net-ssh-net-ssh 2.0.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (105) hide show
  1. data/CHANGELOG.rdoc +137 -0
  2. data/Manifest +104 -0
  3. data/README.rdoc +110 -0
  4. data/Rakefile +79 -0
  5. data/THANKS.rdoc +16 -0
  6. data/lib/net/ssh.rb +215 -0
  7. data/lib/net/ssh/authentication/agent.rb +176 -0
  8. data/lib/net/ssh/authentication/constants.rb +18 -0
  9. data/lib/net/ssh/authentication/key_manager.rb +193 -0
  10. data/lib/net/ssh/authentication/methods/abstract.rb +60 -0
  11. data/lib/net/ssh/authentication/methods/hostbased.rb +71 -0
  12. data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +66 -0
  13. data/lib/net/ssh/authentication/methods/password.rb +39 -0
  14. data/lib/net/ssh/authentication/methods/publickey.rb +92 -0
  15. data/lib/net/ssh/authentication/pageant.rb +183 -0
  16. data/lib/net/ssh/authentication/session.rb +134 -0
  17. data/lib/net/ssh/buffer.rb +340 -0
  18. data/lib/net/ssh/buffered_io.rb +149 -0
  19. data/lib/net/ssh/config.rb +181 -0
  20. data/lib/net/ssh/connection/channel.rb +625 -0
  21. data/lib/net/ssh/connection/constants.rb +33 -0
  22. data/lib/net/ssh/connection/session.rb +596 -0
  23. data/lib/net/ssh/connection/term.rb +178 -0
  24. data/lib/net/ssh/errors.rb +85 -0
  25. data/lib/net/ssh/key_factory.rb +102 -0
  26. data/lib/net/ssh/known_hosts.rb +129 -0
  27. data/lib/net/ssh/loggable.rb +61 -0
  28. data/lib/net/ssh/packet.rb +102 -0
  29. data/lib/net/ssh/prompt.rb +93 -0
  30. data/lib/net/ssh/proxy/errors.rb +14 -0
  31. data/lib/net/ssh/proxy/http.rb +94 -0
  32. data/lib/net/ssh/proxy/socks4.rb +70 -0
  33. data/lib/net/ssh/proxy/socks5.rb +129 -0
  34. data/lib/net/ssh/ruby_compat.rb +7 -0
  35. data/lib/net/ssh/service/forward.rb +267 -0
  36. data/lib/net/ssh/test.rb +89 -0
  37. data/lib/net/ssh/test/channel.rb +129 -0
  38. data/lib/net/ssh/test/extensions.rb +152 -0
  39. data/lib/net/ssh/test/kex.rb +44 -0
  40. data/lib/net/ssh/test/local_packet.rb +51 -0
  41. data/lib/net/ssh/test/packet.rb +81 -0
  42. data/lib/net/ssh/test/remote_packet.rb +38 -0
  43. data/lib/net/ssh/test/script.rb +157 -0
  44. data/lib/net/ssh/test/socket.rb +59 -0
  45. data/lib/net/ssh/transport/algorithms.rb +384 -0
  46. data/lib/net/ssh/transport/cipher_factory.rb +84 -0
  47. data/lib/net/ssh/transport/constants.rb +30 -0
  48. data/lib/net/ssh/transport/hmac.rb +31 -0
  49. data/lib/net/ssh/transport/hmac/abstract.rb +78 -0
  50. data/lib/net/ssh/transport/hmac/md5.rb +12 -0
  51. data/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
  52. data/lib/net/ssh/transport/hmac/none.rb +15 -0
  53. data/lib/net/ssh/transport/hmac/sha1.rb +13 -0
  54. data/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
  55. data/lib/net/ssh/transport/identity_cipher.rb +55 -0
  56. data/lib/net/ssh/transport/kex.rb +13 -0
  57. data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
  58. data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +77 -0
  59. data/lib/net/ssh/transport/openssl.rb +128 -0
  60. data/lib/net/ssh/transport/packet_stream.rb +230 -0
  61. data/lib/net/ssh/transport/server_version.rb +69 -0
  62. data/lib/net/ssh/transport/session.rb +276 -0
  63. data/lib/net/ssh/transport/state.rb +206 -0
  64. data/lib/net/ssh/verifiers/lenient.rb +30 -0
  65. data/lib/net/ssh/verifiers/null.rb +12 -0
  66. data/lib/net/ssh/verifiers/strict.rb +53 -0
  67. data/lib/net/ssh/version.rb +62 -0
  68. data/net-ssh.gemspec +128 -0
  69. data/setup.rb +1585 -0
  70. data/test/authentication/methods/common.rb +28 -0
  71. data/test/authentication/methods/test_abstract.rb +51 -0
  72. data/test/authentication/methods/test_hostbased.rb +114 -0
  73. data/test/authentication/methods/test_keyboard_interactive.rb +98 -0
  74. data/test/authentication/methods/test_password.rb +50 -0
  75. data/test/authentication/methods/test_publickey.rb +127 -0
  76. data/test/authentication/test_agent.rb +205 -0
  77. data/test/authentication/test_key_manager.rb +105 -0
  78. data/test/authentication/test_session.rb +93 -0
  79. data/test/common.rb +106 -0
  80. data/test/configs/eqsign +3 -0
  81. data/test/configs/exact_match +8 -0
  82. data/test/configs/wild_cards +14 -0
  83. data/test/connection/test_channel.rb +452 -0
  84. data/test/connection/test_session.rb +488 -0
  85. data/test/test_all.rb +6 -0
  86. data/test/test_buffer.rb +336 -0
  87. data/test/test_buffered_io.rb +63 -0
  88. data/test/test_config.rb +84 -0
  89. data/test/test_key_factory.rb +67 -0
  90. data/test/transport/hmac/test_md5.rb +39 -0
  91. data/test/transport/hmac/test_md5_96.rb +25 -0
  92. data/test/transport/hmac/test_none.rb +34 -0
  93. data/test/transport/hmac/test_sha1.rb +34 -0
  94. data/test/transport/hmac/test_sha1_96.rb +25 -0
  95. data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +146 -0
  96. data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +92 -0
  97. data/test/transport/test_algorithms.rb +302 -0
  98. data/test/transport/test_cipher_factory.rb +171 -0
  99. data/test/transport/test_hmac.rb +34 -0
  100. data/test/transport/test_identity_cipher.rb +40 -0
  101. data/test/transport/test_packet_stream.rb +435 -0
  102. data/test/transport/test_server_version.rb +68 -0
  103. data/test/transport/test_session.rb +315 -0
  104. data/test/transport/test_state.rb +173 -0
  105. metadata +162 -0
@@ -0,0 +1,30 @@
1
+ module Net; module SSH; module Transport
2
+ module Constants
3
+
4
+ #--
5
+ # Transport layer generic messages
6
+ #++
7
+
8
+ DISCONNECT = 1
9
+ IGNORE = 2
10
+ UNIMPLEMENTED = 3
11
+ DEBUG = 4
12
+ SERVICE_REQUEST = 5
13
+ SERVICE_ACCEPT = 6
14
+
15
+ #--
16
+ # Algorithm negotiation messages
17
+ #++
18
+
19
+ KEXINIT = 20
20
+ NEWKEYS = 21
21
+
22
+ #--
23
+ # Key exchange method specific messages
24
+ #++
25
+
26
+ KEXDH_INIT = 30
27
+ KEXDH_REPLY = 31
28
+
29
+ end
30
+ end; end; end
@@ -0,0 +1,31 @@
1
+ require 'net/ssh/transport/hmac/md5'
2
+ require 'net/ssh/transport/hmac/md5_96'
3
+ require 'net/ssh/transport/hmac/sha1'
4
+ require 'net/ssh/transport/hmac/sha1_96'
5
+ require 'net/ssh/transport/hmac/none'
6
+
7
+ # Implements a simple factory interface for fetching hmac implementations, or
8
+ # for finding the key lengths for hmac implementations.s
9
+ module Net::SSH::Transport::HMAC
10
+ # The mapping of SSH hmac algorithms to their implementations
11
+ MAP = {
12
+ 'hmac-md5' => MD5,
13
+ 'hmac-md5-96' => MD5_96,
14
+ 'hmac-sha1' => SHA1,
15
+ 'hmac-sha1-96' => SHA1_96,
16
+ 'none' => None
17
+ }
18
+
19
+ # Retrieves a new hmac instance of the given SSH type (+name+). If +key+ is
20
+ # given, the new instance will be initialized with that key.
21
+ def self.get(name, key="")
22
+ impl = MAP[name] or raise ArgumentError, "hmac not found: #{name.inspect}"
23
+ impl.new(key)
24
+ end
25
+
26
+ # Retrieves the key length for the hmac of the given SSH type (+name+).
27
+ def self.key_length(name)
28
+ impl = MAP[name] or raise ArgumentError, "hmac not found: #{name.inspect}"
29
+ impl.key_length
30
+ end
31
+ end
@@ -0,0 +1,78 @@
1
+ require 'openssl'
2
+
3
+ module Net; module SSH; module Transport; module HMAC
4
+
5
+ # The base class of all OpenSSL-based HMAC algorithm wrappers.
6
+ class Abstract
7
+
8
+ class <<self
9
+ def key_length(*v)
10
+ @key_length = nil if !defined?(@key_length)
11
+ if v.empty?
12
+ @key_length = superclass.key_length if @key_length.nil? && superclass.respond_to?(:key_length)
13
+ return @key_length
14
+ elsif v.length == 1
15
+ @key_length = v.first
16
+ else
17
+ raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
18
+ end
19
+ end
20
+
21
+ def mac_length(*v)
22
+ @mac_length = nil if !defined?(@mac_length)
23
+ if v.empty?
24
+ @mac_length = superclass.mac_length if @mac_length.nil? && superclass.respond_to?(:mac_length)
25
+ return @mac_length
26
+ elsif v.length == 1
27
+ @mac_length = v.first
28
+ else
29
+ raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
30
+ end
31
+ end
32
+
33
+ def digest_class(*v)
34
+ @digest_class = nil if !defined?(@digest_class)
35
+ if v.empty?
36
+ @digest_class = superclass.digest_class if @digest_class.nil? && superclass.respond_to?(:digest_class)
37
+ return @digest_class
38
+ elsif v.length == 1
39
+ @digest_class = v.first
40
+ else
41
+ raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
42
+ end
43
+ end
44
+ end
45
+
46
+ def key_length
47
+ self.class.key_length
48
+ end
49
+
50
+ def mac_length
51
+ self.class.mac_length
52
+ end
53
+
54
+ def digest_class
55
+ self.class.digest_class
56
+ end
57
+
58
+ # The key in use for this instance.
59
+ attr_reader :key
60
+
61
+ def initialize(key=nil)
62
+ self.key = key
63
+ end
64
+
65
+ # Sets the key to the given value, truncating it so that it is the correct
66
+ # length.
67
+ def key=(value)
68
+ @key = value ? value.to_s[0,key_length] : nil
69
+ end
70
+
71
+ # Compute the HMAC digest for the given data string.
72
+ def digest(data)
73
+ OpenSSL::HMAC.digest(digest_class.new, key, data)[0,mac_length]
74
+ end
75
+
76
+ end
77
+
78
+ end; end; end; end
@@ -0,0 +1,12 @@
1
+ require 'net/ssh/transport/hmac/abstract'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The MD5 HMAC algorithm.
6
+ class MD5 < Abstract
7
+ mac_length 16
8
+ key_length 16
9
+ digest_class OpenSSL::Digest::MD5
10
+ end
11
+
12
+ end
@@ -0,0 +1,11 @@
1
+ require 'net/ssh/transport/hmac/md5'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The MD5-96 HMAC algorithm. This returns only the first 12 bytes of
6
+ # the digest.
7
+ class MD5_96 < MD5
8
+ mac_length 12
9
+ end
10
+
11
+ end
@@ -0,0 +1,15 @@
1
+ require 'net/ssh/transport/hmac/abstract'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The "none" algorithm. This has a key and mac length of 0.
6
+ class None < Abstract
7
+ key_length 0
8
+ mac_length 0
9
+
10
+ def digest(data)
11
+ ""
12
+ end
13
+ end
14
+
15
+ end
@@ -0,0 +1,13 @@
1
+ require 'net/ssh/transport/hmac/abstract'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The SHA1 HMAC algorithm. This has a mac and key length of 20, and
6
+ # uses the SHA1 digest algorithm.
7
+ class SHA1 < Abstract
8
+ mac_length 20
9
+ key_length 20
10
+ digest_class OpenSSL::Digest::SHA1
11
+ end
12
+
13
+ end
@@ -0,0 +1,11 @@
1
+ require 'net/ssh/transport/hmac/sha1'
2
+
3
+ module Net::SSH::Transport::HMAC
4
+
5
+ # The SHA1-96 HMAC algorithm. This returns only the first 12 bytes of
6
+ # the digest.
7
+ class SHA1_96 < SHA1
8
+ mac_length 12
9
+ end
10
+
11
+ end
@@ -0,0 +1,55 @@
1
+ module Net; module SSH; module Transport
2
+
3
+ # A cipher that does nothing but pass the data through, unchanged. This
4
+ # keeps things in the code nice and clean when a cipher has not yet been
5
+ # determined (i.e., during key exchange).
6
+ class IdentityCipher
7
+ class <<self
8
+ # A default block size of 8 is required by the SSH2 protocol.
9
+ def block_size
10
+ 8
11
+ end
12
+
13
+ # Returns an arbitrary integer.
14
+ def iv_len
15
+ 4
16
+ end
17
+
18
+ # Does nothing. Returns self.
19
+ def encrypt
20
+ self
21
+ end
22
+
23
+ # Does nothing. Returns self.
24
+ def decrypt
25
+ self
26
+ end
27
+
28
+ # Passes its single argument through unchanged.
29
+ def update(text)
30
+ text
31
+ end
32
+
33
+ # Returns the empty string.
34
+ def final
35
+ ""
36
+ end
37
+
38
+ # The name of this cipher, which is "identity".
39
+ def name
40
+ "identity"
41
+ end
42
+
43
+ # Does nothing. Returns nil.
44
+ def iv=(v)
45
+ nil
46
+ end
47
+
48
+ # Does nothing. Returns self.
49
+ def reset
50
+ self
51
+ end
52
+ end
53
+ end
54
+
55
+ end; end; end
@@ -0,0 +1,13 @@
1
+ require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
2
+ require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
3
+
4
+ module Net::SSH::Transport
5
+ module Kex
6
+ # Maps the supported key-exchange algorithms as named by the SSH protocol
7
+ # to their corresponding implementors.
8
+ MAP = {
9
+ 'diffie-hellman-group-exchange-sha1' => DiffieHellmanGroupExchangeSHA1,
10
+ 'diffie-hellman-group1-sha1' => DiffieHellmanGroup1SHA1
11
+ }
12
+ end
13
+ end
@@ -0,0 +1,208 @@
1
+ require 'net/ssh/buffer'
2
+ require 'net/ssh/errors'
3
+ require 'net/ssh/loggable'
4
+ require 'net/ssh/transport/openssl'
5
+ require 'net/ssh/transport/constants'
6
+
7
+ module Net; module SSH; module Transport; module Kex
8
+
9
+ # A key-exchange service implementing the "diffie-hellman-group1-sha1"
10
+ # key-exchange algorithm.
11
+ class DiffieHellmanGroup1SHA1
12
+ include Constants, Loggable
13
+
14
+ # The value of 'P', as a string, in hexadecimal
15
+ P_s = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" +
16
+ "C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" +
17
+ "020BBEA6" "3B139B22" "514A0879" "8E3404DD" +
18
+ "EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" +
19
+ "4FE1356D" "6D51C245" "E485B576" "625E7EC6" +
20
+ "F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" +
21
+ "EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" +
22
+ "49286651" "ECE65381" "FFFFFFFF" "FFFFFFFF"
23
+
24
+ # The radix in which P_s represents the value of P
25
+ P_r = 16
26
+
27
+ # The group constant
28
+ G = 2
29
+
30
+ attr_reader :p
31
+ attr_reader :g
32
+ attr_reader :digester
33
+ attr_reader :algorithms
34
+ attr_reader :connection
35
+ attr_reader :data
36
+ attr_reader :dh
37
+
38
+ # Create a new instance of the DiffieHellmanGroup1SHA1 algorithm.
39
+ # The data is a Hash of symbols representing information
40
+ # required by this algorithm, which was acquired during earlier
41
+ # processing.
42
+ def initialize(algorithms, connection, data)
43
+ @p = OpenSSL::BN.new(P_s, P_r)
44
+ @g = G
45
+
46
+ @digester = OpenSSL::Digest::SHA1
47
+ @algorithms = algorithms
48
+ @connection = connection
49
+
50
+ @data = data.dup
51
+ @dh = generate_key
52
+ @logger = @data.delete(:logger)
53
+ end
54
+
55
+ # Perform the key-exchange for the given session, with the given
56
+ # data. This method will return a hash consisting of the
57
+ # following keys:
58
+ #
59
+ # * :session_id
60
+ # * :server_key
61
+ # * :shared_secret
62
+ # * :hashing_algorithm
63
+ #
64
+ # The caller is expected to be able to understand how to use these
65
+ # deliverables.
66
+ def exchange_keys
67
+ result = send_kexinit
68
+ verify_server_key(result[:server_key])
69
+ session_id = verify_signature(result)
70
+ confirm_newkeys
71
+
72
+ return { :session_id => session_id,
73
+ :server_key => result[:server_key],
74
+ :shared_secret => result[:shared_secret],
75
+ :hashing_algorithm => digester }
76
+ end
77
+
78
+ private
79
+
80
+ # Returns the DH key parameters for the current connection.
81
+ def get_parameters
82
+ [p, g]
83
+ end
84
+
85
+ # Returns the INIT/REPLY constants used by this algorithm.
86
+ def get_message_types
87
+ [KEXDH_INIT, KEXDH_REPLY]
88
+ end
89
+
90
+ # Build the signature buffer to use when verifying a signature from
91
+ # the server.
92
+ def build_signature_buffer(result)
93
+ response = Net::SSH::Buffer.new
94
+ response.write_string data[:client_version_string],
95
+ data[:server_version_string],
96
+ data[:client_algorithm_packet],
97
+ data[:server_algorithm_packet],
98
+ result[:key_blob]
99
+ response.write_bignum dh.pub_key,
100
+ result[:server_dh_pubkey],
101
+ result[:shared_secret]
102
+ response
103
+ end
104
+
105
+ # Generate a DH key with a private key consisting of the given
106
+ # number of bytes.
107
+ def generate_key #:nodoc:
108
+ dh = OpenSSL::PKey::DH.new
109
+
110
+ dh.p, dh.g = get_parameters
111
+ dh.priv_key = OpenSSL::BN.rand(data[:need_bytes] * 8)
112
+
113
+ dh.generate_key! until dh.valid?
114
+
115
+ dh
116
+ end
117
+
118
+ # Send the KEXDH_INIT message, and expect the KEXDH_REPLY. Return the
119
+ # resulting buffer.
120
+ #
121
+ # Parse the buffer from a KEXDH_REPLY message, returning a hash of
122
+ # the extracted values.
123
+ def send_kexinit #:nodoc:
124
+ init, reply = get_message_types
125
+
126
+ # send the KEXDH_INIT message
127
+ buffer = Net::SSH::Buffer.from(:byte, init, :bignum, dh.pub_key)
128
+ connection.send_message(buffer)
129
+
130
+ # expect the KEXDH_REPLY message
131
+ buffer = connection.next_message
132
+ raise Net::SSH::Exception, "expected REPLY" unless buffer.type == reply
133
+
134
+ result = Hash.new
135
+
136
+ result[:key_blob] = buffer.read_string
137
+ result[:server_key] = Net::SSH::Buffer.new(result[:key_blob]).read_key
138
+ result[:server_dh_pubkey] = buffer.read_bignum
139
+ result[:shared_secret] = OpenSSL::BN.new(dh.compute_key(result[:server_dh_pubkey]), 2)
140
+
141
+ sig_buffer = Net::SSH::Buffer.new(buffer.read_string)
142
+ sig_type = sig_buffer.read_string
143
+ if sig_type != algorithms.host_key
144
+ raise Net::SSH::Exception,
145
+ "host key algorithm mismatch for signature " +
146
+ "'#{sig_type}' != '#{algorithms.host_key}'"
147
+ end
148
+ result[:server_sig] = sig_buffer.read_string
149
+
150
+ return result
151
+ end
152
+
153
+ # Verify that the given key is of the expected type, and that it
154
+ # really is the key for the session's host. Raise Net::SSH::Exception
155
+ # if it is not.
156
+ def verify_server_key(key) #:nodoc:
157
+ if key.ssh_type != algorithms.host_key
158
+ raise Net::SSH::Exception,
159
+ "host key algorithm mismatch " +
160
+ "'#{key.ssh_type}' != '#{algorithms.host_key}'"
161
+ end
162
+
163
+ blob, fingerprint = generate_key_fingerprint(key)
164
+
165
+ unless connection.host_key_verifier.verify(:key => key, :key_blob => blob, :fingerprint => fingerprint, :session => connection)
166
+ raise Net::SSH::Exception, "host key verification failed"
167
+ end
168
+ end
169
+
170
+ def generate_key_fingerprint(key)
171
+ blob = Net::SSH::Buffer.from(:key, key).to_s
172
+ fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
173
+
174
+ [blob, fingerprint]
175
+ rescue ::Exception => e
176
+ [nil, "(could not generate fingerprint: #{e.message})"]
177
+ end
178
+
179
+ # Verify the signature that was received. Raise Net::SSH::Exception
180
+ # if the signature could not be verified. Otherwise, return the new
181
+ # session-id.
182
+ def verify_signature(result) #:nodoc:
183
+ response = build_signature_buffer(result)
184
+
185
+ hash = @digester.digest(response.to_s)
186
+
187
+ unless result[:server_key].ssh_do_verify(result[:server_sig], hash)
188
+ raise Net::SSH::Exception, "could not verify server signature"
189
+ end
190
+
191
+ return hash
192
+ end
193
+
194
+ # Send the NEWKEYS message, and expect the NEWKEYS message in
195
+ # reply.
196
+ def confirm_newkeys #:nodoc:
197
+ # send own NEWKEYS message first (the wodSSHServer won't send first)
198
+ response = Net::SSH::Buffer.new
199
+ response.write_byte(NEWKEYS)
200
+ connection.send_message(response)
201
+
202
+ # wait for the server's NEWKEYS message
203
+ buffer = connection.next_message
204
+ raise Net::SSH::Exception, "expected NEWKEYS" unless buffer.type == NEWKEYS
205
+ end
206
+ end
207
+
208
+ end; end; end; end