net-ssh-net-ssh 2.0.12 → 2.0.13

data/CHANGELOG.rdoc

@@ -1,12 +1,24 @@
-=== (unreleased)
 
-* Use unbuffered reads when negotiating the protocol version [Steven Hazel]
+
+=== 2.0.13 / 17 Aug 2009
+
+* Added fix for hanging in ServerVersion#negotiate! when using SOCKS5 proxy (GH-9) [Gerald Talton]
+
+* Added support for specifying a list of hosts in .ssh/config, with tests (GH-6) [ckoehler, Delano Mandelbaum]
+
+* Added tests for arcfour128/256/512 lengths, encryption, and decryption [Delano Mandelbaum]
+
+* Skip packet stream tests for arcfour128/256/512 [Delano Mandelbaum]
+
+* Fix for OpenSSL cipher key length because it always returns 16, even when 32 byte keys are required, e.g. for arcfour256 and arcfour512 ciphers [Karl Varga]
 
 
 === 2.0.12 / 08 Jun 2009
 
 * Applied patch for arcfour128 and arcfour256 support [Denis Bernard]
 
+* Use unbuffered reads when negotiating the protocol version [Steven Hazel]
+
 
 === 2.0.11 / 24 Feb 2009
 

data/Manifest

@@ -2,6 +2,7 @@ CHANGELOG.rdoc
 Manifest
 README.rdoc
 Rakefile
+Rudyfile
 THANKS.rdoc
 lib/net/ssh.rb
 lib/net/ssh/authentication/agent.rb
@@ -67,6 +68,7 @@ lib/net/ssh/verifiers/strict.rb
 lib/net/ssh/version.rb
 net-ssh.gemspec
 setup.rb
+support/arcfour_check.rb
 test/authentication/methods/common.rb
 test/authentication/methods/test_abstract.rb
 test/authentication/methods/test_hostbased.rb
@@ -79,6 +81,7 @@ test/authentication/test_session.rb
 test/common.rb
 test/configs/eqsign
 test/configs/exact_match
+test/configs/multihost
 test/configs/wild_cards
 test/connection/test_channel.rb
 test/connection/test_session.rb
@@ -101,4 +104,4 @@ test/transport/test_identity_cipher.rb
 test/transport/test_packet_stream.rb
 test/transport/test_server_version.rb
 test/transport/test_session.rb
-test/transport/test_state.rb
+test/transport/test_state.rb

data/README.rdoc

@@ -80,10 +80,40 @@ Lastly, if you want to run the tests or use any of the Rake tasks, you'll need:
 * Echoe (for the Rakefile)
 * Mocha (for the tests)
 
+
 == INSTALL:
 
 * gem install net-ssh (might need sudo privileges)
 
+
+== ARCFOUR SUPPORT:
+
+from Karl Varga:
+
+Ruby's OpenSSL bindings always return a key length of 16 for RC4 ciphers, which means that when we try to use ARCFOUR256 or higher, Net::SSH generates keys which are consistently too short - 16 bytes as opposed to 32 bytes - resulting in the following error:
+
+    OpenSSL::CipherError: key length too short
+  
+My patch simply instructs Net::SSH to build keys of the the proper length, regardless of the required key length reported by OpenSSL.
+
+You should also be aware that your OpenSSL C libraries may also contain this bug.  I've updated to 0.9.8k, but according to this thread[https://bugzilla.mindrot.org/show_bug.cgi?id=1291], the bug existed as recently as 0.9.8e!  I've manually taken a look at my header files and they look ok, which is what makes me think it's a bug in the Ruby implementation.
+
+To see your OpenSSL version:
+
+    $ openssl version
+    OpenSSL 0.9.8k 25 Mar 2009
+  
+After installing this gem, verify that Net::SSH is generating keys of the correct length by running the script <tt>support/arcfour_check.rb</tt>:
+
+    $ ruby arcfour_support.rb
+    
+which should produce the following:
+
+    arcfour128: [16, 8] OpenSSL::Cipher::Cipher
+    arcfour256: [32, 8] OpenSSL::Cipher::Cipher
+    arcfour512: [64, 8] OpenSSL::Cipher::Cipher
+    
+
 == LICENSE:
 
 (The MIT License)

data/Rakefile

@@ -50,7 +50,7 @@ end
 if @spec.rubyforge_project
   desc 'Publish website to rubyforge'
   task 'publish:rdoc' => 'doc/index.html' do
-    sh "scp -rp doc/* rubyforge.org:/var/www/gforge-projects/#{name}/"
+    sh "scp -rp doc/* rubyforge.org:/var/www/gforge-projects/#{name}/ssh/v2/api/"
   end
 
   desc 'Public release to rubyforge'

data/Rudyfile

@@ -0,0 +1,110 @@
+# Rudyfile
+#
+# This configuration is used to test installing
+# and running net-ssh on a clean machine. 
+#
+# Usage:
+#
+#     $ rudy -vv startup
+#     $ rudy -vv testsuite
+#     $ rudy -vv shutdown
+#
+# Requires: Rudy 0.9 (http://code.google.com/p/rudy/)
+#
+
+defaults do
+  color true
+  environment :test
+  role :netssh
+end
+
+machines do
+  region :'us-east-1' do
+    ami 'ami-e348af8a'               # Alestic Debian 5.0, 32-bit (US)
+  end
+  env :test do
+    role :netssh do
+      user :root
+    end
+  end
+end
+
+commands do
+  allow :apt_get, "apt-get", :y, :q
+  allow :gem_install, "/usr/bin/gem", "install", :n, '/usr/bin', :y, :V, "--no-rdoc", "--no-ri"
+  allow :gem_sources, "/usr/bin/gem", "sources"
+  allow :gem_uninstall, "/usr/bin/gem", "uninstall", :V
+  allow :update_rubygems
+  allow :rm
+end
+
+routines do
+  
+  testsuite do
+    before :sysupdate, :installdeps, :install_gem
+    
+    remote :root do
+      directory_upload 'test', '/tmp/'
+      cd '/tmp'
+      ruby :I, 'lib/', :I, 'test/', :r, 'rubygems', 'test/test_all.rb'
+    end
+    
+    after :install_rubyforge, :install_github
+  end
+    
+  install_rubyforge do
+    remote :root do
+      gem_install 'net-ssh', '--version', '2.0.7'
+      gem_install 'net-ssh'
+    end
+  end
+
+  install_github do
+    remote :root do
+      gem_sources :a, "http://gems.github.com"
+      gem_install 'net-ssh-net-ssh'
+    end
+  end
+  
+  install_gem do
+    before :package_gem
+    remote :root do
+      disable_safe_mode
+      file_upload "pkg/net-ssh-*.gem", "/tmp/"
+      gem_install "/tmp/net-ssh-*.gem"
+    end
+  end
+  
+  package_gem do
+    local do
+      rm :r, :f, 'pkg'
+      rake 'package'
+    end
+  end
+  
+  remove do
+    remote :root do
+      gem_uninstall 'net-ssh'
+    end
+  end
+  
+  installdeps do
+    remote :root do
+      gem_install "rye", "test-unit", "mocha"
+      rye 'authorize-local'
+    end
+  end
+  
+  sysupdate do
+    remote :root do                  
+      apt_get "update"               
+      apt_get "install", "build-essential", "git-core"
+      apt_get "install", "ruby1.8-dev", "rdoc", "libzlib-ruby", "rubygems"
+      mkdir :p, "/var/lib/gems/1.8/bin" # Doesn't get created, but causes Rubygems to fail
+      gem_install "builder", "session"
+      gem_install 'rubygems-update', "-v=1.3.4"  # circular issue with 1.3.5 and hoe
+      update_rubygems
+    end
+  end
+end
+

data/lib/net/ssh/config.rb

@@ -57,11 +57,12 @@ module Net; module SSH
       def load(file, host, settings={})
         file = File.expand_path(file)
         return settings unless File.readable?(file)
-
-        in_match = false
+        
+        matched_host = nil
+        multi_host = []
         IO.foreach(file) do |line|
           next if line =~ /^\s*(?:#.*)?$/
-
+          
           if line =~ /^\s*(\S+)\s*=(.*)$/
             key, value = $1, $2
           else
@@ -82,8 +83,11 @@ module Net; module SSH
             end
 
           if key == 'host'
-            in_match = (host =~ pattern2regex(value))
-          elsif in_match
+            # Support "Host host1,host2,hostN".
+            # See http://github.com/net-ssh/net-ssh/issues#issue/6
+            multi_host = value.split(/,\s+/)
+            matched_host = multi_host.select { |h| host =~ pattern2regex(h) }.first
+          elsif !matched_host.nil?
             if key == 'identityfile'
               settings[key] ||= []
               settings[key] << value
@@ -92,7 +96,7 @@ module Net; module SSH
             end
           end
         end
-
+        
         return settings
       end
 

data/lib/net/ssh/proxy/socks5.rb

@@ -94,11 +94,24 @@ module Net
 
           packet << [port].pack("n")
           socket.send packet, 0
-
-          version, reply, = socket.recv(4).unpack("C*")
-          len = socket.recv(1).getbyte(0)
-          socket.recv(len + 2)
-
+          
+          version, reply, = socket.recv(2).unpack("C*")
+          socket.recv(1)
+          address_type = socket.recv(1).getbyte(0)
+          case address_type
+          when 1
+            socket.recv(4)  # get four bytes for IPv4 address
+          when 3
+            len = socket.recv(1).getbyte(0)
+            hostname = socket.recv(len)
+          when 4
+            ipv6addr hostname = socket.recv(16)
+          else
+            socket.close
+            raise ConnectionError, "Illegal response type"
+          end
+          portnum = socket.recv(2)
+          
           unless reply == SUCCESS
             socket.close
             raise ConnectError, "#{reply}"

data/lib/net/ssh/transport/cipher_factory.rb

@@ -17,9 +17,18 @@ module Net; module SSH; module Transport
       "rijndael-cbc@lysator.liu.se" => "aes-256-cbc",
       "arcfour128"                  => "rc4",
       "arcfour256"                  => "rc4",
+      "arcfour512"                  => "rc4",
       "none"                        => "none"
     }
-
+    
+    # Ruby's OpenSSL bindings always return a key length of 16 for RC4 ciphers
+    # resulting in the error: OpenSSL::CipherError: key length too short. 
+    # The following ciphers will override this key length. 
+    KEY_LEN_OVERRIDE = {
+      "arcfour256"                  => 32,
+      "arcfour512"                  => 64
+    }
+    
     # Returns true if the underlying OpenSSL library supports the given cipher,
     # and false otherwise.
     def self.supported?(name)
@@ -42,8 +51,9 @@ module Net; module SSH; module Transport
 
       cipher.padding = 0
       cipher.iv      = make_key(cipher.iv_len, options[:iv], options) if ossl_name != "rc4"
-      cipher.key_len = 32 if name == "arcfour256"
-      cipher.key     = make_key(cipher.key_len, options[:key], options)
+      key_len = KEY_LEN_OVERRIDE[name] || cipher.key_len
+      cipher.key_len = key_len
+      cipher.key     = make_key(key_len, options[:key], options)
       cipher.update(" " * 1536) if ossl_name == "rc4"
 
       return cipher
@@ -58,7 +68,10 @@ module Net; module SSH; module Transport
       return [0, 0] if ossl_name.nil? || ossl_name == "none"
 
       cipher = OpenSSL::Cipher::Cipher.new(ossl_name)
-      return [cipher.key_len, ossl_name=="rc4" ? 8 : cipher.block_size]
+      key_len = KEY_LEN_OVERRIDE[name] || cipher.key_len
+      cipher.key_len = key_len
+      
+      return [key_len, ossl_name=="rc4" ? 8 : cipher.block_size]
     end
 
     private
@@ -66,10 +79,10 @@ module Net; module SSH; module Transport
       # Generate a key value in accordance with the SSH2 specification.
       def self.make_key(bytes, start, options={})
         k = start[0, bytes]
-
-        digester = options[:digester]
-        shared   = options[:shared]
-        hash     = options[:hash]
+        
+        digester = options[:digester] or raise 'No digester supplied'
+        shared   = options[:shared] or raise 'No shared secret supplied'
+        hash     = options[:hash] or raise 'No hash supplied'
 
         while k.length < bytes
           step = digester.digest(shared + hash + k)

data/lib/net/ssh/transport/server_version.rb

@@ -44,6 +44,7 @@ module Net; module SSH; module Transport
           @version = ""
           loop do
             b = socket.recv(1)
+            
             if b.nil?
               raise Net::SSH::Disconnect, "connection closed by remote host"
             end

data/lib/net/ssh/version.rb

@@ -51,7 +51,7 @@ module Net; module SSH
     MINOR = 0
 
     # The tiny component of this version of the Net::SSH library
-    TINY  = 12
+    TINY  = 13
 
     # The current version of the Net::SSH library as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/net-ssh.gemspec

@@ -1,18 +1,18 @@
 @spec = Gem::Specification.new do |s|
 	s.name = "net-ssh"
   s.rubyforge_project = 'net-ssh'
-	s.version = "2.0.12"
+	s.version = "2.0.13"
 	s.summary = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
 	s.description = s.summary
-	s.author = "Jamis Buck"
+	s.authors = ["Jamis Buck", "Delano Mandelbaum"]
 	s.email = "net-ssh@solutious.com"
-	s.homepage = "http://github.com/net-ssh/net-ssh"
+	s.homepage = "http://rubyforge.org/projects/net-ssh/"
   
   s.extra_rdoc_files = %w[README.rdoc THANKS.rdoc CHANGELOG.rdoc]
   s.has_rdoc = true
   s.rdoc_options = ["--line-numbers", "--title", s.summary, "--main", "README.rdoc"]
   s.require_paths = %w[lib]
-  s.rubygems_version = '1.1.1'
+  s.rubygems_version = '1.3.2'
   
   s.executables = %w[]
   
@@ -22,6 +22,7 @@
   Manifest
   README.rdoc
   Rakefile
+  Rudyfile
   THANKS.rdoc
   lib/net/ssh.rb
   lib/net/ssh/authentication/agent.rb
@@ -87,6 +88,7 @@
   lib/net/ssh/version.rb
   net-ssh.gemspec
   setup.rb
+  support/arcfour_check.rb
   test/authentication/methods/common.rb
   test/authentication/methods/test_abstract.rb
   test/authentication/methods/test_hostbased.rb
@@ -99,6 +101,7 @@
   test/common.rb
   test/configs/eqsign
   test/configs/exact_match
+  test/configs/multihost
   test/configs/wild_cards
   test/connection/test_channel.rb
   test/connection/test_session.rb

data/support/arcfour_check.rb

@@ -0,0 +1,20 @@
+
+require 'net/ssh'
+
+# ARCFOUR CHECK 
+# 
+# Usage:
+#     $ ruby support/arcfour_check.rb
+#
+# Expected Output:
+#     arcfour128: [16, 8] OpenSSL::Cipher::Cipher
+#     arcfour256: [32, 8] OpenSSL::Cipher::Cipher
+#     arcfour512: [64, 8] OpenSSL::Cipher::Cipher
+
+[['arcfour128', 16], ['arcfour256', 32], ['arcfour512', 64]].each do |cipher|
+  print "#{cipher[0]}: "
+  a = Net::SSH::Transport::CipherFactory.get_lengths(cipher[0])
+  b = Net::SSH::Transport::CipherFactory.get(cipher[0], :key => ([].fill('x', 0, cipher[1]).join))
+  puts "#{a} #{b.class}"
+end
+

data/test/common.rb

@@ -1,4 +1,5 @@
 $LOAD_PATH.unshift "#{File.dirname(__FILE__)}/../lib"
+gem "test-unit" # http://rubyforge.org/pipermail/test-unit-tracker/2009-July/000075.html
 require 'test/unit'
 require 'mocha'
 require 'net/ssh/buffer'

data/test/configs/multihost

@@ -0,0 +1,4 @@
+Host other.host, test.host
+  Compression yes
+  Port 1980
+  RekeyLimit 2G

data/test/test_all.rb

@@ -1,3 +1,5 @@
+#     $ ruby -Ilib -Itest -rrubygems test/test_all.rb
+#     $ ruby -Ilib -Itest -rrubygems test/transport/test_server_version.rb
 Dir.chdir(File.dirname(__FILE__)) do
   test_files = Dir['**/test_*.rb']
   test_files = test_files.select { |f| f =~ Regexp.new(ENV['ONLY']) } if ENV['ONLY']

data/test/test_config.rb

@@ -37,7 +37,22 @@ class TestConfig < Test::Unit::TestCase
     assert_equal %w(~/.ssh/id_dsa), config[:keys]
     assert !config.key?(:rekey_limit)
   end
-
+  
+  def test_load_with_multiple_hosts
+    config = Net::SSH::Config.load(config(:multihost), "test.host")
+    assert config['compression']
+    assert_equal '2G', config['rekeylimit']
+    assert_equal 1980, config['port']
+  end
+  
+  def test_load_with_multiple_hosts_and_config_should_match_for_both
+    aconfig = Net::SSH::Config.load(config(:multihost), "test.host")
+    bconfig = Net::SSH::Config.load(config(:multihost), "other.host")
+    assert_equal aconfig['port'], bconfig['port']
+    assert_equal aconfig['compression'], bconfig['compression']
+    assert_equal aconfig['rekeylimit'], bconfig['rekeylimit']
+  end
+  
   def test_load_should_parse_equal_sign_delimiters
     config = Net::SSH::Config.load(config(:eqsign), "test.test")
     assert config['compression']

data/test/transport/test_cipher_factory.rb

@@ -47,6 +47,18 @@ module Transport
       assert_equal [32,16], factory.get_lengths("aes256-cbc")
     end
 
+    def test_lengths_for_arcfour128
+      assert_equal [16,8], factory.get_lengths("arcfour128")
+    end
+    
+    def test_lengths_for_arcfour256
+      assert_equal [32,8], factory.get_lengths("arcfour256")
+    end
+    
+    def test_lengths_for_arcfour512
+      assert_equal [64,8], factory.get_lengths("arcfour512")
+    end
+    
     BLOWFISH = "\210\021\200\315\240_\026$\352\204g\233\244\242x\332e\370\001\327\224Nv@9_\323\037\252kb\037\036\237\375]\343/y\037\237\312Q\f7]\347Y\005\275%\377\0010$G\272\250B\265Nd\375\342\372\025r6}+Y\213y\n\237\267\\\374^\346BdJ$\353\220Ik\023<\236&H\277=\225"
 
     def test_blowfish_cbc_for_encryption
@@ -128,7 +140,37 @@ module Transport
     def test_aes256_cbc_for_decryption
       assert_equal TEXT, decrypt("aes256-cbc", AES256)
     end
+    
+    ARCFOUR128 = "\n\x90\xED*\xD4\xBE\xCBg5\xA5\a\xEC]\x97\xB7L\x06)6\x12FL\x90@\xF4Sqxqh\r\x11\x1Aq \xC8\xE6v\xC6\x12\xD9<A\xDAZ\xFE\x7F\x88\x19f.\x06\xA7\xFE:\xFF\x93\x9B\x8D\xA0\\\x9E\xCA\x03\x15\xE1\xE2\f\xC0\b\xA2C\xE1\xBD\xB6\x13D\xD1\xB4'g\x89\xDC\xEB\f\x19Z)U"
+
+    def test_arcfour128_for_encryption
+      assert_equal ARCFOUR128, encrypt("arcfour128")
+    end
+    
+    def test_arcfour128_for_decryption
+      assert_equal TEXT, decrypt("arcfour128", ARCFOUR128)
+    end
+    
+    ARCFOUR256 = "|g\xCCw\xF5\xC1y\xEB\xF0\v\xF7\x83\x14\x03\xC8\xAB\xE8\xC2\xFCY\xDC,\xB8\xD4dVa\x8B\x18%\xA4S\x00\xE0at\x86\xE8\xA6W\xAB\xD2\x9D\xA8\xDE[g\aZy.\xFB\xFC\x82c\x04h\f\xBFYq\xB7U\x80\x0EG\x91\x88\xDF\xA3\xA2\xFA(\xEC\xDB\xA4\xE7\xFE)\x12u\xAF\x0EZ\xA0\xBA\x97\n\xFC"
 
+    def test_arcfour256_for_encryption
+      assert_equal ARCFOUR256, encrypt("arcfour256")
+    end
+    
+    def test_arcfour256_for_decryption
+      assert_equal TEXT, decrypt("arcfour256", ARCFOUR256)
+    end
+    
+    ARCFOUR512 = "|8\"v\xE7\xE3\b\xA8\x19\x9Aa\xB6Vv\x00\x11\x8A$C\xB6xE\xEF\xF1j\x90\xA8\xFA\x10\xE4\xA1b8\xF6\x04\xF2+\xC0\xD1(8\xEBT]\xB0\xF3/\xD9\xE0@\x83\a\x93\x9D\xCA\x04RXS\xB7A\x0Fj\x94\bE\xEB\x84j\xB4\xDF\nU\xF7\x83o\n\xE8\xF9\x01{jH\xEE\xCDQym\x9E"
+
+    def test_arcfour512_for_encryption
+      assert_equal ARCFOUR512, encrypt("arcfour512")
+    end
+    
+    def test_arcfour512_for_decryption
+      assert_equal TEXT, decrypt("arcfour512", ARCFOUR512)
+    end
+    
     def test_none_for_encryption
       assert_equal TEXT, encrypt("none").strip
     end
@@ -136,7 +178,7 @@ module Transport
     def test_none_for_decryption
       assert_equal TEXT, decrypt("none", TEXT)
     end
-
+    
     private
 
       TEXT = "But soft! What light through yonder window breaks? It is the east, and Juliet is the sun!"

data/test/transport/test_packet_stream.rb

@@ -371,12 +371,18 @@ module Transport
 
     ciphers.each do |cipher_name|
       next unless Net::SSH::Transport::CipherFactory.supported?(cipher_name)
-
+      
+      # TODO: How are the expected packets generated?
+      if cipher_name =~ /arcfour/
+        puts "Skipping packet stream test for #{cipher_name}"
+        next 
+      end
+      
       hmacs.each do |hmac_name|
         [false, :standard].each do |compress|
           cipher_method_name = cipher_name.gsub(/\W/, "_")
           hmac_method_name   = hmac_name.gsub(/\W/, "_")
-
+          
           define_method("test_next_packet_with_#{cipher_method_name}_and_#{hmac_method_name}_and_#{compress}_compression") do
             cipher = Net::SSH::Transport::CipherFactory.get(cipher_name, :key => "ABC", :iv => "abc", :shared => "123", :digester => OpenSSL::Digest::SHA1, :hash => "^&*", :decrypt => true)
             hmac  = Net::SSH::Transport::HMAC.get(hmac_name, "{}|")

metadata

@@ -1,10 +1,11 @@
 --- !ruby/object:Gem::Specification 
 name: net-ssh-net-ssh
 version: !ruby/object:Gem::Version 
-  version: 2.0.12
+  version: 2.0.13
 platform: ruby
 authors: 
 - Jamis Buck
+- Delano Mandelbaum
 autorequire: 
 bindir: bin
 cert_chain: []
@@ -28,6 +29,7 @@ files:
 - Manifest
 - README.rdoc
 - Rakefile
+- Rudyfile
 - THANKS.rdoc
 - lib/net/ssh.rb
 - lib/net/ssh/authentication/agent.rb
@@ -93,6 +95,7 @@ files:
 - lib/net/ssh/version.rb
 - net-ssh.gemspec
 - setup.rb
+- support/arcfour_check.rb
 - test/authentication/methods/common.rb
 - test/authentication/methods/test_abstract.rb
 - test/authentication/methods/test_hostbased.rb
@@ -105,6 +108,7 @@ files:
 - test/common.rb
 - test/configs/eqsign
 - test/configs/exact_match
+- test/configs/multihost
 - test/configs/wild_cards
 - test/connection/test_channel.rb
 - test/connection/test_session.rb
@@ -129,7 +133,8 @@ files:
 - test/transport/test_session.rb
 - test/transport/test_state.rb
 has_rdoc: true
-homepage: http://github.com/net-ssh/net-ssh
+homepage: http://rubyforge.org/projects/net-ssh/
+licenses: 
 post_install_message: 
 rdoc_options: 
 - --line-numbers
@@ -154,7 +159,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: net-ssh
-rubygems_version: 1.2.0
+rubygems_version: 1.3.5
 signing_key: 
 specification_version: 2
 summary: "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."