net-ssh 5.0.2 → 6.1.0

data/lib/net/ssh/known_hosts.rb

@@ -2,6 +2,7 @@ require 'strscan'
 require 'openssl'
 require 'base64'
 require 'net/ssh/buffer'
+require 'net/ssh/authentication/ed25519_loader'
 
 module Net
   module SSH
@@ -40,26 +41,24 @@ module Net
     # This is used internally by Net::SSH, and will never need to be used directly
     # by consumers of the library.
     class KnownHosts
-      if defined?(OpenSSL::PKey::EC)
-        SUPPORTED_TYPE = %w[ssh-rsa ssh-dss
-                            ecdsa-sha2-nistp256
-                            ecdsa-sha2-nistp384
-                            ecdsa-sha2-nistp521]
-      else
-        SUPPORTED_TYPE = %w[ssh-rsa ssh-dss]
-      end
+      SUPPORTED_TYPE = %w[ssh-rsa ssh-dss
+                          ecdsa-sha2-nistp256
+                          ecdsa-sha2-nistp384
+                          ecdsa-sha2-nistp521]
+
+      SUPPORTED_TYPE.push('ssh-ed25519') if Net::SSH::Authentication::ED25519Loader::LOADED
 
       class <<self
         # Searches all known host files (see KnownHosts.hostfiles) for all keys
         # of the given host. Returns an enumerable of keys found.
         def search_for(host, options={})
-          HostKeys.new(search_in(hostfiles(options), host), host, self, options)
+          HostKeys.new(search_in(hostfiles(options), host, options), host, self, options)
         end
 
         # Search for all known keys for the given host, in every file given in
         # the +files+ array. Returns the list of keys.
-        def search_in(files, host)
-          files.flat_map { |file| KnownHosts.new(file).keys_for(host) }
+        def search_in(files, host, options = {})
+          files.flat_map { |file| KnownHosts.new(file).keys_for(host, options) }
         end
 
         # Looks in the given +options+ hash for the :user_known_hosts_file and
@@ -76,7 +75,9 @@ module Net
 
           files += Array(options[:user_known_hosts_file] || %w[~/.ssh/known_hosts ~/.ssh/known_hosts2]) if which == :all || which == :user
 
-          files += Array(options[:global_known_hosts_file] || %w[/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2]) if which == :all || which == :global
+          if which == :all || which == :global
+            files += Array(options[:global_known_hosts_file] || %w[/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2])
+          end
 
           return files
         end
@@ -119,32 +120,31 @@ module Net
       #   "[net.ssh.test]:5555"
       #   "[1,2,3,4]:5555"
       #   "[net.ssh.test]:5555,[1.2.3.4]:5555
-      def keys_for(host)
+      def keys_for(host, options = {})
         keys = []
         return keys unless File.readable?(source)
 
         entries = host.split(/,/)
+        host_name = entries[0]
+        host_ip = entries[1]
 
         File.open(source) do |file|
-          scanner = StringScanner.new("")
           file.each_line do |line|
-            scanner.string = line
+            hosts, type, key_content = line.split(' ')
+            # Skip empty line or one that is commented
+            next if hosts.nil? || hosts.start_with?('#')
 
-            scanner.skip(/\s*/)
-            next if scanner.match?(/$|#/)
+            hostlist = hosts.split(',')
 
-            hostlist = scanner.scan(/\S+/).split(/,/)
-            found = entries.all? { |entry| hostlist.include?(entry) } ||
-              known_host_hash?(hostlist, entries)
-            next unless found
+            next unless SUPPORTED_TYPE.include?(type)
 
-            scanner.skip(/\s*/)
-            type = scanner.scan(/\S+/)
+            found = hostlist.any? { |pattern| match(host_name, pattern) } || known_host_hash?(hostlist, entries)
+            next unless found
 
-            next unless SUPPORTED_TYPE.include?(type)
+            found = hostlist.include?(host_ip) if options[:check_host_ip] && entries.size > 1 && hostlist.size > 1
+            next unless found
 
-            scanner.skip(/\s*/)
-            blob = scanner.rest.unpack("m*").first
+            blob = key_content.unpack("m*").first
             keys << Net::SSH::Buffer.new(blob).read_key
           end
         end
@@ -152,6 +152,21 @@ module Net
         keys
       end
 
+      def match(host, pattern)
+        if pattern.include?('*') || pattern.include?('?')
+          # see man 8 sshd for pattern details
+          pattern_regexp = pattern.split('*').map do |x|
+            x.split('?').map do |y|
+              Regexp.escape(y)
+            end.join('.')
+          end.join('[^.]*')
+
+          host =~ Regexp.new("\\A#{pattern_regexp}\\z")
+        else
+          host == pattern
+        end
+      end
+
       # Indicates whether one of the entries matches an hostname that has been
       # stored as a HMAC-SHA1 hash in the known hosts.
       def known_host_hash?(hostlist, entries)

data/lib/net/ssh/loggable.rb

@@ -56,8 +56,8 @@ module Net
       # originates. It defaults to the name of class with the object_id
       # appended.
       def facility
-        @facility ||= self.class.name.gsub(/::/, ".").gsub(/([a-z])([A-Z])/, "\\1_\\2").downcase + "[%x]" % object_id
+        @facility ||= self.class.to_s.gsub(/::/, ".").gsub(/([a-z])([A-Z])/, "\\1_\\2").downcase + "[%x]" % object_id
       end
     end
   end
-end
+end

data/lib/net/ssh/proxy/command.rb

@@ -1,7 +1,6 @@
 require 'socket'
 require 'rubygems'
 require 'net/ssh/proxy/errors'
-require 'net/ssh/ruby_compat'
 
 module Net
   module SSH

data/lib/net/ssh/proxy/socks5.rb

@@ -1,5 +1,4 @@
 require 'socket'
-require 'net/ssh/ruby_compat'
 require 'net/ssh/proxy/errors'
 
 module Net

data/lib/net/ssh/service/forward.rb

@@ -85,7 +85,8 @@ module Net
             client = server.accept
             debug { "received connection on #{socket}" }
 
-            channel = session.open_channel("direct-tcpip", :string, remote_host, :long, remote_port, :string, bind_address, local_port_type, local_port) do |achannel|
+            channel = session.open_channel("direct-tcpip", :string, remote_host, :long,
+                                           remote_port, :string, bind_address, local_port_type, local_port) do |achannel|
               achannel.info { "direct channel established" }
             end
 

data/lib/net/ssh/test.rb

@@ -3,7 +3,7 @@ require 'net/ssh/connection/session'
 require 'net/ssh/test/kex'
 require 'net/ssh/test/socket'
 
-module Net 
+module Net
   module SSH
 
     # This module may be used in unit tests, for when you want to test that your
@@ -54,30 +54,30 @@ module Net
         Net::SSH::Test::Extensions::IO.with_test_extension { yield socket.script if block_given? }
         return socket.script
       end
-  
+
       # Returns the test socket instance to use for these tests (see
       # Net::SSH::Test::Socket).
       def socket(options={})
         @socket ||= Net::SSH::Test::Socket.new
       end
-  
+
       # Returns the connection session (Net::SSH::Connection::Session) for use
       # in these tests. It is a fully functional SSH session, operating over
       # a mock socket (#socket).
       def connection(options={})
         @connection ||= Net::SSH::Connection::Session.new(transport(options), options)
       end
-  
+
       # Returns the transport session (Net::SSH::Transport::Session) for use
       # in these tests. It is a fully functional SSH transport session, operating
       # over a mock socket (#socket).
       def transport(options={})
         @transport ||= Net::SSH::Transport::Session.new(
           options[:host] || "localhost",
-          options.merge(kex: "test", host_key: "ssh-rsa", verify_host_key: false, proxy: socket(options))
+          options.merge(kex: "test", host_key: "ssh-rsa", append_all_supported_algorithms: true, verify_host_key: :never, proxy: socket(options))
         )
       end
-  
+
       # First asserts that a story has been described (see #story). Then yields,
       # and then asserts that all items described in the script have been
       # processed. Typically, this is called immediately after a story has
@@ -86,7 +86,8 @@ module Net
       def assert_scripted
         raise "there is no script to be processed" if socket.script.events.empty?
         Net::SSH::Test::Extensions::IO.with_test_extension { yield }
-        assert socket.script.events.empty?, "there should not be any remaining scripted events, but there are still #{socket.script.events.length} pending"
+        assert socket.script.events.empty?, "there should not be any remaining scripted events, but there are still" \
+                                            "#{socket.script.events.length} pending"
       end
     end
 

data/lib/net/ssh/test/extensions.rb

@@ -156,6 +156,8 @@ module Net
               end
     
               raise "no readers were ready for reading, and none had any incoming packets" if processed == 0 && wait != 0
+
+              [[], [], []]
             end
           end
         end

data/lib/net/ssh/transport/algorithms.rb

@@ -5,13 +5,13 @@ require 'net/ssh/transport/cipher_factory'
 require 'net/ssh/transport/constants'
 require 'net/ssh/transport/hmac'
 require 'net/ssh/transport/kex'
+require 'net/ssh/transport/kex/curve25519_sha256_loader'
 require 'net/ssh/transport/server_version'
 require 'net/ssh/authentication/ed25519_loader'
 
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Transport
-
       # Implements the higher-level logic behind an SSH key-exchange. It handles
       # both the initial exchange, as well as subsequent re-exchanges (as needed).
       # It also encapsulates the negotiation of the algorithms, and provides a
@@ -22,92 +22,125 @@ module Net
       class Algorithms
         include Loggable
         include Constants
-    
-        # Define the default algorithms, in order of preference, supported by
-        # Net::SSH.
-        ALGORITHMS = {
-          host_key: %w[ssh-rsa ssh-dss
+
+        # Define the default algorithms, in order of preference, supported by Net::SSH.
+        DEFAULT_ALGORITHMS = {
+          host_key: %w[ecdsa-sha2-nistp521-cert-v01@openssh.com
+                       ecdsa-sha2-nistp384-cert-v01@openssh.com
+                       ecdsa-sha2-nistp256-cert-v01@openssh.com
+                       ecdsa-sha2-nistp521
+                       ecdsa-sha2-nistp384
+                       ecdsa-sha2-nistp256
                        ssh-rsa-cert-v01@openssh.com
-                       ssh-rsa-cert-v00@openssh.com],
-          kex: %w[diffie-hellman-group-exchange-sha1
-                  diffie-hellman-group1-sha1
-                  diffie-hellman-group14-sha1
-                  diffie-hellman-group-exchange-sha256],
-          encryption: %w[aes128-cbc 3des-cbc blowfish-cbc cast128-cbc
-                         aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se
-                         idea-cbc arcfour128 arcfour256 arcfour
-                         aes128-ctr aes192-ctr aes256-ctr
-                         cast128-ctr blowfish-ctr 3des-ctr none],
-    
-          hmac: %w[hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96
+                       ssh-rsa-cert-v00@openssh.com
+                       ssh-rsa],
+
+          kex: %w[ecdh-sha2-nistp521
+                  ecdh-sha2-nistp384
+                  ecdh-sha2-nistp256
+                  diffie-hellman-group-exchange-sha256
+                  diffie-hellman-group14-sha1],
+
+          encryption: %w[aes256-ctr aes192-ctr aes128-ctr],
+
+          hmac: %w[hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com
+                   hmac-sha2-512 hmac-sha2-256
+                   hmac-sha1]
+        }.freeze
+
+        if Net::SSH::Authentication::ED25519Loader::LOADED
+          DEFAULT_ALGORITHMS[:host_key].unshift(
+            'ssh-ed25519-cert-v01@openssh.com',
+            'ssh-ed25519'
+          )
+        end
+
+        if Net::SSH::Transport::Kex::Curve25519Sha256Loader::LOADED
+          DEFAULT_ALGORITHMS[:kex].unshift(
+            'curve25519-sha256',
+            'curve25519-sha256@libssh.org'
+          )
+        end
+
+        # Define all algorithms, with the deprecated, supported by Net::SSH.
+        ALGORITHMS = {
+          host_key: DEFAULT_ALGORITHMS[:host_key] + %w[ssh-dss],
+
+          kex: DEFAULT_ALGORITHMS[:kex] +
+               %w[diffie-hellman-group-exchange-sha1
+                  diffie-hellman-group1-sha1],
+
+          encryption: DEFAULT_ALGORITHMS[:encryption] +
+                      %w[aes256-cbc aes192-cbc aes128-cbc
+                         rijndael-cbc@lysator.liu.se
+                         blowfish-ctr blowfish-cbc
+                         cast128-ctr cast128-cbc
+                         3des-ctr 3des-cbc
+                         idea-cbc
+                         none],
+
+          hmac: DEFAULT_ALGORITHMS[:hmac] +
+                %w[hmac-sha2-512-96 hmac-sha2-256-96
+                   hmac-sha1-96
                    hmac-ripemd160 hmac-ripemd160@openssh.com
-                   hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96
-                   hmac-sha2-512-96 none],
-    
+                   hmac-md5 hmac-md5-96
+                   none],
+
           compression: %w[none zlib@openssh.com zlib],
           language: %w[]
-        }
-        if defined?(OpenSSL::PKey::EC)
-          ALGORITHMS[:host_key] += %w[ecdsa-sha2-nistp256
-                                      ecdsa-sha2-nistp384
-                                      ecdsa-sha2-nistp521]
-          ALGORITHMS[:host_key] += %w[ssh-ed25519] if Net::SSH::Authentication::ED25519Loader::LOADED
-          ALGORITHMS[:kex] += %w[ecdh-sha2-nistp256
-                                 ecdh-sha2-nistp384
-                                 ecdh-sha2-nistp521]
-        end
-    
+        }.freeze
+
         # The underlying transport layer session that supports this object
         attr_reader :session
-    
+
         # The hash of options used to initialize this object
         attr_reader :options
-    
+
         # The kex algorithm to use settled on between the client and server.
         attr_reader :kex
-    
+
         # The type of host key that will be used for this session.
         attr_reader :host_key
-    
+
         # The type of the cipher to use to encrypt packets sent from the client to
         # the server.
         attr_reader :encryption_client
-    
+
         # The type of the cipher to use to decrypt packets arriving from the server.
         attr_reader :encryption_server
-    
+
         # The type of HMAC to use to sign packets sent by the client.
         attr_reader :hmac_client
-    
+
         # The type of HMAC to use to validate packets arriving from the server.
         attr_reader :hmac_server
-    
+
         # The type of compression to use to compress packets being sent by the client.
         attr_reader :compression_client
-    
+
         # The type of compression to use to decompress packets arriving from the server.
         attr_reader :compression_server
-    
+
         # The language that will be used in messages sent by the client.
         attr_reader :language_client
-    
+
         # The language that will be used in messages sent from the server.
         attr_reader :language_server
-    
+
         # The hash of algorithms preferred by the client, which will be told to
         # the server during algorithm negotiation.
         attr_reader :algorithms
-    
+
         # The session-id for this session, as decided during the initial key exchange.
         attr_reader :session_id
-    
+
         # Returns true if the given packet can be processed during a key-exchange.
         def self.allowed_packet?(packet)
           (1..4).include?(packet.type) ||
           (6..19).include?(packet.type) ||
           (21..49).include?(packet.type)
         end
-    
+
         # Instantiates a new Algorithms object, and prepares the hash of preferred
         # algorithms based on the options parameter and the ALGORITHMS constant.
         def initialize(session, options={})
@@ -119,13 +152,14 @@ module Net
           @client_packet = @server_packet = nil
           prepare_preferred_algorithms!
         end
-    
+
         # Start the algorithm negotation
         def start
           raise ArgumentError, "Cannot call start if it's negotiation started or done" if @pending || @initialized
+
           send_kexinit
         end
-    
+
         # Request a rekey operation. This will return immediately, and does not
         # actually perform the rekey operation. It does cause the session to change
         # state, however--until the key exchange finishes, no new packets will be
@@ -135,7 +169,7 @@ module Net
           @initialized = false
           send_kexinit
         end
-    
+
         # Called by the transport layer when a KEXINIT packet is received, indicating
         # that the server wants to exchange keys. This can be spontaneous, or it
         # can be in response to a client-initiated rekey request (see #rekey!). Either
@@ -150,13 +184,13 @@ module Net
             proceed!
           end
         end
-    
+
         # A convenience method for accessing the list of preferred types for a
         # specific algorithm (see #algorithms).
         def [](key)
           algorithms[key]
         end
-    
+
         # Returns +true+ if a key-exchange is pending. This will be true from the
         # moment either the client or server requests the key exchange, until the
         # exchange completes. While an exchange is pending, only a limited number
@@ -180,8 +214,8 @@ module Net
 
         def host_key_format
           case host_key
-          when "ssh-rsa-cert-v01@openssh.com", "ssh-rsa-cert-v00@openssh.com"
-            "ssh-rsa"
+          when /^([a-z0-9-]+)-cert-v\d{2}@openssh.com$/
+            Regexp.last_match[1]
           else
             host_key
           end
@@ -201,7 +235,7 @@ module Net
           session.send_message(packet)
           proceed! if @server_packet
         end
-    
+
         # After both client and server have sent their KEXINIT packets, this
         # will do the algorithm negotiation and key exchange. Once both finish,
         # the object leaves the pending state and the method returns.
@@ -211,7 +245,7 @@ module Net
           exchange_keys
           @pending = false
         end
-    
+
         # Prepares the list of preferred algorithms, based on the options hash
         # that was given when the object was constructed, and the ALGORITHMS
         # constant. Also, when determining the host_key type to use, the known
@@ -220,23 +254,26 @@ module Net
         # communicating with this server.
         def prepare_preferred_algorithms!
           options[:compression] = %w[zlib@openssh.com zlib] if options[:compression] == true
-    
+
           ALGORITHMS.each do |algorithm, supported|
-            algorithms[algorithm] = compose_algorithm_list(supported, options[algorithm], options[:append_all_supported_algorithms])
+            algorithms[algorithm] = compose_algorithm_list(
+              supported, options[algorithm] || DEFAULT_ALGORITHMS[algorithm],
+              options[:append_all_supported_algorithms]
+            )
           end
-    
+
           # for convention, make sure our list has the same keys as the server
           # list
-    
+
           algorithms[:encryption_client ] = algorithms[:encryption_server ] = algorithms[:encryption]
           algorithms[:hmac_client       ] = algorithms[:hmac_server       ] = algorithms[:hmac]
           algorithms[:compression_client] = algorithms[:compression_server] = algorithms[:compression]
           algorithms[:language_client   ] = algorithms[:language_server   ] = algorithms[:language]
-    
+
           if !options.key?(:host_key)
             # make sure the host keys are specified in preference order, where any
             # existing known key for the host has preference.
-    
+
             existing_keys = session.host_keys
             host_keys = existing_keys.map { |key| key.ssh_type }.uniq
             algorithms[:host_key].each do |name|
@@ -245,45 +282,59 @@ module Net
             algorithms[:host_key] = host_keys
           end
         end
-    
+
         # Composes the list of algorithms by taking supported algorithms and matching with supplied options.
         def compose_algorithm_list(supported, option, append_all_supported_algorithms = false)
           return supported.dup unless option
-    
+
           list = []
           option = Array(option).compact.uniq
-    
-          if option.first && option.first.start_with?('+')
+
+          if option.first && option.first.start_with?('+', '-')
             list = supported.dup
-            list << option.first[1..-1]
-            list.concat(option[1..-1])
+
+            appends = option.select { |opt| opt.start_with?('+') }.map { |opt| opt[1..-1] }
+            deletions = option.select { |opt| opt.start_with?('-') }.map { |opt| opt[1..-1] }
+
+            list.concat(appends)
+
+            deletions.each do |opt|
+              if opt.include?('*')
+                opt_escaped = Regexp.escape(opt)
+                algo_re = /\A#{opt_escaped.gsub('\*', '[A-Za-z\d\-@\.]*')}\z/
+                list.delete_if { |existing_opt| algo_re.match(existing_opt) }
+              else
+                list.delete(opt)
+              end
+            end
+
             list.uniq!
           else
             list = option
-    
+
             if append_all_supported_algorithms
               supported.each { |name| list << name unless list.include?(name) }
             end
           end
-    
+
           unsupported = []
           list.select! do |name|
             is_supported = supported.include?(name)
             unsupported << name unless is_supported
             is_supported
           end
-    
+
           lwarn { %(unsupported algorithm: `#{unsupported}') } unless unsupported.empty?
-    
+
           list
         end
-    
+
         # Parses a KEXINIT packet from the server.
         def parse_server_algorithm_packet(packet)
           data = { raw: packet.content }
-    
+
           packet.read(16) # skip the cookie value
-    
+
           data[:kex]                = packet.read_string.split(/,/)
           data[:host_key]           = packet.read_string.split(/,/)
           data[:encryption_client]  = packet.read_string.split(/,/)
@@ -294,15 +345,15 @@ module Net
           data[:compression_server] = packet.read_string.split(/,/)
           data[:language_client]    = packet.read_string.split(/,/)
           data[:language_server]    = packet.read_string.split(/,/)
-    
+
           # TODO: if first_kex_packet_follows, we need to try to skip the
           # actual kexinit stuff and try to guess what the server is doing...
           # need to read more about this scenario.
           # first_kex_packet_follows = packet.read_bool
-    
+
           return data
         end
-    
+
         # Given the #algorithms map of preferred algorithm types, this constructs
         # a KEXINIT packet to send to the server. It does not actually send it,
         # it simply builds the packet and returns it.
@@ -313,14 +364,14 @@ module Net
           hmac        = algorithms[:hmac].join(",")
           compression = algorithms[:compression].join(",")
           language    = algorithms[:language].join(",")
-    
+
           Net::SSH::Buffer.from(:byte, KEXINIT,
             :long, [rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF), rand(0xFFFFFFFF)],
             :mstring, [kex, host_key, encryption, encryption, hmac, hmac],
             :mstring, [compression, compression, language, language],
             :bool, false, :long, 0)
         end
-    
+
         # Given the parsed server KEX packet, and the client's preferred algorithm
         # lists in #algorithms, determine which preferred algorithms each has
         # in common and set those as the selected algorithms. If, for any algorithm,
@@ -336,48 +387,53 @@ module Net
           @compression_server = negotiate(:compression_server)
           @language_client    = negotiate(:language_client) rescue ""
           @language_server    = negotiate(:language_server) rescue ""
-    
+
           debug do
             "negotiated:\n" +
-              %i[kex host_key encryption_server encryption_client hmac_client hmac_server compression_client compression_server language_client language_server].map do |key|
+              %i[kex host_key encryption_server encryption_client hmac_client hmac_server
+                 compression_client compression_server language_client language_server].map do |key|
                 "* #{key}: #{instance_variable_get("@#{key}")}"
               end.join("\n")
           end
         end
-    
+
         # Negotiates a single algorithm based on the preferences reported by the
         # server and those set by the client. This is called by
         # #negotiate_algorithms.
         def negotiate(algorithm)
           match = self[algorithm].find { |item| @server_data[algorithm].include?(item) }
-    
-          raise Net::SSH::Exception, "could not settle on #{algorithm} algorithm" if match.nil?
-    
+
+          if match.nil?
+            raise Net::SSH::Exception, "could not settle on #{algorithm} algorithm\n"\
+              "Server #{algorithm} preferences: #{@server_data[algorithm].join(',')}\n"\
+              "Client #{algorithm} preferences: #{self[algorithm].join(',')}"
+          end
+
           return match
         end
-    
+
         # Considers the sizes of the keys and block-sizes for the selected ciphers,
         # and the lengths of the hmacs, and returns the largest as the byte requirement
         # for the key-exchange algorithm.
         def kex_byte_requirement
           sizes = [8] # require at least 8 bytes
-    
+
           sizes.concat(CipherFactory.get_lengths(encryption_client))
           sizes.concat(CipherFactory.get_lengths(encryption_server))
-    
+
           sizes << HMAC.key_length(hmac_client)
           sizes << HMAC.key_length(hmac_server)
-    
+
           sizes.max
         end
-    
+
         # Instantiates one of the Transport::Kex classes (based on the negotiated
         # kex algorithm), and uses it to exchange keys. Then, the ciphers and
         # HMACs are initialized and fed to the transport layer, to be used in
         # further communication with the server.
         def exchange_keys
           debug { "exchanging keys" }
-    
+
           algorithm = Kex::MAP[kex].new(self, session,
             client_version_string: Net::SSH::Transport::ServerVersion::PROTO_VERSION,
             server_version_string: session.server_version.version,
@@ -387,46 +443,46 @@ module Net
             minimum_dh_bits: options[:minimum_dh_bits],
             logger: logger)
           result = algorithm.exchange_keys
-    
+
           secret   = result[:shared_secret].to_ssh
           hash     = result[:session_id]
           digester = result[:hashing_algorithm]
-    
+
           @session_id ||= hash
-    
+
           key = Proc.new { |salt| digester.digest(secret + hash + salt + @session_id) }
-    
+
           iv_client = key["A"]
           iv_server = key["B"]
           key_client = key["C"]
           key_server = key["D"]
           mac_key_client = key["E"]
           mac_key_server = key["F"]
-    
+
           parameters = { shared: secret, hash: hash, digester: digester }
-    
+
           cipher_client = CipherFactory.get(encryption_client, parameters.merge(iv: iv_client, key: key_client, encrypt: true))
           cipher_server = CipherFactory.get(encryption_server, parameters.merge(iv: iv_server, key: key_server, decrypt: true))
-    
+
           mac_client = HMAC.get(hmac_client, mac_key_client, parameters)
           mac_server = HMAC.get(hmac_server, mac_key_server, parameters)
-    
+
           session.configure_client cipher: cipher_client, hmac: mac_client,
                                    compression: normalize_compression_name(compression_client),
                                    compression_level: options[:compression_level],
                                    rekey_limit: options[:rekey_limit],
                                    max_packets: options[:rekey_packet_limit],
                                    max_blocks: options[:rekey_blocks_limit]
-    
+
           session.configure_server cipher: cipher_server, hmac: mac_server,
                                    compression: normalize_compression_name(compression_server),
                                    rekey_limit: options[:rekey_limit],
                                    max_packets: options[:rekey_packet_limit],
                                    max_blocks: options[:rekey_blocks_limit]
-    
+
           @initialized = true
         end
-    
+
         # Given the SSH name for some compression algorithm, return a normalized
         # name as a symbol.
         def normalize_compression_name(name)