RubyGems - net-ssh - Versions diffs - 5.2.0 → 6.0.0.beta1 - Mend

net-ssh 5.2.0 → 6.0.0.beta1

Files changed (57) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.gitignore +1 -0
data/.rubocop.yml +7 -4
data/.rubocop_todo.yml +389 -379
data/.travis.yml +13 -14
data/CHANGES.txt +7 -0
data/README.md +286 -0
data/Rakefile +1 -2
data/appveyor.yml +4 -2
data/lib/net/ssh/authentication/key_manager.rb +7 -3
data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +3 -1
data/lib/net/ssh/authentication/pub_key_fingerprint.rb +0 -1
data/lib/net/ssh/authentication/session.rb +2 -6
data/lib/net/ssh/buffer.rb +1 -9
data/lib/net/ssh/config.rb +25 -10
data/lib/net/ssh/connection/channel.rb +7 -3
data/lib/net/ssh/connection/session.rb +7 -3
data/lib/net/ssh/key_factory.rb +6 -8
data/lib/net/ssh/known_hosts.rb +26 -29
data/lib/net/ssh/service/forward.rb +2 -1
data/lib/net/ssh/test.rb +3 -2
data/lib/net/ssh/transport/algorithms.rb +67 -42
data/lib/net/ssh/transport/cipher_factory.rb +11 -27
data/lib/net/ssh/transport/constants.rb +10 -6
data/lib/net/ssh/transport/ctr.rb +1 -7
data/lib/net/ssh/transport/hmac.rb +15 -13
data/lib/net/ssh/transport/hmac/abstract.rb +16 -0
data/lib/net/ssh/transport/hmac/sha2_256.rb +7 -11
data/lib/net/ssh/transport/hmac/sha2_256_96.rb +4 -8
data/lib/net/ssh/transport/hmac/sha2_256_etm.rb +12 -0
data/lib/net/ssh/transport/hmac/sha2_512.rb +6 -9
data/lib/net/ssh/transport/hmac/sha2_512_96.rb +4 -8
data/lib/net/ssh/transport/hmac/sha2_512_etm.rb +12 -0
data/lib/net/ssh/transport/kex.rb +13 -11
data/lib/net/ssh/transport/kex/abstract.rb +123 -0
data/lib/net/ssh/transport/kex/abstract5656.rb +72 -0
data/lib/net/ssh/transport/kex/curve25519_sha256.rb +38 -0
data/lib/net/ssh/transport/kex/curve25519_sha256_loader.rb +30 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +1 -15
data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +9 -118
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +0 -6
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +5 -9
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +18 -79
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +5 -4
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +5 -4
data/lib/net/ssh/transport/openssl.rb +104 -107
data/lib/net/ssh/transport/packet_stream.rb +44 -10
data/lib/net/ssh/transport/state.rb +1 -1
data/lib/net/ssh/version.rb +3 -3
data/net-ssh.gemspec +8 -6
metadata +35 -16
metadata.gz.sig +0 -0
data/Gemfile.noed25519.lock +0 -41
data/README.rdoc +0 -194
data/support/arcfour_check.rb +0 -20

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb CHANGED

@@ -1,8 +1,9 @@
-module Net
-  module SSH
-    module Transport
-      module Kex
+require 'net/ssh/transport/kex/ecdh_sha2_nistp256'
+module Net
+  module SSH
+    module Transport
+      module Kex
         # A key-exchange service implementing the "ecdh-sha2-nistp256"
         # key-exchange algorithm. (defined in RFC 5656)
         class EcdhSHA2NistP384 < EcdhSHA2NistP256

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb CHANGED

@@ -1,8 +1,9 @@
-module Net
-  module SSH
-    module Transport
-      module Kex
+require 'net/ssh/transport/kex/ecdh_sha2_nistp256'
+module Net
+  module SSH
+    module Transport
+      module Kex
         # A key-exchange service implementing the "ecdh-sha2-nistp521"
         # key-exchange algorithm. (defined in RFC 5656)
         class EcdhSHA2NistP521 < EcdhSHA2NistP256

data/lib/net/ssh/transport/openssl.rb CHANGED

@@ -98,9 +98,9 @@ module OpenSSL
         sig_r = sig[0,20].unpack("H*")[0].to_i(16)
         sig_s = sig[20,20].unpack("H*")[0].to_i(16)
         a1sig = OpenSSL::ASN1::Sequence([
-           OpenSSL::ASN1::Integer(sig_r),
-           OpenSSL::ASN1::Integer(sig_s)
-        ])
+                                          OpenSSL::ASN1::Integer(sig_r),
+                                          OpenSSL::ASN1::Integer(sig_s)
+                                        ])
         return verify(OpenSSL::Digest::SHA1.new, a1sig.to_der, data)
       end
@@ -121,132 +121,129 @@ module OpenSSL
       end
     end
-    if defined?(OpenSSL::PKey::EC)
-      # This class is originally defined in the OpenSSL module. As needed, methods
-      # have been added to it by the Net::SSH module for convenience in dealing
-      # with SSH functionality.
-      class EC
-        CurveNameAlias = {
-          "nistp256" => "prime256v1",
-          "nistp384" => "secp384r1",
-          "nistp521" => "secp521r1"
-        }
-        CurveNameAliasInv = {
-          "prime256v1" => "nistp256",
-          "secp384r1" => "nistp384",
-          "secp521r1" => "nistp521"
-        }
-        def self.read_keyblob(curve_name_in_type, buffer)
-          curve_name_in_key = buffer.read_string
-          raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')" unless curve_name_in_type == curve_name_in_key
-          public_key_oct = buffer.read_string
-          begin
-            key = OpenSSL::PKey::EC.new(OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key])
-            group = key.group
-            point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
-            key.public_key = point
-            return key
-          rescue OpenSSL::PKey::ECError
-            raise NotImplementedError, "unsupported key type `#{type}'"
-          end
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class EC
+      CurveNameAlias = {
+        'nistp256' => 'prime256v1',
+        'nistp384' => 'secp384r1',
+        'nistp521' => 'secp521r1'
+      }.freeze
+      CurveNameAliasInv = {
+        'prime256v1' => 'nistp256',
+        'secp384r1' => 'nistp384',
+        'secp521r1' => 'nistp521'
+      }.freeze
+      def self.read_keyblob(curve_name_in_type, buffer)
+        curve_name_in_key = buffer.read_string
+        unless curve_name_in_type == curve_name_in_key
+          raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')"
         end
-        # Returns the description of this key type used by the
-        # SSH2 protocol, like "ecdsa-sha2-nistp256"
-        def ssh_type
-          "ecdsa-sha2-#{CurveNameAliasInv[self.group.curve_name]}"
-        end
+        public_key_oct = buffer.read_string
+        begin
+          key = OpenSSL::PKey::EC.new(OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key])
+          group = key.group
+          point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
+          key.public_key = point
-        def ssh_signature_type
-          ssh_type
+          return key
+        rescue OpenSSL::PKey::ECError
+          raise NotImplementedError, "unsupported key type `#{type}'"
         end
+      end
-        def digester
-          if self.group.curve_name =~ /^[a-z]+(\d+)\w*\z/
-            curve_size = $1.to_i
-            if curve_size <= 256
-              OpenSSL::Digest::SHA256.new
-            elsif curve_size <= 384
-              OpenSSL::Digest::SHA384.new
-            else
-              OpenSSL::Digest::SHA512.new
-            end
-          else
+      # Returns the description of this key type used by the
+      # SSH2 protocol, like "ecdsa-sha2-nistp256"
+      def ssh_type
+        "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
+      end
+      def ssh_signature_type
+        ssh_type
+      end
+      def digester
+        if group.curve_name =~ /^[a-z]+(\d+)\w*\z/
+          curve_size = Regexp.last_match(1).to_i
+          if curve_size <= 256
             OpenSSL::Digest::SHA256.new
+          elsif curve_size <= 384
+            OpenSSL::Digest::SHA384.new
+          else
+            OpenSSL::Digest::SHA512.new
           end
+        else
+          OpenSSL::Digest::SHA256.new
         end
-        private :digester
+      end
+      private :digester
-        # Converts the key to a blob, according to the SSH2 protocol.
-        def to_blob
-          @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
-                                          :string, CurveNameAliasInv[self.group.curve_name],
-                                          :mstring, self.public_key.to_bn.to_s(2)).to_s
-          @blob
-        end
+      # Converts the key to a blob, according to the SSH2 protocol.
+      def to_blob
+        @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+                                        :string, CurveNameAliasInv[group.curve_name],
+                                        :mstring, public_key.to_bn.to_s(2)).to_s
+        @blob
+      end
-        # Verifies the given signature matches the given data.
-        def ssh_do_verify(sig, data)
-          digest = digester.digest(data)
-          a1sig = nil
+      # Verifies the given signature matches the given data.
+      def ssh_do_verify(sig, data)
+        digest = digester.digest(data)
+        a1sig = nil
-          begin
-            sig_r_len = sig[0,4].unpack("H*")[0].to_i(16)
-            sig_l_len = sig[4 + sig_r_len,4].unpack("H*")[0].to_i(16)
+        begin
+          sig_r_len = sig[0, 4].unpack('H*')[0].to_i(16)
+          sig_l_len = sig[4 + sig_r_len, 4].unpack('H*')[0].to_i(16)
-            sig_r = sig[4,sig_r_len].unpack("H*")[0]
-            sig_s = sig[4 + sig_r_len + 4,sig_l_len].unpack("H*")[0]
+          sig_r = sig[4, sig_r_len].unpack('H*')[0]
+          sig_s = sig[4 + sig_r_len + 4, sig_l_len].unpack('H*')[0]
-            a1sig = OpenSSL::ASN1::Sequence([
-              OpenSSL::ASN1::Integer(sig_r.to_i(16)),
-              OpenSSL::ASN1::Integer(sig_s.to_i(16))
-            ])
-          rescue StandardError
-          end
+          a1sig = OpenSSL::ASN1::Sequence([
+                                            OpenSSL::ASN1::Integer(sig_r.to_i(16)),
+                                            OpenSSL::ASN1::Integer(sig_s.to_i(16))
+                                          ])
+        rescue StandardError
+        end
-          if a1sig == nil
-            return false
-          else
-            dsa_verify_asn1(digest, a1sig.to_der)
-          end
+        if a1sig.nil?
+          return false
+        else
+          dsa_verify_asn1(digest, a1sig.to_der)
         end
+      end
+      # Returns the signature for the given data.
+      def ssh_do_sign(data)
+        digest = digester.digest(data)
+        sig = dsa_sign_asn1(digest)
+        a1sig = OpenSSL::ASN1.decode(sig)
-        # Returns the signature for the given data.
-        def ssh_do_sign(data)
-          digest = digester.digest(data)
-          sig = dsa_sign_asn1(digest)
-          a1sig = OpenSSL::ASN1.decode(sig)
+        sig_r = a1sig.value[0].value
+        sig_s = a1sig.value[1].value
-          sig_r = a1sig.value[0].value
-          sig_s = a1sig.value[1].value
+        Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
+      end
-          return Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
+      class Point
+        # Returns the description of this key type used by the
+        # SSH2 protocol, like "ecdsa-sha2-nistp256"
+        def ssh_type
+          "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
         end
-        class Point
-          # Returns the description of this key type used by the
-          # SSH2 protocol, like "ecdsa-sha2-nistp256"
-          def ssh_type
-            "ecdsa-sha2-#{CurveNameAliasInv[self.group.curve_name]}"
-          end
-          # Converts the key to a blob, according to the SSH2 protocol.
-          def to_blob
-            @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
-                                            :string, CurveNameAliasInv[self.group.curve_name],
-                                            :mstring, self.to_bn.to_s(2)).to_s
-            @blob
-          end
+        # Converts the key to a blob, according to the SSH2 protocol.
+        def to_blob
+          @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+                                          :string, CurveNameAliasInv[group.curve_name],
+                                          :mstring, to_bn.to_s(2)).to_s
+          @blob
         end
       end
-    else
-      class OpenSSL::PKey::ECError < RuntimeError
-        # for compatibility with interpreters
-        # without EC support (i.e. JRuby)
-      end
     end
   end
 end

data/lib/net/ssh/transport/packet_stream.rb CHANGED

@@ -130,7 +130,7 @@ module Net
           payload = client.compress(payload)
           # the length of the packet, minus the padding
-          actual_length = 4 + payload.bytesize + 1
+          actual_length = (client.hmac.etm ? 0 : 4) + payload.bytesize + 1
           # compute the padding length
           padding_length = client.block_size - (actual_length % client.block_size)
@@ -146,11 +146,32 @@ module Net
           padding = Array.new(padding_length) { rand(256) }.pack("C*")
-          unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
-          mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+          if client.hmac.etm
+            debug { "using encrypt-then-mac" }
-          encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
-          message = encrypted_data + mac
+            # Encrypt padding_length, payload, and padding. Take MAC
+            # from the unencrypted packet_lenght and the encrypted
+            # data.
+            length_data = [packet_length].pack("N")
+            unencrypted_data = [padding_length, payload, padding].pack("CA*A*")
+            encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+            mac_data = length_data + encrypted_data
+            mac = client.hmac.digest([client.sequence_number, mac_data].pack("NA*"))
+            message = mac_data + mac
+          else
+            unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
+            mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+            encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+            message = encrypted_data + mac
+          end
           debug { "queueing packet nr #{client.sequence_number} type #{payload.getbyte(0)} len #{packet_length}" }
           enqueue(message)
@@ -196,17 +217,25 @@ module Net
         # algorithms specified in the server state object, and returned as a
         # new Packet object.
         def poll_next_packet
+          aad_length = server.hmac.etm ? 4 : 0
           if @packet.nil?
             minimum = server.block_size < 4 ? 4 : server.block_size
             return nil if available < minimum
-            data = read_available(minimum)
+            data = read_available(minimum + aad_length)
             # decipher it
-            @packet = Net::SSH::Buffer.new(server.update_cipher(data))
-            @packet_length = @packet.read_long
+            if server.hmac.etm
+              @packet_length = data.unpack("N").first
+              @mac_data = data
+              @packet = Net::SSH::Buffer.new(server.update_cipher(data[aad_length..-1]))
+            else
+              @packet = Net::SSH::Buffer.new(server.update_cipher(data))
+              @packet_length = @packet.read_long
+            end
           end
-          need = @packet_length + 4 - server.block_size
+          need = @packet_length + 4 - aad_length - server.block_size
           raise Net::SSH::Exception, "padding error, need #{need} block #{server.block_size}" if need % server.block_size != 0
           return nil if available < need + server.hmac.mac_length
@@ -214,6 +243,7 @@ module Net
           if need > 0
             # read the remainder of the packet and decrypt it.
             data = read_available(need)
+            @mac_data += data if server.hmac.etm
             @packet.append(server.update_cipher(data))
           end
@@ -226,7 +256,11 @@ module Net
           payload = @packet.read(@packet_length - padding_length - 1)
-          my_computed_hmac = server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
+          my_computed_hmac = if server.hmac.etm
+                               server.hmac.digest([server.sequence_number, @mac_data].pack("NA*"))
+                             else
+                               server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
+                             end
           raise Net::SSH::Exception, "corrupted hmac detected" if real_hmac != my_computed_hmac
           # try to decompress the payload, in case compression is active

data/lib/net/ssh/transport/state.rb CHANGED

@@ -141,7 +141,7 @@ module Net
           @max_packets ||= 1 << 31
-          @block_size = cipher.name == "RC4" ? 8 : cipher.block_size
+          @block_size = cipher.block_size
           if max_blocks.nil?
             # cargo-culted from openssh. the idea is that "the 2^(blocksize*2)

data/lib/net/ssh/version.rb CHANGED

@@ -46,17 +46,17 @@ module Net
       end
       # The major component of this version of the Net::SSH library
-      MAJOR = 5
+      MAJOR = 6
       # The minor component of this version of the Net::SSH library
-      MINOR = 2
+      MINOR = 0
       # The tiny component of this version of the Net::SSH library
       TINY  = 0
       # The prerelease component of this version of the Net::SSH library
       # nil allowed
-      PRE   = nil
+      PRE   = "beta1"
       # The current version of the Net::SSH library as a Version instance
       CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)

data/net-ssh.gemspec CHANGED

@@ -1,4 +1,3 @@
 require_relative 'lib/net/ssh/version'
 Gem::Specification.new do |spec|
@@ -16,11 +15,14 @@ Gem::Specification.new do |spec|
   spec.description   = %q{Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.}
   spec.homepage      = "https://github.com/net-ssh/net-ssh"
   spec.license       = "MIT"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.2.6")
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3")
+  spec.metadata = {
+    "changelog_uri" => "https://github.com/net-ssh/net-ssh/blob/master/CHANGES.txt"
+  }
   spec.extra_rdoc_files = [
     "LICENSE.txt",
-    "README.rdoc"
+    "README.md"
   ]
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
@@ -31,12 +33,12 @@ Gem::Specification.new do |spec|
   unless ENV['NET_SSH_NO_ED25519']
     spec.add_development_dependency("bcrypt_pbkdf", "~> 1.0") unless RUBY_PLATFORM == "java"
     spec.add_development_dependency("ed25519", "~> 1.2")
+    spec.add_development_dependency('x25519') unless RUBY_PLATFORM == 'java'
   end
-  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "bundler", ">= 1.17"
   spec.add_development_dependency "minitest", "~> 5.10"
   spec.add_development_dependency "mocha", ">= 1.2.1"
   spec.add_development_dependency "rake", "~> 12.0"
-  spec.add_development_dependency "rubocop", "~> 0.54.0"
+  spec.add_development_dependency "rubocop", "~> 0.74.0"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 5.2.0
+  version: 6.0.0.beta1
 platform: ruby
 authors:
 - Jamis Buck
@@ -31,7 +31,7 @@ cert_chain:
   +MqVFjDxsJA7cDfACke51RypSH1gZoPjzoW6w0sMRAzZT8hU1eGyqtNuBiSZ1UKv
   B/ztNLEP0OWhpj/NZ1fnGRvo/T0=
   -----END CERTIFICATE-----
-date: 2019-03-11 00:00:00.000000000 Z
+date: 2019-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt_pbkdf
@@ -61,20 +61,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: x25519
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '1.17'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '1.17'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -123,14 +137,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.54.0
+        version: 0.74.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.54.0
+        version: 0.74.0
 description: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It
   allows you to write programs that invoke and interact with processes on remote servers,
   via SSH2.'
@@ -140,7 +154,7 @@ executables: []
 extensions: []
 extra_rdoc_files:
 - LICENSE.txt
-- README.rdoc
+- README.md
 files:
 - ".gitignore"
 - ".rubocop.yml"
@@ -149,11 +163,10 @@ files:
 - CHANGES.txt
 - Gemfile
 - Gemfile.noed25519
-- Gemfile.noed25519.lock
 - ISSUE_TEMPLATE.md
 - LICENSE.txt
 - Manifest
-- README.rdoc
+- README.md
 - Rakefile
 - THANKS.txt
 - appveyor.yml
@@ -220,10 +233,16 @@ files:
 - lib/net/ssh/transport/hmac/sha1_96.rb
 - lib/net/ssh/transport/hmac/sha2_256.rb
 - lib/net/ssh/transport/hmac/sha2_256_96.rb
+- lib/net/ssh/transport/hmac/sha2_256_etm.rb
 - lib/net/ssh/transport/hmac/sha2_512.rb
 - lib/net/ssh/transport/hmac/sha2_512_96.rb
+- lib/net/ssh/transport/hmac/sha2_512_etm.rb
 - lib/net/ssh/transport/identity_cipher.rb
 - lib/net/ssh/transport/kex.rb
+- lib/net/ssh/transport/kex/abstract.rb
+- lib/net/ssh/transport/kex/abstract5656.rb
+- lib/net/ssh/transport/kex/curve25519_sha256.rb
+- lib/net/ssh/transport/kex/curve25519_sha256_loader.rb
 - lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb
 - lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb
 - lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb
@@ -244,12 +263,12 @@ files:
 - lib/net/ssh/version.rb
 - net-ssh-public_cert.pem
 - net-ssh.gemspec
-- support/arcfour_check.rb
 - support/ssh_tunnel_bug.rb
 homepage: https://github.com/net-ssh/net-ssh
 licenses:
 - MIT
-metadata: {}
+metadata:
+  changelog_uri: https://github.com/net-ssh/net-ssh/blob/master/CHANGES.txt
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -258,12 +277,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.6
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project:
 rubygems_version: 2.6.8