net-ssh 4.0.0.rc1 → 4.0.0.rc2

data/.travis.yml

@@ -7,25 +7,26 @@ rvm:
   - 2.1
   - 2.2
   - 2.3.0
-  - jruby-9.1.2.0
-  - rbx-3.25
+  - 2.4.0-rc1
+  - jruby-9.1.6.0
+  - rbx-3.69
   - ruby-head
 env:
   NET_SSH_RUN_INTEGRATION_TESTS=1
 
 matrix:
   exclude:
-    - rvm: rbx-3.25
-    - rvm: jruby-9.1.2.0
+    - rvm: rbx-3.69
+    - rvm: jruby-9.1.6.0
   include:
-    - rvm: rbx-3.25
+    - rvm: rbx-3.69
       env: NET_SSH_RUN_INTEGRATION_TESTS=
-    - rvm: jruby-9.1.2.0
+    - rvm: jruby-9.1.6.0
       env: JRUBY_OPTS='--client -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -Xcext.enabled=false -J-Xss2m -Xcompile.invokedynamic=false' NET_SSH_RUN_INTEGRATION_TESTS=
   fast_finish: true
   allow_failures:
-    - rvm: rbx-3.25
-    - rvm: jruby-9.1.2.0
+    - rvm: rbx-3.69
+    - rvm: jruby-9.1.6.0
     - rvm: ruby-head
 
 install:

data/CHANGES.txt

@@ -1,3 +1,9 @@
+=== 4.0.0.rc2
+
+ * Fixed OpenSSL 2.0/Ruby 2.4.0 warnings [Miklós Fazekas, #468]
+ * Added ssh-ed25519 to KnownHosts:SUPPORTED_TYPE [detatka-kuzlatka-otevrete, Miklós Fazekas, #459]
+ * Allow nil for :passhrase and passing in nil option is now a depreaction warning [Miklós Fazekas, #465]
+
 === 4.0.0.rc1
 
  * Allow :password to be nil for capistrano v2 compatibility [Will Bryant, #357]

data/Gemfile

@@ -3,10 +3,11 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in mygem.gemspec
 gemspec
 
-unless Gem.win_platform? || RUBY_PLATFORM == "java"
+if !Gem.win_platform? && RUBY_ENGINE == "mri"
   gem 'byebug', group: [:development, :test]
 end
 
-gem 'simplecov', require: false, group: :test
-
-gem 'codecov', require: false, group: :test if ENV["CI"]
+if ENV["CI"]
+  gem 'codecov', require: false, group: :test
+  gem 'simplecov', require: false, group: :test
+end

data/Gemfile.norbnacl

@@ -4,7 +4,7 @@ ENV['NET_SSH_NO_RBNACL'] = 'true'
 # Specify your gem's dependencies in mygem.gemspec
 gemspec
 
-unless Gem.win_platform?
+if ENV["CI"] && !Gem.win_platform?
   gem 'simplecov', require: false, group: :test
-  gem 'codecov', require: false, group: :test if ENV["CI"]
+  gem 'codecov', require: false, group: :test
 end

data/Gemfile.norbnacl.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    net-ssh (4.0.0.beta3)
+    net-ssh (4.0.0.rc1)
 
 GEM
   remote: https://rubygems.org/
@@ -38,4 +38,4 @@ DEPENDENCIES
   rubocop (~> 0.39.0)
 
 BUNDLED WITH
-   1.13.5
+   1.13.6

data/README.rdoc

@@ -1,6 +1,7 @@
 {<img src="https://badge.fury.io/rb/net-ssh.svg" alt="Gem Version" />}[https://badge.fury.io/rb/net-ssh]
 {<img src="https://badges.gitter.im/net-ssh/net-ssh.svg" alt="Join the chat at https://gitter.im/net-ssh/net-ssh">}[https://gitter.im/net-ssh/net-ssh?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge]
 {<img src="https://travis-ci.org/net-ssh/net-ssh.svg?branch=master" alt="Build Status" />}[https://travis-ci.org/net-ssh/net-ssh]
+{<img src="https://codecov.io/gh/net-ssh/net-ssh/branch/master/graph/badge.svg" alt="Coverage status" />}[https://codecov.io/gh/net-ssh/net-ssh]
 
 = Net::SSH 4.x
 
@@ -129,6 +130,19 @@ To run integration tests see test/integration/README.txt
 
      rake build
 
+=== GEM SIGNING (for maintainers)
+
+If you have the net-ssh private signing key, you will be able to create signed release builds. Make sure the private key path matches the `signing_key` path set in `net-ssh.gemspec` and tell rake to sign the gem by setting the `NET_SSH_BUILDGEM_SIGNED` flag:
+
+     NET_SSH_BUILDGEM_SIGNED=true rake build
+
+For time to time, the public certificate associated to the private key needs to be renewed. You can do this with the following command:
+
+     gem cert --build netssh@solutious.com --private-key path/2/net-ssh-private_key.pem
+     mv gem-public_cert.pem net-ssh-public_cert.pem
+     gem cert --add net-ssh-public_cert.pem
+
+
 == LICENSE:
 
 (The MIT License)

data/Rakefile

@@ -22,14 +22,14 @@ Rake::Task[:release].enhance [:check_NET_SSH_BUILDGEM_SIGNED]
 Rake::Task[:release].prerequisites.unshift(:check_NET_SSH_BUILDGEM_SIGNED)
 
 
-task :default => ["build"]
+task default: ["build"]
 CLEAN.include [ 'pkg', 'rdoc' ]
 name = "net-ssh"
 
 require_relative "lib/net/ssh/version"
 version = Net::SSH::Version::CURRENT
 
-extra_files = %w[LICENSE.txt THANKS.txt CHANGES.txt ]
+extra_files = %w[LICENSE.txt THANKS.txt CHANGES.txt]
 RDoc::Task.new do |rdoc|
   rdoc.rdoc_dir = "rdoc"
   rdoc.title = "#{name} #{version}"

data/lib/net/ssh.rb

@@ -41,21 +41,21 @@ module Net
   #
   # == X == "execute a command and capture the output"
   #
-  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #   Net::SSH.start("host", "user", password: "password") do |ssh|
   #     result = ssh.exec!("ls -l")
   #     puts result
   #   end
   #
   # == X == "forward connections on a local port to a remote host"
   #
-  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #   Net::SSH.start("host", "user", password: "password") do |ssh|
   #     ssh.forward.local(1234, "www.google.com", 80)
   #     ssh.loop { true }
   #   end
   #
   # == X == "forward connections on a remote port to the local host"
   #
-  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #   Net::SSH.start("host", "user", password: "password") do |ssh|
   #     ssh.forward.remote(80, "www.google.com", 1234)
   #     ssh.loop { true }
   #   end
@@ -154,8 +154,8 @@ module Net
     # * :max_win_size => maximum size we tell the other side that is supported for
     #   the window.
     # * :non_interactive => set to true if your app is non interactive and prefers
-    #   authentication failure vs password prompt. Non-interactive applications 
-    #   should set it to true to prefer failing a password/etc auth methods vs. 
+    #   authentication failure vs password prompt. Non-interactive applications
+    #   should set it to true to prefer failing a password/etc auth methods vs.
     #   asking for password.
     # * :paranoid => either false, true, :very, or :secure specifying how
     #   strict host-key verification should be (in increasing order here).
@@ -208,13 +208,7 @@ module Net
       end
 
       assign_defaults(options)
-
-      options.delete(:password) if options.key?(:password) && options[:password].nil?
-
-      if options.values.include? nil
-        nil_options = options.keys.select { |k| options[k].nil? }
-        raise ArgumentError, "Value(s) have been set to nil: #{nil_options.join(', ')}"
-      end
+      _sanitize_options(options)
 
       options[:user] = user if user
       options = configuration_for(host, options.fetch(:config, true)).merge(options)
@@ -226,7 +220,7 @@ module Net
 
       if options[:verbose]
         options[:logger].level = case options[:verbose]
-          when Fixnum then options[:verbose]
+          when Integer then options[:verbose]
           when :debug then Logger::DEBUG
           when :info  then Logger::INFO
           when :warn  then Logger::WARN
@@ -283,6 +277,19 @@ module Net
       end
 
       options[:password_prompt] ||= Prompt.default(options)
+
+      [:password, :passphrase].each do |key|
+        options.delete(key) if options.key?(key) && options[key].nil?
+      end
+    end
+
+    def self._sanitize_options(options)
+      invalid_option_values = [nil,[nil]]
+      unless (options.values & invalid_option_values).empty?
+        nil_options = options.select { |_k,v| invalid_option_values.include?(v) }.map(&:first)
+        Kernel.warn "#{caller_locations(2, 1)[0]}: Passing nil, or [nil] to Net::SSH.start is deprecated for keys: #{nil_options.join(', ')}"
+      end
     end
+    private_class_method :_sanitize_options
   end
 end

data/lib/net/ssh/authentication/key_manager.rb

@@ -108,7 +108,7 @@ module Net
               user_identities.delete(corresponding_user_identity) if corresponding_user_identity
 
               if !options[:keys_only] || corresponding_user_identity
-                known_identities[key] = { :from => :agent }
+                known_identities[key] = { from: :agent }
                 yield key
               end
             end
@@ -140,7 +140,7 @@ module Net
           if info[:key].nil? && info[:from] == :file
             begin
               info[:key] = KeyFactory.load_private_key(info[:file], options[:passphrase], !options[:non_interactive])
-            rescue Exception, OpenSSL::OpenSSLError => e
+            rescue OpenSSL::OpenSSLError, Exception => e
               raise KeyManagerError, "the given identity is known, but the private key could not be loaded: #{e.class} (#{e.message})"
             end
           end
@@ -208,7 +208,7 @@ module Net
         # Prepared identities from user key_data, preserving their order and sources.
         def prepare_identities_from_data
           key_data.map do |data|
-            { :load_from => :data, :data => data }
+            { load_from: :data, data: data }
           end
         end
 
@@ -219,15 +219,15 @@ module Net
               case identity[:load_from]
               when :pubkey_file
                 key = KeyFactory.load_public_key(identity[:pubkey_file])
-                { :public_key => key, :from => :file, :file => identity[:privkey_file] }
+                { public_key: key, from: :file, file: identity[:privkey_file] }
               when :privkey_file
                 private_key = KeyFactory.load_private_key(identity[:privkey_file], options[:passphrase], ask_passphrase, options[:password_prompt])
                 key = private_key.send(:public_key)
-                { :public_key => key, :from => :file, :file => identity[:privkey_file], :key => private_key }
+                { public_key: key, from: :file, file: identity[:privkey_file], key: private_key }
               when :data
                 private_key = KeyFactory.load_data_private_key(identity[:data], options[:passphrase], ask_passphrase, "<key in memory>", options[:password_prompt])
                 key = private_key.send(:public_key)
-                { :public_key => key, :from => :key_data, :data => identity[:data], :key => private_key }
+                { public_key: key, from: :key_data, data: identity[:data], key: private_key }
               else
                 identity
               end

data/lib/net/ssh/authentication/pageant.rb

@@ -250,12 +250,15 @@ module Net; module SSH; module Authentication
         psd_information = malloc_ptr(Win::SECURITY_DESCRIPTOR.size)
         raise_error_if_zero(
           Win.InitializeSecurityDescriptor(psd_information,
-                                           Win::REVISION))
+                                           Win::REVISION)
+        )
         raise_error_if_zero(
           Win.SetSecurityDescriptorOwner(psd_information, get_sid_ptr(user),
-                                         0))
+                                         0)
+        )
         raise_error_if_zero(
-          Win.IsValidSecurityDescriptor(psd_information))
+          Win.IsValidSecurityDescriptor(psd_information)
+        )
 
         sa = Win::SECURITY_ATTRIBUTES.new(to_struct_ptr(malloc_ptr(Win::SECURITY_ATTRIBUTES.size)))
         sa.nLength = Win::SECURITY_ATTRIBUTES.size
@@ -337,7 +340,8 @@ module Net; module SSH; module Authentication
 
         raise_error_if_zero(
           Win.OpenProcessToken(process_handle, desired_access,
-                               ptoken_handle))
+                               ptoken_handle)
+        )
         token_handle = ptr_to_handle(ptoken_handle)
         return token_handle
       end
@@ -362,7 +366,8 @@ module Net; module SSH; module Authentication
                                   token_information_class,
                                   ptoken_information,
                                   ptoken_information.size,
-                                  preturn_length))
+                                  preturn_length)
+        )
 
         return to_token_user(ptoken_information)
       end
@@ -430,8 +435,7 @@ module Net; module SSH; module Authentication
         @output_buffer.read(n)
       end
 
-      def close
-      end
+      def close; end
 
       # Packages the given query string and sends it to the pageant
       # process via the Windows messaging subsystem. The result is

data/lib/net/ssh/buffer.rb

@@ -162,7 +162,7 @@ module Net; module SSH
       index = @content.index(pattern, @position) or return nil
       length = case pattern
         when String then pattern.length
-        when Fixnum then 1
+        when Integer then 1
         when Regexp then $&.length
       end
       index && read(index+length)
@@ -248,16 +248,29 @@ module Net; module SSH
       case type
         when /^ssh-dss(-cert-v01@openssh\.com)?$/
           key = OpenSSL::PKey::DSA.new
-          key.p = read_bignum
-          key.q = read_bignum
-          key.g = read_bignum
-          key.pub_key = read_bignum
+          if key.respond_to?(:set_pqg)
+            key.set_pqg(read_bignum, read_bignum, read_bignum)
+          else
+            key.p = read_bignum
+            key.q = read_bignum
+            key.g = read_bignum
+          end
+          if key.respond_to?(:set_key)
+            key.set_key(read_bignum, nil)
+          else
+            key.pub_key = read_bignum
+          end
 
         when /^ssh-rsa(-cert-v01@openssh\.com)?$/
           key = OpenSSL::PKey::RSA.new
-          key.e = read_bignum
-          key.n = read_bignum
-
+          if key.respond_to?(:set_key)
+            e = read_bignum
+            n = read_bignum
+            key.set_key(n, e, nil)
+          else
+            key.e = read_bignum
+            key.n = read_bignum
+          end
         when /^ssh-ed25519$/
           Net::SSH::Authentication::ED25519Loader.raiseUnlessLoaded("unsupported key type `#{type}'")
           key = Net::SSH::Authentication::ED25519::PubKey.read_keyblob(self)

data/lib/net/ssh/config.rb

@@ -144,7 +144,7 @@ module Net; module SSH
       def translate(settings)
         auth_methods = default_auth_methods.clone
         (auth_methods << 'challenge-response').uniq!
-        ret = settings.inject({:auth_methods=>auth_methods}) do |hash, (key, value)|
+        ret = settings.inject({auth_methods: auth_methods}) do |hash, (key, value)|
           case key
           when 'bindaddress' then
             hash[:bind_address] = value
@@ -280,7 +280,7 @@ module Net; module SSH
           else size.to_i
           end
         end
-        
+
         def merge_challenge_response_with_keyboard_interactive(hash)
           if hash[:auth_methods].include?('challenge-response')
             hash[:auth_methods].delete('challenge-response')

data/lib/net/ssh/connection/channel.rb

@@ -189,12 +189,12 @@ module Net; module SSH; module Connection
     end
 
     # A hash of the valid PTY options (see #request_pty).
-    VALID_PTY_OPTIONS = { :term        => "xterm",
-                          :chars_wide  => 80,
-                          :chars_high  => 24,
-                          :pixels_wide => 640,
-                          :pixels_high => 480,
-                          :modes       => {} }
+    VALID_PTY_OPTIONS = { term: "xterm",
+                          chars_wide: 80,
+                          chars_high: 24,
+                          pixels_wide: 640,
+                          pixels_high: 480,
+                          modes: {} }
 
     # Requests that a pseudo-tty (or "pty") be made available for this channel.
     # This is useful when you want to invoke and interact with some kind of

data/lib/net/ssh/connection/event_loop.rb

@@ -68,14 +68,18 @@ module Net; module SSH; module Connection
 
       fired_sessions = {}
 
-      readers.each do |reader|
-        session = owners[reader]
-        (fired_sessions[session] ||= {r: [],w: []})[:r] << reader
-      end if readers
-      writers.each do |writer|
-        session = owners[writer]
-        (fired_sessions[session] ||= {r: [],w: []})[:w] << writer
-      end if writers
+      if readers
+        readers.each do |reader|
+          session = owners[reader]
+          (fired_sessions[session] ||= {r: [],w: []})[:r] << reader
+        end
+      end
+      if writers
+        writers.each do |writer|
+          session = owners[writer]
+          (fired_sessions[session] ||= {r: [],w: []})[:w] << writer
+        end
+      end
 
       fired_sessions.each do |s,rw|
         s.ev_do_handle_events(rw[:r],rw[:w])

data/lib/net/ssh/connection/session.rb

@@ -78,8 +78,8 @@ module Net; module SSH; module Connection
       @on_global_request = {}
       @properties = (options[:properties] || {}).dup
 
-      @max_pkt_size = (options.has_key?(:max_pkt_size) ? options[:max_pkt_size] : 0x8000)
-      @max_win_size = (options.has_key?(:max_win_size) ? options[:max_win_size] : 0x20000)
+      @max_pkt_size = (options.key?(:max_pkt_size) ? options[:max_pkt_size] : 0x8000)
+      @max_win_size = (options.key?(:max_win_size) ? options[:max_win_size] : 0x20000)
 
       @keepalive = Keepalive.new(self)
 

data/lib/net/ssh/errors.rb

@@ -5,14 +5,14 @@ module Net; module SSH
 
   # This exception is raised when authentication fails (whether it be
   # public key authentication, password authentication, or whatever).
-  class AuthenticationFailed < Exception; end
+  class AuthenticationFailed < Net::SSH::Exception; end
 
   # This exception is raised when a connection attempt times out.
-  class ConnectionTimeout < Exception; end
+  class ConnectionTimeout < Net::SSH::Exception; end
 
   # This exception is raised when the remote host has disconnected
   # unexpectedly.
-  class Disconnect < Exception; end
+  class Disconnect < Net::SSH::Exception; end
 
   # This exception is raised when the remote host has disconnected/
   # timeouted unexpectedly.
@@ -23,14 +23,14 @@ module Net; module SSH
   # want to fail in such a way that the server knows it failed, you can
   # raise this exception in the handler and Net::SSH will translate that into
   # a "channel failure" message.
-  class ChannelRequestFailed < Exception; end
+  class ChannelRequestFailed < Net::SSH::Exception; end
 
   # This is exception is primarily used internally, but if you have a channel
   # open handler (see Net::SSH::Connection::Session#on_open_channel) and you
   # want to fail in such a way that the server knows it failed, you can
   # raise this exception in the handler and Net::SSH will translate that into
   # a "channel open failed" message.
-  class ChannelOpenFailed < Exception
+  class ChannelOpenFailed < Net::SSH::Exception
     attr_reader :code, :reason
 
     def initialize(code, reason)
@@ -42,7 +42,7 @@ module Net; module SSH
   # Base class for host key exceptions. When rescuing this exception, you can
   # inspect the key fingerprint and, if you want to proceed anyway, simply call
   # the remember_host! method on the exception, and then retry.
-  class HostKeyError < Exception
+  class HostKeyError < Net::SSH::Exception
     # the callback to use when #remember_host! is called
     attr_writer :callback #:nodoc: