net-ssh 4.0.0.alpha3 → 4.0.0.alpha4

data/.travis.yml

@@ -1,21 +1,42 @@
 language: ruby
-sudo: false
+sudo: true
+dist: trusty
+
 rvm:
   - 2.0
   - 2.1
   - 2.2
   - 2.3.0
-  - jruby-head
-  - rbx-3.20
+  - jruby-9.0.5.0
+  - rbx-3.25
   - ruby-head
+env:
+  NET_SSH_RUN_INTEGRATION_TESTS=1
 
 matrix:
+  exclude:
+    - rvm: rbx-3.25
+    - rvm: jruby-9.0.5.0
+  include:
+    - rvm: rbx-3.25
+      env: NET_SSH_RUN_INTEGRATION_TESTS=
+    - rvm: jruby-9.0.5.0
+      env: JRUBY_OPTS='--client -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -Xcext.enabled=false -J-Xss2m -Xcompile.invokedynamic=false' NET_SSH_RUN_INTEGRATION_TESTS=
   allow_failures:
     - rvm: ruby-head
-    - rvm: rbx-3.20
+    - rvm: rbx-3.25
+    - rvm: jruby-9.0.5.0
 
 install:
+  - export JRUBY_OPTS='--client -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -Xcext.enabled=false -J-Xss2m -Xcompile.invokedynamic=false'
+  - sudo pip install ansible
   - gem install bundler -v "= 1.11.2"
   - bundle _1.11.2_ install
+  - sudo ansible-galaxy install rvm_io.rvm1-ruby
+  - ansible-playbook ./test/integration/playbook.yml -i "localhost," --become -c local -e 'no_rvm=true' -e 'myuser=travis' -e 'mygroup=travis' -e 'homedir=/home/travis'
 
-script: rake test
+script:
+  - bundle _1.11.2_ exec rake test
+  - BUNDLE_GEMFILE=./Gemfile.norbnacl bundle _1.11.2_ exec rake test
+  - bundle _1.11.2_ exec rake test_test
+  - bundle _1.11.2_ exec rubocop

data/CHANGES.txt

@@ -1,3 +1,12 @@
+=== 4.0.0.alpha4
+
+* Experimental event loop abstraction [Miklos Fazekas]
+* RbNacl dependency is optional [Miklos Fazekas]
+* agent_socket_factory option [Alon Goldboim]
+* client sends KEXINIT, it doesn't have to wait for server [Miklos Fazekas]
+* better error message when option is nil [Kane Morgan]
+* prompting can be customized [Miklos Fazekas]
+
 === 4.0.0.alpha3
 
 * added max_select_wait_time [Eugene Kenny]

data/Gemfile.norbnacl

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+ENV['NET_SSH_NO_RBNACL'] = 'true'
+# Specify your gem's dependencies in mygem.gemspec
+gemspec

data/Gemfile.norbnacl.lock

@@ -0,0 +1,40 @@
+PATH
+  remote: .
+  specs:
+    net-ssh (4.0.0.alpha3)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.2.0)
+    metaclass (0.0.4)
+    minitest (5.8.4)
+    mocha (1.1.0)
+      metaclass (~> 0.0.1)
+    parser (2.3.1.0)
+      ast (~> 2.2)
+    powerpack (0.1.1)
+    rainbow (2.1.0)
+    rake (11.1.2)
+    rubocop (0.39.0)
+      parser (>= 2.3.0.7, < 3.0)
+      powerpack (~> 0.1)
+      rainbow (>= 1.99.1, < 3.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
+    ruby-progressbar (1.8.0)
+    unicode-display_width (1.0.5)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.11.2)
+  minitest (~> 5.0)
+  mocha (>= 1.1.0)
+  net-ssh!
+  rake (~> 11.1)
+  rubocop (~> 0.39.0)
+
+BUNDLED WITH
+   1.11.2

data/README.rdoc

@@ -79,8 +79,6 @@ The only requirement you might be missing is the OpenSSL bindings for Ruby. Thes
 
 If that spits out something like "OpenSSL 0.9.8g 19 Oct 2007", then you're set. If you get an error, then you'll need to see about rebuilding ruby with OpenSSL support, or (if your platform supports it) installing the OpenSSL bindings separately.
 
-Additionally: if you are going to be having Net::SSH prompt you for things like passwords or certificate passphrases, you'll want to have either the Highline (recommended) or Termios (unix systems only) gem installed, so that the passwords don't echo in clear text.
-
 Lastly, if you want to run the tests or use any of the Rake tasks, you'll need Mocha and other dependencies listed in Gemfile
 
 

data/Rakefile

@@ -75,5 +75,15 @@ Rake::TestTask.new do |t|
   t.libs << "test/integration" if ENV['NET_SSH_RUN_INTEGRATION_TESTS']
   test_files = FileList['test/**/test_*.rb']
   test_files -= FileList['test/integration/**/test_*.rb'] unless ENV['NET_SSH_RUN_INTEGRATION_TESTS']
+  test_files -= FileList['test/test/**/test_*.rb']
+  t.test_files =  test_files
+end
+
+desc "Run tests of Net::SSH:Test"
+Rake::TestTask.new do |t|
+  t.name = "test_test"
+  # we need to run test/test separatedly as it hacks io + other modules
+  t.libs = ["lib", "test"]
+  test_files = FileList['test/test/**/test_*.rb']
   t.test_files =  test_files
 end

data/appveyor.yml

@@ -0,0 +1,18 @@
+version: '{build}'
+
+skip_tags: true
+
+environment:
+  matrix:
+    - ruby_version: "21"
+    - ruby_version: "21-x64"
+
+install:
+  - SET PATH=C:\Ruby%ruby_version%\bin;%PATH%
+  - gem install bundler --no-document -v 1.11.2
+  - BUNDLE_GEMFILE=./Gemfile.norbnacl bundle _1.11.2_ install --retry=3
+
+test_script:
+  - BUNDLE_GEMFILE=./Gemfile.norbnacl bundle _1.11.2_ exec rake test
+
+build: off

data/lib/net/ssh.rb

@@ -3,6 +3,7 @@
 ENV['HOME'] ||= ENV['HOMEPATH'] ? "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}" : Dir.pwd
 
 require 'logger'
+require 'etc'
 
 require 'net/ssh/config'
 require 'net/ssh/errors'
@@ -10,6 +11,7 @@ require 'net/ssh/loggable'
 require 'net/ssh/transport/session'
 require 'net/ssh/authentication/session'
 require 'net/ssh/connection/session'
+require 'net/ssh/prompt'
 
 module Net
 
@@ -69,7 +71,7 @@ module Net
       :known_hosts, :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
       :host_name, :user, :properties, :passphrase, :keys_only, :max_pkt_size,
       :max_win_size, :send_env, :use_agent, :number_of_password_prompts,
-      :append_supported_algorithms, :non_interactive
+      :append_supported_algorithms, :non_interactive, :password_prompt, :agent_socket_factory
     ]
 
     # The standard means of starting a new SSH connection. When used with a
@@ -176,7 +178,7 @@ module Net
     # * :user_known_hosts_file => the location of the user known hosts file.
     #   Set to an array to specify multiple user known hosts files.
     #   Defaults to %w(~/.ssh/known_hosts ~/.ssh/known_hosts2).
-    # * :use_agent => Set false to disable the use of ssh-agent. Defaults to 
+    # * :use_agent => Set false to disable the use of ssh-agent. Defaults to
     #   true
     # * :non_interactive => set to true if your app is non interactive and prefers
     #   authentication failure vs password prompt
@@ -191,7 +193,11 @@ module Net
     #   password auth method
     # * :non_interactive => non interactive applications should set it to true
     #   to prefer failing a password/etc auth methods vs asking for password
+    # * :password_prompt => a custom prompt object with ask method. See Net::SSH::Prompt
     #
+    # * :agent_socket_factory => enables the user to pass a lambda/block that will serve as the socket factory
+    #    Net::SSH::start(user,host,agent_socket_factory: ->{ UNIXSocket.open('/foo/bar') })
+    #    example: ->{ UNIXSocket.open('/foo/bar')}
     # If +user+ parameter is nil it defaults to USER from ssh_config, or
     # local username
     def self.start(host, user=nil, options={}, &block)
@@ -200,6 +206,11 @@ module Net
         raise ArgumentError, "invalid option(s): #{invalid_options.join(', ')}"
       end
 
+      if options.values.include? nil
+        nil_options = options.keys.select { |k| options[k].nil? }
+        raise ArgumentError, "Value(s) have been set to nil: #{nil_options.join(', ')}"
+      end
+
       options[:user] = user if user
       options = configuration_for(host, options.fetch(:config, true)).merge(options)
       host = options.fetch(:host_name, host)
@@ -213,6 +224,8 @@ module Net
         options[:number_of_password_prompts] = 0
       end
 
+      options[:password_prompt] ||= Prompt.default(options)
+
       if options[:verbose]
         options[:logger].level = case options[:verbose]
           when Fixnum then options[:verbose]

data/lib/net/ssh/authentication/agent/java_pageant.rb

@@ -19,7 +19,7 @@ module Net; module SSH; module Authentication
 
     # Instantiates a new agent object, connects to a running SSH agent,
     # negotiates the agent protocol version, and returns the agent object.
-    def self.connect(logger=nil)
+    def self.connect(logger=nil, agent_socket_factory)
       agent = new(logger)
       agent.connect!
       agent

data/lib/net/ssh/authentication/agent/socket.rb

@@ -42,9 +42,9 @@ module Net; module SSH; module Authentication
 
     # Instantiates a new agent object, connects to a running SSH agent,
     # negotiates the agent protocol version, and returns the agent object.
-    def self.connect(logger=nil)
+    def self.connect(logger=nil, agent_socket_factory = nil)
       agent = new(logger)
-      agent.connect!
+      agent.connect!(agent_socket_factory)
       agent.negotiate!
       agent
     end
@@ -59,10 +59,10 @@ module Net; module SSH; module Authentication
     # given by the attribute writers. If the agent on the other end of the
     # socket reports that it is an SSH2-compatible agent, this will fail
     # (it only supports the ssh-agent distributed by OpenSSH).
-    def connect!
+    def connect!(agent_socket_factory = nil)
       begin
         debug { "connecting to ssh-agent" }
-        @socket = agent_socket_factory.open(ENV['SSH_AUTH_SOCK'])
+        @socket = agent_socket_factory.nil? ? socket_class.open(ENV['SSH_AUTH_SOCK']) : agent_socket_factory.call
       rescue
         error { "could not connect to ssh-agent" }
         raise AgentNotAvailable, $!.message
@@ -132,7 +132,7 @@ module Net; module SSH; module Authentication
     private
 
     # Returns the agent socket factory to use.
-    def agent_socket_factory
+    def socket_class
       if Net::SSH::Authentication::PLATFORM == :win32
         Pageant::Socket
       else

data/lib/net/ssh/authentication/ed25519.rb

@@ -1,5 +1,6 @@
-gem 'rbnacl-libsodium'
-gem 'rbnacl'
+gem 'rbnacl-libsodium', '~> 1.0.10'
+gem 'rbnacl', '~> 3.3.0'
+gem 'bcrypt_pbkdf', '~> 1.0.0.alpha1' unless RUBY_PLATFORM == "java"
 
 require 'rbnacl/libsodium'
 require 'rbnacl'
@@ -13,20 +14,14 @@ require 'base64'
 require 'net/ssh/transport/cipher_factory'
 require 'bcrypt_pbkdf' unless RUBY_PLATFORM == "java"
 
-module RbNaCl
-  module Signatures
-    module Ed25519
-      class SigningKeyFromFile < SigningKey
-        def initialize(pk,sk)
-          @signing_key = sk
-          @verify_key = VerifyKey.new(pk)
-        end
-      end
+module ED25519
+  class SigningKeyFromFile < RbNaCl::Signatures::Ed25519::SigningKey
+    def initialize(pk,sk)
+      @signing_key = sk
+      @verify_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(pk)
     end
   end
-end
 
-module ED25519
   class PubKey
     def initialize(data)
       @verify_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(data)
@@ -118,7 +113,7 @@ module ED25519
       _comment = decoded.read_string
 
       @pk = pk
-      @sign_key = RbNaCl::Signatures::Ed25519::SigningKeyFromFile.new(pk,sk)
+      @sign_key = SigningKeyFromFile.new(pk,sk)
     end
 
     def public_key

data/lib/net/ssh/authentication/key_manager.rb

@@ -176,7 +176,7 @@ module Net
         # or if the agent is otherwise not available.
         def agent
           return unless use_agent?
-          @agent ||= Agent.connect(logger)
+          @agent ||= Agent.connect(logger, options[:agent_socket_factory])
         rescue AgentNotAvailable
           @use_agent = false
           nil
@@ -221,11 +221,11 @@ module Net
                 key = KeyFactory.load_public_key(identity[:pubkey_file])
                 { :public_key => key, :from => :file, :file => identity[:privkey_file] }
               when :privkey_file
-                private_key = KeyFactory.load_private_key(identity[:privkey_file], options[:passphrase], ask_passphrase)
+                private_key = KeyFactory.load_private_key(identity[:privkey_file], options[:passphrase], ask_passphrase, options[:password_prompt])
                 key = private_key.send(:public_key)
                 { :public_key => key, :from => :file, :file => identity[:privkey_file], :key => private_key }
               when :data
-                private_key = KeyFactory.load_data_private_key(identity[:data], options[:passphrase], ask_passphrase)
+                private_key = KeyFactory.load_data_private_key(identity[:data], options[:passphrase], ask_passphrase, "<key in memory>", options[:password_prompt])
                 key = private_key.send(:public_key)
                 { :public_key => key, :from => :key_data, :data => identity[:data], :key => private_key }
               else

data/lib/net/ssh/authentication/methods/abstract.rb

@@ -22,6 +22,7 @@ module Net; module SSH; module Authentication; module Methods
       @session = session
       @key_manager = options[:key_manager]
       @options = options
+      @prompt = options[:password_prompt]
       self.logger = session.logger
     end
 
@@ -55,6 +56,9 @@ module Net; module SSH; module Authentication; module Methods
       buffer
     end
 
+    private
+
+    attr_reader :prompt
   end
 
 end; end; end; end

data/lib/net/ssh/authentication/methods/keyboard_interactive.rb

@@ -8,8 +8,6 @@ module Net
 
         # Implements the "keyboard-interactive" SSH authentication method.
         class KeyboardInteractive < Abstract
-          include Prompt
-
           USERAUTH_INFO_REQUEST  = 60
           USERAUTH_INFO_RESPONSE = 61
 
@@ -18,12 +16,14 @@ module Net
             debug { "trying keyboard-interactive" }
             send_message(userauth_request(username, next_service, "keyboard-interactive", "", ""))
 
+            prompter = nil
             loop do
               message = session.next_message
 
               case message.type
               when USERAUTH_SUCCESS
                 debug { "keyboard-interactive succeeded" }
+                prompter.success if prompter
                 return true
               when USERAUTH_FAILURE
                 debug { "keyboard-interactive failed" }
@@ -31,26 +31,26 @@ module Net
                 raise Net::SSH::Authentication::DisallowedMethod unless
                   message[:authentications].split(/,/).include? 'keyboard-interactive'
 
-                return false
+                return false unless interactive?
+                password = nil
+                debug { "retrying keyboard-interactive" }
+                send_message(userauth_request(username, next_service, "keyboard-interactive", "", ""))
               when USERAUTH_INFO_REQUEST
                 name = message.read_string
                 instruction = message.read_string
                 debug { "keyboard-interactive info request" }
 
-                unless password
-                  if interactive?
-                    puts(name) unless name.empty?
-                    puts(instruction) unless instruction.empty?
-                  end
+                if password.nil? && interactive? && prompter.nil?
+                  prompter = prompt.start(type: 'keyboard-interactive', name: name, instruction: instruction)
                 end
 
                 _ = message.read_string # lang_tag
                 responses =[]
-  
+
                 message.read_long.times do
                   text = message.read_string
                   echo = message.read_bool
-                  password_to_send = password || (interactive? ? prompt(text, echo) : nil)
+                  password_to_send = password || (prompter && prompter.ask(text, echo))
                   responses << password_to_send
                 end
 

data/lib/net/ssh/authentication/methods/password.rb

@@ -9,11 +9,10 @@ module Net
 
         # Implements the "password" SSH authentication method.
         class Password < Abstract
-          include Prompt
-
           # Attempt to authenticate the given user for the given service. If
           # the password parameter is nil, this will ask for password
           def authenticate(next_service, username, password=nil)
+            clear_prompter!
             retries = 0
             max_retries =  get_max_retries
             return false if !password && max_retries == 0
@@ -37,6 +36,7 @@ module Net
             case message.type
               when USERAUTH_SUCCESS
                 debug { "password succeeded" }
+                @prompter.success if @prompter
                 return true
               when USERAUTH_FAILURE
                 return false
@@ -52,9 +52,20 @@ module Net
 
           NUMBER_OF_PASSWORD_PROMPTS = 3
 
+          def clear_prompter!
+            @prompt_info = nil
+            @prompter = nil
+          end
+
           def ask_password(username)
+            host = session.transport.host
+            prompt_info = {type: 'password', user: username, host: host}
+            if @prompt_info != prompt_info
+              @prompt_info = prompt_info
+              @prompter = prompt.start(prompt_info)
+            end
             echo = false
-            prompt("#{username}@#{session.transport.host}'s password:", echo)
+            @prompter.ask("#{username}@#{host}'s password:", echo)
           end
 
           def get_max_retries