net-ssh 1.1.4 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.rdoc +37 -0
- data/Manifest +101 -0
- data/README.rdoc +110 -0
- data/Rakefile +26 -0
- data/{THANKS → THANKS.rdoc} +2 -5
- data/lib/net/ssh.rb +189 -57
- data/lib/net/ssh/authentication/agent.rb +175 -0
- data/lib/net/ssh/authentication/constants.rb +18 -0
- data/lib/net/ssh/authentication/key_manager.rb +166 -0
- data/lib/net/ssh/authentication/methods/abstract.rb +60 -0
- data/lib/net/ssh/authentication/methods/hostbased.rb +71 -0
- data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +66 -0
- data/lib/net/ssh/authentication/methods/password.rb +39 -0
- data/lib/net/ssh/authentication/methods/publickey.rb +92 -0
- data/lib/net/ssh/authentication/pageant.rb +176 -0
- data/lib/net/ssh/authentication/session.rb +116 -0
- data/lib/net/ssh/buffer.rb +339 -0
- data/lib/net/ssh/buffered_io.rb +149 -0
- data/lib/net/ssh/config.rb +173 -0
- data/lib/net/ssh/connection/channel.rb +575 -454
- data/lib/net/ssh/connection/constants.rb +31 -45
- data/lib/net/ssh/connection/session.rb +569 -0
- data/lib/net/ssh/connection/term.rb +176 -88
- data/lib/net/ssh/errors.rb +83 -61
- data/lib/net/ssh/key_factory.rb +85 -0
- data/lib/net/ssh/known_hosts.rb +129 -0
- data/lib/net/ssh/loggable.rb +61 -0
- data/lib/net/ssh/packet.rb +102 -0
- data/lib/net/ssh/prompt.rb +93 -0
- data/lib/net/ssh/proxy/errors.rb +8 -28
- data/lib/net/ssh/proxy/http.rb +75 -107
- data/lib/net/ssh/proxy/socks4.rb +35 -48
- data/lib/net/ssh/proxy/socks5.rb +76 -108
- data/lib/net/ssh/service/forward.rb +267 -0
- data/lib/net/ssh/test.rb +89 -0
- data/lib/net/ssh/test/channel.rb +129 -0
- data/lib/net/ssh/test/extensions.rb +152 -0
- data/lib/net/ssh/test/kex.rb +44 -0
- data/lib/net/ssh/test/local_packet.rb +51 -0
- data/lib/net/ssh/test/packet.rb +81 -0
- data/lib/net/ssh/test/remote_packet.rb +38 -0
- data/lib/net/ssh/test/script.rb +157 -0
- data/lib/net/ssh/test/socket.rb +59 -0
- data/lib/net/ssh/transport/algorithms.rb +384 -0
- data/lib/net/ssh/transport/cipher_factory.rb +72 -0
- data/lib/net/ssh/transport/constants.rb +22 -58
- data/lib/net/ssh/transport/hmac.rb +31 -0
- data/lib/net/ssh/transport/hmac/abstract.rb +48 -0
- data/lib/net/ssh/transport/hmac/md5.rb +12 -0
- data/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
- data/lib/net/ssh/transport/hmac/none.rb +15 -0
- data/lib/net/ssh/transport/hmac/sha1.rb +13 -0
- data/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
- data/lib/net/ssh/transport/identity_cipher.rb +40 -0
- data/lib/net/ssh/transport/kex.rb +13 -0
- data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
- data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +77 -0
- data/lib/net/ssh/{util → transport}/openssl.rb +22 -40
- data/lib/net/ssh/transport/packet_stream.rb +230 -0
- data/lib/net/ssh/transport/server_version.rb +61 -0
- data/lib/net/ssh/transport/session.rb +225 -303
- data/lib/net/ssh/transport/state.rb +170 -0
- data/lib/net/ssh/verifiers/lenient.rb +30 -0
- data/lib/net/ssh/verifiers/null.rb +12 -0
- data/lib/net/ssh/verifiers/strict.rb +53 -0
- data/lib/net/ssh/version.rb +57 -26
- data/net-ssh.gemspec +54 -0
- data/setup.rb +1585 -0
- data/test/authentication/methods/common.rb +28 -0
- data/test/authentication/methods/test_abstract.rb +51 -0
- data/test/authentication/methods/test_hostbased.rb +108 -0
- data/test/authentication/methods/test_keyboard_interactive.rb +98 -0
- data/test/authentication/methods/test_password.rb +50 -0
- data/test/authentication/methods/test_publickey.rb +123 -0
- data/test/authentication/test_agent.rb +205 -0
- data/test/authentication/test_key_manager.rb +100 -0
- data/test/authentication/test_session.rb +93 -0
- data/test/common.rb +106 -0
- data/test/configs/exact_match +8 -0
- data/test/configs/wild_cards +14 -0
- data/test/connection/test_channel.rb +452 -0
- data/test/connection/test_session.rb +483 -0
- data/test/test_all.rb +6 -0
- data/test/test_buffer.rb +336 -0
- data/test/test_buffered_io.rb +63 -0
- data/test/test_config.rb +78 -0
- data/test/test_key_factory.rb +67 -0
- data/test/transport/hmac/test_md5.rb +34 -0
- data/test/transport/hmac/test_md5_96.rb +25 -0
- data/test/transport/hmac/test_none.rb +34 -0
- data/test/transport/hmac/test_sha1.rb +34 -0
- data/test/transport/hmac/test_sha1_96.rb +25 -0
- data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +146 -0
- data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +92 -0
- data/test/transport/test_algorithms.rb +302 -0
- data/test/transport/test_cipher_factory.rb +163 -0
- data/test/transport/test_hmac.rb +34 -0
- data/test/transport/test_identity_cipher.rb +40 -0
- data/test/transport/test_packet_stream.rb +433 -0
- data/test/transport/test_server_version.rb +55 -0
- data/test/transport/test_session.rb +312 -0
- data/test/transport/test_state.rb +173 -0
- metadata +102 -253
- data/ChangeLog +0 -560
- data/LICENSE +0 -7
- data/NEWS +0 -152
- data/README +0 -14
- data/bin/rb-keygen +0 -210
- data/doc/LICENSE-BSD +0 -27
- data/doc/LICENSE-GPL +0 -280
- data/doc/LICENSE-RUBY +0 -56
- data/doc/manual-html/chapter-1.html +0 -388
- data/doc/manual-html/chapter-2.html +0 -552
- data/doc/manual-html/chapter-3.html +0 -470
- data/doc/manual-html/chapter-4.html +0 -413
- data/doc/manual-html/chapter-5.html +0 -525
- data/doc/manual-html/chapter-6.html +0 -456
- data/doc/manual-html/chapter-7.html +0 -343
- data/doc/manual-html/index.html +0 -235
- data/doc/manual-html/stylesheets/manual.css +0 -270
- data/doc/manual-html/stylesheets/ruby.css +0 -17
- data/doc/manual/chapter.erb +0 -38
- data/doc/manual/example.erb +0 -18
- data/doc/manual/index.erb +0 -29
- data/doc/manual/manual.rb +0 -311
- data/doc/manual/manual.yml +0 -73
- data/doc/manual/page.erb +0 -87
- data/doc/manual/parts/0000.txt +0 -5
- data/doc/manual/parts/0001.txt +0 -3
- data/doc/manual/parts/0002.txt +0 -40
- data/doc/manual/parts/0003.txt +0 -6
- data/doc/manual/parts/0004.txt +0 -7
- data/doc/manual/parts/0005.txt +0 -1
- data/doc/manual/parts/0006.txt +0 -49
- data/doc/manual/parts/0007.txt +0 -67
- data/doc/manual/parts/0008.txt +0 -43
- data/doc/manual/parts/0009.txt +0 -14
- data/doc/manual/parts/0010.txt +0 -7
- data/doc/manual/parts/0011.txt +0 -14
- data/doc/manual/parts/0012.txt +0 -3
- data/doc/manual/parts/0013.txt +0 -20
- data/doc/manual/parts/0014.txt +0 -32
- data/doc/manual/parts/0015.txt +0 -14
- data/doc/manual/parts/0016.txt +0 -28
- data/doc/manual/parts/0017.txt +0 -50
- data/doc/manual/parts/0018.txt +0 -35
- data/doc/manual/parts/0019.txt +0 -7
- data/doc/manual/parts/0020.txt +0 -72
- data/doc/manual/parts/0021.txt +0 -50
- data/doc/manual/parts/0022.txt +0 -42
- data/doc/manual/parts/0023.txt +0 -51
- data/doc/manual/parts/0024.txt +0 -18
- data/doc/manual/parts/0025.txt +0 -18
- data/doc/manual/parts/0026.txt +0 -15
- data/doc/manual/parts/0027.txt +0 -37
- data/doc/manual/parts/0028.txt +0 -16
- data/doc/manual/parts/0029.txt +0 -1
- data/doc/manual/parts/0030.txt +0 -52
- data/doc/manual/parts/0031.txt +0 -25
- data/doc/manual/stylesheets/manual.css +0 -270
- data/doc/manual/stylesheets/ruby.css +0 -17
- data/doc/manual/tutorial.erb +0 -30
- data/examples/auth-forward.rb +0 -41
- data/examples/channel-demo.rb +0 -81
- data/examples/port-forward.rb +0 -51
- data/examples/process-demo.rb +0 -91
- data/examples/remote-net-port-forward.rb +0 -45
- data/examples/remote-port-forward.rb +0 -80
- data/examples/shell-demo.rb +0 -46
- data/examples/ssh-client.rb +0 -67
- data/examples/sync-shell-demo.rb +0 -69
- data/examples/tail-demo.rb +0 -49
- data/lib/net/ssh/connection/driver.rb +0 -446
- data/lib/net/ssh/connection/services.rb +0 -72
- data/lib/net/ssh/host-key-verifier.rb +0 -52
- data/lib/net/ssh/known-hosts.rb +0 -96
- data/lib/net/ssh/lenient-host-key-verifier.rb +0 -25
- data/lib/net/ssh/null-host-key-verifier.rb +0 -14
- data/lib/net/ssh/service/agentforward/driver.rb +0 -78
- data/lib/net/ssh/service/agentforward/services.rb +0 -41
- data/lib/net/ssh/service/forward/driver.rb +0 -319
- data/lib/net/ssh/service/forward/local-network-handler.rb +0 -71
- data/lib/net/ssh/service/forward/remote-network-handler.rb +0 -83
- data/lib/net/ssh/service/forward/services.rb +0 -76
- data/lib/net/ssh/service/process/driver.rb +0 -153
- data/lib/net/ssh/service/process/open.rb +0 -193
- data/lib/net/ssh/service/process/popen3.rb +0 -178
- data/lib/net/ssh/service/process/services.rb +0 -66
- data/lib/net/ssh/service/services.rb +0 -60
- data/lib/net/ssh/service/shell/driver.rb +0 -86
- data/lib/net/ssh/service/shell/services.rb +0 -54
- data/lib/net/ssh/service/shell/shell.rb +0 -222
- data/lib/net/ssh/service/shell/sync.rb +0 -114
- data/lib/net/ssh/session.rb +0 -305
- data/lib/net/ssh/transport/algorithm-negotiator.rb +0 -275
- data/lib/net/ssh/transport/compress/compressor.rb +0 -53
- data/lib/net/ssh/transport/compress/decompressor.rb +0 -53
- data/lib/net/ssh/transport/compress/none-compressor.rb +0 -39
- data/lib/net/ssh/transport/compress/none-decompressor.rb +0 -39
- data/lib/net/ssh/transport/compress/services.rb +0 -68
- data/lib/net/ssh/transport/compress/zlib-compressor.rb +0 -60
- data/lib/net/ssh/transport/compress/zlib-decompressor.rb +0 -52
- data/lib/net/ssh/transport/errors.rb +0 -47
- data/lib/net/ssh/transport/identity-cipher.rb +0 -61
- data/lib/net/ssh/transport/kex/dh-gex.rb +0 -106
- data/lib/net/ssh/transport/kex/dh.rb +0 -249
- data/lib/net/ssh/transport/kex/services.rb +0 -62
- data/lib/net/ssh/transport/ossl/buffer-factory.rb +0 -52
- data/lib/net/ssh/transport/ossl/buffer.rb +0 -87
- data/lib/net/ssh/transport/ossl/cipher-factory.rb +0 -98
- data/lib/net/ssh/transport/ossl/digest-factory.rb +0 -51
- data/lib/net/ssh/transport/ossl/hmac-factory.rb +0 -71
- data/lib/net/ssh/transport/ossl/hmac/hmac.rb +0 -62
- data/lib/net/ssh/transport/ossl/hmac/md5-96.rb +0 -44
- data/lib/net/ssh/transport/ossl/hmac/md5.rb +0 -46
- data/lib/net/ssh/transport/ossl/hmac/none.rb +0 -46
- data/lib/net/ssh/transport/ossl/hmac/services.rb +0 -68
- data/lib/net/ssh/transport/ossl/hmac/sha1-96.rb +0 -44
- data/lib/net/ssh/transport/ossl/hmac/sha1.rb +0 -45
- data/lib/net/ssh/transport/ossl/key-factory.rb +0 -116
- data/lib/net/ssh/transport/ossl/services.rb +0 -149
- data/lib/net/ssh/transport/packet-stream.rb +0 -236
- data/lib/net/ssh/transport/services.rb +0 -146
- data/lib/net/ssh/transport/version-negotiator.rb +0 -73
- data/lib/net/ssh/userauth/agent.rb +0 -222
- data/lib/net/ssh/userauth/constants.rb +0 -35
- data/lib/net/ssh/userauth/driver.rb +0 -183
- data/lib/net/ssh/userauth/methods/hostbased.rb +0 -119
- data/lib/net/ssh/userauth/methods/keyboard-interactive.rb +0 -104
- data/lib/net/ssh/userauth/methods/password.rb +0 -70
- data/lib/net/ssh/userauth/methods/publickey.rb +0 -137
- data/lib/net/ssh/userauth/methods/services.rb +0 -90
- data/lib/net/ssh/userauth/pageant.rb +0 -197
- data/lib/net/ssh/userauth/services.rb +0 -141
- data/lib/net/ssh/userauth/userkeys.rb +0 -258
- data/lib/net/ssh/util/buffer.rb +0 -274
- data/lib/net/ssh/util/prompter.rb +0 -73
- data/test/ALL-TESTS.rb +0 -18
- data/test/connection/tc_channel.rb +0 -136
- data/test/connection/tc_driver.rb +0 -287
- data/test/connection/tc_integration.rb +0 -87
- data/test/proxy/tc_http.rb +0 -209
- data/test/proxy/tc_socks4.rb +0 -148
- data/test/proxy/tc_socks5.rb +0 -214
- data/test/service/agentforward/tc_driver.rb +0 -138
- data/test/service/forward/tc_driver.rb +0 -289
- data/test/service/forward/tc_local_network_handler.rb +0 -123
- data/test/service/forward/tc_remote_network_handler.rb +0 -111
- data/test/service/process/tc_driver.rb +0 -79
- data/test/service/process/tc_integration.rb +0 -119
- data/test/service/process/tc_open.rb +0 -179
- data/test/service/process/tc_popen3.rb +0 -164
- data/test/tc_integration.rb +0 -80
- data/test/transport/compress/tc_none_compress.rb +0 -41
- data/test/transport/compress/tc_none_decompress.rb +0 -45
- data/test/transport/compress/tc_zlib_compress.rb +0 -61
- data/test/transport/compress/tc_zlib_decompress.rb +0 -48
- data/test/transport/kex/tc_dh.rb +0 -312
- data/test/transport/kex/tc_dh_gex.rb +0 -71
- data/test/transport/ossl/fixtures/dsa-encrypted +0 -15
- data/test/transport/ossl/fixtures/dsa-encrypted-bad +0 -15
- data/test/transport/ossl/fixtures/dsa-unencrypted +0 -12
- data/test/transport/ossl/fixtures/dsa-unencrypted-bad +0 -12
- data/test/transport/ossl/fixtures/dsa-unencrypted.pub +0 -1
- data/test/transport/ossl/fixtures/not-a-private-key +0 -4
- data/test/transport/ossl/fixtures/not-supported +0 -2
- data/test/transport/ossl/fixtures/rsa-encrypted +0 -18
- data/test/transport/ossl/fixtures/rsa-encrypted-bad +0 -18
- data/test/transport/ossl/fixtures/rsa-unencrypted +0 -15
- data/test/transport/ossl/fixtures/rsa-unencrypted-bad +0 -15
- data/test/transport/ossl/fixtures/rsa-unencrypted.pub +0 -1
- data/test/transport/ossl/hmac/tc_hmac.rb +0 -58
- data/test/transport/ossl/hmac/tc_md5.rb +0 -50
- data/test/transport/ossl/hmac/tc_md5_96.rb +0 -50
- data/test/transport/ossl/hmac/tc_none.rb +0 -50
- data/test/transport/ossl/hmac/tc_sha1.rb +0 -50
- data/test/transport/ossl/hmac/tc_sha1_96.rb +0 -50
- data/test/transport/ossl/tc_buffer.rb +0 -97
- data/test/transport/ossl/tc_buffer_factory.rb +0 -67
- data/test/transport/ossl/tc_cipher_factory.rb +0 -84
- data/test/transport/ossl/tc_digest_factory.rb +0 -39
- data/test/transport/ossl/tc_hmac_factory.rb +0 -72
- data/test/transport/ossl/tc_key_factory.rb +0 -199
- data/test/transport/tc_algorithm_negotiator.rb +0 -170
- data/test/transport/tc_identity_cipher.rb +0 -52
- data/test/transport/tc_integration.rb +0 -115
- data/test/transport/tc_packet_stream.rb +0 -184
- data/test/transport/tc_session.rb +0 -296
- data/test/transport/tc_version_negotiator.rb +0 -86
- data/test/userauth/methods/tc_hostbased.rb +0 -136
- data/test/userauth/methods/tc_password.rb +0 -89
- data/test/userauth/methods/tc_publickey.rb +0 -167
- data/test/userauth/tc_agent.rb +0 -223
- data/test/userauth/tc_driver.rb +0 -190
- data/test/userauth/tc_integration.rb +0 -97
- data/test/userauth/tc_userkeys.rb +0 -265
- data/test/util/tc_buffer.rb +0 -217
data/lib/net/ssh/proxy/socks4.rb
CHANGED
@@ -1,19 +1,3 @@
|
|
1
|
-
#--
|
2
|
-
# =============================================================================
|
3
|
-
# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
|
4
|
-
# All rights reserved.
|
5
|
-
#
|
6
|
-
# This source file is distributed as part of the Net::SSH Secure Shell Client
|
7
|
-
# library for Ruby. This file (and the library as a whole) may be used only as
|
8
|
-
# allowed by either the BSD license, or the Ruby license (or, by association
|
9
|
-
# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
|
10
|
-
# distribution for the texts of these licenses.
|
11
|
-
# -----------------------------------------------------------------------------
|
12
|
-
# net-ssh website : http://net-ssh.rubyforge.org
|
13
|
-
# project website: http://rubyforge.org/projects/net-ssh
|
14
|
-
# =============================================================================
|
15
|
-
#++
|
16
|
-
|
17
1
|
require 'socket'
|
18
2
|
require 'resolv'
|
19
3
|
require 'ipaddr'
|
@@ -23,25 +7,39 @@ module Net
|
|
23
7
|
module SSH
|
24
8
|
module Proxy
|
25
9
|
|
26
|
-
# An implementation of a
|
27
|
-
#
|
28
|
-
#
|
29
|
-
#
|
10
|
+
# An implementation of a SOCKS4 proxy. To use it, instantiate it, then
|
11
|
+
# pass the instantiated object via the :proxy key to Net::SSH.start:
|
12
|
+
#
|
13
|
+
# require 'net/ssh/proxy/socks4'
|
14
|
+
#
|
15
|
+
# proxy = Net::SSH::Proxy::SOCKS4.new('proxy.host', proxy_port, :user => 'user')
|
16
|
+
# Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
|
17
|
+
# ...
|
18
|
+
# end
|
30
19
|
class SOCKS4
|
31
20
|
|
32
|
-
|
21
|
+
# The SOCKS protocol version used by this class
|
22
|
+
VERSION = 4
|
23
|
+
|
24
|
+
# The packet type for connection requests
|
25
|
+
CONNECT = 1
|
26
|
+
|
27
|
+
# The status code for a successful connection
|
28
|
+
GRANTED = 90
|
29
|
+
|
30
|
+
# The proxy's host name or IP address, as given to the constructor.
|
31
|
+
attr_reader :proxy_host
|
33
32
|
|
34
|
-
|
33
|
+
# The proxy's port number.
|
34
|
+
attr_reader :proxy_port
|
35
35
|
|
36
|
-
|
37
|
-
|
38
|
-
SOCKS_IDENTD_REJECT = 92
|
39
|
-
SOCKS_IDENTD_BAD = 93
|
36
|
+
# The additional options that were given to the proxy's constructor.
|
37
|
+
attr_reader :options
|
40
38
|
|
41
39
|
# Create a new proxy connection to the given proxy host and port.
|
42
|
-
# Optionally, a
|
40
|
+
# Optionally, a :user key may be given to identify the username
|
43
41
|
# with which to authenticate.
|
44
|
-
def initialize(
|
42
|
+
def initialize(proxy_host, proxy_port=1080, options={})
|
45
43
|
@proxy_host = proxy_host
|
46
44
|
@proxy_port = proxy_port
|
47
45
|
@options = options
|
@@ -49,32 +47,21 @@ module Net
|
|
49
47
|
|
50
48
|
# Return a new socket connected to the given host and port via the
|
51
49
|
# proxy that was requested when the socket factory was instantiated.
|
52
|
-
def open(
|
53
|
-
|
54
|
-
|
55
|
-
ip_addr = IPAddr.new( Resolv.getaddress( host ) )
|
50
|
+
def open(host, port)
|
51
|
+
socket = TCPSocket.new(proxy_host, proxy_port)
|
52
|
+
ip_addr = IPAddr.new(Resolv.getaddress(host))
|
56
53
|
|
57
|
-
packet = [
|
58
|
-
|
59
|
-
proxy_user, 0 ].pack( "CCnNA*C" )
|
60
|
-
sock.send packet, 0
|
54
|
+
packet = [VERSION, CONNECT, port.to_i, ip_addr.to_i, options[:user]].pack("CCnNZ*")
|
55
|
+
socket.send packet, 0
|
61
56
|
|
62
|
-
version, status, port, ip =
|
63
|
-
if status !=
|
64
|
-
|
57
|
+
version, status, port, ip = socket.recv(8).unpack("CCnN")
|
58
|
+
if status != GRANTED
|
59
|
+
socket.close
|
65
60
|
raise ConnectError, "error connecting to proxy (#{status})"
|
66
61
|
end
|
67
62
|
|
68
|
-
return
|
69
|
-
end
|
70
|
-
|
71
|
-
def proxy_user
|
72
|
-
return @options[ :user ] if @options[ :user ]
|
73
|
-
return ENV['SOCKS_USER'] if ENV['SOCKS_USER']
|
74
|
-
return ENV['CONNECT_USER'] if ENV['CONNECT_USER']
|
75
|
-
return nil
|
63
|
+
return socket
|
76
64
|
end
|
77
|
-
private :proxy_user
|
78
65
|
|
79
66
|
end
|
80
67
|
|
data/lib/net/ssh/proxy/socks5.rb
CHANGED
@@ -1,19 +1,3 @@
|
|
1
|
-
#--
|
2
|
-
# =============================================================================
|
3
|
-
# Copyright (c) 2004,2005 Jamis Buck (jamis@37signals.com)
|
4
|
-
# All rights reserved.
|
5
|
-
#
|
6
|
-
# This source file is distributed as part of the Net::SSH Secure Shell Client
|
7
|
-
# library for Ruby. This file (and the library as a whole) may be used only as
|
8
|
-
# allowed by either the BSD license, or the Ruby license (or, by association
|
9
|
-
# with the Ruby license, the GPL). See the "doc" subdirectory of the Net::SSH
|
10
|
-
# distribution for the texts of these licenses.
|
11
|
-
# -----------------------------------------------------------------------------
|
12
|
-
# net-ssh website : http://net-ssh.rubyforge.org
|
13
|
-
# project website: http://rubyforge.org/projects/net-ssh
|
14
|
-
# =============================================================================
|
15
|
-
#++
|
16
|
-
|
17
1
|
require 'socket'
|
18
2
|
require 'net/ssh/proxy/errors'
|
19
3
|
|
@@ -21,41 +5,55 @@ module Net
|
|
21
5
|
module SSH
|
22
6
|
module Proxy
|
23
7
|
|
24
|
-
# An implementation of a
|
25
|
-
#
|
26
|
-
#
|
27
|
-
#
|
28
|
-
#
|
8
|
+
# An implementation of a SOCKS5 proxy. To use it, instantiate it, then
|
9
|
+
# pass the instantiated object via the :proxy key to Net::SSH.start:
|
10
|
+
#
|
11
|
+
# require 'net/ssh/proxy/socks5'
|
12
|
+
#
|
13
|
+
# proxy = Net::SSH::Proxy::SOCKS5.new('proxy.host', proxy_port,
|
14
|
+
# :user => 'user', :password => "password")
|
15
|
+
# Net::SSH.start('host', 'user', :proxy => proxy) do |ssh|
|
16
|
+
# ...
|
17
|
+
# end
|
29
18
|
class SOCKS5
|
19
|
+
# The SOCKS protocol version used by this class
|
20
|
+
VERSION = 5
|
21
|
+
|
22
|
+
# The SOCKS authentication type for requests without authentication
|
23
|
+
METHOD_NO_AUTH = 0
|
24
|
+
|
25
|
+
# The SOCKS authentication type for requests via username/password
|
26
|
+
METHOD_PASSWD = 2
|
27
|
+
|
28
|
+
# The SOCKS authentication type for when there are no supported
|
29
|
+
# authentication methods.
|
30
|
+
METHOD_NONE = 0xFF
|
31
|
+
|
32
|
+
# The SOCKS packet type for requesting a proxy connection.
|
33
|
+
CMD_CONNECT = 1
|
34
|
+
|
35
|
+
# The SOCKS address type for connections via IP address.
|
36
|
+
ATYP_IPV4 = 1
|
30
37
|
|
31
|
-
|
38
|
+
# The SOCKS address type for connections via domain name.
|
39
|
+
ATYP_DOMAIN = 3
|
32
40
|
|
33
|
-
|
34
|
-
|
35
|
-
SOCKS_METHOD_PASSWD = 2
|
41
|
+
# The SOCKS response code for a successful operation.
|
42
|
+
SUCCESS = 0
|
36
43
|
|
37
|
-
|
38
|
-
|
39
|
-
SOCKS_CMD_CONNECT = 1
|
44
|
+
# The proxy's host name or IP address
|
45
|
+
attr_reader :proxy_host
|
40
46
|
|
41
|
-
|
42
|
-
|
43
|
-
SOCKS_ATYP_IPV6 = 4
|
47
|
+
# The proxy's port number
|
48
|
+
attr_reader :proxy_port
|
44
49
|
|
45
|
-
|
46
|
-
|
47
|
-
SOCKS_NOT_ALLOWED = 2
|
48
|
-
SOCKS_NETWORK_UNREACHABLE = 3
|
49
|
-
SOCKS_HOST_UNREACHABLE = 4
|
50
|
-
SOCKS_REFUSED = 5
|
51
|
-
SOCKS_TTL_EXPIRED = 6
|
52
|
-
SOCKS_CMD_NOT_SUPPORTED = 7
|
53
|
-
SOCKS_ADDR_NOT_SUPPORTED = 8
|
50
|
+
# The map of options given at initialization
|
51
|
+
attr_reader :options
|
54
52
|
|
55
53
|
# Create a new proxy connection to the given proxy host and port.
|
56
|
-
# Optionally,
|
54
|
+
# Optionally, :user and :password options may be given to
|
57
55
|
# identify the username and password with which to authenticate.
|
58
|
-
def initialize(
|
56
|
+
def initialize(proxy_host, proxy_port=1080, options={})
|
59
57
|
@proxy_host = proxy_host
|
60
58
|
@proxy_port = proxy_port
|
61
59
|
@options = options
|
@@ -63,96 +61,66 @@ module Net
|
|
63
61
|
|
64
62
|
# Return a new socket connected to the given host and port via the
|
65
63
|
# proxy that was requested when the socket factory was instantiated.
|
66
|
-
def open(
|
67
|
-
|
64
|
+
def open(host, port)
|
65
|
+
socket = TCPSocket.new(proxy_host, proxy_port)
|
68
66
|
|
69
|
-
methods = [
|
70
|
-
methods <<
|
67
|
+
methods = [METHOD_NO_AUTH]
|
68
|
+
methods << METHOD_PASSWD if options[:user]
|
71
69
|
|
72
|
-
packet = [
|
73
|
-
|
70
|
+
packet = [VERSION, methods.size, *methods].pack("C*")
|
71
|
+
socket.send packet, 0
|
74
72
|
|
75
|
-
version, method =
|
76
|
-
if version !=
|
77
|
-
|
78
|
-
raise Net::SSH::Proxy::Error,
|
79
|
-
"invalid SOCKS version (#{version})"
|
73
|
+
version, method = socket.recv(2).unpack("CC")
|
74
|
+
if version != VERSION
|
75
|
+
socket.close
|
76
|
+
raise Net::SSH::Proxy::Error, "invalid SOCKS version (#{version})"
|
80
77
|
end
|
81
78
|
|
82
|
-
if method ==
|
83
|
-
|
84
|
-
raise Net::SSH::Proxy::Error,
|
85
|
-
"no supported authorization methods"
|
79
|
+
if method == METHOD_NONE
|
80
|
+
socket.close
|
81
|
+
raise Net::SSH::Proxy::Error, "no supported authorization methods"
|
86
82
|
end
|
87
83
|
|
88
|
-
|
89
|
-
when SOCKS_METHOD_NO_AUTH
|
90
|
-
# no method-dependent subnegotiation required
|
91
|
-
|
92
|
-
when SOCKS_METHOD_PASSWD
|
93
|
-
negotiate_password( sock )
|
94
|
-
end
|
84
|
+
negotiate_password(socket) if method == METHOD_PASSWD
|
95
85
|
|
96
|
-
packet = [
|
86
|
+
packet = [VERSION, CMD_CONNECT, 0].pack("C*")
|
97
87
|
|
98
88
|
if host =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/
|
99
|
-
packet << [
|
100
|
-
$3.to_i, $4.to_i ].pack( "C*" )
|
89
|
+
packet << [ATYP_IPV4, $1.to_i, $2.to_i, $3.to_i, $4.to_i].pack("C*")
|
101
90
|
else
|
102
|
-
packet << [
|
91
|
+
packet << [ATYP_DOMAIN, host.length, host].pack("CCA*")
|
103
92
|
end
|
104
93
|
|
105
|
-
packet << [
|
106
|
-
|
94
|
+
packet << [port].pack("n")
|
95
|
+
socket.send packet, 0
|
107
96
|
|
108
|
-
version, reply, =
|
109
|
-
len =
|
110
|
-
|
97
|
+
version, reply, = socket.recv(4).unpack("C*")
|
98
|
+
len = socket.recv(1)[0]
|
99
|
+
socket.recv(len + 2)
|
111
100
|
|
112
|
-
unless reply ==
|
113
|
-
|
101
|
+
unless reply == SUCCESS
|
102
|
+
socket.close
|
114
103
|
raise ConnectError, "#{reply}"
|
115
104
|
end
|
116
105
|
|
117
|
-
return
|
106
|
+
return socket
|
118
107
|
end
|
119
108
|
|
120
|
-
|
121
|
-
def negotiate_password( socket )
|
122
|
-
user = proxy_user
|
123
|
-
passwd = proxy_password
|
124
|
-
|
125
|
-
packet = [ 0x01,
|
126
|
-
user.length, user,
|
127
|
-
passwd.length, passwd ].pack( "CCA*CA*" )
|
109
|
+
private
|
128
110
|
|
129
|
-
|
111
|
+
# Simple username/password negotiation with the SOCKS5 server.
|
112
|
+
def negotiate_password(socket)
|
113
|
+
packet = [0x01, options[:user].length, options[:user],
|
114
|
+
options[:password].length, options[:password]].pack("CCA*CA*")
|
115
|
+
socket.send packet, 0
|
130
116
|
|
131
|
-
|
117
|
+
version, status = socket.recv(2).unpack("CC")
|
132
118
|
|
133
|
-
|
134
|
-
|
135
|
-
|
119
|
+
if status != SUCCESS
|
120
|
+
socket.close
|
121
|
+
raise UnauthorizedError, "could not authorize user"
|
122
|
+
end
|
136
123
|
end
|
137
|
-
end
|
138
|
-
private :negotiate_password
|
139
|
-
|
140
|
-
def proxy_user
|
141
|
-
return @options[ :user ] if @options[ :user ]
|
142
|
-
return ENV['SOCKS_USER'] if ENV['SOCKS_USER']
|
143
|
-
return ENV['CONNECT_USER'] if ENV['CONNECT_USER']
|
144
|
-
return nil
|
145
|
-
end
|
146
|
-
private :proxy_user
|
147
|
-
|
148
|
-
def proxy_password
|
149
|
-
return @options[ :password ] if @options[ :password ]
|
150
|
-
return ENV['SOCKS_PASSWORD'] if ENV['SOCKS_PASSWORD']
|
151
|
-
return ENV['CONNECT_PASSWORD'] if ENV['CONNECT_PASSWORD']
|
152
|
-
return ""
|
153
|
-
end
|
154
|
-
private :proxy_password
|
155
|
-
|
156
124
|
end
|
157
125
|
|
158
126
|
end
|
@@ -0,0 +1,267 @@
|
|
1
|
+
require 'net/ssh/loggable'
|
2
|
+
|
3
|
+
module Net; module SSH; module Service
|
4
|
+
|
5
|
+
# This class implements various port forwarding services for use by
|
6
|
+
# Net::SSH clients. The Forward class should never need to be instantiated
|
7
|
+
# directly; instead, it should be accessed via the singleton instance
|
8
|
+
# returned by Connection::Session#forward:
|
9
|
+
#
|
10
|
+
# ssh.forward.local(1234, "www.capify.org", 80)
|
11
|
+
class Forward
|
12
|
+
include Loggable
|
13
|
+
|
14
|
+
# The underlying connection service instance that the port-forwarding
|
15
|
+
# services employ.
|
16
|
+
attr_reader :session
|
17
|
+
|
18
|
+
# A simple class for representing a requested remote forwarded port.
|
19
|
+
Remote = Struct.new(:host, :port) #:nodoc:
|
20
|
+
|
21
|
+
# Instantiates a new Forward service instance atop the given connection
|
22
|
+
# service session. This will register new channel open handlers to handle
|
23
|
+
# the specialized channels that the SSH port forwarding protocols employ.
|
24
|
+
def initialize(session)
|
25
|
+
@session = session
|
26
|
+
self.logger = session.logger
|
27
|
+
@remote_forwarded_ports = {}
|
28
|
+
@local_forwarded_ports = {}
|
29
|
+
@agent_forwarded = false
|
30
|
+
|
31
|
+
session.on_open_channel('forwarded-tcpip', &method(:forwarded_tcpip))
|
32
|
+
session.on_open_channel('auth-agent', &method(:auth_agent_channel))
|
33
|
+
session.on_open_channel('auth-agent@openssh.com', &method(:auth_agent_channel))
|
34
|
+
end
|
35
|
+
|
36
|
+
# Starts listening for connections on the local host, and forwards them
|
37
|
+
# to the specified remote host/port via the SSH connection. This method
|
38
|
+
# accepts either three or four arguments. When four arguments are given,
|
39
|
+
# they are:
|
40
|
+
#
|
41
|
+
# * the local address to bind to
|
42
|
+
# * the local port to listen on
|
43
|
+
# * the remote host to forward connections to
|
44
|
+
# * the port on the remote host to connect to
|
45
|
+
#
|
46
|
+
# If three arguments are given, it is as if the local bind address is
|
47
|
+
# "127.0.0.1", and the rest are applied as above.
|
48
|
+
#
|
49
|
+
# ssh.forward.local(1234, "www.capify.org", 80)
|
50
|
+
# ssh.forward.local("0.0.0.0", 1234, "www.capify.org", 80)
|
51
|
+
def local(*args)
|
52
|
+
if args.length < 3 || args.length > 4
|
53
|
+
raise ArgumentError, "expected 3 or 4 parameters, got #{args.length}"
|
54
|
+
end
|
55
|
+
|
56
|
+
bind_address = "127.0.0.1"
|
57
|
+
bind_address = args.shift if args.first.is_a?(String) && args.first =~ /\D/
|
58
|
+
|
59
|
+
local_port = args.shift.to_i
|
60
|
+
remote_host = args.shift
|
61
|
+
remote_port = args.shift.to_i
|
62
|
+
|
63
|
+
socket = TCPServer.new(bind_address, local_port)
|
64
|
+
|
65
|
+
@local_forwarded_ports[[local_port, bind_address]] = socket
|
66
|
+
|
67
|
+
session.listen_to(socket) do |socket|
|
68
|
+
client = socket.accept
|
69
|
+
debug { "received connection on #{bind_address}:#{local_port}" }
|
70
|
+
|
71
|
+
channel = session.open_channel("direct-tcpip", :string, remote_host, :long, remote_port, :string, bind_address, :long, local_port) do |channel|
|
72
|
+
channel.info { "direct channel established" }
|
73
|
+
end
|
74
|
+
|
75
|
+
prepare_client(client, channel, :local)
|
76
|
+
|
77
|
+
channel.on_open_failed do |ch, code, description|
|
78
|
+
channel.error { "could not establish direct channel: #{description} (#{code})" }
|
79
|
+
channel[:socket].close
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
# Terminates an active local forwarded port. If no such forwarded port
|
85
|
+
# exists, this will raise an exception. Otherwise, the forwarded connection
|
86
|
+
# is terminated.
|
87
|
+
#
|
88
|
+
# ssh.forward.cancel_local(1234)
|
89
|
+
# ssh.forward.cancel_local(1234, "0.0.0.0")
|
90
|
+
def cancel_local(port, bind_address="127.0.0.1")
|
91
|
+
socket = @local_forwarded_ports.delete([port, bind_address])
|
92
|
+
socket.shutdown rescue nil
|
93
|
+
socket.close rescue nil
|
94
|
+
session.stop_listening_to(socket)
|
95
|
+
end
|
96
|
+
|
97
|
+
# Returns a list of all active locally forwarded ports. The returned value
|
98
|
+
# is an array of arrays, where each element is a two-element tuple
|
99
|
+
# consisting of the local port and bind address corresponding to the
|
100
|
+
# forwarding port.
|
101
|
+
def active_locals
|
102
|
+
@local_forwarded_ports.keys
|
103
|
+
end
|
104
|
+
|
105
|
+
# Requests that all connections on the given remote-port be forwarded via
|
106
|
+
# the local host to the given port/host. The last argument describes the
|
107
|
+
# bind address on the remote host, and defaults to 127.0.0.1.
|
108
|
+
#
|
109
|
+
# This method will return immediately, but the port will not actually be
|
110
|
+
# forwarded immediately. If the remote server is not able to begin the
|
111
|
+
# listener for this request, an exception will be raised asynchronously.
|
112
|
+
#
|
113
|
+
# If you want to know when the connection is active, it will show up in the
|
114
|
+
# #active_remotes list. If you want to block until the port is active, you
|
115
|
+
# could do something like this:
|
116
|
+
#
|
117
|
+
# ssh.forward.remote(80, "www.google.com", 1234, "0.0.0.0")
|
118
|
+
# ssh.loop { !ssh.forward.active_remotes.include?([1234, "0.0.0.0"]) }
|
119
|
+
def remote(port, host, remote_port, remote_host="127.0.0.1")
|
120
|
+
session.send_global_request("tcpip-forward", :string, remote_host, :long, remote_port) do |success, response|
|
121
|
+
if success
|
122
|
+
debug { "remote forward from remote #{remote_host}:#{remote_port} to #{host}:#{port} established" }
|
123
|
+
@remote_forwarded_ports[[remote_port, remote_host]] = Remote.new(host, port)
|
124
|
+
else
|
125
|
+
error { "remote forwarding request failed" }
|
126
|
+
raise Net::SSH::Exception, "remote forwarding request failed"
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
# an alias, for token backwards compatibility with the 1.x API
|
132
|
+
alias :remote_to :remote
|
133
|
+
|
134
|
+
# Requests that a remote forwarded port be cancelled. The remote forwarded
|
135
|
+
# port on the remote host, bound to the given address on the remote host,
|
136
|
+
# will be terminated, but not immediately. This method returns immediately
|
137
|
+
# after queueing the request to be sent to the server. If for some reason
|
138
|
+
# the port cannot be cancelled, an exception will be raised (asynchronously).
|
139
|
+
#
|
140
|
+
# If you want to know when the connection has been cancelled, it will no
|
141
|
+
# longer be present in the #active_remotes list. If you want to block until
|
142
|
+
# the port is no longer active, you could do something like this:
|
143
|
+
#
|
144
|
+
# ssh.forward.cancel_remote(1234, "0.0.0.0")
|
145
|
+
# ssh.loop { ssh.forward.active_remotes.include?([1234, "0.0.0.0"]) }
|
146
|
+
def cancel_remote(port, host="127.0.0.1")
|
147
|
+
session.send_global_request("cancel-tcpip-forward", :string, host, :long, port) do |success, response|
|
148
|
+
if success
|
149
|
+
@remote_forwarded_ports.delete([port, host])
|
150
|
+
else
|
151
|
+
raise Net::SSH::Exception, "could not cancel remote forward request on #{host}:#{port}"
|
152
|
+
end
|
153
|
+
end
|
154
|
+
end
|
155
|
+
|
156
|
+
# Returns all active forwarded remote ports. The returned value is an
|
157
|
+
# array of two-element tuples, where the first element is the port on the
|
158
|
+
# remote host and the second is the bind address.
|
159
|
+
def active_remotes
|
160
|
+
@remote_forwarded_ports.keys
|
161
|
+
end
|
162
|
+
|
163
|
+
# Enables SSH agent forwarding on the given channel. The forwarded agent
|
164
|
+
# will remain active even after the channel closes--the channel is only
|
165
|
+
# used as the transport for enabling the forwarded connection. You should
|
166
|
+
# never need to call this directly--it is called automatically the first
|
167
|
+
# time a session channel is opened, when the connection was created with
|
168
|
+
# :forward_agent set to true:
|
169
|
+
#
|
170
|
+
# Net::SSH.start("remote.host", "me", :forwrd_agent => true) do |ssh|
|
171
|
+
# ssh.open_channel do |ch|
|
172
|
+
# # agent will be automatically forwarded by this point
|
173
|
+
# end
|
174
|
+
# ssh.loop
|
175
|
+
# end
|
176
|
+
def agent(channel)
|
177
|
+
return if @agent_forwarded
|
178
|
+
@agent_forwarded = true
|
179
|
+
|
180
|
+
channel.send_channel_request("auth-agent-req@openssh.com") do |channel, success|
|
181
|
+
if success
|
182
|
+
debug { "authentication agent forwarding is active" }
|
183
|
+
else
|
184
|
+
channel.send_channel_request("auth-agent-req") do |channel, success|
|
185
|
+
if success
|
186
|
+
debug { "authentication agent forwarding is active" }
|
187
|
+
else
|
188
|
+
error { "could not establish forwarding of authentication agent" }
|
189
|
+
end
|
190
|
+
end
|
191
|
+
end
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
private
|
196
|
+
|
197
|
+
# Perform setup operations that are common to all forwarded channels.
|
198
|
+
# +client+ is a socket, +channel+ is the channel that was just created,
|
199
|
+
# and +type+ is an arbitrary string describing the type of the channel.
|
200
|
+
def prepare_client(client, channel, type)
|
201
|
+
client.extend(Net::SSH::BufferedIo)
|
202
|
+
client.logger = logger
|
203
|
+
|
204
|
+
session.listen_to(client)
|
205
|
+
channel[:socket] = client
|
206
|
+
|
207
|
+
channel.on_data do |ch, data|
|
208
|
+
ch[:socket].enqueue(data)
|
209
|
+
end
|
210
|
+
|
211
|
+
channel.on_close do |ch|
|
212
|
+
debug { "closing #{type} forwarded channel" }
|
213
|
+
ch[:socket].close if !client.closed?
|
214
|
+
session.stop_listening_to(ch[:socket])
|
215
|
+
end
|
216
|
+
|
217
|
+
channel.on_process do |ch|
|
218
|
+
if ch[:socket].closed?
|
219
|
+
ch.info { "#{type} forwarded connection closed" }
|
220
|
+
ch.close
|
221
|
+
elsif ch[:socket].available > 0
|
222
|
+
data = ch[:socket].read_available(8192)
|
223
|
+
ch.debug { "read #{data.length} bytes from client, sending over #{type} forwarded connection" }
|
224
|
+
ch.send_data(data)
|
225
|
+
end
|
226
|
+
end
|
227
|
+
end
|
228
|
+
|
229
|
+
# The callback used when a new "forwarded-tcpip" channel is requested
|
230
|
+
# by the server. This will open a new socket to the host/port specified
|
231
|
+
# when the forwarded connection was first requested.
|
232
|
+
def forwarded_tcpip(session, channel, packet)
|
233
|
+
connected_address = packet.read_string
|
234
|
+
connected_port = packet.read_long
|
235
|
+
originator_address = packet.read_string
|
236
|
+
originator_port = packet.read_long
|
237
|
+
|
238
|
+
remote = @remote_forwarded_ports[[connected_port, connected_address]]
|
239
|
+
|
240
|
+
if remote.nil?
|
241
|
+
raise Net::SSH::ChannelOpenFailed.new(1, "unknown request from remote forwarded connection on #{connected_address}:#{connected_port}")
|
242
|
+
end
|
243
|
+
|
244
|
+
client = TCPSocket.new(remote.host, remote.port)
|
245
|
+
info { "connected #{connected_address}:#{connected_port} originator #{originator_address}:#{originator_port}" }
|
246
|
+
|
247
|
+
prepare_client(client, channel, :remote)
|
248
|
+
rescue SocketError => err
|
249
|
+
raise Net::SSH::ChannelOpenFailed.new(2, "could not connect to remote host (#{remote.host}:#{remote.port}): #{err.message}")
|
250
|
+
end
|
251
|
+
|
252
|
+
# The callback used when an auth-agent channel is requested by the server.
|
253
|
+
def auth_agent_channel(session, channel, packet)
|
254
|
+
info { "opening auth-agent channel" }
|
255
|
+
channel[:invisible] = true
|
256
|
+
|
257
|
+
begin
|
258
|
+
agent = Authentication::Agent.connect(logger)
|
259
|
+
prepare_client(agent.socket, channel, :agent)
|
260
|
+
rescue Exception => e
|
261
|
+
error { "attempted to connect to agent but failed: #{e.class.name} (#{e.message})" }
|
262
|
+
raise ChannelOpenFailure.new(2, "could not connect to authentication agent")
|
263
|
+
end
|
264
|
+
end
|
265
|
+
end
|
266
|
+
|
267
|
+
end; end; end
|