net-ssh 2.9.2 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/.gitignore +6 -0
- data/.rubocop.yml +5 -0
- data/.rubocop_todo.yml +1129 -0
- data/.travis.yml +41 -5
- data/CHANGES.txt +133 -1
- data/Gemfile +13 -0
- data/Gemfile.norbnacl +10 -0
- data/Gemfile.norbnacl.lock +41 -0
- data/ISSUE_TEMPLATE.md +30 -0
- data/README.rdoc +26 -81
- data/Rakefile +63 -45
- data/appveyor.yml +51 -0
- data/lib/net/ssh/authentication/agent.rb +174 -14
- data/lib/net/ssh/authentication/ed25519.rb +137 -0
- data/lib/net/ssh/authentication/ed25519_loader.rb +21 -0
- data/lib/net/ssh/authentication/key_manager.rb +36 -30
- data/lib/net/ssh/authentication/methods/abstract.rb +4 -0
- data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +16 -9
- data/lib/net/ssh/authentication/methods/password.rb +17 -4
- data/lib/net/ssh/authentication/pageant.rb +166 -45
- data/lib/net/ssh/authentication/session.rb +3 -2
- data/lib/net/ssh/buffer.rb +49 -10
- data/lib/net/ssh/buffered_io.rb +17 -12
- data/lib/net/ssh/config.rb +39 -8
- data/lib/net/ssh/connection/channel.rb +42 -20
- data/lib/net/ssh/connection/event_loop.rb +114 -0
- data/lib/net/ssh/connection/keepalive.rb +2 -2
- data/lib/net/ssh/connection/session.rb +120 -34
- data/lib/net/ssh/errors.rb +6 -6
- data/lib/net/ssh/key_factory.rb +49 -43
- data/lib/net/ssh/known_hosts.rb +49 -3
- data/lib/net/ssh/prompt.rb +47 -78
- data/lib/net/ssh/proxy/command.rb +31 -5
- data/lib/net/ssh/proxy/http.rb +15 -11
- data/lib/net/ssh/proxy/https.rb +49 -0
- data/lib/net/ssh/proxy/socks4.rb +2 -1
- data/lib/net/ssh/proxy/socks5.rb +3 -2
- data/lib/net/ssh/ruby_compat.rb +2 -29
- data/lib/net/ssh/service/forward.rb +2 -2
- data/lib/net/ssh/test/channel.rb +7 -0
- data/lib/net/ssh/test/extensions.rb +17 -0
- data/lib/net/ssh/test/kex.rb +4 -4
- data/lib/net/ssh/test/packet.rb +18 -2
- data/lib/net/ssh/test/script.rb +16 -2
- data/lib/net/ssh/test/socket.rb +1 -1
- data/lib/net/ssh/test.rb +5 -5
- data/lib/net/ssh/transport/algorithms.rb +92 -75
- data/lib/net/ssh/transport/cipher_factory.rb +19 -26
- data/lib/net/ssh/transport/ctr.rb +7 -9
- data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +20 -9
- data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +5 -3
- data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +1 -1
- data/lib/net/ssh/transport/key_expander.rb +1 -0
- data/lib/net/ssh/transport/openssl.rb +1 -1
- data/lib/net/ssh/transport/packet_stream.rb +11 -3
- data/lib/net/ssh/transport/server_version.rb +13 -6
- data/lib/net/ssh/transport/session.rb +20 -10
- data/lib/net/ssh/transport/state.rb +1 -1
- data/lib/net/ssh/verifiers/secure.rb +8 -10
- data/lib/net/ssh/version.rb +4 -4
- data/lib/net/ssh.rb +62 -14
- data/net-ssh-public_cert.pem +19 -18
- data/net-ssh.gemspec +34 -194
- data/support/arcfour_check.rb +1 -1
- data/support/ssh_tunnel_bug.rb +1 -1
- data.tar.gz.sig +0 -0
- metadata +125 -109
- metadata.gz.sig +0 -0
- data/Rudyfile +0 -96
- data/lib/net/ssh/authentication/agent/java_pageant.rb +0 -85
- data/lib/net/ssh/authentication/agent/socket.rb +0 -178
- data/setup.rb +0 -1585
- data/test/README.txt +0 -47
- data/test/authentication/methods/common.rb +0 -28
- data/test/authentication/methods/test_abstract.rb +0 -51
- data/test/authentication/methods/test_hostbased.rb +0 -114
- data/test/authentication/methods/test_keyboard_interactive.rb +0 -100
- data/test/authentication/methods/test_none.rb +0 -41
- data/test/authentication/methods/test_password.rb +0 -95
- data/test/authentication/methods/test_publickey.rb +0 -148
- data/test/authentication/test_agent.rb +0 -224
- data/test/authentication/test_key_manager.rb +0 -227
- data/test/authentication/test_session.rb +0 -107
- data/test/common.rb +0 -108
- data/test/configs/auth_off +0 -5
- data/test/configs/auth_on +0 -4
- data/test/configs/empty +0 -0
- data/test/configs/eqsign +0 -3
- data/test/configs/exact_match +0 -8
- data/test/configs/host_plus +0 -10
- data/test/configs/multihost +0 -4
- data/test/configs/negative_match +0 -6
- data/test/configs/nohost +0 -19
- data/test/configs/numeric_host +0 -4
- data/test/configs/send_env +0 -2
- data/test/configs/substitutes +0 -8
- data/test/configs/wild_cards +0 -14
- data/test/connection/test_channel.rb +0 -467
- data/test/connection/test_session.rb +0 -543
- data/test/known_hosts/github +0 -1
- data/test/manual/test_forward.rb +0 -285
- data/test/manual/test_pageant.rb +0 -37
- data/test/start/test_connection.rb +0 -53
- data/test/start/test_options.rb +0 -43
- data/test/start/test_transport.rb +0 -28
- data/test/test_all.rb +0 -11
- data/test/test_buffer.rb +0 -433
- data/test/test_buffered_io.rb +0 -63
- data/test/test_config.rb +0 -221
- data/test/test_key_factory.rb +0 -191
- data/test/test_known_hosts.rb +0 -13
- data/test/transport/hmac/test_md5.rb +0 -41
- data/test/transport/hmac/test_md5_96.rb +0 -27
- data/test/transport/hmac/test_none.rb +0 -34
- data/test/transport/hmac/test_ripemd160.rb +0 -36
- data/test/transport/hmac/test_sha1.rb +0 -36
- data/test/transport/hmac/test_sha1_96.rb +0 -27
- data/test/transport/hmac/test_sha2_256.rb +0 -37
- data/test/transport/hmac/test_sha2_256_96.rb +0 -27
- data/test/transport/hmac/test_sha2_512.rb +0 -37
- data/test/transport/hmac/test_sha2_512_96.rb +0 -27
- data/test/transport/kex/test_diffie_hellman_group14_sha1.rb +0 -13
- data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +0 -146
- data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +0 -92
- data/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb +0 -34
- data/test/transport/kex/test_ecdh_sha2_nistp256.rb +0 -161
- data/test/transport/kex/test_ecdh_sha2_nistp384.rb +0 -38
- data/test/transport/kex/test_ecdh_sha2_nistp521.rb +0 -38
- data/test/transport/test_algorithms.rb +0 -324
- data/test/transport/test_cipher_factory.rb +0 -443
- data/test/transport/test_hmac.rb +0 -34
- data/test/transport/test_identity_cipher.rb +0 -40
- data/test/transport/test_packet_stream.rb +0 -1761
- data/test/transport/test_server_version.rb +0 -78
- data/test/transport/test_session.rb +0 -331
- data/test/transport/test_state.rb +0 -181
@@ -25,11 +25,11 @@ module Net; module SSH; module Transport
|
|
25
25
|
|
26
26
|
# Instantiates a new ServerVersion and immediately (and synchronously)
|
27
27
|
# negotiates the SSH protocol in effect, using the given socket.
|
28
|
-
def initialize(socket, logger)
|
28
|
+
def initialize(socket, logger, timeout = nil)
|
29
29
|
@header = ""
|
30
30
|
@version = nil
|
31
31
|
@logger = logger
|
32
|
-
negotiate!(socket)
|
32
|
+
negotiate!(socket, timeout)
|
33
33
|
end
|
34
34
|
|
35
35
|
private
|
@@ -37,9 +37,16 @@ module Net; module SSH; module Transport
|
|
37
37
|
# Negotiates the SSH protocol to use, via the given socket. If the server
|
38
38
|
# reports an incompatible SSH version (e.g., SSH1), this will raise an
|
39
39
|
# exception.
|
40
|
-
def negotiate!(socket)
|
40
|
+
def negotiate!(socket, timeout)
|
41
41
|
info { "negotiating protocol version" }
|
42
42
|
|
43
|
+
debug { "local is `#{PROTO_VERSION}'" }
|
44
|
+
socket.write "#{PROTO_VERSION}\r\n"
|
45
|
+
socket.flush
|
46
|
+
|
47
|
+
if timeout && !IO.select([socket], nil, nil, timeout)
|
48
|
+
raise Net::SSH::ConnectionTimeout, "timeout during server version negotiating"
|
49
|
+
end
|
43
50
|
loop do
|
44
51
|
@version = ""
|
45
52
|
loop do
|
@@ -63,9 +70,9 @@ module Net; module SSH; module Transport
|
|
63
70
|
raise Net::SSH::Exception, "incompatible SSH version `#{@version}'"
|
64
71
|
end
|
65
72
|
|
66
|
-
|
67
|
-
|
68
|
-
|
73
|
+
if timeout && !IO.select(nil, [socket], nil, timeout)
|
74
|
+
raise Net::SSH::ConnectionTimeout, "timeout during client version negotiating"
|
75
|
+
end
|
69
76
|
end
|
70
77
|
end
|
71
78
|
end; end; end
|
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'socket'
|
2
|
-
require 'timeout'
|
3
2
|
|
4
3
|
require 'net/ssh/errors'
|
5
4
|
require 'net/ssh/loggable'
|
@@ -63,14 +62,15 @@ module Net; module SSH; module Transport
|
|
63
62
|
@options = options
|
64
63
|
|
65
64
|
debug { "establishing connection to #{@host}:#{@port}" }
|
66
|
-
|
67
|
-
@socket =
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
65
|
+
|
66
|
+
@socket =
|
67
|
+
if (factory = options[:proxy])
|
68
|
+
factory.open(@host, @port, options)
|
69
|
+
else
|
70
|
+
Socket.tcp(@host, @port, @bind_address, nil,
|
71
|
+
connect_timeout: options[:timeout])
|
72
72
|
end
|
73
|
-
|
73
|
+
|
74
74
|
@socket.extend(PacketStream)
|
75
75
|
@socket.logger = @logger
|
76
76
|
|
@@ -81,10 +81,20 @@ module Net; module SSH; module Transport
|
|
81
81
|
@host_key_verifier = select_host_key_verifier(options[:paranoid])
|
82
82
|
|
83
83
|
|
84
|
-
@server_version =
|
84
|
+
@server_version = ServerVersion.new(socket, logger, options[:timeout])
|
85
85
|
|
86
86
|
@algorithms = Algorithms.new(self, options)
|
87
|
+
@algorithms.start
|
87
88
|
wait { algorithms.initialized? }
|
89
|
+
rescue Errno::ETIMEDOUT
|
90
|
+
raise Net::SSH::ConnectionTimeout
|
91
|
+
end
|
92
|
+
|
93
|
+
def host_keys
|
94
|
+
@host_keys ||= begin
|
95
|
+
known_hosts = options.fetch(:known_hosts, KnownHosts)
|
96
|
+
known_hosts.search_for(options[:host_key_alias] || host_as_string, options)
|
97
|
+
end
|
88
98
|
end
|
89
99
|
|
90
100
|
# Returns the host (and possibly IP address) in a format compatible with
|
@@ -154,7 +164,7 @@ module Net; module SSH; module Transport
|
|
154
164
|
# Returns a hash of information about the peer (remote) side of the socket,
|
155
165
|
# including :ip, :port, :host, and :canonized (see #host_as_string).
|
156
166
|
def peer
|
157
|
-
@peer ||= { :
|
167
|
+
@peer ||= { ip: socket.peer_ip, port: @port.to_i, host: @host, canonized: host_as_string }
|
158
168
|
end
|
159
169
|
|
160
170
|
# Blocks until a new packet is available to be read, and returns that
|
@@ -13,18 +13,16 @@ module Net; module SSH; module Verifiers
|
|
13
13
|
# Otherwise, this returns true.
|
14
14
|
class Secure
|
15
15
|
def verify(arguments)
|
16
|
-
|
17
|
-
host = options[:host_key_alias] || arguments[:session].host_as_string
|
18
|
-
matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options)
|
16
|
+
host_keys = arguments[:session].host_keys
|
19
17
|
|
20
18
|
# We've never seen this host before, so raise an exception.
|
21
|
-
if
|
22
|
-
process_cache_miss(
|
19
|
+
if host_keys.empty?
|
20
|
+
process_cache_miss(host_keys, arguments, HostKeyUnknown, "is unknown")
|
23
21
|
end
|
24
22
|
|
25
23
|
# If we found any matches, check to see that the key type and
|
26
24
|
# blob also match.
|
27
|
-
found =
|
25
|
+
found = host_keys.any? do |key|
|
28
26
|
key.ssh_type == arguments[:key].ssh_type &&
|
29
27
|
key.to_blob == arguments[:key].to_blob
|
30
28
|
end
|
@@ -32,7 +30,7 @@ module Net; module SSH; module Verifiers
|
|
32
30
|
# If a match was found, return true. Otherwise, raise an exception
|
33
31
|
# indicating that the key was not recognized.
|
34
32
|
unless found
|
35
|
-
process_cache_miss(
|
33
|
+
process_cache_miss(host_keys, arguments, HostKeyMismatch, "does not match")
|
36
34
|
end
|
37
35
|
|
38
36
|
found
|
@@ -40,12 +38,12 @@ module Net; module SSH; module Verifiers
|
|
40
38
|
|
41
39
|
private
|
42
40
|
|
43
|
-
def process_cache_miss(
|
41
|
+
def process_cache_miss(host_keys, args, exc_class, message)
|
44
42
|
exception = exc_class.new("fingerprint #{args[:fingerprint]} " +
|
45
|
-
"#{message} for #{host.inspect}")
|
43
|
+
"#{message} for #{host_keys.host.inspect}")
|
46
44
|
exception.data = args
|
47
45
|
exception.callback = Proc.new do
|
48
|
-
|
46
|
+
host_keys.add_host_key(args[:key])
|
49
47
|
end
|
50
48
|
raise exception
|
51
49
|
end
|
data/lib/net/ssh/version.rb
CHANGED
@@ -45,15 +45,15 @@ module Net; module SSH
|
|
45
45
|
end
|
46
46
|
|
47
47
|
# The major component of this version of the Net::SSH library
|
48
|
-
MAJOR =
|
48
|
+
MAJOR = 4
|
49
49
|
|
50
50
|
# The minor component of this version of the Net::SSH library
|
51
|
-
MINOR =
|
51
|
+
MINOR = 0
|
52
52
|
|
53
53
|
# The tiny component of this version of the Net::SSH library
|
54
|
-
TINY =
|
54
|
+
TINY = 0
|
55
55
|
|
56
|
-
# The prerelease component of this version of the Net::SSH library
|
56
|
+
# The prerelease component of this version of the Net::SSH library
|
57
57
|
# nil allowed
|
58
58
|
PRE = nil
|
59
59
|
|
data/lib/net/ssh.rb
CHANGED
@@ -3,6 +3,7 @@
|
|
3
3
|
ENV['HOME'] ||= ENV['HOMEPATH'] ? "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}" : Dir.pwd
|
4
4
|
|
5
5
|
require 'logger'
|
6
|
+
require 'etc'
|
6
7
|
|
7
8
|
require 'net/ssh/config'
|
8
9
|
require 'net/ssh/errors'
|
@@ -10,6 +11,7 @@ require 'net/ssh/loggable'
|
|
10
11
|
require 'net/ssh/transport/session'
|
11
12
|
require 'net/ssh/authentication/session'
|
12
13
|
require 'net/ssh/connection/session'
|
14
|
+
require 'net/ssh/prompt'
|
13
15
|
|
14
16
|
module Net
|
15
17
|
|
@@ -39,21 +41,21 @@ module Net
|
|
39
41
|
#
|
40
42
|
# == X == "execute a command and capture the output"
|
41
43
|
#
|
42
|
-
# Net::SSH.start("host", "user", :
|
44
|
+
# Net::SSH.start("host", "user", password: "password") do |ssh|
|
43
45
|
# result = ssh.exec!("ls -l")
|
44
46
|
# puts result
|
45
47
|
# end
|
46
48
|
#
|
47
49
|
# == X == "forward connections on a local port to a remote host"
|
48
50
|
#
|
49
|
-
# Net::SSH.start("host", "user", :
|
51
|
+
# Net::SSH.start("host", "user", password: "password") do |ssh|
|
50
52
|
# ssh.forward.local(1234, "www.google.com", 80)
|
51
53
|
# ssh.loop { true }
|
52
54
|
# end
|
53
55
|
#
|
54
56
|
# == X == "forward connections on a remote port to the local host"
|
55
57
|
#
|
56
|
-
# Net::SSH.start("host", "user", :
|
58
|
+
# Net::SSH.start("host", "user", password: "password") do |ssh|
|
57
59
|
# ssh.forward.remote(80, "www.google.com", 1234)
|
58
60
|
# ssh.loop { true }
|
59
61
|
# end
|
@@ -62,13 +64,15 @@ module Net
|
|
62
64
|
# Net::SSH.start for a description of each option.
|
63
65
|
VALID_OPTIONS = [
|
64
66
|
:auth_methods, :bind_address, :compression, :compression_level, :config,
|
65
|
-
:encryption, :forward_agent, :hmac, :host_key,
|
67
|
+
:encryption, :forward_agent, :hmac, :host_key, :remote_user,
|
66
68
|
:keepalive, :keepalive_interval, :keepalive_maxcount, :kex, :keys, :key_data,
|
67
69
|
:languages, :logger, :paranoid, :password, :port, :proxy,
|
68
70
|
:rekey_blocks_limit,:rekey_limit, :rekey_packet_limit, :timeout, :verbose,
|
69
|
-
:global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
|
71
|
+
:known_hosts, :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
|
70
72
|
:host_name, :user, :properties, :passphrase, :keys_only, :max_pkt_size,
|
71
|
-
:max_win_size, :send_env, :use_agent, :number_of_password_prompts
|
73
|
+
:max_win_size, :send_env, :use_agent, :number_of_password_prompts,
|
74
|
+
:append_supported_algorithms, :non_interactive, :password_prompt, :agent_socket_factory,
|
75
|
+
:minimum_dh_bits
|
72
76
|
]
|
73
77
|
|
74
78
|
# The standard means of starting a new SSH connection. When used with a
|
@@ -113,6 +117,8 @@ module Net
|
|
113
117
|
# * :encryption => the encryption cipher (or ciphers) to use
|
114
118
|
# * :forward_agent => set to true if you want the SSH agent connection to
|
115
119
|
# be forwarded
|
120
|
+
# * :known_hosts => a custom object holding known hosts records.
|
121
|
+
# It must implement #search_for and add in a similiar manner as KnownHosts.
|
116
122
|
# * :global_known_hosts_file => the location of the global known hosts
|
117
123
|
# file. Set to an array if you want to specify multiple global known
|
118
124
|
# hosts files. Defaults to %w(/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2).
|
@@ -131,6 +137,7 @@ module Net
|
|
131
137
|
# * :keepalive_interval => the interval seconds for keepalive.
|
132
138
|
# Defaults to +300+ seconds.
|
133
139
|
# * :keepalive_maxcount => the maximun number of keepalive packet miss allowed.
|
140
|
+
# Defaults to 3
|
134
141
|
# * :kex => the key exchange algorithm (or algorithms) to use
|
135
142
|
# * :keys => an array of file names of private keys to use for publickey
|
136
143
|
# and hostbased authentication
|
@@ -146,6 +153,10 @@ module Net
|
|
146
153
|
# for better performance if your SSH server supports it (most do).
|
147
154
|
# * :max_win_size => maximum size we tell the other side that is supported for
|
148
155
|
# the window.
|
156
|
+
# * :non_interactive => set to true if your app is non interactive and prefers
|
157
|
+
# authentication failure vs password prompt. Non-interactive applications
|
158
|
+
# should set it to true to prefer failing a password/etc auth methods vs.
|
159
|
+
# asking for password.
|
149
160
|
# * :paranoid => either false, true, :very, or :secure specifying how
|
150
161
|
# strict host-key verification should be (in increasing order here).
|
151
162
|
# You can also provide an own Object which responds to +verify+. The argument
|
@@ -168,33 +179,48 @@ module Net
|
|
168
179
|
# * :user => the user name to log in as; this overrides the +user+
|
169
180
|
# parameter, and is primarily only useful when provided via an SSH
|
170
181
|
# configuration file.
|
182
|
+
# * :remote_user => used for substitution into the '%r' part of a ProxyCommand
|
171
183
|
# * :user_known_hosts_file => the location of the user known hosts file.
|
172
184
|
# Set to an array to specify multiple user known hosts files.
|
173
185
|
# Defaults to %w(~/.ssh/known_hosts ~/.ssh/known_hosts2).
|
174
|
-
# * :use_agent => Set false to disable the use of ssh-agent. Defaults to
|
186
|
+
# * :use_agent => Set false to disable the use of ssh-agent. Defaults to
|
175
187
|
# true
|
176
188
|
# * :verbose => how verbose to be (Logger verbosity constants, Logger::DEBUG
|
177
189
|
# is very verbose, Logger::FATAL is all but silent). Logger::FATAL is the
|
178
190
|
# default. The symbols :debug, :info, :warn, :error, and :fatal are also
|
179
191
|
# supported and are translated to the corresponding Logger constant.
|
180
|
-
|
192
|
+
# * :append_all_supported_algorithms => set to +true+ to append all supported
|
193
|
+
# algorithms by net-ssh. Was the default behaviour until 2.10
|
194
|
+
# * :number_of_password_prompts => Number of prompts for the password
|
195
|
+
# authentication method defaults to 3 set to 0 to disable prompt for
|
196
|
+
# password auth method
|
197
|
+
# * :password_prompt => a custom prompt object with ask method. See Net::SSH::Prompt
|
198
|
+
#
|
199
|
+
# * :agent_socket_factory => enables the user to pass a lambda/block that will serve as the socket factory
|
200
|
+
# Net::SSH::start(user,host,agent_socket_factory: ->{ UNIXSocket.open('/foo/bar') })
|
201
|
+
# example: ->{ UNIXSocket.open('/foo/bar')}
|
202
|
+
# If +user+ parameter is nil it defaults to USER from ssh_config, or
|
203
|
+
# local username
|
204
|
+
def self.start(host, user=nil, options={}, &block)
|
181
205
|
invalid_options = options.keys - VALID_OPTIONS
|
182
206
|
if invalid_options.any?
|
183
207
|
raise ArgumentError, "invalid option(s): #{invalid_options.join(', ')}"
|
184
208
|
end
|
185
209
|
|
210
|
+
assign_defaults(options)
|
211
|
+
_sanitize_options(options)
|
212
|
+
|
186
213
|
options[:user] = user if user
|
187
214
|
options = configuration_for(host, options.fetch(:config, true)).merge(options)
|
188
215
|
host = options.fetch(:host_name, host)
|
189
216
|
|
190
|
-
if
|
191
|
-
options[:
|
192
|
-
options[:logger].level = Logger::FATAL
|
217
|
+
if options[:non_interactive]
|
218
|
+
options[:number_of_password_prompts] = 0
|
193
219
|
end
|
194
220
|
|
195
221
|
if options[:verbose]
|
196
222
|
options[:logger].level = case options[:verbose]
|
197
|
-
when
|
223
|
+
when Integer then options[:verbose]
|
198
224
|
when :debug then Logger::DEBUG
|
199
225
|
when :info then Logger::INFO
|
200
226
|
when :warn then Logger::WARN
|
@@ -207,7 +233,7 @@ module Net
|
|
207
233
|
transport = Transport::Session.new(host, options)
|
208
234
|
auth = Authentication::Session.new(transport, options)
|
209
235
|
|
210
|
-
user = options.fetch(:user, user)
|
236
|
+
user = options.fetch(:user, user) || Etc.getlogin
|
211
237
|
if auth.authenticate("ssh-connection", user, options[:password])
|
212
238
|
connection = Connection::Session.new(transport, options)
|
213
239
|
if block_given?
|
@@ -234,7 +260,7 @@ module Net
|
|
234
260
|
# to read.
|
235
261
|
#
|
236
262
|
# See Net::SSH::Config for the full description of all supported options.
|
237
|
-
def self.configuration_for(host, use_ssh_config
|
263
|
+
def self.configuration_for(host, use_ssh_config)
|
238
264
|
files = case use_ssh_config
|
239
265
|
when true then Net::SSH::Config.default_files
|
240
266
|
when false, nil then return {}
|
@@ -243,5 +269,27 @@ module Net
|
|
243
269
|
|
244
270
|
Net::SSH::Config.for(host, files)
|
245
271
|
end
|
272
|
+
|
273
|
+
def self.assign_defaults(options)
|
274
|
+
if !options[:logger]
|
275
|
+
options[:logger] = Logger.new(STDERR)
|
276
|
+
options[:logger].level = Logger::FATAL
|
277
|
+
end
|
278
|
+
|
279
|
+
options[:password_prompt] ||= Prompt.default(options)
|
280
|
+
|
281
|
+
[:password, :passphrase].each do |key|
|
282
|
+
options.delete(key) if options.key?(key) && options[key].nil?
|
283
|
+
end
|
284
|
+
end
|
285
|
+
|
286
|
+
def self._sanitize_options(options)
|
287
|
+
invalid_option_values = [nil,[nil]]
|
288
|
+
unless (options.values & invalid_option_values).empty?
|
289
|
+
nil_options = options.select { |_k,v| invalid_option_values.include?(v) }.map(&:first)
|
290
|
+
Kernel.warn "#{caller_locations(2, 1)[0]}: Passing nil, or [nil] to Net::SSH.start is deprecated for keys: #{nil_options.join(', ')}"
|
291
|
+
end
|
292
|
+
end
|
293
|
+
private_class_method :_sanitize_options
|
246
294
|
end
|
247
295
|
end
|
data/net-ssh-public_cert.pem
CHANGED
@@ -1,20 +1,21 @@
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
2
|
+
MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQ8wDQYDVQQDDAZuZXRz
|
3
|
+
c2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZFgNj
|
4
|
+
b20wHhcNMTYxMjE1MTgwNTIyWhcNMTcxMjE1MTgwNTIyWjBBMQ8wDQYDVQQDDAZu
|
5
|
+
ZXRzc2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZ
|
6
|
+
FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJ4TbZ9H+qZ08
|
7
|
+
pQfJhPJTHaDCyQvCsKTFrL5O9z3tllQ7B/zksMMM+qFBpNYu9HCcg4yBATacE/PB
|
8
|
+
qVVyUrpr6lbH/XwoN5ljXm+bdCfmnjZvTCL2FTE6o+bcnaF0IsJyC0Q2B1fbWdXN
|
9
|
+
6Off1ZWoUk6We2BIM1bn6QJLxBpGyYhvOPXsYoqSuzDf2SJDDsWFZ8kV5ON13Ohm
|
10
|
+
JbBzn0oD8HF8FuYOewwsC0C1q4w7E5GtvHcQ5juweS7+RKsyDcVcVrLuNzoGRttS
|
11
|
+
KP4yMn+TzaXijyjRg7gECfJr3TGASaA4bQsILFGG5dAWcwO4OMrZedR7SHj/o0Kf
|
12
|
+
3gL7P0axAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
|
13
|
+
BBQF8qLA7Z4zg0SJGtUbv3eoQ8tjIzAfBgNVHREEGDAWgRRuZXRzc2hAc29sdXRp
|
14
|
+
b3VzLmNvbTAfBgNVHRIEGDAWgRRuZXRzc2hAc29sdXRpb3VzLmNvbTANBgkqhkiG
|
15
|
+
9w0BAQUFAAOCAQEATd8If+Ytmhf5lELy24j76ahGv64m518WTCdV2nIViGXB2BnV
|
16
|
+
uLQylGRb1rcgUS3Eh9TE28hqrfhotKS6a96qF9kN0mY2H6UwPWswJ+tj3gA1vLW8
|
17
|
+
wlZNlYGJ91Ig9zULPSbATyOOprUZyggy5p1260BaaI3LQYDeGJOSqpHCVu+TuMcy
|
18
|
+
k00ofiLT1crDSUl2WE/OIFK8AXpmd798AMsef8okHeoo+Dj7zCXn0VSimN+MO1mE
|
19
|
+
L4d54WIy4HkZCqQXoTSiK5HZMIdXkPk3F1bZdJ8Dy1sMRru0rUkkM5mW7TQ75mfW
|
20
|
+
Zp0QrZyNZhtitrXFbZneGRrIA/8G2Krft5Ly/A==
|
20
21
|
-----END CERTIFICATE-----
|
data/net-ssh.gemspec
CHANGED
@@ -1,203 +1,43 @@
|
|
1
|
-
#
|
2
|
-
|
3
|
-
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
|
-
# -*- encoding: utf-8 -*-
|
5
|
-
# stub: net-ssh 2.9.2 ruby lib
|
1
|
+
# coding: utf-8
|
2
|
+
require_relative 'lib/net/ssh/version'
|
6
3
|
|
7
|
-
Gem::Specification.new do |
|
8
|
-
|
9
|
-
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "net-ssh"
|
6
|
+
spec.version = Net::SSH::Version::STRING
|
7
|
+
spec.authors = ["Jamis Buck", "Delano Mandelbaum", "Mikl\u{f3}s Fazekas"]
|
8
|
+
spec.email = ["net-ssh@solutious.com"]
|
10
9
|
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
10
|
+
if ENV['NET_SSH_BUILDGEM_SIGNED']
|
11
|
+
spec.cert_chain = ["net-ssh-public_cert.pem"]
|
12
|
+
spec.signing_key = "/mnt/gem/net-ssh-private_key.pem"
|
13
|
+
end
|
14
|
+
|
15
|
+
spec.summary = %q{Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.}
|
16
|
+
spec.description = %q{Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.}
|
17
|
+
spec.homepage = "https://github.com/net-ssh/net-ssh"
|
18
|
+
spec.license = "MIT"
|
19
|
+
spec.required_ruby_version = Gem::Requirement.new(">= 2.0")
|
20
|
+
|
21
|
+
spec.extra_rdoc_files = [
|
19
22
|
"LICENSE.txt",
|
20
23
|
"README.rdoc"
|
21
24
|
]
|
22
|
-
s.files = [
|
23
|
-
".travis.yml",
|
24
|
-
"CHANGES.txt",
|
25
|
-
"LICENSE.txt",
|
26
|
-
"Manifest",
|
27
|
-
"README.rdoc",
|
28
|
-
"Rakefile",
|
29
|
-
"Rudyfile",
|
30
|
-
"THANKS.txt",
|
31
|
-
"lib/net/ssh.rb",
|
32
|
-
"lib/net/ssh/authentication/agent.rb",
|
33
|
-
"lib/net/ssh/authentication/agent/java_pageant.rb",
|
34
|
-
"lib/net/ssh/authentication/agent/socket.rb",
|
35
|
-
"lib/net/ssh/authentication/constants.rb",
|
36
|
-
"lib/net/ssh/authentication/key_manager.rb",
|
37
|
-
"lib/net/ssh/authentication/methods/abstract.rb",
|
38
|
-
"lib/net/ssh/authentication/methods/hostbased.rb",
|
39
|
-
"lib/net/ssh/authentication/methods/keyboard_interactive.rb",
|
40
|
-
"lib/net/ssh/authentication/methods/none.rb",
|
41
|
-
"lib/net/ssh/authentication/methods/password.rb",
|
42
|
-
"lib/net/ssh/authentication/methods/publickey.rb",
|
43
|
-
"lib/net/ssh/authentication/pageant.rb",
|
44
|
-
"lib/net/ssh/authentication/session.rb",
|
45
|
-
"lib/net/ssh/buffer.rb",
|
46
|
-
"lib/net/ssh/buffered_io.rb",
|
47
|
-
"lib/net/ssh/config.rb",
|
48
|
-
"lib/net/ssh/connection/channel.rb",
|
49
|
-
"lib/net/ssh/connection/constants.rb",
|
50
|
-
"lib/net/ssh/connection/keepalive.rb",
|
51
|
-
"lib/net/ssh/connection/session.rb",
|
52
|
-
"lib/net/ssh/connection/term.rb",
|
53
|
-
"lib/net/ssh/errors.rb",
|
54
|
-
"lib/net/ssh/key_factory.rb",
|
55
|
-
"lib/net/ssh/known_hosts.rb",
|
56
|
-
"lib/net/ssh/loggable.rb",
|
57
|
-
"lib/net/ssh/packet.rb",
|
58
|
-
"lib/net/ssh/prompt.rb",
|
59
|
-
"lib/net/ssh/proxy/command.rb",
|
60
|
-
"lib/net/ssh/proxy/errors.rb",
|
61
|
-
"lib/net/ssh/proxy/http.rb",
|
62
|
-
"lib/net/ssh/proxy/socks4.rb",
|
63
|
-
"lib/net/ssh/proxy/socks5.rb",
|
64
|
-
"lib/net/ssh/ruby_compat.rb",
|
65
|
-
"lib/net/ssh/service/forward.rb",
|
66
|
-
"lib/net/ssh/test.rb",
|
67
|
-
"lib/net/ssh/test/channel.rb",
|
68
|
-
"lib/net/ssh/test/extensions.rb",
|
69
|
-
"lib/net/ssh/test/kex.rb",
|
70
|
-
"lib/net/ssh/test/local_packet.rb",
|
71
|
-
"lib/net/ssh/test/packet.rb",
|
72
|
-
"lib/net/ssh/test/remote_packet.rb",
|
73
|
-
"lib/net/ssh/test/script.rb",
|
74
|
-
"lib/net/ssh/test/socket.rb",
|
75
|
-
"lib/net/ssh/transport/algorithms.rb",
|
76
|
-
"lib/net/ssh/transport/cipher_factory.rb",
|
77
|
-
"lib/net/ssh/transport/constants.rb",
|
78
|
-
"lib/net/ssh/transport/ctr.rb",
|
79
|
-
"lib/net/ssh/transport/hmac.rb",
|
80
|
-
"lib/net/ssh/transport/hmac/abstract.rb",
|
81
|
-
"lib/net/ssh/transport/hmac/md5.rb",
|
82
|
-
"lib/net/ssh/transport/hmac/md5_96.rb",
|
83
|
-
"lib/net/ssh/transport/hmac/none.rb",
|
84
|
-
"lib/net/ssh/transport/hmac/ripemd160.rb",
|
85
|
-
"lib/net/ssh/transport/hmac/sha1.rb",
|
86
|
-
"lib/net/ssh/transport/hmac/sha1_96.rb",
|
87
|
-
"lib/net/ssh/transport/hmac/sha2_256.rb",
|
88
|
-
"lib/net/ssh/transport/hmac/sha2_256_96.rb",
|
89
|
-
"lib/net/ssh/transport/hmac/sha2_512.rb",
|
90
|
-
"lib/net/ssh/transport/hmac/sha2_512_96.rb",
|
91
|
-
"lib/net/ssh/transport/identity_cipher.rb",
|
92
|
-
"lib/net/ssh/transport/kex.rb",
|
93
|
-
"lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb",
|
94
|
-
"lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb",
|
95
|
-
"lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb",
|
96
|
-
"lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb",
|
97
|
-
"lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb",
|
98
|
-
"lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb",
|
99
|
-
"lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb",
|
100
|
-
"lib/net/ssh/transport/key_expander.rb",
|
101
|
-
"lib/net/ssh/transport/openssl.rb",
|
102
|
-
"lib/net/ssh/transport/packet_stream.rb",
|
103
|
-
"lib/net/ssh/transport/server_version.rb",
|
104
|
-
"lib/net/ssh/transport/session.rb",
|
105
|
-
"lib/net/ssh/transport/state.rb",
|
106
|
-
"lib/net/ssh/verifiers/lenient.rb",
|
107
|
-
"lib/net/ssh/verifiers/null.rb",
|
108
|
-
"lib/net/ssh/verifiers/secure.rb",
|
109
|
-
"lib/net/ssh/verifiers/strict.rb",
|
110
|
-
"lib/net/ssh/version.rb",
|
111
|
-
"net-ssh-public_cert.pem",
|
112
|
-
"net-ssh.gemspec",
|
113
|
-
"setup.rb",
|
114
|
-
"support/arcfour_check.rb",
|
115
|
-
"support/ssh_tunnel_bug.rb",
|
116
|
-
"test/README.txt",
|
117
|
-
"test/authentication/methods/common.rb",
|
118
|
-
"test/authentication/methods/test_abstract.rb",
|
119
|
-
"test/authentication/methods/test_hostbased.rb",
|
120
|
-
"test/authentication/methods/test_keyboard_interactive.rb",
|
121
|
-
"test/authentication/methods/test_none.rb",
|
122
|
-
"test/authentication/methods/test_password.rb",
|
123
|
-
"test/authentication/methods/test_publickey.rb",
|
124
|
-
"test/authentication/test_agent.rb",
|
125
|
-
"test/authentication/test_key_manager.rb",
|
126
|
-
"test/authentication/test_session.rb",
|
127
|
-
"test/common.rb",
|
128
|
-
"test/configs/auth_off",
|
129
|
-
"test/configs/auth_on",
|
130
|
-
"test/configs/empty",
|
131
|
-
"test/configs/eqsign",
|
132
|
-
"test/configs/exact_match",
|
133
|
-
"test/configs/host_plus",
|
134
|
-
"test/configs/multihost",
|
135
|
-
"test/configs/negative_match",
|
136
|
-
"test/configs/nohost",
|
137
|
-
"test/configs/numeric_host",
|
138
|
-
"test/configs/send_env",
|
139
|
-
"test/configs/substitutes",
|
140
|
-
"test/configs/wild_cards",
|
141
|
-
"test/connection/test_channel.rb",
|
142
|
-
"test/connection/test_session.rb",
|
143
|
-
"test/known_hosts/github",
|
144
|
-
"test/manual/test_forward.rb",
|
145
|
-
"test/manual/test_pageant.rb",
|
146
|
-
"test/start/test_connection.rb",
|
147
|
-
"test/start/test_options.rb",
|
148
|
-
"test/start/test_transport.rb",
|
149
|
-
"test/test_all.rb",
|
150
|
-
"test/test_buffer.rb",
|
151
|
-
"test/test_buffered_io.rb",
|
152
|
-
"test/test_config.rb",
|
153
|
-
"test/test_key_factory.rb",
|
154
|
-
"test/test_known_hosts.rb",
|
155
|
-
"test/transport/hmac/test_md5.rb",
|
156
|
-
"test/transport/hmac/test_md5_96.rb",
|
157
|
-
"test/transport/hmac/test_none.rb",
|
158
|
-
"test/transport/hmac/test_ripemd160.rb",
|
159
|
-
"test/transport/hmac/test_sha1.rb",
|
160
|
-
"test/transport/hmac/test_sha1_96.rb",
|
161
|
-
"test/transport/hmac/test_sha2_256.rb",
|
162
|
-
"test/transport/hmac/test_sha2_256_96.rb",
|
163
|
-
"test/transport/hmac/test_sha2_512.rb",
|
164
|
-
"test/transport/hmac/test_sha2_512_96.rb",
|
165
|
-
"test/transport/kex/test_diffie_hellman_group14_sha1.rb",
|
166
|
-
"test/transport/kex/test_diffie_hellman_group1_sha1.rb",
|
167
|
-
"test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb",
|
168
|
-
"test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb",
|
169
|
-
"test/transport/kex/test_ecdh_sha2_nistp256.rb",
|
170
|
-
"test/transport/kex/test_ecdh_sha2_nistp384.rb",
|
171
|
-
"test/transport/kex/test_ecdh_sha2_nistp521.rb",
|
172
|
-
"test/transport/test_algorithms.rb",
|
173
|
-
"test/transport/test_cipher_factory.rb",
|
174
|
-
"test/transport/test_hmac.rb",
|
175
|
-
"test/transport/test_identity_cipher.rb",
|
176
|
-
"test/transport/test_packet_stream.rb",
|
177
|
-
"test/transport/test_server_version.rb",
|
178
|
-
"test/transport/test_session.rb",
|
179
|
-
"test/transport/test_state.rb"
|
180
|
-
]
|
181
|
-
s.homepage = "https://github.com/net-ssh/net-ssh"
|
182
|
-
s.licenses = ["MIT"]
|
183
|
-
s.rubyforge_project = "net-ssh"
|
184
|
-
s.rubygems_version = "2.2.2"
|
185
|
-
s.signing_key = "/mnt/gem/net-ssh-private_key.pem"
|
186
|
-
s.summary = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
|
187
25
|
|
188
|
-
|
189
|
-
|
26
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
27
|
+
spec.bindir = "exe"
|
28
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
29
|
+
spec.require_paths = ["lib"]
|
190
30
|
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
195
|
-
s.add_dependency(%q<test-unit>, [">= 0"])
|
196
|
-
s.add_dependency(%q<mocha>, [">= 0"])
|
197
|
-
end
|
198
|
-
else
|
199
|
-
s.add_dependency(%q<test-unit>, [">= 0"])
|
200
|
-
s.add_dependency(%q<mocha>, [">= 0"])
|
31
|
+
unless ENV['NET_SSH_NO_RBNACL']
|
32
|
+
spec.add_development_dependency("rbnacl-libsodium", "~> 1.0.10")
|
33
|
+
spec.add_development_dependency("rbnacl", "~> 3.4.0")
|
34
|
+
spec.add_development_dependency("bcrypt_pbkdf", "~> 1.0.0") unless RUBY_PLATFORM == "java"
|
201
35
|
end
|
202
|
-
end
|
203
36
|
|
37
|
+
spec.add_development_dependency "bundler", "~> 1.11"
|
38
|
+
|
39
|
+
spec.add_development_dependency "rake", "~> 12.0"
|
40
|
+
spec.add_development_dependency "minitest", "~> 5.10"
|
41
|
+
spec.add_development_dependency "rubocop", "~> 0.46.0"
|
42
|
+
spec.add_development_dependency "mocha", ">= 1.2.1"
|
43
|
+
end
|
data/support/arcfour_check.rb
CHANGED
@@ -14,7 +14,7 @@ require 'net/ssh'
|
|
14
14
|
[['arcfour128', 16], ['arcfour256', 32], ['arcfour512', 64]].each do |cipher|
|
15
15
|
print "#{cipher[0]}: "
|
16
16
|
a = Net::SSH::Transport::CipherFactory.get_lengths(cipher[0])
|
17
|
-
b = Net::SSH::Transport::CipherFactory.get(cipher[0], :
|
17
|
+
b = Net::SSH::Transport::CipherFactory.get(cipher[0], key: ([].fill('x', 0, cipher[1]).join))
|
18
18
|
puts "#{a} #{b.class}"
|
19
19
|
end
|
20
20
|
|