net-ssh 4.1.0 → 4.2.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 315114c6a9537f7c43b92bb2aeb974a3a7e4a82e
-  data.tar.gz: 0fe85c2a8f79d6dd869cfd71dd3b33f3b181a4a6
+  metadata.gz: 92ff27262ab7555ea9e90bda3a63d89401b9ad2a
+  data.tar.gz: 24e94ee3884a2d16986772988ace9296301fba12
 SHA512:
-  metadata.gz: 8d5c7cb19f06e99fdb1d58a7aa9d4412a0e400cda6d474c7ddd6ad5d005669fbbac593eac41f68a39b55c5a02ae1f9cd04233c5fa9f966d589ad256954066291
-  data.tar.gz: 2d902438534348c94d7c35913d654db76a04c71c3f4644265ee90a9c3f56e28af9a89e3d34843c261f9fc0d398a728274d2665097cab7c7157cbe9fec6a5ec69
+  metadata.gz: 1735c8964072ea8abffcd8e064e4c60872078376622f6f5947b88a387c158fbf13f2d85f5a80e2591f28390d9c6a3f86cd144f6b75a649e7f2a604c984d8f020
+  data.tar.gz: 872937fed88b544b59c9fc95b3b355409a26cc617770038626147543d0cd913c1f17f9b1cfcd3310418f35bde31b4eb6f18433805585a0a905494d22e2850461

data/.rubocop_todo.yml

@@ -639,7 +639,7 @@ Style/LineEndConcatenation:
 
 # Offense count: 12
 # Cop supports --auto-correct.
-Style/MethodCallParentheses:
+Style/MethodCallWithoutArgsParentheses:
   Exclude:
     - 'test/authentication/test_key_manager.rb'
     - 'test/connection/test_session.rb'

data/CHANGES.txt

@@ -1,3 +1,13 @@
+=== 4.2.0.rc1
+
+ * Close transport on proxy error [adamruzicka, #526]
+ * Support multiple identity files [Kimura Masayuki, #528]
+ * Move `none` cipher to end of cipher list [Brian Cain, #525]
+ * Deprecate `:paranoid` in favor of `:verify_host_key` [Jared Beck, #524]
+ * Support Multile Include ssh config files [Kasumi Hanazuki, #516]
+ * Support Relative path in ssh confif files [Akinori MUSHA, #510]
+ * add direct-streamlocal@openssh.com support in Forward class [Harald Sitter, #502]
+
 === 4.1.0
 === 4.1.0.rc1
 

data/Gemfile

@@ -3,7 +3,7 @@ source 'https://rubygems.org'
 # Specify your gem's dependencies in mygem.gemspec
 gemspec
 
-if !Gem.win_platform? && RUBY_ENGINE == "mri"
+if !Gem.win_platform? && RUBY_ENGINE == "ruby"
   gem 'byebug', group: [:development, :test]
 end
 

data/appveyor.yml

@@ -9,6 +9,10 @@ environment:
     - ruby_version: "23-x64"
     - ruby_version: "22-x64"
 
+matrix:
+  allow_failures:
+    - ruby_version: "jruby-9.1.2.0"
+
 #init:
 #  - ps: iex ((new-object net.webclient).DownloadString('https://raw.githubusercontent.com/appveyor/ci/master/scripts/enable-rdp.ps1'))
 

data/lib/net/ssh.rb

@@ -71,8 +71,8 @@ module Net
       :known_hosts, :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
       :host_name, :user, :properties, :passphrase, :keys_only, :max_pkt_size,
       :max_win_size, :send_env, :use_agent, :number_of_password_prompts,
-      :append_supported_algorithms, :non_interactive, :password_prompt, :agent_socket_factory,
-      :minimum_dh_bits
+      :append_all_supported_algorithms, :non_interactive, :password_prompt,
+      :agent_socket_factory, :minimum_dh_bits, :verify_host_key
     ]
 
     # The standard means of starting a new SSH connection. When used with a
@@ -157,12 +157,7 @@ module Net
     #   authentication failure vs password prompt. Non-interactive applications
     #   should set it to true to prefer failing a password/etc auth methods vs.
     #   asking for password.
-    # * :paranoid => either false, true, :very, or :secure specifying how
-    #   strict host-key verification should be (in increasing order here).
-    #   You can also provide an own Object which responds to +verify+. The argument
-    #   given to +verify+ is a hash consisting of the +:key+, the +:key_blob+,
-    #   the +:fingerprint+ and the +:session+. Returning true accepts the host key,
-    #   returning false declines it and closes the connection.
+    # * :paranoid => deprecated alias for :verify_host_key
     # * :passphrase => the passphrase to use when loading a private key (default
     #   is +nil+, for no passphrase)
     # * :password => the password to use to login
@@ -199,6 +194,13 @@ module Net
     # * :agent_socket_factory => enables the user to pass a lambda/block that will serve as the socket factory
     #    Net::SSH::start(user,host,agent_socket_factory: ->{ UNIXSocket.open('/foo/bar') })
     #    example: ->{ UNIXSocket.open('/foo/bar')}
+    # * :verify_host_key => either false, true, :very, or :secure specifying how
+    #   strict host-key verification should be (in increasing order here).
+    #   You can also provide an own Object which responds to +verify+. The argument
+    #   given to +verify+ is a hash consisting of the +:key+, the +:key_blob+,
+    #   the +:fingerprint+ and the +:session+. Returning true accepts the host key,
+    #   returning false declines it and closes the connection.
+    #
     # If +user+ parameter is nil it defaults to USER from ssh_config, or
     # local username
     def self.start(host, user=nil, options={}, &block)
@@ -218,6 +220,8 @@ module Net
         options[:number_of_password_prompts] = 0
       end
 
+      _support_deprecated_option_paranoid(options)
+
       if options[:verbose]
         options[:logger].level = case options[:verbose]
           when Integer then options[:verbose]
@@ -249,6 +253,9 @@ module Net
         transport.close
         raise AuthenticationFailed, "Authentication failed for user #{user}@#{host}"
       end
+    rescue => e
+      transport.close unless transport.nil?
+      raise e
     end
 
     # Returns a hash of the configuration options for the given host, as read
@@ -291,5 +298,23 @@ module Net
       end
     end
     private_class_method :_sanitize_options
+
+    def self._support_deprecated_option_paranoid(options)
+      if options.key?(:paranoid)
+        Kernel.warn(
+          ":paranoid is deprecated, please use :verify_host_key. Supported " \
+          "values are exactly the same, only the name of the option has changed."
+        )
+        if options.key?(:verify_host_key)
+          Kernel.warn(
+            "Both :paranoid and :verify_host_key were specified. " \
+            ":verify_host_key takes precedence, :paranoid will be ignored."
+          )
+        else
+          options[:verify_host_key] = options.delete(:paranoid)
+        end
+      end
+    end
+    private_class_method :_support_deprecated_option_paranoid
   end
 end

data/lib/net/ssh/authentication/agent.rb

@@ -52,6 +52,9 @@ module Net; module SSH; module Authentication
     SSH_AGENT_CONSTRAIN_LIFETIME = 1
     SSH_AGENT_CONSTRAIN_CONFIRM  = 2
 
+    SSH_AGENT_RSA_SHA2_256 = 0x02
+    SSH_AGENT_RSA_SHA2_512 = 0x04
+
     # The underlying socket being used to communicate with the SSH agent.
     attr_reader :socket
 
@@ -138,8 +141,8 @@ module Net; module SSH; module Authentication
 
     # Using the agent and the given public key, sign the given data. The
     # signature is returned in SSH2 format.
-    def sign(key, data)
-      type, reply = send_and_wait(SSH2_AGENT_SIGN_REQUEST, :string, Buffer.from(:key, key), :string, data, :long, 0)
+    def sign(key, data, flags = 0)
+      type, reply = send_and_wait(SSH2_AGENT_SIGN_REQUEST, :string, Buffer.from(:key, key), :string, data, :long, flags)
 
       raise AgentError, "agent could not sign data with requested identity" if agent_failed(type)
       raise AgentError, "bad authentication response #{type}" if type != SSH2_AGENT_SIGN_RESPONSE

data/lib/net/ssh/config.rb

@@ -72,9 +72,9 @@ module Net; module SSH
       # ones. Returns a hash containing the OpenSSH options. (See
       # #translate for how to convert the OpenSSH options into Net::SSH
       # options.)
-      def load(path, host, settings={})
+      def load(path, host, settings={}, base_dir = nil)
         file = File.expand_path(path)
-        base_dir = File.dirname(file)
+        base_dir ||= File.dirname(file)
         return settings unless File.readable?(file)
 
         globals = {}
@@ -125,7 +125,7 @@ module Net; module SSH
               (globals[key] ||= []) << value
             when 'include'
               included_file_paths(base_dir, value).each do |file_path|
-                globals = load(file_path, host, globals)
+                globals = load(file_path, host, globals, base_dir)
               end
             else
               globals[key] = value unless settings.key?(key)
@@ -136,7 +136,7 @@ module Net; module SSH
               (settings[key] ||= []) << value
             when 'include'
               included_file_paths(base_dir, value).each do |file_path|
-                settings = load(file_path, host, settings)
+                settings = load(file_path, host, settings, base_dir)
               end
             else
               settings[key] = value unless settings.key?(key)
@@ -144,7 +144,16 @@ module Net; module SSH
           end
         end
 
-        settings = globals.merge(settings) if globals
+        if globals
+          settings = globals.merge(settings) do |key, oldval, newval|
+            case key
+            when 'identityfile'
+              oldval + newval
+            else
+              newval
+            end
+          end
+        end
 
         return settings
       end
@@ -303,12 +312,17 @@ module Net; module SSH
           hash
         end
 
-        def included_file_paths(base_dir, config_path)
-          paths = Dir.glob(File.expand_path(config_path)).select { |f| File.file?(f) }
-          paths += Dir.glob(File.join(base_dir, config_path)).select { |f| File.file?(f) }
-          paths.uniq
+        def included_file_paths(base_dir, config_paths)
+          tokenize_config_value(config_paths).flat_map do |path|
+            Dir.glob(File.expand_path(path, base_dir)).select { |f| File.file?(f) }
+          end
         end
 
+        # Tokenize string into tokens.
+        # A token is a word or a quoted sequence of words, separated by whitespaces.
+        def tokenize_config_value(str)
+          str.scan(/([^"\s]+)?(?:"([^"]+)")?\s*/).map(&:join)
+        end
     end
   end
 

data/lib/net/ssh/connection/session.rb

@@ -176,6 +176,15 @@ module Net; module SSH; module Connection
     def loop(wait=nil, &block)
       running = block || Proc.new { busy? }
       loop_forever { break unless process(wait, &running) }
+      begin
+        process(0)
+      rescue IOError => e
+        if e.message =~ /closed/
+          debug { "stream was closed after loop => shallowing exception so it will be re-raised in next loop" }
+        else
+          raise
+        end
+      end
     end
 
     # The core of the event loop. It processes a single iteration of the event

data/lib/net/ssh/proxy/command.rb

@@ -57,7 +57,8 @@ module Net; module SSH; module Proxy
       begin
         io = IO.popen(command_line, "r+")
         if result = Net::SSH::Compat.io_select([io], nil, [io], 60)
-          if result.last.any?
+          if result.last.any? || io.eof?
+            io.close
             raise "command failed"
           end
         else

data/lib/net/ssh/service/forward.rb

@@ -28,6 +28,7 @@ module Net; module SSH; module Service
       @remote_forwarded_ports = {}
       @local_forwarded_ports = {}
       @agent_forwarded = false
+      @local_forwarded_sockets = {}
 
       session.on_open_channel('forwarded-tcpip', &method(:forwarded_tcpip))
       session.on_open_channel('auth-agent', &method(:auth_agent_channel))
@@ -99,9 +100,7 @@ module Net; module SSH; module Service
       local_port
     end
 
-    # Terminates an active local forwarded port. If no such forwarded port
-    # exists, this will raise an exception. Otherwise, the forwarded connection
-    # is terminated.
+    # Terminates an active local forwarded port.
     #
     #   ssh.forward.cancel_local(1234)
     #   ssh.forward.cancel_local(1234, "0.0.0.0")
@@ -120,6 +119,57 @@ module Net; module SSH; module Service
       @local_forwarded_ports.keys
     end
 
+    # Starts listening for connections on the local host, and forwards them
+    # to the specified remote socket via the SSH connection. This will
+    # (re)create the local socket file. The remote server needs to have the
+    # socket file already available.
+    #
+    #   ssh.forward.local_socket('/tmp/local.sock', '/tmp/remote.sock')
+    def local_socket(local_socket_path, remote_socket_path)
+      File.delete(local_socket_path) if File.exist?(local_socket_path)
+      socket = Socket.unix_server_socket(local_socket_path)
+
+      @local_forwarded_sockets[local_socket_path] = socket
+
+      session.listen_to(socket) do |server|
+        client = server.accept[0]
+        debug { "received connection on #{socket}" }
+
+        channel = session.open_channel("direct-streamlocal@openssh.com",
+                                       :string, remote_socket_path,
+                                       :string, nil,
+                                       :long, 0) do |achannel|
+          achannel.info { "direct channel established" }
+        end
+
+        prepare_client(client, channel, :local)
+
+        channel.on_open_failed do |ch, code, description|
+          channel.error { "could not establish direct channel: #{description} (#{code})" }
+          session.stop_listening_to(channel[:socket])
+          channel[:socket].close
+        end
+      end
+
+      local_socket_path
+    end
+
+    # Terminates an active local forwarded socket.
+    #
+    #   ssh.forward.cancel_local_socket('/tmp/foo.sock')
+    def cancel_local_socket(local_socket_path)
+      socket = @local_forwarded_sockets.delete(local_socket_path)
+      socket.shutdown rescue nil
+      socket.close rescue nil
+      session.stop_listening_to(socket)
+    end
+
+    # Returns a list of all active locally forwarded sockets. The returned value
+    # is an array of Unix domain socket file paths.
+    def active_local_sockets
+      @local_forwarded_sockets.keys
+    end
+
     # Requests that all connections on the given remote-port be forwarded via
     # the local host to the given port/host. The last argument describes the
     # bind address on the remote host, and defaults to 127.0.0.1.

data/lib/net/ssh/test.rb

@@ -71,7 +71,10 @@ module Net; module SSH
     # in these tests. It is a fully functional SSH transport session, operating
     # over a mock socket (#socket).
     def transport(options={})
-      @transport ||= Net::SSH::Transport::Session.new(options[:host] || "localhost", options.merge(kex: "test", host_key: "ssh-rsa", paranoid: false, proxy: socket(options)))
+      @transport ||= Net::SSH::Transport::Session.new(
+        options[:host] || "localhost",
+        options.merge(kex: "test", host_key: "ssh-rsa", verify_host_key: false, proxy: socket(options))
+      )
     end
 
     # First asserts that a story has been described (see #story). Then yields,
@@ -86,4 +89,4 @@ module Net; module SSH
     end
   end
 
-end; end
+end; end

data/lib/net/ssh/test/extensions.rb

@@ -155,7 +155,7 @@ module Net; module SSH; module Test
             processed += 1 if reader.idle!
           end
 
-          raise "no readers were ready for reading, and none had any incoming packets" if processed == 0
+          raise "no readers were ready for reading, and none had any incoming packets" if processed == 0 && wait != 0
         end
       end
     end

data/lib/net/ssh/transport/algorithms.rb

@@ -32,9 +32,9 @@ module Net; module SSH; module Transport
               diffie-hellman-group-exchange-sha256),
       encryption: %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
                      aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
-                     idea-cbc none arcfour128 arcfour256 arcfour
+                     idea-cbc arcfour128 arcfour256 arcfour
                      aes128-ctr aes192-ctr aes256-ctr
-                     cast128-ctr blowfish-ctr 3des-ctr),
+                     cast128-ctr blowfish-ctr 3des-ctr none),
 
       hmac: %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96
                hmac-ripemd160 hmac-ripemd160@openssh.com

data/lib/net/ssh/transport/session.rb

@@ -61,12 +61,12 @@ module Net; module SSH; module Transport
       @bind_address = options[:bind_address] || nil
       @options = options
 
-      debug { "establishing connection to #{@host}:#{@port}" }
-
       @socket =
         if (factory = options[:proxy])
+          debug { "establishing connection to #{@host}:#{@port} through proxy" }
           factory.open(@host, @port, options)
         else
+          debug { "establishing connection to #{@host}:#{@port}" }
           Socket.tcp(@host, @port, @bind_address, nil,
                      connect_timeout: options[:timeout])
         end
@@ -78,7 +78,7 @@ module Net; module SSH; module Transport
 
       @queue = []
 
-      @host_key_verifier = select_host_key_verifier(options[:paranoid])
+      @host_key_verifier = select_host_key_verifier(options[:verify_host_key])
 
 
       @server_version = ServerVersion.new(socket, logger, options[:timeout])
@@ -281,8 +281,8 @@ module Net; module SSH; module Transport
       # strict Secure verifier is returned. If the argument happens to respond
       # to :verify, it is returned directly. Otherwise, an exception
       # is raised.
-      def select_host_key_verifier(paranoid)
-        case paranoid
+      def select_host_key_verifier(verify_host_key)
+        case verify_host_key
         when true, nil then
           Net::SSH::Verifiers::Lenient.new
         when false then
@@ -292,10 +292,14 @@ module Net; module SSH; module Transport
         when :secure then
           Net::SSH::Verifiers::Secure.new
         else
-          if paranoid.respond_to?(:verify)
-            paranoid
+          if verify_host_key.respond_to?(:verify)
+            verify_host_key
           else
-            raise ArgumentError, "argument to :paranoid is not valid: #{paranoid.inspect}"
+            raise(
+              ArgumentError,
+              "Invalid argument to :verify_host_key (or deprecated " \
+              ":paranoid): #{verify_host_key.inspect}"
+            )
           end
         end
       end

data/lib/net/ssh/version.rb

@@ -48,14 +48,14 @@ module Net; module SSH
     MAJOR = 4
 
     # The minor component of this version of the Net::SSH library
-    MINOR = 1
+    MINOR = 2
 
     # The tiny component of this version of the Net::SSH library
     TINY  = 0
 
     # The prerelease component of this version of the Net::SSH library
     # nil allowed
-    PRE   = nil
+    PRE   = "rc1"
 
     # The current version of the Net::SSH library as a Version instance
     CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)

data/net-ssh.gemspec

@@ -38,6 +38,6 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "rake", "~> 12.0"
   spec.add_development_dependency "minitest", "~> 5.10"
-  spec.add_development_dependency "rubocop", "~> 0.46.0"
+  spec.add_development_dependency "rubocop", "~> 0.47.0"
   spec.add_development_dependency "mocha", ">= 1.2.1"
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 4.2.0.rc1
 platform: ruby
 authors:
 - Jamis Buck
 - Delano Mandelbaum
 - Miklós Fazekas
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain:
 - |
@@ -32,23 +32,24 @@ cert_chain:
   L4d54WIy4HkZCqQXoTSiK5HZMIdXkPk3F1bZdJ8Dy1sMRru0rUkkM5mW7TQ75mfW
   Zp0QrZyNZhtitrXFbZneGRrIA/8G2Krft5Ly/A==
   -----END CERTIFICATE-----
-date: 2017-02-18 00:00:00.000000000 Z
+date: 2017-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
+  name: rbnacl-libsodium
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.0.11
-  name: rbnacl-libsodium
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.0.11
 - !ruby/object:Gem::Dependency
+  name: rbnacl
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -57,9 +58,8 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
-  name: rbnacl
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -69,70 +69,84 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '5.0'
 - !ruby/object:Gem::Dependency
+  name: bcrypt_pbkdf
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.11'
-  name: bundler
+        version: '1.0'
+  type: :development
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.11'
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.11'
 - !ruby/object:Gem::Dependency
+  name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '12.0'
-  name: rake
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '12.0'
 - !ruby/object:Gem::Dependency
+  name: minitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.10'
-  name: minitest
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.10'
 - !ruby/object:Gem::Dependency
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.46.0
-  name: rubocop
-  prerelease: false
+        version: 0.47.0
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.46.0
+        version: 0.47.0
 - !ruby/object:Gem::Dependency
+  name: mocha
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.2.1
-  name: mocha
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -256,7 +270,7 @@ homepage: https://github.com/net-ssh/net-ssh
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -267,13 +281,13 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '2.0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.8
-signing_key:
+rubyforge_project: 
+rubygems_version: 2.6.10
+signing_key: 
 specification_version: 4
 summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'
 test_files: []