net-ssh 3.2.0 → 7.2.0.rc1

data/lib/net/ssh.rb

@@ -4,6 +4,7 @@ ENV['HOME'] ||= ENV['HOMEPATH'] ? "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}" : Dir.
 
 require 'logger'
 require 'etc'
+require 'shellwords'
 
 require 'net/ssh/config'
 require 'net/ssh/errors'
@@ -11,9 +12,9 @@ require 'net/ssh/loggable'
 require 'net/ssh/transport/session'
 require 'net/ssh/authentication/session'
 require 'net/ssh/connection/session'
+require 'net/ssh/prompt'
 
 module Net
-
   # Net::SSH is a library for interacting, programmatically, with remote
   # processes via the SSH2 protocol. Sessions are always initiated via
   # Net::SSH.start. From there, a program interacts with the new SSH session
@@ -40,37 +41,39 @@ module Net
   #
   # == X == "execute a command and capture the output"
   #
-  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #   Net::SSH.start("host", "user", password: "password") do |ssh|
   #     result = ssh.exec!("ls -l")
   #     puts result
   #   end
   #
   # == X == "forward connections on a local port to a remote host"
   #
-  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #   Net::SSH.start("host", "user", password: "password") do |ssh|
   #     ssh.forward.local(1234, "www.google.com", 80)
   #     ssh.loop { true }
   #   end
   #
   # == X == "forward connections on a remote port to the local host"
   #
-  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #   Net::SSH.start("host", "user", password: "password") do |ssh|
   #     ssh.forward.remote(80, "www.google.com", 1234)
   #     ssh.loop { true }
   #   end
   module SSH
     # This is the set of options that Net::SSH.start recognizes. See
     # Net::SSH.start for a description of each option.
-    VALID_OPTIONS = [
-      :auth_methods, :bind_address, :compression, :compression_level, :config,
-      :encryption, :forward_agent, :hmac, :host_key, :remote_user,
-      :keepalive, :keepalive_interval, :keepalive_maxcount, :kex, :keys, :key_data,
-      :languages, :logger, :paranoid, :password, :port, :proxy,
-      :rekey_blocks_limit,:rekey_limit, :rekey_packet_limit, :timeout, :verbose,
-      :known_hosts, :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
-      :host_name, :user, :properties, :passphrase, :keys_only, :max_pkt_size,
-      :max_win_size, :send_env, :use_agent, :number_of_password_prompts,
-      :append_supported_algorithms, :non_interactive, :agent_socket_factory
+    VALID_OPTIONS = %i[
+      auth_methods bind_address compression compression_level config
+      encryption forward_agent hmac host_key identity_agent remote_user
+      keepalive keepalive_interval keepalive_maxcount kex keys key_data
+      keycerts languages logger paranoid password port proxy
+      rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
+      known_hosts global_known_hosts_file user_known_hosts_file host_key_alias
+      host_name user properties passphrase keys_only max_pkt_size
+      max_win_size send_env set_env use_agent number_of_password_prompts
+      append_all_supported_algorithms non_interactive password_prompt
+      agent_socket_factory minimum_dh_bits verify_host_key
+      fingerprint_hash check_host_ip pubkey_algorithms
     ]
 
     # The standard means of starting a new SSH connection. When used with a
@@ -105,6 +108,8 @@ module Net
     # * :bind_address => the IP address on the connecting machine to use in
     #   establishing connection. (:bind_address is discarded if :proxy
     #   is set.)
+    # * :check_host_ip => Also ckeck IP address when connecting to remote host.
+    #   Defaults to +true+.
     # * :compression => the compression algorithm to use, or +true+ to use
     #   whatever is supported.
     # * :compression_level => the compression level to use when sending data
@@ -116,7 +121,7 @@ module Net
     # * :forward_agent => set to true if you want the SSH agent connection to
     #   be forwarded
     # * :known_hosts => a custom object holding known hosts records.
-    #   It must implement #search_for and add in a similiar manner as KnownHosts.
+    #   It must implement #search_for and `add` in a similiar manner as KnownHosts.
     # * :global_known_hosts_file => the location of the global known hosts
     #   file. Set to an array if you want to specify multiple global known
     #   hosts files. Defaults to %w(/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2).
@@ -139,6 +144,8 @@ module Net
     # * :kex => the key exchange algorithm (or algorithms) to use
     # * :keys => an array of file names of private keys to use for publickey
     #   and hostbased authentication
+    # * :keycerts => an array of file names of key certificates to use
+    #    with publickey authentication
     # * :key_data => an array of strings, with each element of the array being
     #   a raw private key in PEM format.
     # * :keys_only => set to +true+ to use only private keys from +keys+ and
@@ -151,12 +158,11 @@ module Net
     #   for better performance if your SSH server supports it (most do).
     # * :max_win_size => maximum size we tell the other side that is supported for
     #   the window.
-    # * :paranoid => either false, true, :very, or :secure specifying how
-    #   strict host-key verification should be (in increasing order here).
-    #   You can also provide an own Object which responds to +verify+. The argument
-    #   given to +verify+ is a hash consisting of the +:key+, the +:key_blob+,
-    #   the +:fingerprint+ and the +:session+. Returning true accepts the host key,
-    #   returning false declines it and closes the connection.
+    # * :non_interactive => set to true if your app is non interactive and prefers
+    #   authentication failure vs password prompt. Non-interactive applications
+    #   should set it to true to prefer failing a password/etc auth methods vs.
+    #   asking for password.
+    # * :paranoid => deprecated alias for :verify_host_key
     # * :passphrase => the passphrase to use when loading a private key (default
     #   is +nil+, for no passphrase)
     # * :password => the password to use to login
@@ -164,11 +170,18 @@ module Net
     # * :properties => a hash of key/value pairs to add to the new connection's
     #   properties (see Net::SSH::Connection::Session#properties)
     # * :proxy => a proxy instance (see Proxy) to use when connecting
+    # * :pubkey_algorithms => the public key authentication algorithms to use for
+    #   this connection. Valid values are 'rsa-sha2-256-cert-v01@openssh.com',
+    #   'ssh-rsa-cert-v01@openssh.com', 'rsa-sha2-256', 'ssh-rsa'. Currently, this
+    #   option is only used for RSA public key authentication and ignored for other
+    #   types.
     # * :rekey_blocks_limit => the max number of blocks to process before rekeying
     # * :rekey_limit => the max number of bytes to process before rekeying
     # * :rekey_packet_limit => the max number of packets to process before rekeying
     # * :send_env => an array of local environment variable names to export to the
     #   remote environment. Names may be given as String or Regexp.
+    # * :set_env => a hash of environment variable names and values to set to the
+    #   remote environment. Override the ones if specified in +send_env+.
     # * :timeout => how long to wait for the initial connection to be made
     # * :user => the user name to log in as; this overrides the +user+
     #   parameter, and is primarily only useful when provided via an SSH
@@ -177,10 +190,9 @@ module Net
     # * :user_known_hosts_file => the location of the user known hosts file.
     #   Set to an array to specify multiple user known hosts files.
     #   Defaults to %w(~/.ssh/known_hosts ~/.ssh/known_hosts2).
-    # * :use_agent => Set false to disable the use of ssh-agent. Defaults to 
+    # * :use_agent => Set false to disable the use of ssh-agent. Defaults to
     #   true
-    # * :non_interactive => set to true if your app is non interactive and prefers
-    #   authentication failure vs password prompt
+    # * :identity_agent => the path to the ssh-agent's UNIX socket
     # * :verbose => how verbose to be (Logger verbosity constants, Logger::DEBUG
     #   is very verbose, Logger::FATAL is all but silent). Logger::FATAL is the
     #   default. The symbols :debug, :info, :warn, :error, and :fatal are also
@@ -190,49 +202,61 @@ module Net
     # * :number_of_password_prompts => Number of prompts for the password
     #   authentication method defaults to 3 set to 0 to disable prompt for
     #   password auth method
-    # * :non_interactive => non interactive applications should set it to true
-    #   to prefer failing a password/etc auth methods vs asking for password
+    # * :password_prompt => a custom prompt object with ask method. See Net::SSH::Prompt
+    #
     # * :agent_socket_factory => enables the user to pass a lambda/block that will serve as the socket factory
-    #    Net::SSH::start(user,host,agent_socket_factory: ->{ UNIXSocket.open('/foo/bar') })
+    #    Net::SSH.start(host,user,agent_socket_factory: ->{ UNIXSocket.open('/foo/bar') })
     #    example: ->{ UNIXSocket.open('/foo/bar')}
-    #
+    # * :verify_host_key => specify how strict host-key verification should be.
+    #   In order of increasing strictness:
+    #   * :never (very insecure) ::Net::SSH::Verifiers::Never
+    #   * :accept_new_or_local_tunnel (insecure) ::Net::SSH::Verifiers::AcceptNewOrLocalTunnel
+    #   * :accept_new (insecure) ::Net::SSH::Verifiers::AcceptNew
+    #   * :always (secure) ::Net::SSH::Verifiers::Always
+    #   You can also provide an own Object which responds to +verify+. The argument
+    #   given to +verify+ is a hash consisting of the +:key+, the +:key_blob+,
+    #   the +:fingerprint+ and the +:session+. Returning true accepts the host key,
+    #   returning false declines it and closes the connection.
+    # * :fingerprint_hash => 'MD5' or 'SHA256', defaults to 'SHA256'
     # If +user+ parameter is nil it defaults to USER from ssh_config, or
     # local username
-    def self.start(host, user=nil, options={}, &block)
+    def self.start(host, user = nil, options = {}, &block)
       invalid_options = options.keys - VALID_OPTIONS
       if invalid_options.any?
         raise ArgumentError, "invalid option(s): #{invalid_options.join(', ')}"
       end
 
+      assign_defaults(options)
+      _sanitize_options(options)
+
       options[:user] = user if user
       options = configuration_for(host, options.fetch(:config, true)).merge(options)
       host = options.fetch(:host_name, host)
 
-      if !options.key?(:logger)
-        options[:logger] = Logger.new(STDERR)
-        options[:logger].level = Logger::FATAL
-      end
+      options[:check_host_ip] = true unless options.key?(:check_host_ip)
 
       if options[:non_interactive]
         options[:number_of_password_prompts] = 0
       end
 
+      _support_deprecated_option_paranoid(options)
+
       if options[:verbose]
         options[:logger].level = case options[:verbose]
-          when Fixnum then options[:verbose]
-          when :debug then Logger::DEBUG
-          when :info  then Logger::INFO
-          when :warn  then Logger::WARN
-          when :error then Logger::ERROR
-          when :fatal then Logger::FATAL
-          else raise ArgumentError, "can't convert #{options[:verbose].inspect} to any of the Logger level constants"
-        end
+                                 when Integer then options[:verbose]
+                                 when :debug then Logger::DEBUG
+                                 when :info  then Logger::INFO
+                                 when :warn  then Logger::WARN
+                                 when :error then Logger::ERROR
+                                 when :fatal then Logger::FATAL
+                                 else raise ArgumentError, "can't convert #{options[:verbose].inspect} to any of the Logger level constants"
+                                 end
       end
 
       transport = Transport::Session.new(host, options)
       auth = Authentication::Session.new(transport, options)
 
-      user = options.fetch(:user, user) || Etc.getlogin
+      user = options.fetch(:user, user) || Etc.getpwuid.name
       if auth.authenticate("ssh-connection", user, options[:password])
         connection = Connection::Session.new(transport, options)
         if block_given?
@@ -259,14 +283,54 @@ module Net
     # to read.
     #
     # See Net::SSH::Config for the full description of all supported options.
-    def self.configuration_for(host, use_ssh_config=true)
+    def self.configuration_for(host, use_ssh_config)
       files = case use_ssh_config
-        when true then Net::SSH::Config.default_files
-        when false, nil then return {}
-        else Array(use_ssh_config)
-        end
+              when true then Net::SSH::Config.expandable_default_files
+              when false, nil then return {}
+              else Array(use_ssh_config)
+              end
 
       Net::SSH::Config.for(host, files)
     end
+
+    def self.assign_defaults(options)
+      if !options[:logger]
+        options[:logger] = Logger.new(STDERR)
+        options[:logger].level = Logger::FATAL
+      end
+
+      options[:password_prompt] ||= Prompt.default(options)
+
+      %i[password passphrase].each do |key|
+        options.delete(key) if options.key?(key) && options[key].nil?
+      end
+    end
+
+    def self._sanitize_options(options)
+      invalid_option_values = [nil, [nil]]
+      unless (options.values & invalid_option_values).empty?
+        nil_options = options.select { |_k, v| invalid_option_values.include?(v) }.map(&:first)
+        Kernel.warn "#{caller_locations(2, 1)[0]}: Passing nil, or [nil] to Net::SSH.start is deprecated for keys: #{nil_options.join(', ')}"
+      end
+    end
+    private_class_method :_sanitize_options
+
+    def self._support_deprecated_option_paranoid(options)
+      if options.key?(:paranoid)
+        Kernel.warn(
+          ":paranoid is deprecated, please use :verify_host_key. Supported " \
+          "values are exactly the same, only the name of the option has changed."
+        )
+        if options.key?(:verify_host_key)
+          Kernel.warn(
+            "Both :paranoid and :verify_host_key were specified. " \
+            ":verify_host_key takes precedence, :paranoid will be ignored."
+          )
+        else
+          options[:verify_host_key] = options.delete(:paranoid)
+        end
+      end
+    end
+    private_class_method :_support_deprecated_option_paranoid
   end
 end

data/net-ssh-public_cert.pem

@@ -1,20 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIIDODCCAiCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBCMRAwDgYDVQQDDAduZXQt
-c3NoMRkwFwYKCZImiZPyLGQBGRYJc29sdXRpb3VzMRMwEQYKCZImiZPyLGQBGRYD
-Y29tMB4XDTE1MTIwNjIxMDYyNFoXDTE2MTIwNTIxMDYyNFowQjEQMA4GA1UEAwwH
-bmV0LXNzaDEZMBcGCgmSJomT8ixkARkWCXNvbHV0aW91czETMBEGCgmSJomT8ixk
-ARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYnhNtn0f6p
-nTylB8mE8lMdoMLJC8KwpMWsvk73Pe2WVDsH/OSwwwz6oUGk1i70cJyDjIEBNpwT
-88GpVXJSumvqVsf9fCg3mWNeb5t0J+aeNm9MIvYVMTqj5tydoXQiwnILRDYHV9tZ
-1c3o59/VlahSTpZ7YEgzVufpAkvEGkbJiG849exiipK7MN/ZIkMOxYVnyRXk43Xc
-6GYlsHOfSgPwcXwW5g57DCwLQLWrjDsTka28dxDmO7B5Lv5EqzINxVxWsu43OgZG
-21Io/jIyf5PNpeKPKNGDuAQJ8mvdMYBJoDhtCwgsUYbl0BZzA7g4ytl51HtIeP+j
-Qp/eAvs/RrECAwEAAaM5MDcwCQYDVR0TBAIwADAdBgNVHQ4EFgQUBfKiwO2eM4NE
-iRrVG793qEPLYyMwCwYDVR0PBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQCfZFdb
-p4jzkfIzGDbiOxd0R8sdqJoC4nMLEgnQ7dLulawwA3IXe3sHAKgA5kmH3prsKc5H
-zVmM5NlH2P1nRbegIkQTYiIod1hZQCNxdmVG/fprMqPq0ybpUOjjrP5pj0OtszE1
-F2dQia1hOEstMR+n0nAtWII9HJAEyeZjVV0s2Cl7Pt85XJ3hxFcCKwzqsK5xRI7a
-B3vwh3/JJYrFonIohQ//Lg9qTZASEkoKLlq1/hFeICoCGGIGLq45ZB7CzXLooCKi
-s/ZUKye79ELwFYKJOhjW5g725OL3hy+llhEleytwKRwgXFQBPTC4f5UkdxZVVWGH
-e2C9M1m/2odPZo8h
+MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpuZXRz
+c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMzAxMjQwMzE3NTVaFw0yNDAxMjQw
+MzE3NTVaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxieE22fR/qmdPKUHyYTyUx2g
+wskLwrCkxay+Tvc97ZZUOwf85LDDDPqhQaTWLvRwnIOMgQE2nBPzwalVclK6a+pW
+x/18KDeZY15vm3Qn5p42b0wi9hUxOqPm3J2hdCLCcgtENgdX21nVzejn39WVqFJO
+lntgSDNW5+kCS8QaRsmIbzj17GKKkrsw39kiQw7FhWfJFeTjddzoZiWwc59KA/Bx
+fBbmDnsMLAtAtauMOxORrbx3EOY7sHku/kSrMg3FXFay7jc6BkbbUij+MjJ/k82l
+4o8o0YO4BAnya90xgEmgOG0LCCxRhuXQFnMDuDjK2XnUe0h4/6NCn94C+z9GsQID
+AQABo3sweTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUBfKiwO2e
+M4NEiRrVG793qEPLYyMwHwYDVR0RBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20w
+HwYDVR0SBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20wDQYJKoZIhvcNAQELBQAD
+ggEBAHyOSaOUji+EJFWZ46g+2EZ/kG7EFloFtIQUz8jDJIWGE+3NV5po1M0Z6EqH
+XmG3BtMLfgOV9NwMQRqIdKnZDfKsqM/FOu+9IqrP+OieAde5OrXR2pzQls60Xft7
+3qNVaQS99woQRqiUiDQQ7WagOYrZjuVANqTDNt4myzGSjS5sHcKlz3PRn0LJRMe5
+ouuLwQ7BCXityv5RRXex2ibCOyY7pB5ris6xDnPe1WdlyCfUf1Fb+Yqxpy6a8QmH
+v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
+6tfjgZ6OvGSScvbCMHkCE9XjonE=
 -----END CERTIFICATE-----

data/net-ssh.gemspec

@@ -1,213 +1,46 @@
-# Generated by jeweler
-# DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
-# -*- encoding: utf-8 -*-
-# stub: net-ssh 3.2.0 ruby lib
+require_relative 'lib/net/ssh/version'
 
-Gem::Specification.new do |s|
-  s.name = "net-ssh"
-  s.version = "3.2.0"
+Gem::Specification.new do |spec|
+  spec.name          = "net-ssh"
+  spec.version       = Net::SSH::Version::STRING
+  spec.authors       = ["Jamis Buck", "Delano Mandelbaum", "Mikl\u{f3}s Fazekas"]
+  spec.email         = ["net-ssh@solutious.com"]
 
-  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.require_paths = ["lib"]
-  s.authors = ["Jamis Buck", "Delano Mandelbaum", "Mikl\u{f3}s Fazekas"]
-  s.cert_chain = ["net-ssh-public_cert.pem"]
-  s.date = "2016-06-19"
-  s.description = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2."
-  s.email = "net-ssh@solutious.com"
-  s.extra_rdoc_files = [
-    "LICENSE.txt",
-    "README.rdoc"
-  ]
-  s.files = [
-    ".travis.yml",
-    "CHANGES.txt",
+  if ENV['NET_SSH_BUILDGEM_SIGNED']
+    spec.cert_chain = ["net-ssh-public_cert.pem"]
+    spec.signing_key = "/mnt/gem/net-ssh-private_key.pem"
+  end
+
+  spec.summary       = %q{Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.}
+  spec.description   = %q{Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.}
+  spec.homepage      = "https://github.com/net-ssh/net-ssh"
+  spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.6")
+  spec.metadata = {
+    "changelog_uri" => "https://github.com/net-ssh/net-ssh/blob/master/CHANGES.txt"
+  }
+
+  spec.extra_rdoc_files = [
     "LICENSE.txt",
-    "Manifest",
-    "README.rdoc",
-    "Rakefile",
-    "THANKS.txt",
-    "lib/net/ssh.rb",
-    "lib/net/ssh/authentication/agent.rb",
-    "lib/net/ssh/authentication/agent/java_pageant.rb",
-    "lib/net/ssh/authentication/agent/socket.rb",
-    "lib/net/ssh/authentication/constants.rb",
-    "lib/net/ssh/authentication/key_manager.rb",
-    "lib/net/ssh/authentication/methods/abstract.rb",
-    "lib/net/ssh/authentication/methods/hostbased.rb",
-    "lib/net/ssh/authentication/methods/keyboard_interactive.rb",
-    "lib/net/ssh/authentication/methods/none.rb",
-    "lib/net/ssh/authentication/methods/password.rb",
-    "lib/net/ssh/authentication/methods/publickey.rb",
-    "lib/net/ssh/authentication/pageant.rb",
-    "lib/net/ssh/authentication/session.rb",
-    "lib/net/ssh/buffer.rb",
-    "lib/net/ssh/buffered_io.rb",
-    "lib/net/ssh/config.rb",
-    "lib/net/ssh/connection/channel.rb",
-    "lib/net/ssh/connection/constants.rb",
-    "lib/net/ssh/connection/keepalive.rb",
-    "lib/net/ssh/connection/session.rb",
-    "lib/net/ssh/connection/term.rb",
-    "lib/net/ssh/errors.rb",
-    "lib/net/ssh/key_factory.rb",
-    "lib/net/ssh/known_hosts.rb",
-    "lib/net/ssh/loggable.rb",
-    "lib/net/ssh/packet.rb",
-    "lib/net/ssh/prompt.rb",
-    "lib/net/ssh/proxy/command.rb",
-    "lib/net/ssh/proxy/errors.rb",
-    "lib/net/ssh/proxy/http.rb",
-    "lib/net/ssh/proxy/socks4.rb",
-    "lib/net/ssh/proxy/socks5.rb",
-    "lib/net/ssh/ruby_compat.rb",
-    "lib/net/ssh/service/forward.rb",
-    "lib/net/ssh/test.rb",
-    "lib/net/ssh/test/channel.rb",
-    "lib/net/ssh/test/extensions.rb",
-    "lib/net/ssh/test/kex.rb",
-    "lib/net/ssh/test/local_packet.rb",
-    "lib/net/ssh/test/packet.rb",
-    "lib/net/ssh/test/remote_packet.rb",
-    "lib/net/ssh/test/script.rb",
-    "lib/net/ssh/test/socket.rb",
-    "lib/net/ssh/transport/algorithms.rb",
-    "lib/net/ssh/transport/cipher_factory.rb",
-    "lib/net/ssh/transport/constants.rb",
-    "lib/net/ssh/transport/ctr.rb",
-    "lib/net/ssh/transport/hmac.rb",
-    "lib/net/ssh/transport/hmac/abstract.rb",
-    "lib/net/ssh/transport/hmac/md5.rb",
-    "lib/net/ssh/transport/hmac/md5_96.rb",
-    "lib/net/ssh/transport/hmac/none.rb",
-    "lib/net/ssh/transport/hmac/ripemd160.rb",
-    "lib/net/ssh/transport/hmac/sha1.rb",
-    "lib/net/ssh/transport/hmac/sha1_96.rb",
-    "lib/net/ssh/transport/hmac/sha2_256.rb",
-    "lib/net/ssh/transport/hmac/sha2_256_96.rb",
-    "lib/net/ssh/transport/hmac/sha2_512.rb",
-    "lib/net/ssh/transport/hmac/sha2_512_96.rb",
-    "lib/net/ssh/transport/identity_cipher.rb",
-    "lib/net/ssh/transport/kex.rb",
-    "lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb",
-    "lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb",
-    "lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb",
-    "lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb",
-    "lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb",
-    "lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb",
-    "lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb",
-    "lib/net/ssh/transport/key_expander.rb",
-    "lib/net/ssh/transport/openssl.rb",
-    "lib/net/ssh/transport/packet_stream.rb",
-    "lib/net/ssh/transport/server_version.rb",
-    "lib/net/ssh/transport/session.rb",
-    "lib/net/ssh/transport/state.rb",
-    "lib/net/ssh/verifiers/lenient.rb",
-    "lib/net/ssh/verifiers/null.rb",
-    "lib/net/ssh/verifiers/secure.rb",
-    "lib/net/ssh/verifiers/strict.rb",
-    "lib/net/ssh/version.rb",
-    "net-ssh-public_cert.pem",
-    "net-ssh.gemspec",
-    "setup.rb",
-    "support/arcfour_check.rb",
-    "support/ssh_tunnel_bug.rb",
-    "test/README.txt",
-    "test/authentication/methods/common.rb",
-    "test/authentication/methods/test_abstract.rb",
-    "test/authentication/methods/test_hostbased.rb",
-    "test/authentication/methods/test_keyboard_interactive.rb",
-    "test/authentication/methods/test_none.rb",
-    "test/authentication/methods/test_password.rb",
-    "test/authentication/methods/test_publickey.rb",
-    "test/authentication/test_agent.rb",
-    "test/authentication/test_key_manager.rb",
-    "test/authentication/test_session.rb",
-    "test/common.rb",
-    "test/configs/auth_off",
-    "test/configs/auth_on",
-    "test/configs/empty",
-    "test/configs/eqsign",
-    "test/configs/exact_match",
-    "test/configs/host_plus",
-    "test/configs/multihost",
-    "test/configs/negative_match",
-    "test/configs/nohost",
-    "test/configs/numeric_host",
-    "test/configs/proxy_remote_user",
-    "test/configs/send_env",
-    "test/configs/substitutes",
-    "test/configs/wild_cards",
-    "test/connection/test_channel.rb",
-    "test/connection/test_session.rb",
-    "test/integration/README.txt",
-    "test/integration/Vagrantfile",
-    "test/integration/common.rb",
-    "test/integration/playbook.yml",
-    "test/integration/test_forward.rb",
-    "test/integration/test_id_rsa_keys.rb",
-    "test/integration/test_proxy.rb",
-    "test/known_hosts/github",
-    "test/known_hosts/github_hash",
-    "test/manual/test_pageant.rb",
-    "test/start/test_connection.rb",
-    "test/start/test_options.rb",
-    "test/start/test_transport.rb",
-    "test/start/test_user_nil.rb",
-    "test/test_all.rb",
-    "test/test_buffer.rb",
-    "test/test_buffered_io.rb",
-    "test/test_config.rb",
-    "test/test_key_factory.rb",
-    "test/test_known_hosts.rb",
-    "test/transport/hmac/test_md5.rb",
-    "test/transport/hmac/test_md5_96.rb",
-    "test/transport/hmac/test_none.rb",
-    "test/transport/hmac/test_ripemd160.rb",
-    "test/transport/hmac/test_sha1.rb",
-    "test/transport/hmac/test_sha1_96.rb",
-    "test/transport/hmac/test_sha2_256.rb",
-    "test/transport/hmac/test_sha2_256_96.rb",
-    "test/transport/hmac/test_sha2_512.rb",
-    "test/transport/hmac/test_sha2_512_96.rb",
-    "test/transport/kex/test_diffie_hellman_group14_sha1.rb",
-    "test/transport/kex/test_diffie_hellman_group1_sha1.rb",
-    "test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb",
-    "test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb",
-    "test/transport/kex/test_ecdh_sha2_nistp256.rb",
-    "test/transport/kex/test_ecdh_sha2_nistp384.rb",
-    "test/transport/kex/test_ecdh_sha2_nistp521.rb",
-    "test/transport/test_algorithms.rb",
-    "test/transport/test_cipher_factory.rb",
-    "test/transport/test_hmac.rb",
-    "test/transport/test_identity_cipher.rb",
-    "test/transport/test_packet_stream.rb",
-    "test/transport/test_server_version.rb",
-    "test/transport/test_session.rb",
-    "test/transport/test_state.rb",
-    "test/verifiers/test_secure.rb"
+    "README.md"
   ]
-  s.homepage = "https://github.com/net-ssh/net-ssh"
-  s.licenses = ["MIT"]
-  s.required_ruby_version = Gem::Requirement.new(">= 2.0")
-  s.rubyforge_project = "net-ssh"
-  s.rubygems_version = "2.4.6"
-  s.signing_key = "/mnt/gem/net-ssh-private_key.pem"
-  s.summary = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
 
-  if s.respond_to? :specification_version then
-    s.specification_version = 4
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
 
-    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
-      s.add_development_dependency(%q<test-unit>, [">= 0"])
-      s.add_development_dependency(%q<mocha>, [">= 0"])
-    else
-      s.add_dependency(%q<test-unit>, [">= 0"])
-      s.add_dependency(%q<mocha>, [">= 0"])
-    end
-  else
-    s.add_dependency(%q<test-unit>, [">= 0"])
-    s.add_dependency(%q<mocha>, [">= 0"])
+  unless ENV['NET_SSH_NO_ED25519']
+    spec.add_development_dependency("bcrypt_pbkdf", "~> 1.0") unless RUBY_PLATFORM == "java"
+    spec.add_development_dependency("ed25519", "~> 1.2")
+    spec.add_development_dependency('x25519') unless RUBY_PLATFORM == 'java'
   end
-end
 
+  spec.add_development_dependency('rbnacl', '~> 7.1') unless ENV['NET_SSH_NO_RBNACL']
+
+  spec.add_development_dependency "bundler", ">= 1.17"
+  spec.add_development_dependency "minitest", "~> 5.10"
+  spec.add_development_dependency "mocha", "~> 1.11.2"
+  spec.add_development_dependency "rake", "~> 12.0"
+  spec.add_development_dependency "rubocop", "~> 1.28.0"
+end

data/support/ssh_tunnel_bug.rb

@@ -15,12 +15,12 @@
 #       visible_hostname netsshtest
 #     * Start squid squid -N -d 1 -D
 # * Run this script
-# * Configure browser proxy to use localhost with LOCAL_PORT. 
+# * Configure browser proxy to use localhost with LOCAL_PORT.
 # * Load any page, wait for it to load fully. If the page loads
 #   correctly, move on. If not, something needs to be corrected.
 # * Refresh the page several times. This should cause this
 #   script to failed with the error: "closed stream". You may
-#   need to try a few times. 
+#   need to try a few times.
 #
 
 require 'highline/import'
@@ -37,10 +37,10 @@ pass = ask("Password: ") { |q| q.echo = "*" }
 puts "Configure your browser proxy to localhost:#{LOCAL_PORT}"
 
 begin
-  session = Net::SSH.start(host, user, :password => pass)  
+  session = Net::SSH.start(host, user, password: pass)
   session.forward.local(LOCAL_PORT, host, PROXY_PORT)
-  session.loop{true}
-rescue => e
+  session.loop {true}
+rescue StandardError => e
   puts e.message
   puts e.backtrace
 end