net-ssh 2.10.0.beta1 → 2.10.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 99ac97b623723117ba47a0785cf3dc7d2e1ae594
-  data.tar.gz: 705651920fb196430521248ef4d457a955814ac6
+  metadata.gz: 9f03cb3368a2d774044b5b2ea19a283825e638d5
+  data.tar.gz: 68da3613cd8dc0764ce823f3b493ff2003a17801
 SHA512:
-  metadata.gz: e6a3403271ad3a629769a30b99a9e4802f918444d0c3b97ef8f2df955ae9b2aeac2eaf0c64454227c4d74ac375d3ccf0e60ee7e19518cf1e63f424dd22d3dceb
-  data.tar.gz: f84cae92e328113fa58bfd19e0e828412fe1bdce7bc0fa2cdca254b7c25562c0efcd1a9de5987de3be6180f5c64583baee4f560b748f65d37eabd0760529eadf
+  metadata.gz: bb71608ade7fc1ae4ec0d037d318da80322f2867c4e6debd94f183d6834f728acc6984ba357b22d1b5e1dbd2110214c0872b04da4a11c0be53c7fd0b30efff72
+  data.tar.gz: 22f414e1afe8ebaf4ec71db0354fa7b7da70bcd90de1e93e07d4579d2fa8d1f4992c0610fbae4dd9b6ae62e081a8f05595433182edb1f33b14f4ac040302aae4

data/CHANGES.txt

@@ -1,4 +1,11 @@
-=== 2.10.0-?
+=== 2.10.0-beta2
+
+* Fix :passphrase option with :non_interactive [Jeremy Stanley]
+* Use Socket.tcp with connect_timeout instead of Timeout::timeout [Carl Hörberg]
+* Support for hostname hashes [Jef Mathiot]
+* Ruby 1.9.3 is no longer supported but should moslty work expect for stuff like connect_timeout
+
+=== 2.10.0-beta1
 
 * Fix could not parse PKey error. [Andrey Voronkov]
 * Workaround for threading issue in MRI + singleton method declaration [Matt Brictson]

data/README.rdoc

@@ -110,46 +110,11 @@ Then, when install the gem, do so with high security:
 
 If you don't add the public key, you'll see an error like "Couldn't verify data signature". If you're still having trouble let me know and I'll give you a hand.
 
-== RUBY 1.8 SUPPORT
+== RUBY 1.x SUPPORT
 
-net-ssh supports Ruby 1.8.x up until the 2.5.1 release. Current version requires ruby 1.9 or later.
-
-== JRUBY 1.6
-
-There is an issue with jruby-openssl that produces the following error in jruby 1.6:
-
-    <ArgumentError> wrong number of arguments (2 for 1)
-    /home/offers/tracking/shared/bundle/jruby/1.8/gems/net-ssh-2.6.0/lib/net/ssh/key_factory.rb:77:in `load_data_private_key'
-
-You can downgrade jruby-openssl to version 0.7.4 (before they added the PKey.read method) to resolve it or upgrade jruby to 1.7. See issue #61 for more info: https://github.com/net-ssh/net-ssh/issues/61.
-
-
-== ARCFOUR SUPPORT:
-
-from Karl Varga:
-
-Ruby's OpenSSL bindings always return a key length of 16 for RC4 ciphers, which means that when we try to use ARCFOUR256 or higher, Net::SSH generates keys which are consistently too short - 16 bytes as opposed to 32 bytes - resulting in the following error:
-
-    OpenSSL::CipherError: key length too short
-
-My patch simply instructs Net::SSH to build keys of the the proper length, regardless of the required key length reported by OpenSSL.
-
-You should also be aware that your OpenSSL C libraries may also contain this bug.  I've updated to 0.9.8k, but according to this thread[https://bugzilla.mindrot.org/show_bug.cgi?id=1291], the bug existed as recently as 0.9.8e!  I've manually taken a look at my header files and they look ok, which is what makes me think it's a bug in the Ruby implementation.
-
-To see your OpenSSL version:
-
-    $ openssl version
-    OpenSSL 0.9.8k 25 Mar 2009
-
-After installing this gem, verify that Net::SSH is generating keys of the correct length by running the script <tt>support/arcfour_check.rb</tt>:
-
-    $ ruby arcfour_support.rb
-
-which should produce the following:
-
-    arcfour128: [16, 8] OpenSSL::Cipher::Cipher
-    arcfour256: [32, 8] OpenSSL::Cipher::Cipher
-    arcfour512: [64, 8] OpenSSL::Cipher::Cipher
+net-ssh supports Ruby 1.8.x up until the 2.5.1 release.
+net-ssh supports Ruby 1.9.x up until the 2.9.x release.
+Current version requires ruby 2.0 or later.
 
 
 == RUNNING TESTS
@@ -162,14 +127,7 @@ Run a single test file like this:
 
      ruby -Ilib -Itest -rrubygems test/transport/test_server_version.rb
 
-
-=== EXPECTED RESULTS
-
-* Ruby 1.8: all tests pass
-
-* Ruby 1.9: all tests pass
-
-* JRuby 1.5: 99% tests pass (448 tests, 1846 assertions, 1 failures)
+To run integration tests see test/integration/README.txt
 
 === BUILDING GEM
 

data/lib/net/ssh.rb

@@ -204,7 +204,6 @@ module Net
 
       if options[:non_interactive]
         options[:number_of_password_prompts] = 0
-        options[:passphrase] = false
       end
 
       if options[:verbose]

data/lib/net/ssh/authentication/key_manager.rb

@@ -98,7 +98,7 @@ module Net
         def each_identity
           prepared_identities = prepare_identities_from_files + prepare_identities_from_data
 
-          user_identities = load_identities(prepared_identities, false)
+          user_identities = load_identities(prepared_identities, false, true)
 
           if agent
             agent.identities.each do |key|
@@ -114,7 +114,7 @@ module Net
             end
           end
 
-          user_identities = load_identities(user_identities, true)
+          user_identities = load_identities(user_identities, !options[:non_interactive], false)
 
           user_identities.each do |identity|
             key = identity.delete(:public_key)
@@ -139,7 +139,7 @@ module Net
 
           if info[:key].nil? && info[:from] == :file
             begin
-              info[:key] = KeyFactory.load_private_key(info[:file], options[:passphrase], true)
+              info[:key] = KeyFactory.load_private_key(info[:file], options[:passphrase], !options[:non_interactive])
             rescue Exception, OpenSSL::OpenSSLError => e
               raise KeyManagerError, "the given identity is known, but the private key could not be loaded: #{e.class} (#{e.message})"
             end
@@ -212,8 +212,8 @@ module Net
           end
         end
 
-        # Load prepared identities. Private key decryption errors ignored if passphrase was not prompted.
-        def load_identities(identities, ask_passphrase)
+        # Load prepared identities. Private key decryption errors ignored if ignore_decryption_errors
+        def load_identities(identities, ask_passphrase, ignore_decryption_errors)
           identities.map do |identity|
             begin
               case identity[:load_from]
@@ -233,11 +233,11 @@ module Net
               end
 
             rescue OpenSSL::PKey::RSAError, OpenSSL::PKey::DSAError, OpenSSL::PKey::ECError => e
-              if ask_passphrase
+              if ignore_decryption_errors
+                identity
+              else
                 process_identity_loading_error(identity, e)
                 nil
-              else
-                identity
               end
             rescue ArgumentError => e
               process_identity_loading_error(identity, e)

data/lib/net/ssh/known_hosts.rb

@@ -1,4 +1,6 @@
 require 'strscan'
+require 'openssl'
+require 'base64'
 require 'net/ssh/buffer'
 
 module Net; module SSH
@@ -111,7 +113,9 @@ module Net; module SSH
           next if scanner.match?(/$|#/)
 
           hostlist = scanner.scan(/\S+/).split(/,/)
-          next unless entries.all? { |entry| hostlist.include?(entry) }
+          found = entries.all? { |entry| hostlist.include?(entry) } ||
+            known_host_hash?(hostlist, entries, scanner)
+          next unless found
 
           scanner.skip(/\s*/)
           type = scanner.scan(/\S+/)
@@ -127,6 +131,21 @@ module Net; module SSH
       keys
     end
 
+    # Indicates whether one of the entries matches an hostname that has been
+    # stored as a HMAC-SHA1 hash in the known hosts.
+    def known_host_hash?(hostlist, entries, scanner)
+      if hostlist.size == 1 && hostlist.first =~ /\A\|1(\|.+){2}\z/
+        chunks = hostlist.first.split(/\|/)
+        salt = Base64.decode64(chunks[2])
+        digest = OpenSSL::Digest.new('sha1')
+        entries.each do |entry|
+          hmac = OpenSSL::HMAC.digest(digest, salt, entry)
+          return true if Base64.encode64(hmac).chomp == chunks[3]
+        end
+      end
+      false
+    end
+
     # Tries to append an entry to the current source file for the given host
     # and key. If it is unable to (because the file is not writable, for
     # instance), an exception will be raised.

data/lib/net/ssh/proxy/http.rb

@@ -48,8 +48,9 @@ module Net; module SSH; module Proxy
 
     # Return a new socket connected to the given host and port via the
     # proxy that was requested when the socket factory was instantiated.
-    def open(host, port, connection_options = nil)
-      socket = TCPSocket.new(proxy_host, proxy_port)
+    def open(host, port, connection_options)
+      socket = Socket.tcp(proxy_host, proxy_port, nil, nil,
+                          connect_timeout: connection_options[:timeout])
       socket.write "CONNECT #{host}:#{port} HTTP/1.0\r\n"
 
       if options[:user]

data/lib/net/ssh/proxy/socks4.rb

@@ -48,7 +48,8 @@ module Net
         # Return a new socket connected to the given host and port via the
         # proxy that was requested when the socket factory was instantiated.
         def open(host, port, connection_options)
-          socket = TCPSocket.new(proxy_host, proxy_port)
+          socket = Socket.tcp(proxy_host, proxy_port, nil, nil,
+                              connect_timeout: connection_options[:timeout])
           ip_addr = IPAddr.new(Resolv.getaddress(host))
           
           packet = [VERSION, CONNECT, port.to_i, ip_addr.to_i, options[:user]].pack("CCnNZ*")

data/lib/net/ssh/proxy/socks5.rb

@@ -62,8 +62,9 @@ module Net
 
         # Return a new socket connected to the given host and port via the
         # proxy that was requested when the socket factory was instantiated.
-        def open(host, port, connection_options = nil)
-          socket = TCPSocket.new(proxy_host, proxy_port)
+        def open(host, port, connection_options)
+          socket = Socket.tcp(proxy_host, proxy_port, nil, nil,
+                              connect_timeout: connection_options[:timeout])
 
           methods = [METHOD_NO_AUTH]
           methods << METHOD_PASSWD if options[:user]

data/lib/net/ssh/transport/server_version.rb

@@ -25,11 +25,11 @@ module Net; module SSH; module Transport
 
     # Instantiates a new ServerVersion and immediately (and synchronously)
     # negotiates the SSH protocol in effect, using the given socket.
-    def initialize(socket, logger)
+    def initialize(socket, logger, timeout = nil)
       @header = ""
       @version = nil
       @logger = logger
-      negotiate!(socket)
+      negotiate!(socket, timeout)
     end
 
     private
@@ -37,9 +37,12 @@ module Net; module SSH; module Transport
       # Negotiates the SSH protocol to use, via the given socket. If the server
       # reports an incompatible SSH version (e.g., SSH1), this will raise an
       # exception.
-      def negotiate!(socket)
+      def negotiate!(socket, timeout)
         info { "negotiating protocol version" }
 
+        if timeout && !IO.select([socket], nil, nil, timeout)
+          raise Net::SSH::ConnectionTimeout, "timeout during server version negotiating"
+        end
         loop do
           @version = ""
           loop do
@@ -63,6 +66,9 @@ module Net; module SSH; module Transport
           raise Net::SSH::Exception, "incompatible SSH version `#{@version}'"
         end
 
+        if timeout && !IO.select(nil, [socket], nil, timeout)
+          raise Net::SSH::ConnectionTimeout, "timeout during client version negotiating"
+        end
         debug { "local is `#{PROTO_VERSION}'" }
         socket.write "#{PROTO_VERSION}\r\n"
         socket.flush

data/lib/net/ssh/transport/session.rb

@@ -1,5 +1,4 @@
 require 'socket'
-require 'timeout'
 
 require 'net/ssh/errors'
 require 'net/ssh/loggable'
@@ -64,13 +63,13 @@ module Net; module SSH; module Transport
 
       debug { "establishing connection to #{@host}:#{@port}" }
 
-      @socket = timeout(options[:timeout] || 0) do
+      @socket =
         if (factory = options[:proxy])
           factory.open(@host, @port, options)
         else
-          TCPSocket.open(@host, @port, @bind_address)
+          Socket.tcp(@host, @port, @bind_address, nil,
+                     connect_timeout: options[:timeout])
         end
-      end
 
       @socket.extend(PacketStream)
       @socket.logger = @logger
@@ -82,7 +81,7 @@ module Net; module SSH; module Transport
       @host_key_verifier = select_host_key_verifier(options[:paranoid])
 
 
-      @server_version = timeout(options[:timeout] || 0) { ServerVersion.new(socket, logger) }
+      @server_version = ServerVersion.new(socket, logger, options[:timeout])
 
       @algorithms = Algorithms.new(self, options)
       wait { algorithms.initialized? }

data/lib/net/ssh/version.rb

@@ -55,7 +55,7 @@ module Net; module SSH
 
     # The prerelease component of this version of the Net::SSH library 
     # nil allowed
-    PRE   = 'beta1'
+    PRE   = 'beta2'
 
     # The current version of the Net::SSH library as a Version instance
     CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)

data/net-ssh.gemspec

@@ -2,17 +2,17 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: net-ssh 2.10.0.beta1 ruby lib
+# stub: net-ssh 2.10.0.beta2 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "net-ssh"
-  s.version = "2.10.0.beta1"
+  s.version = "2.10.0.beta2"
 
   s.required_rubygems_version = Gem::Requirement.new("> 1.3.1") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["Jamis Buck", "Delano Mandelbaum", "Mikl\u{f3}s Fazekas"]
   s.cert_chain = ["net-ssh-public_cert.pem"]
-  s.date = "2015-05-21"
+  s.date = "2015-07-01"
   s.description = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2."
   s.email = "net-ssh@solutious.com"
   s.extra_rdoc_files = [
@@ -145,6 +145,7 @@ Gem::Specification.new do |s|
     "test/integration/playbook.yml",
     "test/integration/test_id_rsa_keys.rb",
     "test/known_hosts/github",
+    "test/known_hosts/github_hash",
     "test/manual/test_forward.rb",
     "test/manual/test_pageant.rb",
     "test/start/test_connection.rb",

data/test/authentication/test_key_manager.rb

@@ -56,6 +56,15 @@ module Authentication
       assert_equal({:from => :file, :file => second, :key => dsa}, manager.known_identities[dsa])
     end
 
+    def test_each_identity_should_not_prompt_for_passphrase_in_non_interactive_mode
+      manager(:non_interactive => true).stubs(:agent).returns(nil)
+      first = File.expand_path("/first")
+      stub_file_private_key first, rsa, :passphrase => :should_not_be_asked
+      identities = []
+      manager.each_identity { |identity| identities << identity }
+      assert_equal(identities, [])
+    end
+
     def test_identities_should_load_from_agent
       manager.stubs(:agent).returns(agent)
 

data/test/integration/test_id_rsa_keys.rb

@@ -10,8 +10,14 @@ require 'net/ssh'
 class TestIDRSAPKeys < Test::Unit::TestCase
   include IntegrationTestHelpers
 
+  def tmpdir(&block)
+    Dir.mktmpdir do |dir|
+      yield(dir)
+    end
+  end
+
   def test_in_file_no_password
-    Dir.mktmpdir do |dir| dir = "/tmp/test"
+    tmpdir do |dir|
       sh "rm -rf #{dir}/id_rsa #{dir}/id_rsa.pub"
       sh "ssh-keygen -f #{dir}/id_rsa -t rsa -N ''"
       set_authorized_key('net_ssh_1',"#{dir}/id_rsa.pub")
@@ -28,7 +34,7 @@ class TestIDRSAPKeys < Test::Unit::TestCase
 
 
   def test_ssh_agent
-    Dir.mktmpdir do |dir| dir = "/tmp/test"
+    tmpdir do |dir|
       with_agent do
         sh "rm -rf #{dir}/id_rsa #{dir}/id_rsa.pub"
         sh "ssh-keygen -f #{dir}/id_rsa -t rsa -N 'pwd123'"
@@ -44,7 +50,7 @@ class TestIDRSAPKeys < Test::Unit::TestCase
   end
 
   def test_ssh_agent_ignores_if_already_in_agent
-    Dir.mktmpdir do |dir| dir = "/tmp/test"
+    tmpdir do |dir|
       with_agent do
         sh "rm -rf #{dir}/id_rsa #{dir}/id_rsa.pub"
         sh "ssh-keygen -f #{dir}/id_rsa -t rsa -N 'pwd123'"
@@ -60,7 +66,7 @@ class TestIDRSAPKeys < Test::Unit::TestCase
   end
 
   def test_in_file_with_password
-    Dir.mktmpdir do |dir| dir = "/tmp/test"
+    tmpdir do |dir|
       sh "rm -rf #{dir}/id_rsa #{dir}/id_rsa.pub"
       sh "ssh-keygen -f #{dir}/id_rsa -t rsa -N 'pwd12'"
       set_authorized_key('net_ssh_1',"#{dir}/id_rsa.pub")

data/test/known_hosts/github_hash

@@ -0,0 +1 @@
+|1|eKp+6E0rZ3lONgsIziurXEnaIik=|rcQB/rlJMUquUyFta64KugPjX4o= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

data/test/test_known_hosts.rb

@@ -2,12 +2,20 @@ require 'common'
 
 class TestKnownHosts < Test::Unit::TestCase
 
-  def test_key_for_when_all_hosts_are_recognized
-    source = File.join(File.dirname(__FILE__),"known_hosts/github")
+  def perform_test(hostfile)
+    source = File.join(File.dirname(__FILE__), hostfile)
     kh = Net::SSH::KnownHosts.new(source)
     keys = kh.keys_for("github.com")
     assert_equal(1, keys.count)
     assert_equal("ssh-rsa", keys[0].ssh_type)
   end
 
-end
+  def test_key_for_when_all_hosts_are_recognized
+    perform_test("known_hosts/github")
+  end
+
+  def test_key_for_when_an_host_hash_is_recognized
+    perform_test("known_hosts/github_hash")
+  end
+
+end

data/test/transport/test_packet_stream.rb

@@ -1,6 +1,7 @@
 # encoding: ASCII-8BIT
 
 require 'common'
+require 'timeout'
 require 'net/ssh/transport/packet_stream'
 
 module Transport

data/test/transport/test_session.rb

@@ -315,7 +315,7 @@ module Transport
       def session(options={})
         @session ||= begin
           host = options.delete(:host) || "net.ssh.test"
-          TCPSocket.stubs(:open).with(host, options[:port] || 22, nil).returns(socket)
+          Socket.stubs(:tcp).with(host, options[:port] || 22, nil, nil, { connect_timeout: options[:timeout] }).returns(socket)
           Net::SSH::Transport::ServerVersion.stubs(:new).returns(server_version)
           Net::SSH::Transport::Algorithms.stubs(:new).returns(algorithms)
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 2.10.0.beta1
+  version: 2.10.0.beta2
 platform: ruby
 authors:
 - Jamis Buck
@@ -31,7 +31,7 @@ cert_chain:
   MbvRpzgROzyfw1qYi4dnIyMwTtXFFcZ0a2jpxHPkcTYFK6TzvFgDLAP0Y/u9jqUQ
   eZ7/3CdSi/isZHEw
   -----END CERTIFICATE-----
-date: 2015-05-21 00:00:00.000000000 Z
+date: 2015-07-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: test-unit
@@ -196,6 +196,7 @@ files:
 - test/integration/playbook.yml
 - test/integration/test_id_rsa_keys.rb
 - test/known_hosts/github
+- test/known_hosts/github_hash
 - test/manual/test_forward.rb
 - test/manual/test_pageant.rb
 - test/start/test_connection.rb