net-ssh 1.0.10 → 1.1.0

data/lib/net/ssh/errors.rb

@@ -23,5 +23,41 @@ module Net
     # Raised when user authentication failed.
     class AuthenticationFailed < Exception; end
 
+    # Raised when the cached key for a particular host does not match the
+    # key given by the host, which can be indicative of a man-in-the-middle
+    # attack. When rescuing this exception, you can inspect the key fingerprint
+    # and, if you want to proceed anyway, simply call the remember_host!
+    # method on the exception, and then retry.
+    class HostKeyMismatch < Exception
+      attr_writer :callback, :data
+
+      def [](key)
+        @data[key]
+      end
+
+      def fingerprint
+        @data[:fingerprint]
+      end
+
+      def host
+        @data[:peer][:host]
+      end
+
+      def port
+        @data[:peer][:port]
+      end
+
+      def ip
+        @data[:peer][:ip]
+      end
+
+      def key
+        @data[:key]
+      end
+
+      def remember_host!
+        @callback.call
+      end
+    end
   end
 end

data/lib/net/ssh/host-key-verifier.rb

@@ -0,0 +1,108 @@
+require 'net/ssh/errors'
+
+module Net
+  module SSH
+
+    class HostKeyVerifier
+      def verify(arguments)
+        # first, find any matches on hostname+port
+        matches = keys.select do |item|
+            host = item[:host] || arguments[:peer][:host]
+            ip   = item[:ip]   || arguments[:peer][:ip]
+            port = item[:port] || arguments[:peer][:port]
+
+            host == arguments[:peer][:host] &&
+            ip   == arguments[:peer][:ip]   &&
+            port == arguments[:peer][:port]
+          end
+
+        # we've never seen this host before, so just automatically add the key.
+        # not the most secure option (since the first hit might be the one that
+        # is hacked), but since almost nobody actually compares the key
+        # fingerprint, this is a reasonable compromise between usability and
+        # security.
+        if matches.empty?
+          add_key(arguments)
+          return true
+        end
+
+        # If we found any matches, check to see that the key type and
+        # blob also match.
+        found = matches.any? do |item|
+            item[:type] == arguments[:key].ssh_type &&
+            item[:key]  == arguments[:key_blob]
+          end
+
+        # If a match was found, return true. Otherwise, raise an exception
+        # indicating that the key was not recognized.
+        found || process_cache_miss(arguments)
+      end
+
+      private
+
+        def process_cache_miss(args)
+          exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{args[:peer][:host]}")
+          exception.data = args
+          exception.callback = Proc.new { add_key(args) }
+          raise exception
+        end
+
+        def home_directory
+          ENV['HOME'] ||
+            (ENV['HOMEPATH'] && "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}") ||
+            "/"
+        end
+
+        def user_key_file
+          @user_key_file ||= "#{home_directory}/.ssh/known_hosts"
+        end
+
+        def add_key(args)
+          keys << { :host => args[:peer][:host], :port => args[:peer][:port], :ip => args[:peer][:ip], :type => args[:key].ssh_type, :key => args[:key_blob] }
+
+          key_directory = File.dirname(user_key_file)
+          File.mkdir(key_directory, :mode => 0700) if !File.exists?(key_directory)
+
+          File.open(user_key_file, "a") do |f|
+            host = args[:peer][:host]
+            host = "[#{host}]:#{args[:peer][:port]}" if host && args[:peer][:port] != 22
+
+            ip = args[:peer][:ip]
+            ip = nil if ip == "127.0.0.1" || ip == "::1"
+
+            host = [host, ip].compact.join(",")
+            f.puts "%s %s %s" % [host, args[:key].ssh_type, [args[:key_blob]].pack("m*").gsub(/\s/, "")]
+          end
+        end
+
+        def keys
+          @keys ||= begin
+            list = []
+            list.concat(load_keys_from(user_key_file)) if File.exist?(user_key_file)
+            list
+          end
+        end
+
+        def load_keys_from(path)
+          File.readlines(path).map do |line|
+            host, type, key = line.chomp.split
+            host, address = host.split(/,/)
+
+            if address.nil? && host =~ /^\d+\.\d+\.\d+\.\d+$/
+              host, address = address, host
+            end
+
+            if host
+              host, port = host.split(/:/, 2)
+              host = host.gsub(/[\[\]]/, "")
+            end
+
+            key = key.unpack("m*").first
+            
+            { :host => host, :ip => address, :port => port, :type => type, :key => key }
+          end
+        end
+    end
+
+  end
+end

data/lib/net/ssh/lenient-host-key-verifier.rb

@@ -0,0 +1,25 @@
+require 'net/ssh/host-key-verifier'
+
+module Net
+  module SSH
+
+    class LenientHostKeyVerifier < HostKeyVerifier
+      def verify(arguments)
+        return true if tunnelled?(arguments)
+        super
+      end
+
+      private
+
+        # A connection is potentially being tunnelled if the port is not 22,
+        # and the ip refers to the localhost.
+        def tunnelled?(args)
+          return false if args[:peer][:port].to_i == 22
+          
+          ip = args[:peer][:ip]
+          return ip == "127.0.0.1" || ip == "::1"
+        end
+    end
+
+  end
+end

data/lib/net/ssh/null-host-key-verifier.rb

@@ -0,0 +1,14 @@
+module Net
+  module SSH
+
+    # The NullHostKeyVerifier simply allows every key it sees, without
+    # bothering to verify. This mimics the pre-1.1 behavior of Net::SSH, but
+    # is not very secure.
+    class NullHostKeyVerifier
+      def verify(arguments)
+        true
+      end
+    end
+
+  end
+end

data/lib/net/ssh/service/agentforward/driver.rb

@@ -0,0 +1,78 @@
+#--
+# =============================================================================
+# Copyright (c) 2007, Chris Andrews (chris@nodnol.org),
+#   Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+module Net
+  module SSH
+    module Service
+      module AgentForward
+
+        class Driver
+
+          def initialize( connection, buffers, log, agent )
+            @connection = connection
+            @buffers = buffers
+            @log = log
+            @agent = agent
+            @data = ''
+
+            @connection.add_channel_open_handler(
+              "auth-agent@openssh.com", &method(:do_open_channel) )
+          end
+
+          def request
+            @connection.channel_request( 'auth-agent-req@openssh.com' )
+          end
+
+          def do_open_channel( connection, channel, data )
+            channel.on_data &method(:do_data)
+          end
+
+          # handle CHANNEL_DATA packets received on the agent-forward
+          # channel - pass complete received packets to the agent.
+          def do_data( channel, data )
+            @data = @data + data
+            reply = call_agent
+            if reply
+              channel.send_data reply
+              @data = ''
+            end
+          end
+          
+          # Called if we have any data to forward to the
+          # agent. Examines the accumulated data to see if we have a
+          # complete packet, based on the length field (the first four
+          # bytes as a network long).
+          def call_agent
+            # if we have enough data to check the length of this packet
+            if @data.length >= 4
+              packet_length = @data[0..3].unpack('N').first
+              # send the complete packet to the agent and read the
+              # response
+              if @data.length == (4 + packet_length)
+                @agent.send_raw_packet @data
+                buffer = @agent.read_raw_packet
+              end
+            end
+            buffer
+          end
+
+        end
+
+      end # AgentForward
+    end # Service
+  end # SSH
+end # Net

data/lib/net/ssh/service/agentforward/services.rb

@@ -0,0 +1,41 @@
+#--
+# =============================================================================
+# Copyright (c) 2007, Chris Andrews (chris@nodnol.org),
+#   Jamis Buck (jgb3@email.byu.edu)
+# All rights reserved.
+#
+# This source file is distributed as part of the Net::SSH Secure Shell Client
+# library for Ruby. This file (and the library as a whole) may be used only as
+# allowed by either the BSD license, or the Ruby license (or, by association
+# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
+# distribution for the texts of these licenses.
+# -----------------------------------------------------------------------------
+# net-ssh website : http://net-ssh.rubyforge.org
+# project website: http://rubyforge.org/projects/net-ssh
+# =============================================================================
+#++
+
+module Net
+  module SSH
+    module Service
+      module AgentForward
+
+        def register_services( container )
+
+          container.namespace_define :agentforward do |ns|
+            ns.driver :model => :singleton_deferred do |c,p|
+              require 'net/ssh/service/agentforward/driver'
+              Driver.new( c[:connection][:driver],
+                          c[:transport][:buffers],
+                          c[:log_for, p],
+                          c[:userauth].agent)
+            end
+          end
+
+        end
+        module_function :register_services
+
+      end
+    end
+  end
+end

data/lib/net/ssh/service/services.rb

@@ -34,12 +34,14 @@ module Net
           ns.require "net/ssh/service/forward/services", "#{self}::Forward"
           ns.require "net/ssh/service/process/services", "#{self}::Process"
           ns.require "net/ssh/service/shell/services", "#{self}::Shell"
+          ns.require "net/ssh/service/agentforward/services", "#{self}::AgentForward"
         end
 
         # Add the services to the services hash.
         container.services[ :forward ] = container.service.forward.driver
         container.services[ :process ] = container.service.process.driver
         container.services[ :shell ] = container.service.shell.driver
+        container.services[ :agentforward ] = container.service.agentforward.driver
 
         # Register the external services and add them to the collection of
         # known services.

data/lib/net/ssh/session.rb

@@ -82,6 +82,13 @@ module Net
       #   :warn).
       # * :log (the name of the file, or the IO object, to which messages will
       #   be logged. Defaults to STDERR.)
+      # * :forward_agent (true or false, whether or not to forward requests
+      #   for the authentication agent. Defaults to false.)
+      # * :paranoid (either false, in which case server fingerprints are not
+      #   verified, true, in which case they are verified and mismatches result
+      #   in a warning and a prompt, or an object responding to :allow?, which
+      #   will be invoked and should return true or false for whether or not
+      #   to allow the connection. Defaults to true.)
       #
       # Also, any options recognized by Net::SSH::Transport::Session may be
       # given, and will be passed through to initialize the transport session.
@@ -92,6 +99,8 @@ module Net
       # returned (and must be closed explicitly).
       def initialize( *args )
         @open = false
+        @agent_forwarded = false
+
         process_arguments( *args )
 
         @registry.define do |b|
@@ -103,6 +112,8 @@ module Net
           b.userauth_host_keys { @host_keys }
           b.userauth_method_order { @auth_methods }
 
+          b.host_key_verifier { @host_key_verifier }
+
           # Register myself with the registry, so that other services may
           # access me.
           b.session( :pipeline => [] ) { self }
@@ -152,6 +163,17 @@ module Net
         sanity_check
         channel = @connection.open_channel( type, data )
         channel.on_confirm_open(&block)
+
+        # If we have an agent, and agent-forwarding is enabled, set up
+        # the forwarding. Do this once only, after the first channel
+        # is opened.
+        if @forward_agent && @registry[:userauth].agent
+          unless @agent_forwarded
+            agentforward.request
+            @agent_forwarded = true
+          end
+        end
+
         channel
       end
 
@@ -218,7 +240,9 @@ module Net
         @keys = @options[ :keys ]
         @host_keys = @options[ :host_keys ]
         @auth_methods = @options[ :auth_methods ]
+        @forward_agent = @options[ :forward_agent ] || false
         @crypto_backend = @options.fetch( :crypto_backend, :ossl )
+        @host_key_verifier = host_key_verifier_from(@options.fetch(:paranoid, true))
 
         verbose = @options.fetch( :verbose, :warn )
         log = @options.fetch( :log, STDERR )
@@ -238,7 +262,8 @@ module Net
           Needle::Registry.new( @registry_options )
 
         [ :keys, :host_keys, :auth_methods, :username, :password,
-          :crypto_backend, :registry_options, :container, :log, :verbose
+          :crypto_backend, :registry_options, :container, :log, :verbose,
+          :forward_agent, :paranoid
         ].each do |i|
           @options.delete i
         end
@@ -247,6 +272,27 @@ module Net
       end
       private :process_arguments
 
+      def host_key_verifier_from(paranoia)
+        case paranoia
+        when true then
+          require 'net/ssh/lenient-host-key-verifier'
+          Net::SSH::LenientHostKeyVerifier.new
+        when false then
+          require 'net/ssh/null-host-key-verifier'
+          Net::SSH::NullHostKeyVerifier.new
+        when :very then
+          require 'net/ssh/host-key-verifier'
+          Net::SS::HostKeyVerifier.new
+        else
+          if paranoia.respond_to?(:verify)
+            paranoia
+          else
+            raise ArgumentError, "argument to :paranoid is not valid: #{paranoia.inspect}"
+          end
+        end
+      end
+      private :host_key_verifier_from
+
       # Make sure we're in an acceptible state.
       def sanity_check
         raise Net::SSH::Exception, "session not open" unless @open

data/lib/net/ssh/transport/kex/dh.rb

@@ -49,6 +49,9 @@ module Net
           # The reference to the buffer factory to use.
           attr_writer :buffers
 
+          # The reference to the host key verifier to use to verify host keys.
+          attr_writer :host_key_verifier
+
           # Create a new instance of the DiffieHellmanGroup1SHA1 algorithm.
           # The parameters are, respectively, a factory for creating new
           # Bignum instances, and a factory for obtaining digester objects.
@@ -157,8 +160,23 @@ module Net
                 "'#{key.ssh_type}' != '#{session.algorithms.host_key}'"
             end
 
-            # TODO: verify that the server key is really the key for the given
-            # host, probably by having a service that can verify server keys.
+            blob, fingerprint = generate_key_fingerprint(key)
+
+            unless @host_key_verifier.verify(:key => key, :key_blob => blob, :fingerprint => fingerprint, :peer => session.peer)
+              raise Net::SSH::Exception, "host key verification failed"
+            end
+          end
+
+          def generate_key_fingerprint(key)
+            writer = @buffers.writer
+            writer.write_key(key)
+
+            blob = writer.to_s
+            fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
+
+            [blob, fingerprint]
+          rescue ::Exception => e
+            [nil, "(could not generate fingerprint: #{e.message})"]
           end
 
           # Verify the signature that was received. Raise Net::SSH::Exception