net-ssh 2.7.0 → 7.3.0

data/lib/net/ssh.rb

@@ -3,6 +3,8 @@
 ENV['HOME'] ||= ENV['HOMEPATH'] ? "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}" : Dir.pwd
 
 require 'logger'
+require 'etc'
+require 'shellwords'
 
 require 'net/ssh/config'
 require 'net/ssh/errors'
@@ -10,9 +12,9 @@ require 'net/ssh/loggable'
 require 'net/ssh/transport/session'
 require 'net/ssh/authentication/session'
 require 'net/ssh/connection/session'
+require 'net/ssh/prompt'
 
 module Net
-
   # Net::SSH is a library for interacting, programmatically, with remote
   # processes via the SSH2 protocol. Sessions are always initiated via
   # Net::SSH.start. From there, a program interacts with the new SSH session
@@ -39,36 +41,39 @@ module Net
   #
   # == X == "execute a command and capture the output"
   #
-  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #   Net::SSH.start("host", "user", password: "password") do |ssh|
   #     result = ssh.exec!("ls -l")
   #     puts result
   #   end
   #
   # == X == "forward connections on a local port to a remote host"
   #
-  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #   Net::SSH.start("host", "user", password: "password") do |ssh|
   #     ssh.forward.local(1234, "www.google.com", 80)
   #     ssh.loop { true }
   #   end
   #
   # == X == "forward connections on a remote port to the local host"
   #
-  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #   Net::SSH.start("host", "user", password: "password") do |ssh|
   #     ssh.forward.remote(80, "www.google.com", 1234)
   #     ssh.loop { true }
   #   end
   module SSH
     # This is the set of options that Net::SSH.start recognizes. See
     # Net::SSH.start for a description of each option.
-    VALID_OPTIONS = [
-      :auth_methods, :bind_address, :compression, :compression_level, :config,
-      :encryption, :forward_agent, :hmac, :host_key,
-      :keepalive, :keepalive_interval, :kex, :keys, :key_data,
-      :languages, :logger, :paranoid, :password, :port, :proxy,
-      :rekey_blocks_limit,:rekey_limit, :rekey_packet_limit, :timeout, :verbose,
-      :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
-      :host_name, :user, :properties, :passphrase, :keys_only, :max_pkt_size,
-      :max_win_size, :send_env
+    VALID_OPTIONS = %i[
+      auth_methods bind_address compression compression_level config
+      encryption forward_agent hmac host_key identity_agent remote_user
+      keepalive keepalive_interval keepalive_maxcount kex keys key_data
+      keycerts keycert_data languages logger paranoid password port proxy
+      rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
+      known_hosts global_known_hosts_file user_known_hosts_file host_key_alias
+      host_name user properties passphrase keys_only max_pkt_size
+      max_win_size send_env set_env use_agent number_of_password_prompts
+      append_all_supported_algorithms non_interactive password_prompt
+      agent_socket_factory minimum_dh_bits verify_host_key
+      fingerprint_hash check_host_ip pubkey_algorithms
     ]
 
     # The standard means of starting a new SSH connection. When used with a
@@ -103,6 +108,8 @@ module Net
     # * :bind_address => the IP address on the connecting machine to use in
     #   establishing connection. (:bind_address is discarded if :proxy
     #   is set.)
+    # * :check_host_ip => Also ckeck IP address when connecting to remote host.
+    #   Defaults to +true+.
     # * :compression => the compression algorithm to use, or +true+ to use
     #   whatever is supported.
     # * :compression_level => the compression level to use when sending data
@@ -113,9 +120,11 @@ module Net
     # * :encryption => the encryption cipher (or ciphers) to use
     # * :forward_agent => set to true if you want the SSH agent connection to
     #   be forwarded
+    # * :known_hosts => a custom object holding known hosts records.
+    #   It must implement #search_for and `add` in a similiar manner as KnownHosts.
     # * :global_known_hosts_file => the location of the global known hosts
     #   file. Set to an array if you want to specify multiple global known
-    #   hosts files. Defaults to %w(/etc/ssh/known_hosts /etc/ssh/known_hosts2).
+    #   hosts files. Defaults to %w(/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2).
     # * :hmac => the hmac algorithm (or algorithms) to use
     # * :host_key => the host key algorithm (or algorithms) to use
     # * :host_key_alias => the host name to use when looking up or adding a
@@ -125,14 +134,20 @@ module Net
     #   specified in an SSH configuration file. It lets you specify an
     #   "alias", similarly to adding an entry in /etc/hosts but without needing
     #   to modify /etc/hosts.
-    #   :keepalive => set to +true+ to send a keepalive packet to the SSH server
+    # * :keepalive => set to +true+ to send a keepalive packet to the SSH server
     #   when there's no traffic between the SSH server and Net::SSH client for
     #   the keepalive_interval seconds. Defaults to +false+.
-    #   :keepalive_interval => the interval seconds for keepalive.
+    # * :keepalive_interval => the interval seconds for keepalive.
     #   Defaults to +300+ seconds.
+    # * :keepalive_maxcount => the maximun number of keepalive packet miss allowed.
+    #   Defaults to 3
     # * :kex => the key exchange algorithm (or algorithms) to use
     # * :keys => an array of file names of private keys to use for publickey
     #   and hostbased authentication
+    # * :keycerts => an array of file names of key certificates to use
+    #    with publickey authentication
+    # * :keycert_data => an array of strings, which each element of the array
+    #   being a key certificate to use with publickey authentication
     # * :key_data => an array of strings, with each element of the array being
     #   a raw private key in PEM format.
     # * :keys_only => set to +true+ to use only private keys from +keys+ and
@@ -145,8 +160,11 @@ module Net
     #   for better performance if your SSH server supports it (most do).
     # * :max_win_size => maximum size we tell the other side that is supported for
     #   the window.
-    # * :paranoid => either false, true, :very, or :secure specifying how
-    #   strict host-key verification should be (in increasing order here)
+    # * :non_interactive => set to true if your app is non interactive and prefers
+    #   authentication failure vs password prompt. Non-interactive applications
+    #   should set it to true to prefer failing a password/etc auth methods vs.
+    #   asking for password.
+    # * :paranoid => deprecated alias for :verify_host_key
     # * :passphrase => the passphrase to use when loading a private key (default
     #   is +nil+, for no passphrase)
     # * :password => the password to use to login
@@ -154,65 +172,107 @@ module Net
     # * :properties => a hash of key/value pairs to add to the new connection's
     #   properties (see Net::SSH::Connection::Session#properties)
     # * :proxy => a proxy instance (see Proxy) to use when connecting
+    # * :pubkey_algorithms => the public key authentication algorithms to use for
+    #   this connection. Valid values are 'rsa-sha2-256-cert-v01@openssh.com',
+    #   'ssh-rsa-cert-v01@openssh.com', 'rsa-sha2-256', 'ssh-rsa'. Currently, this
+    #   option is only used for RSA public key authentication and ignored for other
+    #   types.
     # * :rekey_blocks_limit => the max number of blocks to process before rekeying
     # * :rekey_limit => the max number of bytes to process before rekeying
     # * :rekey_packet_limit => the max number of packets to process before rekeying
     # * :send_env => an array of local environment variable names to export to the
     #   remote environment. Names may be given as String or Regexp.
+    # * :set_env => a hash of environment variable names and values to set to the
+    #   remote environment. Override the ones if specified in +send_env+.
     # * :timeout => how long to wait for the initial connection to be made
     # * :user => the user name to log in as; this overrides the +user+
     #   parameter, and is primarily only useful when provided via an SSH
     #   configuration file.
+    # * :remote_user => used for substitution into the '%r' part of a ProxyCommand
     # * :user_known_hosts_file => the location of the user known hosts file.
     #   Set to an array to specify multiple user known hosts files.
     #   Defaults to %w(~/.ssh/known_hosts ~/.ssh/known_hosts2).
+    # * :use_agent => Set false to disable the use of ssh-agent. Defaults to
+    #   true
+    # * :identity_agent => the path to the ssh-agent's UNIX socket
     # * :verbose => how verbose to be (Logger verbosity constants, Logger::DEBUG
     #   is very verbose, Logger::FATAL is all but silent). Logger::FATAL is the
     #   default. The symbols :debug, :info, :warn, :error, and :fatal are also
     #   supported and are translated to the corresponding Logger constant.
-    def self.start(host, user, options={}, &block)
+    # * :append_all_supported_algorithms => set to +true+ to append all supported
+    #   algorithms by net-ssh. Was the default behaviour until 2.10
+    # * :number_of_password_prompts => Number of prompts for the password
+    #   authentication method defaults to 3 set to 0 to disable prompt for
+    #   password auth method
+    # * :password_prompt => a custom prompt object with ask method. See Net::SSH::Prompt
+    #
+    # * :agent_socket_factory => enables the user to pass a lambda/block that will serve as the socket factory
+    #    Net::SSH.start(host,user,agent_socket_factory: ->{ UNIXSocket.open('/foo/bar') })
+    #    example: ->{ UNIXSocket.open('/foo/bar')}
+    # * :verify_host_key => specify how strict host-key verification should be.
+    #   In order of increasing strictness:
+    #   * :never (very insecure) ::Net::SSH::Verifiers::Never
+    #   * :accept_new_or_local_tunnel (insecure) ::Net::SSH::Verifiers::AcceptNewOrLocalTunnel
+    #   * :accept_new (insecure) ::Net::SSH::Verifiers::AcceptNew
+    #   * :always (secure) ::Net::SSH::Verifiers::Always
+    #   You can also provide an own Object which responds to +verify+. The argument
+    #   given to +verify+ is a hash consisting of the +:key+, the +:key_blob+,
+    #   the +:fingerprint+ and the +:session+. Returning true accepts the host key,
+    #   returning false declines it and closes the connection.
+    # * :fingerprint_hash => 'MD5' or 'SHA256', defaults to 'SHA256'
+    # If +user+ parameter is nil it defaults to USER from ssh_config, or
+    # local username
+    def self.start(host, user = nil, options = {}, &block)
       invalid_options = options.keys - VALID_OPTIONS
       if invalid_options.any?
         raise ArgumentError, "invalid option(s): #{invalid_options.join(', ')}"
       end
 
+      assign_defaults(options)
+      _sanitize_options(options)
+
       options[:user] = user if user
       options = configuration_for(host, options.fetch(:config, true)).merge(options)
       host = options.fetch(:host_name, host)
 
-      if !options.key?(:logger)
-        options[:logger] = Logger.new(STDERR)
-        options[:logger].level = Logger::FATAL
+      options[:check_host_ip] = true unless options.key?(:check_host_ip)
+
+      if options[:non_interactive]
+        options[:number_of_password_prompts] = 0
       end
 
+      _support_deprecated_option_paranoid(options)
+
       if options[:verbose]
         options[:logger].level = case options[:verbose]
-          when Fixnum then options[:verbose]
-          when :debug then Logger::DEBUG
-          when :info  then Logger::INFO
-          when :warn  then Logger::WARN
-          when :error then Logger::ERROR
-          when :fatal then Logger::FATAL
-          else raise ArgumentError, "can't convert #{options[:verbose].inspect} to any of the Logger level constants"
-        end
+                                 when Integer then options[:verbose]
+                                 when :debug then Logger::DEBUG
+                                 when :info  then Logger::INFO
+                                 when :warn  then Logger::WARN
+                                 when :error then Logger::ERROR
+                                 when :fatal then Logger::FATAL
+                                 else raise ArgumentError, "can't convert #{options[:verbose].inspect} to any of the Logger level constants"
+                                 end
       end
 
       transport = Transport::Session.new(host, options)
       auth = Authentication::Session.new(transport, options)
 
-      user = options.fetch(:user, user)
+      user = options.fetch(:user, user) || Etc.getpwuid.name
       if auth.authenticate("ssh-connection", user, options[:password])
         connection = Connection::Session.new(transport, options)
         if block_given?
-          retval = yield connection
-          connection.close
-          retval
+          begin
+            yield connection
+          ensure
+            connection.close unless connection.closed?
+          end
         else
           return connection
         end
       else
         transport.close
-        raise AuthenticationFailed, user
+        raise AuthenticationFailed, "Authentication failed for user #{user}@#{host}"
       end
     end
 
@@ -225,14 +285,54 @@ module Net
     # to read.
     #
     # See Net::SSH::Config for the full description of all supported options.
-    def self.configuration_for(host, use_ssh_config=true)
+    def self.configuration_for(host, use_ssh_config)
       files = case use_ssh_config
-        when true then Net::SSH::Config.default_files
-        when false, nil then return {}
-        else Array(use_ssh_config)
-        end
+              when true then Net::SSH::Config.expandable_default_files
+              when false, nil then return {}
+              else Array(use_ssh_config)
+              end
 
       Net::SSH::Config.for(host, files)
     end
+
+    def self.assign_defaults(options)
+      if !options[:logger]
+        options[:logger] = Logger.new(STDERR)
+        options[:logger].level = Logger::FATAL
+      end
+
+      options[:password_prompt] ||= Prompt.default(options)
+
+      %i[password passphrase].each do |key|
+        options.delete(key) if options.key?(key) && options[key].nil?
+      end
+    end
+
+    def self._sanitize_options(options)
+      invalid_option_values = [nil, [nil]]
+      unless (options.values & invalid_option_values).empty?
+        nil_options = options.select { |_k, v| invalid_option_values.include?(v) }.map(&:first)
+        Kernel.warn "#{caller_locations(2, 1)[0]}: Passing nil, or [nil] to Net::SSH.start is deprecated for keys: #{nil_options.join(', ')}"
+      end
+    end
+    private_class_method :_sanitize_options
+
+    def self._support_deprecated_option_paranoid(options)
+      if options.key?(:paranoid)
+        Kernel.warn(
+          ":paranoid is deprecated, please use :verify_host_key. Supported " \
+          "values are exactly the same, only the name of the option has changed."
+        )
+        if options.key?(:verify_host_key)
+          Kernel.warn(
+            "Both :paranoid and :verify_host_key were specified. " \
+            ":verify_host_key takes precedence, :paranoid will be ignored."
+          )
+        else
+          options[:verify_host_key] = options.delete(:paranoid)
+        end
+      end
+    end
+    private_class_method :_support_deprecated_option_paranoid
   end
 end

data/net-ssh-public_cert.pem

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMQ8wDQYDVQQDDAZuZXRz
+c2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZFgNj
+b20wHhcNMjQwNDAxMDk1NjIxWhcNMjUwNDAxMDk1NjIxWjBBMQ8wDQYDVQQDDAZu
+ZXRzc2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZ
+FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJ4TbZ9H+qZ08
+pQfJhPJTHaDCyQvCsKTFrL5O9z3tllQ7B/zksMMM+qFBpNYu9HCcg4yBATacE/PB
+qVVyUrpr6lbH/XwoN5ljXm+bdCfmnjZvTCL2FTE6o+bcnaF0IsJyC0Q2B1fbWdXN
+6Off1ZWoUk6We2BIM1bn6QJLxBpGyYhvOPXsYoqSuzDf2SJDDsWFZ8kV5ON13Ohm
+JbBzn0oD8HF8FuYOewwsC0C1q4w7E5GtvHcQ5juweS7+RKsyDcVcVrLuNzoGRttS
+KP4yMn+TzaXijyjRg7gECfJr3TGASaA4bQsILFGG5dAWcwO4OMrZedR7SHj/o0Kf
+3gL7P0axAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
+BBQF8qLA7Z4zg0SJGtUbv3eoQ8tjIzAfBgNVHREEGDAWgRRuZXRzc2hAc29sdXRp
+b3VzLmNvbTAfBgNVHRIEGDAWgRRuZXRzc2hAc29sdXRpb3VzLmNvbTANBgkqhkiG
+9w0BAQsFAAOCAQEAfY2WbsBKwRtBep4l+Y2/84H1BKH9UVOsFxqQzYkvM2LFDyup
+UkjYf8nPSjg3mquhaiA5KSoSVUPpNDfQo+UvY3+mlxRs96ttWiUGwz27fy82rx1B
+ZnfKjsWOntemNON6asOD0mtv0xsNBfOB2VNIKW/uqHsiPpa0OaVy5uENhX+5OFan
+2P1Uy+WcMiv38RlRkn4cdEIZUFupDgKFsguYlaJy473/wsae4exUgc5bvi3Splob
+1uE/LmB/qWBVSNW8e9KDtJynhDDZBlpESyQHFQCZj6UapzxlnC46LaDncPoAtJPc
+MlWxJ8mKghIcyXc5y4cSyGypNG5BralqnvQUyg==
+-----END CERTIFICATE-----

data/net-ssh.gemspec

@@ -1,192 +1,47 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
-# -*- encoding: utf-8 -*-
+require_relative 'lib/net/ssh/version'
 
-Gem::Specification.new do |s|
-  s.name = "net-ssh"
-  s.version = "2.7.0"
+Gem::Specification.new do |spec|
+  spec.name          = "net-ssh"
+  spec.version       = Net::SSH::Version::STRING
+  spec.authors       = ["Jamis Buck", "Delano Mandelbaum", "Mikl\u{f3}s Fazekas"]
+  spec.email         = ["net-ssh@solutious.com"]
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Jamis Buck", "Delano Mandelbaum"]
-  s.date = "2013-09-11"
-  s.description = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2."
-  s.email = "net-ssh@solutious.com"
-  s.extra_rdoc_files = [
-    "LICENSE.txt",
-    "README.rdoc"
-  ]
-  s.files = [
-    "CHANGES.txt",
+  if ENV['NET_SSH_BUILDGEM_SIGNED']
+    spec.cert_chain = ["net-ssh-public_cert.pem"]
+    spec.signing_key = "/mnt/gem/net-ssh-private_key.pem"
+  end
+
+  spec.summary       = %q{Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.}
+  spec.description   = %q{Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.}
+  spec.homepage      = "https://github.com/net-ssh/net-ssh"
+  spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.6")
+  spec.metadata = {
+    "changelog_uri" => "https://github.com/net-ssh/net-ssh/blob/master/CHANGES.txt"
+  }
+
+  spec.extra_rdoc_files = [
     "LICENSE.txt",
-    "Manifest",
-    "README.rdoc",
-    "Rakefile",
-    "Rudyfile",
-    "THANKS.txt",
-    "gem-public_cert.pem",
-    "lib/net/ssh.rb",
-    "lib/net/ssh/authentication/agent.rb",
-    "lib/net/ssh/authentication/agent/java_pageant.rb",
-    "lib/net/ssh/authentication/agent/socket.rb",
-    "lib/net/ssh/authentication/constants.rb",
-    "lib/net/ssh/authentication/key_manager.rb",
-    "lib/net/ssh/authentication/methods/abstract.rb",
-    "lib/net/ssh/authentication/methods/hostbased.rb",
-    "lib/net/ssh/authentication/methods/keyboard_interactive.rb",
-    "lib/net/ssh/authentication/methods/none.rb",
-    "lib/net/ssh/authentication/methods/password.rb",
-    "lib/net/ssh/authentication/methods/publickey.rb",
-    "lib/net/ssh/authentication/pageant.rb",
-    "lib/net/ssh/authentication/session.rb",
-    "lib/net/ssh/buffer.rb",
-    "lib/net/ssh/buffered_io.rb",
-    "lib/net/ssh/config.rb",
-    "lib/net/ssh/connection/channel.rb",
-    "lib/net/ssh/connection/constants.rb",
-    "lib/net/ssh/connection/session.rb",
-    "lib/net/ssh/connection/term.rb",
-    "lib/net/ssh/errors.rb",
-    "lib/net/ssh/key_factory.rb",
-    "lib/net/ssh/known_hosts.rb",
-    "lib/net/ssh/loggable.rb",
-    "lib/net/ssh/packet.rb",
-    "lib/net/ssh/prompt.rb",
-    "lib/net/ssh/proxy/command.rb",
-    "lib/net/ssh/proxy/errors.rb",
-    "lib/net/ssh/proxy/http.rb",
-    "lib/net/ssh/proxy/socks4.rb",
-    "lib/net/ssh/proxy/socks5.rb",
-    "lib/net/ssh/ruby_compat.rb",
-    "lib/net/ssh/service/forward.rb",
-    "lib/net/ssh/test.rb",
-    "lib/net/ssh/test/channel.rb",
-    "lib/net/ssh/test/extensions.rb",
-    "lib/net/ssh/test/kex.rb",
-    "lib/net/ssh/test/local_packet.rb",
-    "lib/net/ssh/test/packet.rb",
-    "lib/net/ssh/test/remote_packet.rb",
-    "lib/net/ssh/test/script.rb",
-    "lib/net/ssh/test/socket.rb",
-    "lib/net/ssh/transport/algorithms.rb",
-    "lib/net/ssh/transport/cipher_factory.rb",
-    "lib/net/ssh/transport/constants.rb",
-    "lib/net/ssh/transport/ctr.rb",
-    "lib/net/ssh/transport/hmac.rb",
-    "lib/net/ssh/transport/hmac/abstract.rb",
-    "lib/net/ssh/transport/hmac/md5.rb",
-    "lib/net/ssh/transport/hmac/md5_96.rb",
-    "lib/net/ssh/transport/hmac/none.rb",
-    "lib/net/ssh/transport/hmac/ripemd160.rb",
-    "lib/net/ssh/transport/hmac/sha1.rb",
-    "lib/net/ssh/transport/hmac/sha1_96.rb",
-    "lib/net/ssh/transport/hmac/sha2_256.rb",
-    "lib/net/ssh/transport/hmac/sha2_256_96.rb",
-    "lib/net/ssh/transport/hmac/sha2_512.rb",
-    "lib/net/ssh/transport/hmac/sha2_512_96.rb",
-    "lib/net/ssh/transport/identity_cipher.rb",
-    "lib/net/ssh/transport/kex.rb",
-    "lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb",
-    "lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb",
-    "lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb",
-    "lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb",
-    "lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb",
-    "lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb",
-    "lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb",
-    "lib/net/ssh/transport/key_expander.rb",
-    "lib/net/ssh/transport/openssl.rb",
-    "lib/net/ssh/transport/packet_stream.rb",
-    "lib/net/ssh/transport/server_version.rb",
-    "lib/net/ssh/transport/session.rb",
-    "lib/net/ssh/transport/state.rb",
-    "lib/net/ssh/verifiers/lenient.rb",
-    "lib/net/ssh/verifiers/null.rb",
-    "lib/net/ssh/verifiers/secure.rb",
-    "lib/net/ssh/verifiers/strict.rb",
-    "lib/net/ssh/version.rb",
-    "net-ssh.gemspec",
-    "setup.rb",
-    "support/arcfour_check.rb",
-    "support/ssh_tunnel_bug.rb",
-    "test/README.txt",
-    "test/authentication/methods/common.rb",
-    "test/authentication/methods/test_abstract.rb",
-    "test/authentication/methods/test_hostbased.rb",
-    "test/authentication/methods/test_keyboard_interactive.rb",
-    "test/authentication/methods/test_none.rb",
-    "test/authentication/methods/test_password.rb",
-    "test/authentication/methods/test_publickey.rb",
-    "test/authentication/test_agent.rb",
-    "test/authentication/test_key_manager.rb",
-    "test/authentication/test_session.rb",
-    "test/common.rb",
-    "test/configs/eqsign",
-    "test/configs/exact_match",
-    "test/configs/host_plus",
-    "test/configs/multihost",
-    "test/configs/nohost",
-    "test/configs/numeric_host",
-    "test/configs/send_env",
-    "test/configs/substitutes",
-    "test/configs/wild_cards",
-    "test/connection/test_channel.rb",
-    "test/connection/test_session.rb",
-    "test/known_hosts/github",
-    "test/manual/test_forward.rb",
-    "test/start/test_options.rb",
-    "test/start/test_transport.rb",
-    "test/test_all.rb",
-    "test/test_buffer.rb",
-    "test/test_buffered_io.rb",
-    "test/test_config.rb",
-    "test/test_key_factory.rb",
-    "test/test_known_hosts.rb",
-    "test/transport/hmac/test_md5.rb",
-    "test/transport/hmac/test_md5_96.rb",
-    "test/transport/hmac/test_none.rb",
-    "test/transport/hmac/test_ripemd160.rb",
-    "test/transport/hmac/test_sha1.rb",
-    "test/transport/hmac/test_sha1_96.rb",
-    "test/transport/hmac/test_sha2_256.rb",
-    "test/transport/hmac/test_sha2_256_96.rb",
-    "test/transport/hmac/test_sha2_512.rb",
-    "test/transport/hmac/test_sha2_512_96.rb",
-    "test/transport/kex/test_diffie_hellman_group14_sha1.rb",
-    "test/transport/kex/test_diffie_hellman_group1_sha1.rb",
-    "test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb",
-    "test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb",
-    "test/transport/kex/test_ecdh_sha2_nistp256.rb",
-    "test/transport/kex/test_ecdh_sha2_nistp384.rb",
-    "test/transport/kex/test_ecdh_sha2_nistp521.rb",
-    "test/transport/test_algorithms.rb",
-    "test/transport/test_cipher_factory.rb",
-    "test/transport/test_hmac.rb",
-    "test/transport/test_identity_cipher.rb",
-    "test/transport/test_packet_stream.rb",
-    "test/transport/test_server_version.rb",
-    "test/transport/test_session.rb",
-    "test/transport/test_state.rb"
+    "README.md"
   ]
-  s.homepage = "https://github.com/net-ssh/net-ssh"
-  s.licenses = ["MIT"]
-  s.require_paths = ["lib"]
-  s.rubyforge_project = "net-ssh"
-  s.rubygems_version = "1.8.25"
-  s.summary = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
 
-  if s.respond_to? :specification_version then
-    s.specification_version = 3
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
 
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_development_dependency(%q<test-unit>, [">= 0"])
-      s.add_development_dependency(%q<mocha>, [">= 0"])
-    else
-      s.add_dependency(%q<test-unit>, [">= 0"])
-      s.add_dependency(%q<mocha>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<test-unit>, [">= 0"])
-    s.add_dependency(%q<mocha>, [">= 0"])
+  unless ENV['NET_SSH_NO_ED25519']
+    spec.add_development_dependency("bcrypt_pbkdf", "~> 1.0") unless RUBY_PLATFORM == "java"
+    spec.add_development_dependency("ed25519", "~> 1.2")
+    spec.add_development_dependency('x25519') unless RUBY_PLATFORM == 'java'
   end
-end
 
+  spec.add_development_dependency('rbnacl', '~> 7.1') unless ENV['NET_SSH_NO_RBNACL']
+
+  spec.add_development_dependency "base64"
+  spec.add_development_dependency "bundler", ">= 1.17"
+  spec.add_development_dependency "minitest", "~> 5.19"
+  spec.add_development_dependency "mocha", "~> 2.1.0"
+  spec.add_development_dependency "rake", "~> 12.0"
+  spec.add_development_dependency "rubocop", "~> 1.28.0"
+end

data/support/ssh_tunnel_bug.rb

@@ -15,12 +15,12 @@
 #       visible_hostname netsshtest
 #     * Start squid squid -N -d 1 -D
 # * Run this script
-# * Configure browser proxy to use localhost with LOCAL_PORT. 
+# * Configure browser proxy to use localhost with LOCAL_PORT.
 # * Load any page, wait for it to load fully. If the page loads
 #   correctly, move on. If not, something needs to be corrected.
 # * Refresh the page several times. This should cause this
 #   script to failed with the error: "closed stream". You may
-#   need to try a few times. 
+#   need to try a few times.
 #
 
 require 'highline/import'
@@ -37,10 +37,10 @@ pass = ask("Password: ") { |q| q.echo = "*" }
 puts "Configure your browser proxy to localhost:#{LOCAL_PORT}"
 
 begin
-  session = Net::SSH.start(host, user, :password => pass)  
+  session = Net::SSH.start(host, user, password: pass)
   session.forward.local(LOCAL_PORT, host, PROXY_PORT)
-  session.loop{true}
-rescue => e
+  session.loop {true}
+rescue StandardError => e
   puts e.message
   puts e.backtrace
 end