net-ssh 2.4.0 → 2.5.0
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.rdoc +21 -0
- data/Manifest +11 -0
- data/lib/net/ssh/authentication/key_manager.rb +1 -1
- data/lib/net/ssh/authentication/session.rb +12 -4
- data/lib/net/ssh/buffer.rb +12 -2
- data/lib/net/ssh/key_factory.rb +7 -2
- data/lib/net/ssh/known_hosts.rb +12 -2
- data/lib/net/ssh/ruby_compat.rb +8 -0
- data/lib/net/ssh/transport/algorithms.rb +22 -1
- data/lib/net/ssh/transport/cipher_factory.rb +32 -5
- data/lib/net/ssh/transport/constants.rb +3 -1
- data/lib/net/ssh/transport/ctr.rb +95 -0
- data/lib/net/ssh/transport/hmac.rb +8 -5
- data/lib/net/ssh/transport/hmac/ripemd160.rb +13 -0
- data/lib/net/ssh/transport/kex.rb +11 -0
- data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +44 -0
- data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +11 -3
- data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +93 -0
- data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +13 -0
- data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +13 -0
- data/lib/net/ssh/transport/openssl.rb +111 -1
- data/lib/net/ssh/version.rb +1 -1
- data/net-ssh.gemspec +12 -4
- data/test/authentication/test_key_manager.rb +48 -1
- data/test/test_buffer.rb +92 -2
- data/test/test_key_factory.rb +42 -0
- data/test/transport/hmac/test_ripemd160.rb +34 -0
- data/test/transport/kex/test_diffie_hellman_group14_sha1.rb +13 -0
- data/test/transport/kex/test_ecdh_sha2_nistp256.rb +161 -0
- data/test/transport/kex/test_ecdh_sha2_nistp384.rb +37 -0
- data/test/transport/kex/test_ecdh_sha2_nistp521.rb +37 -0
- data/test/transport/test_algorithms.rb +41 -19
- data/test/transport/test_cipher_factory.rb +255 -27
- data/test/transport/test_packet_stream.rb +1009 -0
- metadata +13 -4
- data/lib/net/ssh/authentication/agent/java_pageant.rb +0 -85
- data/lib/net/ssh/authentication/agent/socket.rb +0 -170
metadata
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
name: net-ssh
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease:
|
5
|
-
version: 2.
|
5
|
+
version: 2.5.0
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- Jamis Buck
|
@@ -11,7 +11,7 @@ autorequire:
|
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
13
|
|
14
|
-
date: 2012-05-
|
14
|
+
date: 2012-05-24 00:00:00 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: jruby-pageant
|
@@ -44,8 +44,6 @@ files:
|
|
44
44
|
- THANKS.rdoc
|
45
45
|
- lib/net/ssh.rb
|
46
46
|
- lib/net/ssh/authentication/agent.rb
|
47
|
-
- lib/net/ssh/authentication/agent/java_pageant.rb
|
48
|
-
- lib/net/ssh/authentication/agent/socket.rb
|
49
47
|
- lib/net/ssh/authentication/constants.rb
|
50
48
|
- lib/net/ssh/authentication/key_manager.rb
|
51
49
|
- lib/net/ssh/authentication/methods/abstract.rb
|
@@ -87,11 +85,13 @@ files:
|
|
87
85
|
- lib/net/ssh/transport/algorithms.rb
|
88
86
|
- lib/net/ssh/transport/cipher_factory.rb
|
89
87
|
- lib/net/ssh/transport/constants.rb
|
88
|
+
- lib/net/ssh/transport/ctr.rb
|
90
89
|
- lib/net/ssh/transport/hmac.rb
|
91
90
|
- lib/net/ssh/transport/hmac/abstract.rb
|
92
91
|
- lib/net/ssh/transport/hmac/md5.rb
|
93
92
|
- lib/net/ssh/transport/hmac/md5_96.rb
|
94
93
|
- lib/net/ssh/transport/hmac/none.rb
|
94
|
+
- lib/net/ssh/transport/hmac/ripemd160.rb
|
95
95
|
- lib/net/ssh/transport/hmac/sha1.rb
|
96
96
|
- lib/net/ssh/transport/hmac/sha1_96.rb
|
97
97
|
- lib/net/ssh/transport/hmac/sha2_256.rb
|
@@ -102,8 +102,12 @@ files:
|
|
102
102
|
- lib/net/ssh/transport/key_expander.rb
|
103
103
|
- lib/net/ssh/transport/kex.rb
|
104
104
|
- lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb
|
105
|
+
- lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb
|
105
106
|
- lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb
|
106
107
|
- lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb
|
108
|
+
- lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb
|
109
|
+
- lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb
|
110
|
+
- lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb
|
107
111
|
- lib/net/ssh/transport/openssl.rb
|
108
112
|
- lib/net/ssh/transport/packet_stream.rb
|
109
113
|
- lib/net/ssh/transport/server_version.rb
|
@@ -142,6 +146,7 @@ files:
|
|
142
146
|
- test/transport/hmac/test_md5.rb
|
143
147
|
- test/transport/hmac/test_md5_96.rb
|
144
148
|
- test/transport/hmac/test_none.rb
|
149
|
+
- test/transport/hmac/test_ripemd160.rb
|
145
150
|
- test/transport/hmac/test_sha1.rb
|
146
151
|
- test/transport/hmac/test_sha1_96.rb
|
147
152
|
- test/transport/hmac/test_sha2_256.rb
|
@@ -149,8 +154,12 @@ files:
|
|
149
154
|
- test/transport/hmac/test_sha2_512.rb
|
150
155
|
- test/transport/hmac/test_sha2_512_96.rb
|
151
156
|
- test/transport/kex/test_diffie_hellman_group1_sha1.rb
|
157
|
+
- test/transport/kex/test_diffie_hellman_group14_sha1.rb
|
152
158
|
- test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb
|
153
159
|
- test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb
|
160
|
+
- test/transport/kex/test_ecdh_sha2_nistp256.rb
|
161
|
+
- test/transport/kex/test_ecdh_sha2_nistp384.rb
|
162
|
+
- test/transport/kex/test_ecdh_sha2_nistp521.rb
|
154
163
|
- test/transport/test_algorithms.rb
|
155
164
|
- test/transport/test_cipher_factory.rb
|
156
165
|
- test/transport/test_hmac.rb
|
@@ -1,85 +0,0 @@
|
|
1
|
-
require 'jruby_pageant'
|
2
|
-
|
3
|
-
module Net; module SSH; module Authentication
|
4
|
-
|
5
|
-
# This class implements an agent for JRuby + Pageant.
|
6
|
-
#
|
7
|
-
# Written by Artūras Šlajus <arturas.slajus@gmail.com>
|
8
|
-
class Agent
|
9
|
-
include Loggable
|
10
|
-
include JRubyPageant
|
11
|
-
|
12
|
-
# A simple module for extending keys, to allow blobs and comments to be
|
13
|
-
# specified for them.
|
14
|
-
module Key
|
15
|
-
# :blob is used by OpenSSL::PKey::RSA#to_blob
|
16
|
-
attr_accessor :java_blob
|
17
|
-
attr_accessor :comment
|
18
|
-
end
|
19
|
-
|
20
|
-
# Instantiates a new agent object, connects to a running SSH agent,
|
21
|
-
# negotiates the agent protocol version, and returns the agent object.
|
22
|
-
def self.connect(logger=nil)
|
23
|
-
agent = new(logger)
|
24
|
-
agent.connect!
|
25
|
-
agent
|
26
|
-
end
|
27
|
-
|
28
|
-
# Creates a new Agent object, using the optional logger instance to
|
29
|
-
# report status.
|
30
|
-
def initialize(logger=nil)
|
31
|
-
self.logger = logger
|
32
|
-
end
|
33
|
-
|
34
|
-
# Connect to the agent process using the socket factory and socket name
|
35
|
-
# given by the attribute writers. If the agent on the other end of the
|
36
|
-
# socket reports that it is an SSH2-compatible agent, this will fail
|
37
|
-
# (it only supports the ssh-agent distributed by OpenSSH).
|
38
|
-
def connect!
|
39
|
-
debug { "connecting to Pageant ssh-agent (via java connector)" }
|
40
|
-
@agent_proxy = JRubyPageant.create
|
41
|
-
unless @agent_proxy.is_running
|
42
|
-
raise AgentNotAvailable, "Pageant is not running!"
|
43
|
-
end
|
44
|
-
debug { "connection to Pageant ssh-agent (via java connector) succeeded" }
|
45
|
-
rescue AgentProxyException => e
|
46
|
-
error { "could not connect to Pageant ssh-agent (via java connector)" }
|
47
|
-
raise AgentNotAvailable, e.message, e.backtrace
|
48
|
-
end
|
49
|
-
|
50
|
-
# Return an array of all identities (public keys) known to the agent.
|
51
|
-
# Each key returned is augmented with a +comment+ property which is set
|
52
|
-
# to the comment returned by the agent for that key.
|
53
|
-
def identities
|
54
|
-
debug { "getting identities from Pageant" }
|
55
|
-
@agent_proxy.get_identities.map do |identity|
|
56
|
-
blob = identity.get_blob
|
57
|
-
key = Buffer.new(String.from_java_bytes(blob)).read_key
|
58
|
-
key.extend(Key)
|
59
|
-
key.java_blob = blob
|
60
|
-
key.comment = String.from_java_bytes(identity.get_comment)
|
61
|
-
key
|
62
|
-
end
|
63
|
-
rescue AgentProxyException => e
|
64
|
-
raise AgentError, "Cannot get identities: #{e.message}", e.backtrace
|
65
|
-
end
|
66
|
-
|
67
|
-
# Simulate agent close. This agent reference is no longer able to
|
68
|
-
# query the agent.
|
69
|
-
def close
|
70
|
-
@agent_proxy = nil
|
71
|
-
end
|
72
|
-
|
73
|
-
# Using the agent and the given public key, sign the given data. The
|
74
|
-
# signature is returned in SSH2 format.
|
75
|
-
def sign(key, data)
|
76
|
-
signed = @agent_proxy.sign(key.java_blob, data.to_java_bytes)
|
77
|
-
String.from_java_bytes(signed)
|
78
|
-
rescue AgentProxyException => e
|
79
|
-
raise AgentError,
|
80
|
-
"agent could not sign data with requested identity: #{e.message}",
|
81
|
-
e.backtrace
|
82
|
-
end
|
83
|
-
end
|
84
|
-
|
85
|
-
end; end; end
|
@@ -1,170 +0,0 @@
|
|
1
|
-
require 'net/ssh/transport/server_version'
|
2
|
-
|
3
|
-
# Only load pageant on Windows
|
4
|
-
if Net::SSH::Authentication::PLATFORM == :win32
|
5
|
-
require 'net/ssh/authentication/pageant'
|
6
|
-
end
|
7
|
-
|
8
|
-
module Net; module SSH; module Authentication
|
9
|
-
|
10
|
-
# This class implements a simple client for the ssh-agent protocol. It
|
11
|
-
# does not implement any specific protocol, but instead copies the
|
12
|
-
# behavior of the ssh-agent functions in the OpenSSH library (3.8).
|
13
|
-
#
|
14
|
-
# This means that although it behaves like a SSH1 client, it also has
|
15
|
-
# some SSH2 functionality (like signing data).
|
16
|
-
class Agent
|
17
|
-
include Loggable
|
18
|
-
|
19
|
-
# A simple module for extending keys, to allow comments to be specified
|
20
|
-
# for them.
|
21
|
-
module Comment
|
22
|
-
attr_accessor :comment
|
23
|
-
end
|
24
|
-
|
25
|
-
SSH2_AGENT_REQUEST_VERSION = 1
|
26
|
-
SSH2_AGENT_REQUEST_IDENTITIES = 11
|
27
|
-
SSH2_AGENT_IDENTITIES_ANSWER = 12
|
28
|
-
SSH2_AGENT_SIGN_REQUEST = 13
|
29
|
-
SSH2_AGENT_SIGN_RESPONSE = 14
|
30
|
-
SSH2_AGENT_FAILURE = 30
|
31
|
-
SSH2_AGENT_VERSION_RESPONSE = 103
|
32
|
-
|
33
|
-
SSH_COM_AGENT2_FAILURE = 102
|
34
|
-
|
35
|
-
SSH_AGENT_REQUEST_RSA_IDENTITIES = 1
|
36
|
-
SSH_AGENT_RSA_IDENTITIES_ANSWER1 = 2
|
37
|
-
SSH_AGENT_RSA_IDENTITIES_ANSWER2 = 5
|
38
|
-
SSH_AGENT_FAILURE = 5
|
39
|
-
|
40
|
-
# The underlying socket being used to communicate with the SSH agent.
|
41
|
-
attr_reader :socket
|
42
|
-
|
43
|
-
# Instantiates a new agent object, connects to a running SSH agent,
|
44
|
-
# negotiates the agent protocol version, and returns the agent object.
|
45
|
-
def self.connect(logger=nil)
|
46
|
-
agent = new(logger)
|
47
|
-
agent.connect!
|
48
|
-
agent.negotiate!
|
49
|
-
agent
|
50
|
-
end
|
51
|
-
|
52
|
-
# Creates a new Agent object, using the optional logger instance to
|
53
|
-
# report status.
|
54
|
-
def initialize(logger=nil)
|
55
|
-
self.logger = logger
|
56
|
-
end
|
57
|
-
|
58
|
-
# Connect to the agent process using the socket factory and socket name
|
59
|
-
# given by the attribute writers. If the agent on the other end of the
|
60
|
-
# socket reports that it is an SSH2-compatible agent, this will fail
|
61
|
-
# (it only supports the ssh-agent distributed by OpenSSH).
|
62
|
-
def connect!
|
63
|
-
begin
|
64
|
-
debug { "connecting to ssh-agent" }
|
65
|
-
@socket = agent_socket_factory.open(ENV['SSH_AUTH_SOCK'])
|
66
|
-
rescue
|
67
|
-
error { "could not connect to ssh-agent" }
|
68
|
-
raise AgentNotAvailable, $!.message
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
# Attempts to negotiate the SSH agent protocol version. Raises an error
|
73
|
-
# if the version could not be negotiated successfully.
|
74
|
-
def negotiate!
|
75
|
-
# determine what type of agent we're communicating with
|
76
|
-
type, body = send_and_wait(SSH2_AGENT_REQUEST_VERSION, :string, Transport::ServerVersion::PROTO_VERSION)
|
77
|
-
|
78
|
-
if type == SSH2_AGENT_VERSION_RESPONSE
|
79
|
-
raise NotImplementedError, "SSH2 agents are not yet supported"
|
80
|
-
elsif type != SSH_AGENT_RSA_IDENTITIES_ANSWER1 && type != SSH_AGENT_RSA_IDENTITIES_ANSWER2
|
81
|
-
raise AgentError, "unknown response from agent: #{type}, #{body.to_s.inspect}"
|
82
|
-
end
|
83
|
-
end
|
84
|
-
|
85
|
-
# Return an array of all identities (public keys) known to the agent.
|
86
|
-
# Each key returned is augmented with a +comment+ property which is set
|
87
|
-
# to the comment returned by the agent for that key.
|
88
|
-
def identities
|
89
|
-
type, body = send_and_wait(SSH2_AGENT_REQUEST_IDENTITIES)
|
90
|
-
raise AgentError, "could not get identity count" if agent_failed(type)
|
91
|
-
raise AgentError, "bad authentication reply: #{type}" if type != SSH2_AGENT_IDENTITIES_ANSWER
|
92
|
-
|
93
|
-
identities = []
|
94
|
-
body.read_long.times do
|
95
|
-
key = Buffer.new(body.read_string).read_key
|
96
|
-
key.extend(Comment)
|
97
|
-
key.comment = body.read_string
|
98
|
-
identities.push key
|
99
|
-
end
|
100
|
-
|
101
|
-
return identities
|
102
|
-
end
|
103
|
-
|
104
|
-
# Closes this socket. This agent reference is no longer able to
|
105
|
-
# query the agent.
|
106
|
-
def close
|
107
|
-
@socket.close
|
108
|
-
end
|
109
|
-
|
110
|
-
# Using the agent and the given public key, sign the given data. The
|
111
|
-
# signature is returned in SSH2 format.
|
112
|
-
def sign(key, data)
|
113
|
-
type, reply = send_and_wait(SSH2_AGENT_SIGN_REQUEST, :string, Buffer.from(:key, key), :string, data, :long, 0)
|
114
|
-
|
115
|
-
if agent_failed(type)
|
116
|
-
raise AgentError, "agent could not sign data with requested identity"
|
117
|
-
elsif type != SSH2_AGENT_SIGN_RESPONSE
|
118
|
-
raise AgentError, "bad authentication response #{type}"
|
119
|
-
end
|
120
|
-
|
121
|
-
return reply.read_string
|
122
|
-
end
|
123
|
-
|
124
|
-
private
|
125
|
-
|
126
|
-
# Returns the agent socket factory to use.
|
127
|
-
def agent_socket_factory
|
128
|
-
if Net::SSH::Authentication::PLATFORM == :win32
|
129
|
-
Pageant::socket_factory
|
130
|
-
else
|
131
|
-
UNIXSocket
|
132
|
-
end
|
133
|
-
end
|
134
|
-
|
135
|
-
# Send a new packet of the given type, with the associated data.
|
136
|
-
def send_packet(type, *args)
|
137
|
-
buffer = Buffer.from(*args)
|
138
|
-
data = [buffer.length + 1, type.to_i, buffer.to_s].pack("NCA*")
|
139
|
-
debug { "sending agent request #{type} len #{buffer.length}" }
|
140
|
-
@socket.send data, 0
|
141
|
-
end
|
142
|
-
|
143
|
-
# Read the next packet from the agent. This will return a two-part
|
144
|
-
# tuple consisting of the packet type, and the packet's body (which
|
145
|
-
# is returned as a Net::SSH::Buffer).
|
146
|
-
def read_packet
|
147
|
-
buffer = Net::SSH::Buffer.new(@socket.read(4))
|
148
|
-
buffer.append(@socket.read(buffer.read_long))
|
149
|
-
type = buffer.read_byte
|
150
|
-
debug { "received agent packet #{type} len #{buffer.length-4}" }
|
151
|
-
return type, buffer
|
152
|
-
end
|
153
|
-
|
154
|
-
# Send the given packet and return the subsequent reply from the agent.
|
155
|
-
# (See #send_packet and #read_packet).
|
156
|
-
def send_and_wait(type, *args)
|
157
|
-
send_packet(type, *args)
|
158
|
-
read_packet
|
159
|
-
end
|
160
|
-
|
161
|
-
# Returns +true+ if the parameter indicates a "failure" response from
|
162
|
-
# the agent, and +false+ otherwise.
|
163
|
-
def agent_failed(type)
|
164
|
-
type == SSH_AGENT_FAILURE ||
|
165
|
-
type == SSH2_AGENT_FAILURE ||
|
166
|
-
type == SSH_COM_AGENT2_FAILURE
|
167
|
-
end
|
168
|
-
end
|
169
|
-
|
170
|
-
end; end; end
|