64
+ # The caller is expected to be able to understand how to use these
65
+ # deliverables.
66
+ def exchange_keys
67
+ result = send_kexinit
68
+ verify_server_key(result[:server_key])
69
+ session_id = verify_signature(result)
70
+ confirm_newkeys
71
+
72
+ return { :session_id => session_id,
73
+ :server_key => result[:server_key],
74
+ :shared_secret => result[:shared_secret],
75
+ :hashing_algorithm => digester }
76
+ end
77
+
78
+ private
79
+
80
+ # Returns the DH key parameters for the current connection.
81
+ def get_parameters
82
+ [p, g]
83
+ end
84
+
85
+ # Returns the INIT/REPLY constants used by this algorithm.
86
+ def get_message_types
87
+ [KEXDH_INIT, KEXDH_REPLY]
88
+ end
89
+
90
+ # Build the signature buffer to use when verifying a signature from
91
+ # the server.
92
+ def build_signature_buffer(result)
93
+ response = Net::SSH::Buffer.new
94
+ response.write_string data[:client_version_string],
95
+ data[:server_version_string],
96
+ data[:client_algorithm_packet],
97
+ data[:server_algorithm_packet],
98
+ result[:key_blob]
99
+ response.write_bignum dh.pub_key,
100
+ result[:server_dh_pubkey],
101
+ result[:shared_secret]
102
+ response
103
+ end
104
+
105
+ # Generate a DH key with a private key consisting of the given
106
+ # number of bytes.
107
+ def generate_key #:nodoc:
108
+ dh = OpenSSL::PKey::DH.new
109
+
110
+ dh.p, dh.g = get_parameters
111
+ dh.priv_key = OpenSSL::BN.rand(data[:need_bytes] * 8)
112
+
113
+ dh.generate_key! until dh.valid?
114
+
115
+ dh
116
+ end
117
+
118
+ # Send the KEXDH_INIT message, and expect the KEXDH_REPLY. Return the
119
+ # resulting buffer.
120
+ #
121
+ # Parse the buffer from a KEXDH_REPLY message, returning a hash of
122
+ # the extracted values.
123
+ def send_kexinit #:nodoc:
124
+ init, reply = get_message_types
125
+
126
+ # send the KEXDH_INIT message
127
+ buffer = Net::SSH::Buffer.from(:byte, init, :bignum, dh.pub_key)
128
+ connection.send_message(buffer)
129
+
130
+ # expect the KEXDH_REPLY message
131
+ buffer = connection.next_message
132
+ raise Net::SSH::Exception, "expected REPLY" unless buffer.type == reply
133
+
134
+ result = Hash.new
135
+
136
+ result[:key_blob] = buffer.read_string
137
+ result[:server_key] = Net::SSH::Buffer.new(result[:key_blob]).read_key
138
+ result[:server_dh_pubkey] = buffer.read_bignum
139
+ result[:shared_secret] = OpenSSL::BN.new(dh.compute_key(result[:server_dh_pubkey]), 2)
140
+
141
+ sig_buffer = Net::SSH::Buffer.new(buffer.read_string)
142
+ sig_type = sig_buffer.read_string
143
+ if sig_type != algorithms.host_key
144
+ raise Net::SSH::Exception,
145
+ "host key algorithm mismatch for signature " +
146
+ "'#{sig_type}' != '#{algorithms.host_key}'"
147
+ end
148
+ result[:server_sig] = sig_buffer.read_string
149
+
150
+ return result
151
+ end
152
+
153
+ # Verify that the given key is of the expected type, and that it
154
+ # really is the key for the session's host. Raise Net::SSH::Exception
155
+ # if it is not.
156
+ def verify_server_key(key) #:nodoc:
157
+ if key.ssh_type != algorithms.host_key
158
+ raise Net::SSH::Exception,
159
+ "host key algorithm mismatch " +
160
+ "'#{key.ssh_type}' != '#{algorithms.host_key}'"
161
+ end
162
+
163
+ blob, fingerprint = generate_key_fingerprint(key)
164
+
165
+ unless connection.host_key_verifier.verify(:key => key, :key_blob => blob, :fingerprint => fingerprint, :session => connection)
166
+ raise Net::SSH::Exception, "host key verification failed"
167
+ end
168
+ end
169
+
170
+ def generate_key_fingerprint(key)
171
+ blob = Net::SSH::Buffer.from(:key, key).to_s
172
+ fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
173
+
174
+ [blob, fingerprint]
175
+ rescue ::Exception => e
176
+ [nil, "(could not generate fingerprint: #{e.message})"]
177
+ end
178
+
179
+ # Verify the signature that was received. Raise Net::SSH::Exception
180
+ # if the signature could not be verified. Otherwise, return the new
181
+ # session-id.
182
+ def verify_signature(result) #:nodoc:
183
+ response = build_signature_buffer(result)
184
+
185
+ hash = @digester.digest(response.to_s)
186
+
187
+ unless result[:server_key].ssh_do_verify(result[:server_sig], hash)
188
+ raise Net::SSH::Exception, "could not verify server signature"
189
+ end
190
+
191
+ return hash
192
+ end
193
+
194
+ # Send the NEWKEYS message, and expect the NEWKEYS message in
195
+ # reply.
196
+ def confirm_newkeys #:nodoc:
197
+ # send own NEWKEYS message first (the wodSSHServer won't send first)
198
+ response = Net::SSH::Buffer.new
199
+ response.write_byte(NEWKEYS)
200
+ connection.send_message(response)
201
+
202
+ # wait for the server's NEWKEYS message
203
+ buffer = connection.next_message
204
+ raise Net::SSH::Exception, "expected NEWKEYS" unless buffer.type == NEWKEYS
205
+ end
206
+ end
207
+
208
+ end; end; end; end