net-ssh 2.5.2 → 2.6.0

data/CHANGELOG.rdoc

@@ -1,4 +1,13 @@
 
+=== 2.6.0 / 19 Sep 2012
+
+* Use OpenSSL::PKey.read to read arbitrary private key. [nagachika]
+* Check availability of UNIXSocket and UNIXServer for Windows [Nobuhiro IMAI]
+* Bump version to 2.5.3 and depend on newer jruby-pageant version for Java 1.5 compat. [arturaz]
+* Implementation of the "none"-authentication method [dubspeed]
+* Add class for stricter host key verification [Andy Brody]
+
+
 === 2.5.2 / 25 May 2012
 
 * Fix for Net::SSH::KnownHosts::SUPPORTED_TYPE [Marco Sandrini] 

data/Manifest

@@ -77,6 +77,7 @@ lib/net/ssh/transport/session.rb
 lib/net/ssh/transport/state.rb
 lib/net/ssh/verifiers/lenient.rb
 lib/net/ssh/verifiers/null.rb
+lib/net/ssh/verifiers/secure.rb
 lib/net/ssh/verifiers/strict.rb
 lib/net/ssh/version.rb
 net-ssh.gemspec

data/README.rdoc

@@ -1,7 +1,7 @@
 = Net::SSH
 
 * Docs: http://net-ssh.github.com/net-ssh
-* Issues: http://net-ssh.lighthouseapp.com/
+* Issues: https://github.com/net-ssh/net-ssh/issues
 * Codes: http://github.com/net-ssh/net-ssh
 * Email: net-ssh@solutious.com
 

data/Rakefile

@@ -1,14 +1,10 @@
 require 'rubygems'
+require 'rubygems/package_task'
 require 'rake/clean'
-require 'rake/gempackagetask'
 require 'fileutils'
 include FileUtils
 
-begin
-  require 'hanna/rdoctask'
-rescue LoadError
-  require 'rdoc/task'
-end
+require 'rdoc/task'
 
 
 task :default => :package
@@ -39,7 +35,7 @@ version = @spec.version
 
 # INSTALL =============================================================
 
-Rake::GemPackageTask.new(@spec) do |p|
+Gem::PackageTask.new(@spec) do |p|
   p.need_tar = true if RUBY_PLATFORM !~ /mswin/
 end
 
@@ -74,15 +70,15 @@ end
 
 # RUBY DOCS TASK ==================================
 
-Rake::RDocTask.new do |t|
+RDoc::Task.new do |t|
+  # this only works with RDoc 3.1 or greater
+  t.generator = 'hanna'   # gem install hanna-nouveau
 	t.rdoc_dir = 'doc'
 	t.title    = @spec.summary
-	t.options << '--line-numbers' << '-A cattr_accessor=object'
-	t.options << '--charset' << 'utf-8'
+	t.main = README
 	t.rdoc_files.include(README)
 	t.rdoc_files.include(CHANGES)
 	t.rdoc_files.include(THANKS)
  	t.rdoc_files.include(LICENSE)
 	t.rdoc_files.include('lib/**/*.rb')
 end
-

data/lib/net/ssh.rb

@@ -133,8 +133,8 @@ module Net
     #   option is intended for situations where ssh-agent offers many different
     #   identites.
     # * :logger => the logger instance to use when logging
-    # * :paranoid => either true, false, or :very, specifying how strict
-    #   host-key verification should be
+    # * :paranoid => either false, true, :very, or :secure specifying how
+    #   strict host-key verification should be (in increasing order here)
     # * :passphrase => the passphrase to use when loading a private key (default
     #   is +nil+, for no passphrase)
     # * :password => the password to use to login

data/lib/net/ssh/authentication/session.rb

@@ -41,7 +41,7 @@ module Net; module SSH; module Authentication
       self.logger = transport.logger
       @transport = transport
 
-      @auth_methods = options[:auth_methods] || %w(publickey hostbased password keyboard-interactive)
+      @auth_methods = options[:auth_methods] || %w(none publickey hostbased password keyboard-interactive)
       @options = options
 
       @allowed_auth_methods = @auth_methods

data/lib/net/ssh/buffer.rb

@@ -318,7 +318,7 @@ module Net; module SSH
     def write_string(*text)
       text.each do |string|
         s = string.to_s
-        write_long(s.length)
+        write_long(s.bytesize)
         write(s)
       end
       self

data/lib/net/ssh/errors.rb

@@ -35,12 +35,10 @@ module Net; module SSH
     end
   end
 
-  # Raised when the cached key for a particular host does not match the
-  # key given by the host, which can be indicative of a man-in-the-middle
-  # attack. When rescuing this exception, you can inspect the key fingerprint
-  # and, if you want to proceed anyway, simply call the remember_host!
-  # method on the exception, and then retry.
-  class HostKeyMismatch < Exception
+  # Base class for host key exceptions. When rescuing this exception, you can
+  # inspect the key fingerprint and, if you want to proceed anyway, simply call
+  # the remember_host! method on the exception, and then retry.
+  class HostKeyError < Exception
     # the callback to use when #remember_host! is called
     attr_writer :callback #:nodoc:
 
@@ -85,4 +83,18 @@ module Net; module SSH
       @callback.call
     end
   end
-end; end
+
+  # Raised when the cached key for a particular host does not match the
+  # key given by the host, which can be indicative of a man-in-the-middle
+  # attack. When rescuing this exception, you can inspect the key fingerprint
+  # and, if you want to proceed anyway, simply call the remember_host!
+  # method on the exception, and then retry.
+  class HostKeyMismatch < HostKeyError; end
+
+  # Raised when there is no cached key for a particular host, which probably
+  # means that the host has simply not been seen before.
+  # When rescuing this exception, you can inspect the key fingerprint and, if
+  # you want to proceed anyway, simply call the remember_host! method on the
+  # exception, and then retry.
+  class HostKeyUnknown < HostKeyError; end
+end; end

data/lib/net/ssh/key_factory.rb

@@ -48,24 +48,37 @@ module Net; module SSH
       # encrypted (requiring a passphrase to use), the user will be
       # prompted to enter their password unless passphrase works. 
       def load_data_private_key(data, passphrase=nil, ask_passphrase=true, filename="")
-        if data.match(/-----BEGIN DSA PRIVATE KEY-----/)
-          key_type = OpenSSL::PKey::DSA
-        elsif data.match(/-----BEGIN RSA PRIVATE KEY-----/)
-          key_type = OpenSSL::PKey::RSA
-	elsif data.match(/-----BEGIN EC PRIVATE KEY-----/) && defined?(OpenSSL::PKey::EC)
-          key_type = OpenSSL::PKey::EC
-        elsif data.match(/-----BEGIN (.*) PRIVATE KEY-----/)
-          raise OpenSSL::PKey::PKeyError, "not a supported key type '#{$1}'"
+        if OpenSSL::PKey.respond_to?(:read)
+          pkey_read = true
+          error_class = ArgumentError
         else
-          raise OpenSSL::PKey::PKeyError, "not a private key (#{filename})"
+          pkey_read = false
+          if data.match(/-----BEGIN DSA PRIVATE KEY-----/)
+            key_type = OpenSSL::PKey::DSA
+            error_class = OpenSSL::PKey::DSAError
+          elsif data.match(/-----BEGIN RSA PRIVATE KEY-----/)
+            key_type = OpenSSL::PKey::RSA
+            error_class = OpenSSL::PKey::RSAError
+          elsif data.match(/-----BEGIN EC PRIVATE KEY-----/) && defined?(OpenSSL::PKey::EC)
+            key_type = OpenSSL::PKey::EC
+            error_class = OpenSSL::PKey::RCError
+          elsif data.match(/-----BEGIN (.+) PRIVATE KEY-----/)
+            raise OpenSSL::PKey::PKeyError, "not a supported key type '#{$1}'"
+          else
+            raise OpenSSL::PKey::PKeyError, "not a private key (#{filename})"
+          end
         end
 
         encrypted_key = data.match(/ENCRYPTED/)
         tries = 0
 
         begin
-          return key_type.new(data, passphrase || 'invalid')
-        rescue OpenSSL::PKey::RSAError, OpenSSL::PKey::DSAError, OpenSSL::PKey::ECError => e
+          if pkey_read
+            return OpenSSL::PKey.read(data, passphrase || 'invalid')
+          else
+            return key_type.new(data, passphrase || 'invalid')
+          end
+        rescue error_class
           if encrypted_key && ask_passphrase
             tries += 1
             if tries <= 3

data/lib/net/ssh/service/forward.rb

@@ -57,7 +57,7 @@ module Net; module SSH; module Service
       local_port_type = :long
 
       socket = begin
-        if args.first.class == UNIXServer
+        if defined?(UNIXServer) and args.first.class == UNIXServer
           local_port_type = :string
           args.shift
         else

data/lib/net/ssh/transport/packet_stream.rb

@@ -120,18 +120,18 @@ module Net; module SSH; module Transport
       payload = client.compress(payload)
 
       # the length of the packet, minus the padding
-      actual_length = 4 + payload.length + 1
+      actual_length = 4 + payload.bytesize + 1
 
       # compute the padding length
       padding_length = client.block_size - (actual_length % client.block_size)
       padding_length += client.block_size if padding_length < 4
 
       # compute the packet length (sans the length field itself)
-      packet_length = payload.length + padding_length + 1
+      packet_length = payload.bytesize + padding_length + 1
 
       if packet_length < 16
         padding_length += client.block_size
-        packet_length = payload.length + padding_length + 1
+        packet_length = payload.bytesize + padding_length + 1
       end
 
       padding = Array.new(padding_length) { rand(256) }.pack("C*")

data/lib/net/ssh/transport/session.rb

@@ -9,6 +9,7 @@ require 'net/ssh/transport/constants'
 require 'net/ssh/transport/packet_stream'
 require 'net/ssh/transport/server_version'
 require 'net/ssh/verifiers/null'
+require 'net/ssh/verifiers/secure'
 require 'net/ssh/verifiers/strict'
 require 'net/ssh/verifiers/lenient'
 
@@ -255,8 +256,9 @@ module Net; module SSH; module Transport
       # Instantiates a new host-key verification class, based on the value of
       # the parameter. When true or nil, the default Lenient verifier is
       # returned. If it is false, the Null verifier is returned, and if it is
-      # :very, the Strict verifier is returned. If the argument happens to
-      # respond to :verify, it is returned directly. Otherwise, an exception
+      # :very, the Strict verifier is returned. If it is :secure, the even more
+      # strict Secure verifier is returned. If the argument happens to respond
+      # to :verify, it is returned directly. Otherwise, an exception
       # is raised.
       def select_host_key_verifier(paranoid)
         case paranoid
@@ -266,6 +268,8 @@ module Net; module SSH; module Transport
           Net::SSH::Verifiers::Null.new
         when :very then
           Net::SSH::Verifiers::Strict.new
+        when :secure then
+          Net::SSH::Verifiers::Secure.new
         else
           if paranoid.respond_to?(:verify)
             paranoid

data/lib/net/ssh/verifiers/secure.rb

@@ -0,0 +1,54 @@
+require 'net/ssh/errors'
+require 'net/ssh/known_hosts'
+
+module Net; module SSH; module Verifiers
+
+  # Does a strict host verification, looking the server up in the known
+  # host files to see if a key has already been seen for this server. If this
+  # server does not appear in any host file, an exception will be raised
+  # (HostKeyUnknown). This is in contrast to the "Strict" class, which will
+  # silently add the key to your known_hosts file. If the server does appear at
+  # least once, but the key given does not match any known for the server, an
+  # exception will be raised (HostKeyMismatch).
+  # Otherwise, this returns true.
+  class Secure
+    def verify(arguments)
+      options = arguments[:session].options
+      host = options[:host_key_alias] || arguments[:session].host_as_string
+      matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options)
+
+      # We've never seen this host before, so raise an exception.
+      if matches.empty?
+        process_cache_miss(host, arguments, HostKeyUnknown, "is unknown")
+      end
+
+      # If we found any matches, check to see that the key type and
+      # blob also match.
+      found = matches.any? do |key|
+        key.ssh_type == arguments[:key].ssh_type &&
+        key.to_blob  == arguments[:key].to_blob
+      end
+
+      # If a match was found, return true. Otherwise, raise an exception
+      # indicating that the key was not recognized.
+      unless found
+        process_cache_miss(host, arguments, HostKeyMismatch, "does not match")
+      end
+
+      found
+    end
+
+    private
+
+    def process_cache_miss(host, args, exc_class, message)
+      exception = exc_class.new("fingerprint #{args[:fingerprint]} " +
+                                "#{message} for #{host.inspect}")
+      exception.data = args
+      exception.callback = Proc.new do
+        Net::SSH::KnownHosts.add(host, args[:key], args[:session].options)
+      end
+      raise exception
+    end
+  end
+
+end; end; end

data/lib/net/ssh/verifiers/strict.rb

@@ -1,5 +1,6 @@
 require 'net/ssh/errors'
 require 'net/ssh/known_hosts'
+require 'net/ssh/verifiers/secure'
 
 module Net; module SSH; module Verifiers
 
@@ -9,45 +10,15 @@ module Net; module SSH; module Verifiers
   # server. If the server does appear at least once, but the key given does
   # not match any known for the server, an exception will be raised (HostKeyMismatch).
   # Otherwise, this returns true.
-  class Strict
+  class Strict < Secure
     def verify(arguments)
-      options = arguments[:session].options
-      host = options[:host_key_alias] || arguments[:session].host_as_string
-      matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options)
-
-      # we've never seen this host before, so just automatically add the key.
-      # not the most secure option (since the first hit might be the one that
-      # is hacked), but since almost nobody actually compares the key
-      # fingerprint, this is a reasonable compromise between usability and
-      # security.
-      if matches.empty?
-        ip = arguments[:session].peer[:ip]
-        Net::SSH::KnownHosts.add(host, arguments[:key], arguments[:session].options)
+      begin
+        super
+      rescue HostKeyUnknown => err
+        err.remember_host!
         return true
       end
-
-      # If we found any matches, check to see that the key type and
-      # blob also match.
-      found = matches.any? do |key|
-        key.ssh_type == arguments[:key].ssh_type &&
-        key.to_blob  == arguments[:key].to_blob
-      end
-
-      # If a match was found, return true. Otherwise, raise an exception
-      # indicating that the key was not recognized.
-      found || process_cache_miss(host, arguments)
     end
-
-    private
-
-      def process_cache_miss(host, args)
-        exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{host.inspect}")
-        exception.data = args
-        exception.callback = Proc.new do
-          Net::SSH::KnownHosts.add(host, args[:key], args[:session].options)
-        end
-        raise exception
-      end
   end
 
-end; end; end
+end; end; end

data/lib/net/ssh/version.rb

@@ -48,10 +48,10 @@ module Net; module SSH
     MAJOR = 2
 
     # The minor component of this version of the Net::SSH library
-    MINOR = 5
+    MINOR = 6
 
     # The tiny component of this version of the Net::SSH library
-    TINY  = 2 
+    TINY  = 0 
 
     # The current version of the Net::SSH library as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/net-ssh.gemspec

@@ -1,7 +1,7 @@
 @spec = Gem::Specification.new do |s|
   s.name = "net-ssh"
   s.rubyforge_project = 'net-ssh'
-  s.version = "2.5.2"
+  s.version = "2.6.0"
   s.summary = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
   s.description = s.summary + " It allows you to write programs that invoke and interact with processes on remote servers, via SSH2."
   s.authors = ["Jamis Buck", "Delano Mandelbaum"]
@@ -14,12 +14,10 @@
   s.require_paths = %w[lib]
   s.rubygems_version = '1.3.2'
 
-  if RUBY_PLATFORM == "java"
-    # This has two flavours with java one actually doing something and other
-    # one just raising error. This is a workaround for no ability to specify
-    # platform specific dependencies in gemspecs.
-    s.add_dependency 'jruby-pageant', ">=1.0.2"
-  end
+  # This has two flavours with java one actually doing something and other
+  # one just raising error. This is a workaround for no ability to specify
+  # platform specific dependencies in gemspecs.
+  s.add_dependency 'jruby-pageant', ">=1.1.1"
 
   s.executables = %w[]
 
@@ -107,6 +105,7 @@
   lib/net/ssh/transport/state.rb
   lib/net/ssh/verifiers/lenient.rb
   lib/net/ssh/verifiers/null.rb
+  lib/net/ssh/verifiers/secure.rb
   lib/net/ssh/verifiers/strict.rb
   lib/net/ssh/version.rb
   net-ssh.gemspec

data/test/authentication/test_session.rb

@@ -8,7 +8,7 @@ module Authentication
     include Net::SSH::Authentication::Constants
 
     def test_constructor_should_set_defaults
-      assert_equal %w(publickey hostbased password keyboard-interactive), session.auth_methods
+      assert_equal %w(none publickey hostbased password keyboard-interactive), session.auth_methods
       assert_equal session.auth_methods, session.allowed_auth_methods
     end
 
@@ -21,6 +21,7 @@ module Authentication
 
       Net::SSH::Authentication::Methods::Publickey.any_instance.expects(:authenticate).with("next service", "username", "password").raises(Net::SSH::Authentication::DisallowedMethod)
       Net::SSH::Authentication::Methods::Hostbased.any_instance.expects(:authenticate).with("next service", "username", "password").returns(true)
+      Net::SSH::Authentication::Methods::None.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
 
       assert session.authenticate("next service", "username", "password")
     end
@@ -46,7 +47,8 @@ module Authentication
       Net::SSH::Authentication::Methods::Hostbased.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
       Net::SSH::Authentication::Methods::Password.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
       Net::SSH::Authentication::Methods::KeyboardInteractive.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
-
+      Net::SSH::Authentication::Methods::None.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
+      
       assert_equal false, session.authenticate("next service", "username", "password")
     end
 

data/test/manual/test_forward.rb

@@ -128,7 +128,7 @@ class TestForward < Test::Unit::TestCase
     tempfile.delete
     yield UNIXServer.open(path)
     File.delete(path)
-  end
+  end if defined?(UNIXServer)
   
   def test_forward_local_unix_socket_to_remote_port
     session = Net::SSH.start(*ssh_start_params) 
@@ -157,7 +157,7 @@ class TestForward < Test::Unit::TestCase
 
     assert_not_nil(client_data, "client should have received data")
     assert(client_data.match(/item\d/), 'client should have received the string item')
-  end
+  end if defined?(UNIXSocket)
 
   def test_loop_should_not_abort_when_server_side_of_forward_is_closed
     session = Net::SSH.start(*ssh_start_params)    

data/test/test_buffer.rb

@@ -29,6 +29,11 @@ class TestBuffer < Test::Unit::TestCase
     assert_equal "\1\2\3\4\5", buffer.to_s
   end
 
+  def test_from_should_measure_bytesize_of_utf_8_string_correctly
+    buffer = Net::SSH::Buffer.from(:string, "\u2603") # Snowman is 3 bytes
+    assert_equal "\0\0\0\3\u2603", buffer.to_s
+  end
+
   def test_read_without_argument_should_read_to_end
     buffer = new("hello world")
     assert_equal "hello world", buffer.read

data/test/test_key_factory.rb

@@ -41,13 +41,23 @@ class TestKeyFactory < Test::Unit::TestCase
   def test_load_encrypted_private_key_should_give_three_tries_for_the_password_and_then_raise_exception
     File.expects(:read).with(@key_file).returns(encrypted(rsa_key, "password"))
     Net::SSH::KeyFactory.expects(:prompt).times(3).with("Enter passphrase for #{@key_file}:", false).returns("passwod","passphrase","passwd")
-    assert_raises(OpenSSL::PKey::RSAError) { Net::SSH::KeyFactory.load_private_key(@key_file) }
+    if OpenSSL::PKey.respond_to?(:read)
+      error_class = ArgumentError
+    else
+      error_class = OpenSSL::PKey::RSAError
+    end
+    assert_raises(error_class) { Net::SSH::KeyFactory.load_private_key(@key_file) }
   end
 
   def test_load_encrypted_private_key_should_raise_exception_without_asking_passphrase
     File.expects(:read).with(@key_file).returns(encrypted(rsa_key, "password"))
     Net::SSH::KeyFactory.expects(:prompt).never
-    assert_raises(OpenSSL::PKey::RSAError) { Net::SSH::KeyFactory.load_private_key(@key_file, nil, false) }
+    if OpenSSL::PKey.respond_to?(:read)
+      error_class = ArgumentError
+    else
+      error_class = OpenSSL::PKey::RSAError
+    end
+    assert_raises(error_class) { Net::SSH::KeyFactory.load_private_key(@key_file, nil, false) }
   end
 
   def test_load_public_rsa_key_should_return_key
@@ -83,6 +93,15 @@ class TestKeyFactory < Test::Unit::TestCase
     end
   end
 
+  def test_load_anonymous_private_key_should_return_key_or_raise_exception
+    File.expects(:read).with(@key_file).returns(anonymous_private_key)
+    if OpenSSL::PKey.respond_to?(:read)
+      assert_equal OpenSSL::PKey::RSA.new(anonymous_private_key).to_der, Net::SSH::KeyFactory.load_private_key(@key_file).to_der
+    else
+      assert_raises(OpenSSL::PKey::PKeyError) { Net::SSH::KeyFactory.load_private_key(@key_file) }
+    end
+  end
+
   private
 
     def rsa_key
@@ -109,6 +128,39 @@ class TestKeyFactory < Test::Unit::TestCase
       end
     end
 
+    def anonymous_private_key
+      @anonymous_key = <<-EOF
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC3id5gZ6bglJth
+yli8JNaRxhsqKwwPlReEI/mplzz5IP6gWQ92LogXbdBXtHf9ZpA53BeLmtcNBEY0
+Ygd7sPBhlHABS5D5///zltSSX2+L5GCEiC6dpfGsySjqymWF+SZ2PaqfZbkWLmCD
+9u4ysueaHf7xbF6txGprNp69efttWxdy+vU5tno7HVxemMZQUalpShFrdAYKKXEo
+cV7MtbkQjzubS14gaWGpWCXIl9uNKQeHpLKtre1Qn5Ft/zVpCHmhLQcYDuB1LAj9
+7eoev4rIiOE2sfdkvKDlmFxvzq3myYH4o27WwAg9OZ5SBusn2zesKkRCBBEZ55rl
+uVknOGHXAgMBAAECggEAZE0U2OxsNxkfXS6+lXswQ5PW7pF90towcsdSPgrniGIu
+pKRnHbfKKbuaewOl+zZcpTIRL/rbgUKPtzrHSiJlC36aQyrvvJ/ZWV5ZJvC+vd19
+nY/qob65NyrrkHwxRSjmiwGiR9/IaUXI+vUsMUqx5Ph1hawqhZ3sZlEAKR4LeDO8
+M+OguG77jLaqj5/SNfi+GwyUDe85de4VfEG4S9HrMQk2Cp66rx0BqDnCLacyFQaI
+R0VczMXTU52q0uETmgUr8G9A1SaRc5ZWKAfZwxJTvqdIImWC9E+CY7wm+mZD4FE6
+iVzVC0ngcdEd596kTDdU2BPVMluWzLkfqIrTt/5CeQKBgQDzgRzCPNxFtai6RAIi
+ekBSHqrDnrbeTaw32GVq5ACk1Zfk2I0svctz1iQ9qJ2SRINpygQhcyJKQ4r/LXi1
+7Av9H/d6QV4T2AZzS4WcqBkxxRXFUfARtnKChzuCzNt9tNz4EZiv75RyQmztGZjV
+i94+ZvCyqup5be4Svf4MBxin9QKBgQDA9P4nHzFWZakTMei78LGb/4Auc+r0rZp7
+8xg8Z92tvrDeJjMdesdhiFrPP1qiSYHnQ81MSWpn6BycBsHZqitejQmYnYput/s4
+qG+m7SrkN8WL6rijYsbB+U14VDjMlBlOgcEgjlSNU2oeS+68u+uVI/fgyXcXn4Jq
+33TSWSgfGwKBgA2tRdE/G9wqfOShZ0FKfoxePpcoNfs8f5zPYbrkPYkEmjh3VU6b
+Bm9mKrjv3JHXmU3608qRLe7f5lG42xvUu0OnZP4P59nTe2FEb6fB5VBfUn63wHUu
+OzZLpDMPkJB59SNV0a6oFT1pr7aNhoEQDxaQL5rJcMwLOaEB3OAOEft1AoGASz7+
+4Zi7b7rDPVYIMUpCqNfxT6wqovIUPWPmPqAuhXPIm0kAQ+2+VN2MtCc7m+/Ydawu
+IiK7GPweNAY6kDxZH00WweolstmSYVzl9Y2lXUwWgGKvUB/T7I7g1Bzb7YOPftsA
+ykZW2Kn/xwLLfdQ2oXleT82g4Jh2jmDHuMPF7qMCgYEA6QF45PvOgnrJessgmwO/
+dEmkLl07PQYJPGZLaZteuWrvfMrn+AiW5aAdHzhzNaOtNy5B3T7zGUHtgxXegqgd
+/QdCVCJgnZUO/zdAxkr22dDn+WEXkL4wgBVStQvvnQp9C2NJcoOExvex5PLzKWQg
+WEKt5v3QsUEgVrzkM4K9UbI=
+-----END PRIVATE KEY-----
+      EOF
+    end
+
     def encrypted(key, password)
       key.export(OpenSSL::Cipher::Cipher.new("des-ede3-cbc"), password)
     end

data/test/transport/test_packet_stream.rb

@@ -165,6 +165,14 @@ module Transport
       assert_equal 24, stream.write_buffer.length
     end
 
+    def test_enqueue_utf_8_packet_should_ensure_packet_length_is_in_bytes_and_multiple_of_block_length
+      packet = Net::SSH::Buffer.from(:string, "\u2603") # Snowman is 3 bytes
+      stream.enqueue_packet(packet)
+      # When bytesize is measured wrong using length, the result is off by 2.
+      # With length instead of bytesize, you get 26 length buffer.
+      assert_equal 0, stream.write_buffer.length % 8
+    end
+
     PACKETS = {
       "3des-cbc" => {
         "hmac-md5" => {

data/test/transport/test_session.rb

@@ -28,6 +28,10 @@ module Transport
       assert_instance_of Net::SSH::Verifiers::Strict, session(:paranoid => :very).host_key_verifier
     end
 
+    def test_paranoid_secure_uses_secure_verifier
+      assert_instance_of Net::SSH::Verifiers::Secure, session(:paranoid => :secure).host_key_verifier
+    end
+
     def test_paranoid_false_uses_null_verifier
       assert_instance_of Net::SSH::Verifiers::Null, session(:paranoid => false).host_key_verifier
     end
@@ -312,4 +316,4 @@ module Transport
       alias session! session
   end
 
-end
+end

metadata

@@ -1,31 +1,40 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: net-ssh
-version: !ruby/object:Gem::Version 
+version: !ruby/object:Gem::Version
+  version: 2.6.0
   prerelease: 
-  version: 2.5.2
 platform: ruby
-authors: 
+authors:
 - Jamis Buck
 - Delano Mandelbaum
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-05-25 00:00:00 Z
-dependencies: []
-
-description: "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2."
-email: 
+date: 2012-09-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jruby-pageant
+  requirement: &70132399474300 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: *70132399474300
+description: ! 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.
+  It allows you to write programs that invoke and interact with processes on remote
+  servers, via SSH2.'
+email:
 - net-ssh@solutious.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - README.rdoc
 - THANKS.rdoc
 - CHANGELOG.rdoc
-files: 
+files:
 - CHANGELOG.rdoc
 - Manifest
 - README.rdoc
@@ -108,6 +117,7 @@ files:
 - lib/net/ssh/transport/state.rb
 - lib/net/ssh/verifiers/lenient.rb
 - lib/net/ssh/verifiers/null.rb
+- lib/net/ssh/verifiers/secure.rb
 - lib/net/ssh/verifiers/strict.rb
 - lib/net/ssh/version.rb
 - net-ssh.gemspec
@@ -170,34 +180,31 @@ files:
 - test/transport/test_state.rb
 homepage: http://github.com/net-ssh/net-ssh
 licenses: []
-
 post_install_message: 
-rdoc_options: 
+rdoc_options:
 - --line-numbers
 - --title
-- "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
+- ! 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'
 - --main
 - README.rdoc
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: net-ssh
 rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
-summary: "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
+summary: ! 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'
 test_files: []
-