RubyGems - net-ssh - Versions diffs - 4.0.0.rc1 → 4.0.0.rc2 - Mend

net-ssh 4.0.0.rc1 → 4.0.0.rc2

Files changed (36) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.rubocop_todo.yml +189 -208
data/.travis.yml +9 -8
data/CHANGES.txt +6 -0
data/Gemfile +5 -4
data/Gemfile.norbnacl +2 -2
data/Gemfile.norbnacl.lock +2 -2
data/README.rdoc +14 -0
data/Rakefile +2 -2
data/lib/net/ssh.rb +20 -13
data/lib/net/ssh/authentication/key_manager.rb +6 -6
data/lib/net/ssh/authentication/pageant.rb +11 -7
data/lib/net/ssh/buffer.rb +21 -8
data/lib/net/ssh/config.rb +2 -2
data/lib/net/ssh/connection/channel.rb +6 -6
data/lib/net/ssh/connection/event_loop.rb +12 -8
data/lib/net/ssh/connection/session.rb +2 -2
data/lib/net/ssh/errors.rb +6 -6
data/lib/net/ssh/key_factory.rb +5 -8
data/lib/net/ssh/prompt.rb +4 -6
data/lib/net/ssh/proxy/http.rb +5 -5
data/lib/net/ssh/test.rb +1 -1
data/lib/net/ssh/test/kex.rb +4 -4
data/lib/net/ssh/transport/algorithms.rb +49 -46
data/lib/net/ssh/transport/cipher_factory.rb +4 -4
data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +20 -9
data/lib/net/ssh/transport/session.rb +1 -1
data/lib/net/ssh/version.rb +1 -1
data/net-ssh-public_cert.pem +19 -18
data/net-ssh.gemspec +4 -5
data/support/arcfour_check.rb +1 -1
data/support/ssh_tunnel_bug.rb +1 -1
metadata +52 -52
metadata.gz.sig +0 -0

@@ -37,7 +37,7 @@ module Net; module SSH
       # whether the file describes an RSA or DSA key, and will load it
       # appropriately. The new key is returned. If the key itself is
       # encrypted (requiring a passphrase to use), the user will be
-      # prompted to enter their password unless passphrase works.
+      # prompted to enter their password unless passphrase works.
       def load_private_key(filename, passphrase=nil, ask_passphrase=true, prompt=Prompt.default)
         data = File.read(File.expand_path(filename))
         load_data_private_key(data, passphrase, ask_passphrase, filename, prompt)
@@ -47,7 +47,7 @@ module Net; module SSH
       # whether the file describes an RSA or DSA key, and will load it
       # appropriately. The new key is returned. If the key itself is
       # encrypted (requiring a passphrase to use), the user will be
-      # prompted to enter their password unless passphrase works.
+      # prompted to enter their password unless passphrase works.
       def load_data_private_key(data, passphrase=nil, ask_passphrase=true, filename="", prompt=Prompt.default)
         key_read, error_classes = classify_key(data, filename)
@@ -55,7 +55,7 @@ module Net; module SSH
         tries = 0
         prompter = nil
-        result =
+        result =
           begin
             key_read[data, passphrase || 'invalid']
           rescue *error_classes
@@ -109,11 +109,8 @@ module Net; module SSH
       # appropriately.
       def classify_key(data, filename)
         if data.match(/-----BEGIN OPENSSH PRIVATE KEY-----/)
-          if defined?(Net::SSH::Authentication::ED25519)
-            return ->(key_data, passphrase) { Net::SSH::Authentication::ED25519::PrivKey.read(key_data, passphrase) }, [ArgumentError]
-          else
-            raise OpenSSL::PKey::PKeyError, "OpenSSH keys only supported if ED25519 is available - #{ED25519_LOAD_ERROR}"
-          end
+          Net::SSH::Authentication::ED25519Loader.raiseUnlessLoaded("OpenSSH keys only supported if ED25519 is available")
+          return ->(key_data, passphrase) { Net::SSH::Authentication::ED25519::PrivKey.read(key_data, passphrase) }, [ArgumentError]
         elsif OpenSSL::PKey.respond_to?(:read)
           return ->(key_data, passphrase) { OpenSSL::PKey.read(key_data, passphrase) }, [ArgumentError, OpenSSL::PKey::PKeyError]
         elsif data.match(/-----BEGIN DSA PRIVATE KEY-----/)

data/lib/net/ssh/prompt.rb CHANGED

@@ -24,14 +24,13 @@ module Net; module SSH
       @default ||= new(options)
     end
-    def initialize(options = {})
-    end
+    def initialize(options = {}); end
     # default prompt object implementation. More sophisticated implemenetations
     # might implement caching.
     class Prompter
       def initialize(info)
-        if info[:type] == 'keyboard-interactive' # rubocop:disable Style/GuardClause
+        if info[:type] == 'keyboard-interactive'
           $stdout.puts(info[:name]) unless info[:name].empty?
           $stdout.puts(info[:instruction]) unless info[:instruction].empty?
         end
@@ -49,8 +48,7 @@ module Net; module SSH
       # success method will be called when the password was accepted
       # It's a good time to save password asked to a cache.
-      def success
-      end
+      def success; end
     end
     # start password session. Multiple questions might be asked multiple times
@@ -61,4 +59,4 @@ module Net; module SSH
     end
   end
-end; end
+end; end

data/lib/net/ssh/proxy/http.rb CHANGED

@@ -87,11 +87,11 @@ module Net; module SSH; module Proxy
           body = socket.read(headers["Content-Length"].to_i)
         end
-        return { :version => version,
-                 :code => code.to_i,
-                 :reason => reason,
-                 :headers => headers,
-                 :body => body }
+        return { version: version,
+                 code: code.to_i,
+                 reason: reason,
+                 headers: headers,
+                 body: body }
       end
   end

data/lib/net/ssh/test.rb CHANGED

@@ -71,7 +71,7 @@ module Net; module SSH
     # in these tests. It is a fully functional SSH transport session, operating
     # over a mock socket (#socket).
     def transport(options={})
-      @transport ||= Net::SSH::Transport::Session.new(options[:host] || "localhost", options.merge(:kex => "test", :host_key => "ssh-rsa", :paranoid => false, :proxy => socket(options)))
+      @transport ||= Net::SSH::Transport::Session.new(options[:host] || "localhost", options.merge(kex: "test", host_key: "ssh-rsa", paranoid: false, proxy: socket(options)))
     end
     # First asserts that a story has been described (see #story). Then yields,

data/lib/net/ssh/test/kex.rb CHANGED

@@ -31,10 +31,10 @@ module Net; module SSH; module Test
       buffer = @connection.next_message
       raise Net::SSH::Exception, "expected NEWKEYS" unless buffer.type == NEWKEYS
-      { :session_id        => "abc-xyz",
-        :server_key        => OpenSSL::PKey::RSA.new(512),
-        :shared_secret     => OpenSSL::BN.new("1234567890", 10),
-        :hashing_algorithm => OpenSSL::Digest::SHA1 }
+      { session_id: "abc-xyz",
+        server_key: OpenSSL::PKey::RSA.new(512),
+        shared_secret: OpenSSL::BN.new("1234567890", 10),
+        hashing_algorithm: OpenSSL::Digest::SHA1 }
     end
   end

data/lib/net/ssh/transport/algorithms.rb CHANGED

@@ -6,6 +6,7 @@ require 'net/ssh/transport/constants'
 require 'net/ssh/transport/hmac'
 require 'net/ssh/transport/kex'
 require 'net/ssh/transport/server_version'
+require 'net/ssh/authentication/ed25519_loader'
 module Net; module SSH; module Transport
@@ -22,32 +23,34 @@ module Net; module SSH; module Transport
     # Define the default algorithms, in order of preference, supported by
     # Net::SSH.
     ALGORITHMS = {
-      :host_key    => %w(ssh-rsa ssh-dss
-                         ssh-rsa-cert-v01@openssh.com
-                         ssh-rsa-cert-v00@openssh.com),
-      :kex         => %w(diffie-hellman-group-exchange-sha1
-                         diffie-hellman-group1-sha1
-                         diffie-hellman-group14-sha1
-                         diffie-hellman-group-exchange-sha256),
-      :encryption  => %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
-                         aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
-                         idea-cbc none arcfour128 arcfour256 arcfour
-                         aes128-ctr aes192-ctr aes256-ctr
-                         cast128-ctr blowfish-ctr 3des-ctr
-                        ),
-      :hmac        => %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96
-                         hmac-ripemd160 hmac-ripemd160@openssh.com
-                         hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96
-                         hmac-sha2-512-96 none),
-      :compression => %w(none zlib@openssh.com zlib),
-      :language    => %w()
+      host_key: %w(ssh-rsa ssh-dss
+                   ssh-rsa-cert-v01@openssh.com
+                   ssh-rsa-cert-v00@openssh.com),
+      kex: %w(diffie-hellman-group-exchange-sha1
+              diffie-hellman-group1-sha1
+              diffie-hellman-group14-sha1
+              diffie-hellman-group-exchange-sha256),
+      encryption: %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
+                     aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
+                     idea-cbc none arcfour128 arcfour256 arcfour
+                     aes128-ctr aes192-ctr aes256-ctr
+                     cast128-ctr blowfish-ctr 3des-ctr),
+      hmac: %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96
+               hmac-ripemd160 hmac-ripemd160@openssh.com
+               hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96
+               hmac-sha2-512-96 none),
+      compression: %w(none zlib@openssh.com zlib),
+      language: %w()
     }
     if defined?(OpenSSL::PKey::EC)
       ALGORITHMS[:host_key] += %w(ecdsa-sha2-nistp256
                                   ecdsa-sha2-nistp384
                                   ecdsa-sha2-nistp521)
+      if Net::SSH::Authentication::ED25519Loader::LOADED
+        ALGORITHMS[:host_key] += %w(ssh-ed25519)
+      end
       ALGORITHMS[:kex] += %w(ecdh-sha2-nistp256
                              ecdh-sha2-nistp384
                              ecdh-sha2-nistp521)
@@ -251,7 +254,7 @@ module Net; module SSH; module Transport
       # Parses a KEXINIT packet from the server.
       def parse_server_algorithm_packet(packet)
-        data = { :raw => packet.content }
+        data = { raw: packet.content }
         packet.read(16) # skip the cookie value
@@ -352,13 +355,13 @@ module Net; module SSH; module Transport
         debug { "exchanging keys" }
         algorithm = Kex::MAP[kex].new(self, session,
-          :client_version_string => Net::SSH::Transport::ServerVersion::PROTO_VERSION,
-          :server_version_string => session.server_version.version,
-          :server_algorithm_packet => @server_packet,
-          :client_algorithm_packet => @client_packet,
-          :need_bytes => kex_byte_requirement,
-          :minimum_dh_bits => options[:minimum_dh_bits],
-          :logger => logger)
+          client_version_string: Net::SSH::Transport::ServerVersion::PROTO_VERSION,
+          server_version_string: session.server_version.version,
+          server_algorithm_packet: @server_packet,
+          client_algorithm_packet: @client_packet,
+          need_bytes: kex_byte_requirement,
+          minimum_dh_bits: options[:minimum_dh_bits],
+          logger: logger)
         result = algorithm.exchange_keys
         secret   = result[:shared_secret].to_ssh
@@ -368,7 +371,7 @@ module Net; module SSH; module Transport
         @session_id ||= hash
         key = Proc.new { |salt| digester.digest(secret + hash + salt + @session_id) }
         iv_client = key["A"]
         iv_server = key["B"]
         key_client = key["C"]
@@ -376,26 +379,26 @@ module Net; module SSH; module Transport
         mac_key_client = key["E"]
         mac_key_server = key["F"]
-        parameters = { :shared => secret, :hash => hash, :digester => digester }
-        cipher_client = CipherFactory.get(encryption_client, parameters.merge(:iv => iv_client, :key => key_client, :encrypt => true))
-        cipher_server = CipherFactory.get(encryption_server, parameters.merge(:iv => iv_server, :key => key_server, :decrypt => true))
+        parameters = { shared: secret, hash: hash, digester: digester }
+        cipher_client = CipherFactory.get(encryption_client, parameters.merge(iv: iv_client, key: key_client, encrypt: true))
+        cipher_server = CipherFactory.get(encryption_server, parameters.merge(iv: iv_server, key: key_server, decrypt: true))
         mac_client = HMAC.get(hmac_client, mac_key_client, parameters)
         mac_server = HMAC.get(hmac_server, mac_key_server, parameters)
-        session.configure_client :cipher => cipher_client, :hmac => mac_client,
-          :compression => normalize_compression_name(compression_client),
-          :compression_level => options[:compression_level],
-          :rekey_limit => options[:rekey_limit],
-          :max_packets => options[:rekey_packet_limit],
-          :max_blocks => options[:rekey_blocks_limit]
-        session.configure_server :cipher => cipher_server, :hmac => mac_server,
-          :compression => normalize_compression_name(compression_server),
-          :rekey_limit => options[:rekey_limit],
-          :max_packets => options[:rekey_packet_limit],
-          :max_blocks  => options[:rekey_blocks_limit]
+        session.configure_client cipher: cipher_client, hmac: mac_client,
+          compression: normalize_compression_name(compression_client),
+          compression_level: options[:compression_level],
+          rekey_limit: options[:rekey_limit],
+          max_packets: options[:rekey_packet_limit],
+          max_blocks: options[:rekey_blocks_limit]
+        session.configure_server cipher: cipher_server, hmac: mac_server,
+          compression: normalize_compression_name(compression_server),
+          rekey_limit: options[:rekey_limit],
+          max_packets: options[:rekey_packet_limit],
+          max_blocks: options[:rekey_blocks_limit]
         @initialized = true
       end

data/lib/net/ssh/transport/cipher_factory.rb CHANGED

@@ -33,8 +33,8 @@ module Net; module SSH; module Transport
     }
     # Ruby's OpenSSL bindings always return a key length of 16 for RC4 ciphers
-    # resulting in the error: OpenSSL::CipherError: key length too short.
-    # The following ciphers will override this key length.
+    # resulting in the error: OpenSSL::CipherError: key length too short.
+    # The following ciphers will override this key length.
     KEY_LEN_OVERRIDE = {
       "arcfour256"                  => 32,
       "arcfour512"                  => 64
@@ -57,7 +57,7 @@ module Net; module SSH; module Transport
     def self.get(name, options={})
       ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError, "unimplemented cipher `#{name}'"
       return IdentityCipher if ossl_name == "none"
-      cipher = OpenSSL::Cipher::Cipher.new(ossl_name)
+      cipher = OpenSSL::Cipher.new(ossl_name)
       cipher.send(options[:encrypt] ? :encrypt : :decrypt)
@@ -85,7 +85,7 @@ module Net; module SSH; module Transport
         result = [0, 0]
         result << 0 if options[:iv_len]
       else
-        cipher = OpenSSL::Cipher::Cipher.new(ossl_name)
+        cipher = OpenSSL::Cipher.new(ossl_name)
         key_len = KEY_LEN_OVERRIDE[name] || cipher.key_len
         cipher.key_len = key_len

data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb CHANGED

@@ -69,10 +69,10 @@ module Net; module SSH; module Transport; module Kex
       session_id = verify_signature(result)
       confirm_newkeys
-      return { :session_id        => session_id,
-               :server_key        => result[:server_key],
-               :shared_secret     => result[:shared_secret],
-               :hashing_algorithm => digester }
+      return { session_id: session_id,
+               server_key: result[:server_key],
+               shared_secret: result[:shared_secret],
+               hashing_algorithm: digester }
     end
     private
@@ -115,11 +115,22 @@ module Net; module SSH; module Transport; module Kex
       def generate_key #:nodoc:
         dh = OpenSSL::PKey::DH.new
-        dh.p, dh.g = get_parameters
-        dh.priv_key = OpenSSL::BN.rand(data[:need_bytes] * 8)
-        dh.generate_key! until dh.valid?
+        if dh.respond_to?(:set_pqg)
+          p, g = get_parameters
+          dh.set_pqg(p, nil, g)
+        else
+          dh.p, dh.g = get_parameters
+        end
+        dh.generate_key!
+        until dh.valid? && dh.priv_key.num_bytes == data[:need_bytes]
+          if dh.respond_to?(:set_key)
+            dh.set_key(nil, OpenSSL::BN.rand(data[:need_bytes] * 8))
+          else
+            dh.priv_key = OpenSSL::BN.rand(data[:need_bytes] * 8)
+          end
+          dh.generate_key!
+        end
         dh
       end
@@ -170,7 +181,7 @@ module Net; module SSH; module Transport; module Kex
         blob, fingerprint = generate_key_fingerprint(key)
-        unless connection.host_key_verifier.verify(:key => key, :key_blob => blob, :fingerprint => fingerprint, :session => connection)
+        unless connection.host_key_verifier.verify(key: key, key_blob: blob, fingerprint: fingerprint, session: connection)
           raise Net::SSH::Exception, "host key verification failed"
         end
       end

data/lib/net/ssh/transport/session.rb CHANGED

@@ -164,7 +164,7 @@ module Net; module SSH; module Transport
     # Returns a hash of information about the peer (remote) side of the socket,
     # including :ip, :port, :host, and :canonized (see #host_as_string).
     def peer
-      @peer ||= { :ip => socket.peer_ip, :port => @port.to_i, :host => @host, :canonized => host_as_string }
+      @peer ||= { ip: socket.peer_ip, port: @port.to_i, host: @host, canonized: host_as_string }
     end
     # Blocks until a new packet is available to be read, and returns that

data/lib/net/ssh/version.rb CHANGED

@@ -55,7 +55,7 @@ module Net; module SSH
     # The prerelease component of this version of the Net::SSH library
     # nil allowed
-    PRE   = "rc1"
+    PRE   = "rc2"
     # The current version of the Net::SSH library as a Version instance
     CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)

data/net-ssh-public_cert.pem CHANGED

@@ -1,20 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIDODCCAiCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBCMRAwDgYDVQQDDAduZXQt
-c3NoMRkwFwYKCZImiZPyLGQBGRYJc29sdXRpb3VzMRMwEQYKCZImiZPyLGQBGRYD
-Y29tMB4XDTE1MTIwNjIxMDYyNFoXDTE2MTIwNTIxMDYyNFowQjEQMA4GA1UEAwwH
-bmV0LXNzaDEZMBcGCgmSJomT8ixkARkWCXNvbHV0aW91czETMBEGCgmSJomT8ixk
-ARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYnhNtn0f6p
-nTylB8mE8lMdoMLJC8KwpMWsvk73Pe2WVDsH/OSwwwz6oUGk1i70cJyDjIEBNpwT
-88GpVXJSumvqVsf9fCg3mWNeb5t0J+aeNm9MIvYVMTqj5tydoXQiwnILRDYHV9tZ
-1c3o59/VlahSTpZ7YEgzVufpAkvEGkbJiG849exiipK7MN/ZIkMOxYVnyRXk43Xc
-6GYlsHOfSgPwcXwW5g57DCwLQLWrjDsTka28dxDmO7B5Lv5EqzINxVxWsu43OgZG
-21Io/jIyf5PNpeKPKNGDuAQJ8mvdMYBJoDhtCwgsUYbl0BZzA7g4ytl51HtIeP+j
-Qp/eAvs/RrECAwEAAaM5MDcwCQYDVR0TBAIwADAdBgNVHQ4EFgQUBfKiwO2eM4NE
-iRrVG793qEPLYyMwCwYDVR0PBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQCfZFdb
-p4jzkfIzGDbiOxd0R8sdqJoC4nMLEgnQ7dLulawwA3IXe3sHAKgA5kmH3prsKc5H
-zVmM5NlH2P1nRbegIkQTYiIod1hZQCNxdmVG/fprMqPq0ybpUOjjrP5pj0OtszE1
-F2dQia1hOEstMR+n0nAtWII9HJAEyeZjVV0s2Cl7Pt85XJ3hxFcCKwzqsK5xRI7a
-B3vwh3/JJYrFonIohQ//Lg9qTZASEkoKLlq1/hFeICoCGGIGLq45ZB7CzXLooCKi
-s/ZUKye79ELwFYKJOhjW5g725OL3hy+llhEleytwKRwgXFQBPTC4f5UkdxZVVWGH
-e2C9M1m/2odPZo8h
+MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQ8wDQYDVQQDDAZuZXRz
+c2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZFgNj
+b20wHhcNMTYxMjE1MTgwNTIyWhcNMTcxMjE1MTgwNTIyWjBBMQ8wDQYDVQQDDAZu
+ZXRzc2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZ
+FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJ4TbZ9H+qZ08
+pQfJhPJTHaDCyQvCsKTFrL5O9z3tllQ7B/zksMMM+qFBpNYu9HCcg4yBATacE/PB
+qVVyUrpr6lbH/XwoN5ljXm+bdCfmnjZvTCL2FTE6o+bcnaF0IsJyC0Q2B1fbWdXN
+6Off1ZWoUk6We2BIM1bn6QJLxBpGyYhvOPXsYoqSuzDf2SJDDsWFZ8kV5ON13Ohm
+JbBzn0oD8HF8FuYOewwsC0C1q4w7E5GtvHcQ5juweS7+RKsyDcVcVrLuNzoGRttS
+KP4yMn+TzaXijyjRg7gECfJr3TGASaA4bQsILFGG5dAWcwO4OMrZedR7SHj/o0Kf
+3gL7P0axAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
+BBQF8qLA7Z4zg0SJGtUbv3eoQ8tjIzAfBgNVHREEGDAWgRRuZXRzc2hAc29sdXRp
+b3VzLmNvbTAfBgNVHRIEGDAWgRRuZXRzc2hAc29sdXRpb3VzLmNvbTANBgkqhkiG
+9w0BAQUFAAOCAQEATd8If+Ytmhf5lELy24j76ahGv64m518WTCdV2nIViGXB2BnV
+uLQylGRb1rcgUS3Eh9TE28hqrfhotKS6a96qF9kN0mY2H6UwPWswJ+tj3gA1vLW8
+wlZNlYGJ91Ig9zULPSbATyOOprUZyggy5p1260BaaI3LQYDeGJOSqpHCVu+TuMcy
+k00ofiLT1crDSUl2WE/OIFK8AXpmd798AMsef8okHeoo+Dj7zCXn0VSimN+MO1mE
+L4d54WIy4HkZCqQXoTSiK5HZMIdXkPk3F1bZdJ8Dy1sMRru0rUkkM5mW7TQ75mfW
+Zp0QrZyNZhtitrXFbZneGRrIA/8G2Krft5Ly/A==
 -----END CERTIFICATE-----

data/net-ssh.gemspec CHANGED

@@ -35,10 +35,9 @@ Gem::Specification.new do |spec|
   end
   spec.add_development_dependency "bundler", "~> 1.11"
-  spec.add_development_dependency "rake", "~> 11.1"
-  spec.add_development_dependency "minitest", "~> 5.0"
-  spec.add_development_dependency "rubocop", "~> 0.39.0"
-  spec.add_development_dependency "mocha", ">= 1.1.0"
-  spec.add_dependency('jruby-pageant', '>= 1.1.1') if RUBY_ENGINE == 'jruby'
+  spec.add_development_dependency "rake", "~> 12.0"
+  spec.add_development_dependency "minitest", "~> 5.10"
+  spec.add_development_dependency "rubocop", "~> 0.46.0"
+  spec.add_development_dependency "mocha", ">= 1.2.1"
 end

data/support/arcfour_check.rb CHANGED

@@ -14,7 +14,7 @@ require 'net/ssh'
 [['arcfour128', 16], ['arcfour256', 32], ['arcfour512', 64]].each do |cipher|
   print "#{cipher[0]}: "
   a = Net::SSH::Transport::CipherFactory.get_lengths(cipher[0])
-  b = Net::SSH::Transport::CipherFactory.get(cipher[0], :key => ([].fill('x', 0, cipher[1]).join))
+  b = Net::SSH::Transport::CipherFactory.get(cipher[0], key: ([].fill('x', 0, cipher[1]).join))
   puts "#{a} #{b.class}"
 end

data/support/ssh_tunnel_bug.rb CHANGED

@@ -37,7 +37,7 @@ pass = ask("Password: ") { |q| q.echo = "*" }
 puts "Configure your browser proxy to localhost:#{LOCAL_PORT}"
 begin
-  session = Net::SSH.start(host, user, :password => pass)
+  session = Net::SSH.start(host, user, password: pass)
   session.forward.local(LOCAL_PORT, host, PROXY_PORT)
   session.loop{true}
 rescue => e

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 4.0.0.rc1
+  version: 4.0.0.rc2
 platform: ruby
 authors:
 - Jamis Buck
@@ -12,139 +12,140 @@ bindir: exe
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDODCCAiCgAwIBAgIBADANBgkqhkiG9w0BAQUFADBCMRAwDgYDVQQDDAduZXQt
-  c3NoMRkwFwYKCZImiZPyLGQBGRYJc29sdXRpb3VzMRMwEQYKCZImiZPyLGQBGRYD
-  Y29tMB4XDTE1MTIwNjIxMDYyNFoXDTE2MTIwNTIxMDYyNFowQjEQMA4GA1UEAwwH
-  bmV0LXNzaDEZMBcGCgmSJomT8ixkARkWCXNvbHV0aW91czETMBEGCgmSJomT8ixk
-  ARkWA2NvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYnhNtn0f6p
-  nTylB8mE8lMdoMLJC8KwpMWsvk73Pe2WVDsH/OSwwwz6oUGk1i70cJyDjIEBNpwT
-  88GpVXJSumvqVsf9fCg3mWNeb5t0J+aeNm9MIvYVMTqj5tydoXQiwnILRDYHV9tZ
-  1c3o59/VlahSTpZ7YEgzVufpAkvEGkbJiG849exiipK7MN/ZIkMOxYVnyRXk43Xc
-  6GYlsHOfSgPwcXwW5g57DCwLQLWrjDsTka28dxDmO7B5Lv5EqzINxVxWsu43OgZG
-  21Io/jIyf5PNpeKPKNGDuAQJ8mvdMYBJoDhtCwgsUYbl0BZzA7g4ytl51HtIeP+j
-  Qp/eAvs/RrECAwEAAaM5MDcwCQYDVR0TBAIwADAdBgNVHQ4EFgQUBfKiwO2eM4NE
-  iRrVG793qEPLYyMwCwYDVR0PBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQCfZFdb
-  p4jzkfIzGDbiOxd0R8sdqJoC4nMLEgnQ7dLulawwA3IXe3sHAKgA5kmH3prsKc5H
-  zVmM5NlH2P1nRbegIkQTYiIod1hZQCNxdmVG/fprMqPq0ybpUOjjrP5pj0OtszE1
-  F2dQia1hOEstMR+n0nAtWII9HJAEyeZjVV0s2Cl7Pt85XJ3hxFcCKwzqsK5xRI7a
-  B3vwh3/JJYrFonIohQ//Lg9qTZASEkoKLlq1/hFeICoCGGIGLq45ZB7CzXLooCKi
-  s/ZUKye79ELwFYKJOhjW5g725OL3hy+llhEleytwKRwgXFQBPTC4f5UkdxZVVWGH
-  e2C9M1m/2odPZo8h
+  MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQ8wDQYDVQQDDAZuZXRz
+  c2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZFgNj
+  b20wHhcNMTYxMjE1MTgwNTIyWhcNMTcxMjE1MTgwNTIyWjBBMQ8wDQYDVQQDDAZu
+  ZXRzc2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZ
+  FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJ4TbZ9H+qZ08
+  pQfJhPJTHaDCyQvCsKTFrL5O9z3tllQ7B/zksMMM+qFBpNYu9HCcg4yBATacE/PB
+  qVVyUrpr6lbH/XwoN5ljXm+bdCfmnjZvTCL2FTE6o+bcnaF0IsJyC0Q2B1fbWdXN
+  6Off1ZWoUk6We2BIM1bn6QJLxBpGyYhvOPXsYoqSuzDf2SJDDsWFZ8kV5ON13Ohm
+  JbBzn0oD8HF8FuYOewwsC0C1q4w7E5GtvHcQ5juweS7+RKsyDcVcVrLuNzoGRttS
+  KP4yMn+TzaXijyjRg7gECfJr3TGASaA4bQsILFGG5dAWcwO4OMrZedR7SHj/o0Kf
+  3gL7P0axAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
+  BBQF8qLA7Z4zg0SJGtUbv3eoQ8tjIzAfBgNVHREEGDAWgRRuZXRzc2hAc29sdXRp
+  b3VzLmNvbTAfBgNVHRIEGDAWgRRuZXRzc2hAc29sdXRpb3VzLmNvbTANBgkqhkiG
+  9w0BAQUFAAOCAQEATd8If+Ytmhf5lELy24j76ahGv64m518WTCdV2nIViGXB2BnV
+  uLQylGRb1rcgUS3Eh9TE28hqrfhotKS6a96qF9kN0mY2H6UwPWswJ+tj3gA1vLW8
+  wlZNlYGJ91Ig9zULPSbATyOOprUZyggy5p1260BaaI3LQYDeGJOSqpHCVu+TuMcy
+  k00ofiLT1crDSUl2WE/OIFK8AXpmd798AMsef8okHeoo+Dj7zCXn0VSimN+MO1mE
+  L4d54WIy4HkZCqQXoTSiK5HZMIdXkPk3F1bZdJ8Dy1sMRru0rUkkM5mW7TQ75mfW
+  Zp0QrZyNZhtitrXFbZneGRrIA/8G2Krft5Ly/A==
   -----END CERTIFICATE-----
-date: 2016-11-29 00:00:00.000000000 Z
+date: 2016-12-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rbnacl-libsodium
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.0.10
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.0.10
 - !ruby/object:Gem::Dependency
   name: rbnacl
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 3.4.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 3.4.0
 - !ruby/object:Gem::Dependency
   name: bcrypt_pbkdf
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.0.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: 1.0.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.11'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.11'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '11.1'
+        version: '12.0'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.10'
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.39.0
+        version: 0.46.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.39.0
+        version: 0.46.0
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: 1.2.1
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.0
+        version: 1.2.1
 description: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It
   allows you to write programs that invoke and interact with processes on remote servers,
   via SSH2.'
@@ -156,10 +157,10 @@ extra_rdoc_files:
 - LICENSE.txt
 - README.rdoc
 files:
-- .gitignore
-- .rubocop.yml
-- .rubocop_todo.yml
-- .travis.yml
+- ".gitignore"
+- ".rubocop.yml"
+- ".rubocop_todo.yml"
+- ".travis.yml"
 - CHANGES.txt
 - Gemfile
 - Gemfile.norbnacl
@@ -267,19 +268,18 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>'
+  - - ">"
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.8
+rubygems_version: 2.5.1
 signing_key:
 specification_version: 4
 summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'
 test_files: []
-has_rdoc: