RubyGems - net-ssh - Versions diffs - 5.2.0 → 6.0.0.beta1 - Mend

net-ssh 5.2.0 → 6.0.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.gitignore +1 -0
data/.rubocop.yml +7 -4
data/.rubocop_todo.yml +389 -379
data/.travis.yml +13 -14
data/CHANGES.txt +7 -0
data/README.md +286 -0
data/Rakefile +1 -2
data/appveyor.yml +4 -2
data/lib/net/ssh/authentication/key_manager.rb +7 -3
data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +3 -1
data/lib/net/ssh/authentication/pub_key_fingerprint.rb +0 -1
data/lib/net/ssh/authentication/session.rb +2 -6
data/lib/net/ssh/buffer.rb +1 -9
data/lib/net/ssh/config.rb +25 -10
data/lib/net/ssh/connection/channel.rb +7 -3
data/lib/net/ssh/connection/session.rb +7 -3
data/lib/net/ssh/key_factory.rb +6 -8
data/lib/net/ssh/known_hosts.rb +26 -29
data/lib/net/ssh/service/forward.rb +2 -1
data/lib/net/ssh/test.rb +3 -2
data/lib/net/ssh/transport/algorithms.rb +67 -42
data/lib/net/ssh/transport/cipher_factory.rb +11 -27
data/lib/net/ssh/transport/constants.rb +10 -6
data/lib/net/ssh/transport/ctr.rb +1 -7
data/lib/net/ssh/transport/hmac.rb +15 -13
data/lib/net/ssh/transport/hmac/abstract.rb +16 -0
data/lib/net/ssh/transport/hmac/sha2_256.rb +7 -11
data/lib/net/ssh/transport/hmac/sha2_256_96.rb +4 -8
data/lib/net/ssh/transport/hmac/sha2_256_etm.rb +12 -0
data/lib/net/ssh/transport/hmac/sha2_512.rb +6 -9
data/lib/net/ssh/transport/hmac/sha2_512_96.rb +4 -8
data/lib/net/ssh/transport/hmac/sha2_512_etm.rb +12 -0
data/lib/net/ssh/transport/kex.rb +13 -11
data/lib/net/ssh/transport/kex/abstract.rb +123 -0
data/lib/net/ssh/transport/kex/abstract5656.rb +72 -0
data/lib/net/ssh/transport/kex/curve25519_sha256.rb +38 -0
data/lib/net/ssh/transport/kex/curve25519_sha256_loader.rb +30 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +1 -15
data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +9 -118
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +0 -6
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +5 -9
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +18 -79
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +5 -4
data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +5 -4
data/lib/net/ssh/transport/openssl.rb +104 -107
data/lib/net/ssh/transport/packet_stream.rb +44 -10
data/lib/net/ssh/transport/state.rb +1 -1
data/lib/net/ssh/version.rb +3 -3
data/net-ssh.gemspec +8 -6
metadata +35 -16
metadata.gz.sig +0 -0
data/Gemfile.noed25519.lock +0 -41
data/README.rdoc +0 -194
data/support/arcfour_check.rb +0 -20

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb CHANGED

@@ -1,8 +1,9 @@
-module Net
-  module SSH
-    module Transport
-      module Kex
+require 'net/ssh/transport/kex/ecdh_sha2_nistp256'
+module Net
+  module SSH
+    module Transport
+      module Kex
         # A key-exchange service implementing the "ecdh-sha2-nistp256"
         # key-exchange algorithm. (defined in RFC 5656)
         class EcdhSHA2NistP384 < EcdhSHA2NistP256

data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb CHANGED

@@ -1,8 +1,9 @@
-module Net
-  module SSH
-    module Transport
-      module Kex
+require 'net/ssh/transport/kex/ecdh_sha2_nistp256'
+module Net
+  module SSH
+    module Transport
+      module Kex
         # A key-exchange service implementing the "ecdh-sha2-nistp521"
         # key-exchange algorithm. (defined in RFC 5656)
         class EcdhSHA2NistP521 < EcdhSHA2NistP256

data/lib/net/ssh/transport/openssl.rb CHANGED

@@ -98,9 +98,9 @@ module OpenSSL
         sig_r = sig[0,20].unpack("H*")[0].to_i(16)
         sig_s = sig[20,20].unpack("H*")[0].to_i(16)
         a1sig = OpenSSL::ASN1::Sequence([
-           OpenSSL::ASN1::Integer(sig_r),
-           OpenSSL::ASN1::Integer(sig_s)
-        ])
+                                          OpenSSL::ASN1::Integer(sig_r),
+                                          OpenSSL::ASN1::Integer(sig_s)
+                                        ])
         return verify(OpenSSL::Digest::SHA1.new, a1sig.to_der, data)
       end
@@ -121,132 +121,129 @@ module OpenSSL
       end
     end
-    if defined?(OpenSSL::PKey::EC)
-      # This class is originally defined in the OpenSSL module. As needed, methods
-      # have been added to it by the Net::SSH module for convenience in dealing
-      # with SSH functionality.
-      class EC
-        CurveNameAlias = {
-          "nistp256" => "prime256v1",
-          "nistp384" => "secp384r1",
-          "nistp521" => "secp521r1"
-        }
-        CurveNameAliasInv = {
-          "prime256v1" => "nistp256",
-          "secp384r1" => "nistp384",
-          "secp521r1" => "nistp521"
-        }
-        def self.read_keyblob(curve_name_in_type, buffer)
-          curve_name_in_key = buffer.read_string
-          raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')" unless curve_name_in_type == curve_name_in_key
-          public_key_oct = buffer.read_string
-          begin
-            key = OpenSSL::PKey::EC.new(OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key])
-            group = key.group
-            point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
-            key.public_key = point
-            return key
-          rescue OpenSSL::PKey::ECError
-            raise NotImplementedError, "unsupported key type `#{type}'"
-          end
+    # This class is originally defined in the OpenSSL module. As needed, methods
+    # have been added to it by the Net::SSH module for convenience in dealing
+    # with SSH functionality.
+    class EC
+      CurveNameAlias = {
+        'nistp256' => 'prime256v1',
+        'nistp384' => 'secp384r1',
+        'nistp521' => 'secp521r1'
+      }.freeze
+      CurveNameAliasInv = {
+        'prime256v1' => 'nistp256',
+        'secp384r1' => 'nistp384',
+        'secp521r1' => 'nistp521'
+      }.freeze
+      def self.read_keyblob(curve_name_in_type, buffer)
+        curve_name_in_key = buffer.read_string
+        unless curve_name_in_type == curve_name_in_key
+          raise Net::SSH::Exception, "curve name mismatched (`#{curve_name_in_key}' with `#{curve_name_in_type}')"
         end
-        # Returns the description of this key type used by the
-        # SSH2 protocol, like "ecdsa-sha2-nistp256"
-        def ssh_type
-          "ecdsa-sha2-#{CurveNameAliasInv[self.group.curve_name]}"
-        end
+        public_key_oct = buffer.read_string
+        begin
+          key = OpenSSL::PKey::EC.new(OpenSSL::PKey::EC::CurveNameAlias[curve_name_in_key])
+          group = key.group
+          point = OpenSSL::PKey::EC::Point.new(group, OpenSSL::BN.new(public_key_oct, 2))
+          key.public_key = point
-        def ssh_signature_type
-          ssh_type
+          return key
+        rescue OpenSSL::PKey::ECError
+          raise NotImplementedError, "unsupported key type `#{type}'"
         end
+      end
-        def digester
-          if self.group.curve_name =~ /^[a-z]+(\d+)\w*\z/
-            curve_size = $1.to_i
-            if curve_size <= 256
-              OpenSSL::Digest::SHA256.new
-            elsif curve_size <= 384
-              OpenSSL::Digest::SHA384.new
-            else
-              OpenSSL::Digest::SHA512.new
-            end
-          else
+      # Returns the description of this key type used by the
+      # SSH2 protocol, like "ecdsa-sha2-nistp256"
+      def ssh_type
+        "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
+      end
+      def ssh_signature_type
+        ssh_type
+      end
+      def digester
+        if group.curve_name =~ /^[a-z]+(\d+)\w*\z/
+          curve_size = Regexp.last_match(1).to_i
+          if curve_size <= 256
             OpenSSL::Digest::SHA256.new
+          elsif curve_size <= 384
+            OpenSSL::Digest::SHA384.new
+          else
+            OpenSSL::Digest::SHA512.new
           end
+        else
+          OpenSSL::Digest::SHA256.new
         end
-        private :digester
+      end
+      private :digester
-        # Converts the key to a blob, according to the SSH2 protocol.
-        def to_blob
-          @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
-                                          :string, CurveNameAliasInv[self.group.curve_name],
-                                          :mstring, self.public_key.to_bn.to_s(2)).to_s
-          @blob
-        end
+      # Converts the key to a blob, according to the SSH2 protocol.
+      def to_blob
+        @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+                                        :string, CurveNameAliasInv[group.curve_name],
+                                        :mstring, public_key.to_bn.to_s(2)).to_s
+        @blob
+      end
-        # Verifies the given signature matches the given data.
-        def ssh_do_verify(sig, data)
-          digest = digester.digest(data)
-          a1sig = nil
+      # Verifies the given signature matches the given data.
+      def ssh_do_verify(sig, data)
+        digest = digester.digest(data)
+        a1sig = nil
-          begin
-            sig_r_len = sig[0,4].unpack("H*")[0].to_i(16)
-            sig_l_len = sig[4 + sig_r_len,4].unpack("H*")[0].to_i(16)
+        begin
+          sig_r_len = sig[0, 4].unpack('H*')[0].to_i(16)
+          sig_l_len = sig[4 + sig_r_len, 4].unpack('H*')[0].to_i(16)
-            sig_r = sig[4,sig_r_len].unpack("H*")[0]
-            sig_s = sig[4 + sig_r_len + 4,sig_l_len].unpack("H*")[0]
+          sig_r = sig[4, sig_r_len].unpack('H*')[0]
+          sig_s = sig[4 + sig_r_len + 4, sig_l_len].unpack('H*')[0]
-            a1sig = OpenSSL::ASN1::Sequence([
-              OpenSSL::ASN1::Integer(sig_r.to_i(16)),
-              OpenSSL::ASN1::Integer(sig_s.to_i(16))
-            ])
-          rescue StandardError
-          end
+          a1sig = OpenSSL::ASN1::Sequence([
+                                            OpenSSL::ASN1::Integer(sig_r.to_i(16)),
+                                            OpenSSL::ASN1::Integer(sig_s.to_i(16))
+                                          ])
+        rescue StandardError
+        end
-          if a1sig == nil
-            return false
-          else
-            dsa_verify_asn1(digest, a1sig.to_der)
-          end
+        if a1sig.nil?
+          return false
+        else
+          dsa_verify_asn1(digest, a1sig.to_der)
         end
+      end
+      # Returns the signature for the given data.
+      def ssh_do_sign(data)
+        digest = digester.digest(data)
+        sig = dsa_sign_asn1(digest)
+        a1sig = OpenSSL::ASN1.decode(sig)
-        # Returns the signature for the given data.
-        def ssh_do_sign(data)
-          digest = digester.digest(data)
-          sig = dsa_sign_asn1(digest)
-          a1sig = OpenSSL::ASN1.decode(sig)
+        sig_r = a1sig.value[0].value
+        sig_s = a1sig.value[1].value
-          sig_r = a1sig.value[0].value
-          sig_s = a1sig.value[1].value
+        Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
+      end
-          return Net::SSH::Buffer.from(:bignum, sig_r, :bignum, sig_s).to_s
+      class Point
+        # Returns the description of this key type used by the
+        # SSH2 protocol, like "ecdsa-sha2-nistp256"
+        def ssh_type
+          "ecdsa-sha2-#{CurveNameAliasInv[group.curve_name]}"
         end
-        class Point
-          # Returns the description of this key type used by the
-          # SSH2 protocol, like "ecdsa-sha2-nistp256"
-          def ssh_type
-            "ecdsa-sha2-#{CurveNameAliasInv[self.group.curve_name]}"
-          end
-          # Converts the key to a blob, according to the SSH2 protocol.
-          def to_blob
-            @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
-                                            :string, CurveNameAliasInv[self.group.curve_name],
-                                            :mstring, self.to_bn.to_s(2)).to_s
-            @blob
-          end
+        # Converts the key to a blob, according to the SSH2 protocol.
+        def to_blob
+          @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
+                                          :string, CurveNameAliasInv[group.curve_name],
+                                          :mstring, to_bn.to_s(2)).to_s
+          @blob
         end
       end
-    else
-      class OpenSSL::PKey::ECError < RuntimeError
-        # for compatibility with interpreters
-        # without EC support (i.e. JRuby)
-      end
     end
   end
 end

data/lib/net/ssh/transport/packet_stream.rb CHANGED

@@ -130,7 +130,7 @@ module Net
           payload = client.compress(payload)
           # the length of the packet, minus the padding
-          actual_length = 4 + payload.bytesize + 1
+          actual_length = (client.hmac.etm ? 0 : 4) + payload.bytesize + 1
           # compute the padding length
           padding_length = client.block_size - (actual_length % client.block_size)
@@ -146,11 +146,32 @@ module Net
           padding = Array.new(padding_length) { rand(256) }.pack("C*")
-          unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
-          mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+          if client.hmac.etm
+            debug { "using encrypt-then-mac" }
-          encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
-          message = encrypted_data + mac
+            # Encrypt padding_length, payload, and padding. Take MAC
+            # from the unencrypted packet_lenght and the encrypted
+            # data.
+            length_data = [packet_length].pack("N")
+            unencrypted_data = [padding_length, payload, padding].pack("CA*A*")
+            encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+            mac_data = length_data + encrypted_data
+            mac = client.hmac.digest([client.sequence_number, mac_data].pack("NA*"))
+            message = mac_data + mac
+          else
+            unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
+            mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+            encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+            message = encrypted_data + mac
+          end
           debug { "queueing packet nr #{client.sequence_number} type #{payload.getbyte(0)} len #{packet_length}" }
           enqueue(message)
@@ -196,17 +217,25 @@ module Net
         # algorithms specified in the server state object, and returned as a
         # new Packet object.
         def poll_next_packet
+          aad_length = server.hmac.etm ? 4 : 0
           if @packet.nil?
             minimum = server.block_size < 4 ? 4 : server.block_size
             return nil if available < minimum
-            data = read_available(minimum)
+            data = read_available(minimum + aad_length)
             # decipher it
-            @packet = Net::SSH::Buffer.new(server.update_cipher(data))
-            @packet_length = @packet.read_long
+            if server.hmac.etm
+              @packet_length = data.unpack("N").first
+              @mac_data = data
+              @packet = Net::SSH::Buffer.new(server.update_cipher(data[aad_length..-1]))
+            else
+              @packet = Net::SSH::Buffer.new(server.update_cipher(data))
+              @packet_length = @packet.read_long
+            end
           end
-          need = @packet_length + 4 - server.block_size
+          need = @packet_length + 4 - aad_length - server.block_size
           raise Net::SSH::Exception, "padding error, need #{need} block #{server.block_size}" if need % server.block_size != 0
           return nil if available < need + server.hmac.mac_length
@@ -214,6 +243,7 @@ module Net
           if need > 0
             # read the remainder of the packet and decrypt it.
             data = read_available(need)
+            @mac_data += data if server.hmac.etm
             @packet.append(server.update_cipher(data))
           end
@@ -226,7 +256,11 @@ module Net
           payload = @packet.read(@packet_length - padding_length - 1)
-          my_computed_hmac = server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
+          my_computed_hmac = if server.hmac.etm
+                               server.hmac.digest([server.sequence_number, @mac_data].pack("NA*"))
+                             else
+                               server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
+                             end
           raise Net::SSH::Exception, "corrupted hmac detected" if real_hmac != my_computed_hmac
           # try to decompress the payload, in case compression is active

data/lib/net/ssh/transport/state.rb CHANGED

@@ -141,7 +141,7 @@ module Net
           @max_packets ||= 1 << 31
-          @block_size = cipher.name == "RC4" ? 8 : cipher.block_size
+          @block_size = cipher.block_size
           if max_blocks.nil?
             # cargo-culted from openssh. the idea is that "the 2^(blocksize*2)

data/lib/net/ssh/version.rb CHANGED

@@ -46,17 +46,17 @@ module Net
       end
       # The major component of this version of the Net::SSH library
-      MAJOR = 5
+      MAJOR = 6
       # The minor component of this version of the Net::SSH library
-      MINOR = 2
+      MINOR = 0
       # The tiny component of this version of the Net::SSH library
       TINY  = 0
       # The prerelease component of this version of the Net::SSH library
       # nil allowed
-      PRE   = nil
+      PRE   = "beta1"
       # The current version of the Net::SSH library as a Version instance
       CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)

data/net-ssh.gemspec CHANGED

@@ -1,4 +1,3 @@
 require_relative 'lib/net/ssh/version'
 Gem::Specification.new do |spec|
@@ -16,11 +15,14 @@ Gem::Specification.new do |spec|
   spec.description   = %q{Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.}
   spec.homepage      = "https://github.com/net-ssh/net-ssh"
   spec.license       = "MIT"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.2.6")
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3")
+  spec.metadata = {
+    "changelog_uri" => "https://github.com/net-ssh/net-ssh/blob/master/CHANGES.txt"
+  }
   spec.extra_rdoc_files = [
     "LICENSE.txt",
-    "README.rdoc"
+    "README.md"
   ]
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
@@ -31,12 +33,12 @@ Gem::Specification.new do |spec|
   unless ENV['NET_SSH_NO_ED25519']
     spec.add_development_dependency("bcrypt_pbkdf", "~> 1.0") unless RUBY_PLATFORM == "java"
     spec.add_development_dependency("ed25519", "~> 1.2")
+    spec.add_development_dependency('x25519') unless RUBY_PLATFORM == 'java'
   end
-  spec.add_development_dependency "bundler", "~> 1.11"
+  spec.add_development_dependency "bundler", ">= 1.17"
   spec.add_development_dependency "minitest", "~> 5.10"
   spec.add_development_dependency "mocha", ">= 1.2.1"
   spec.add_development_dependency "rake", "~> 12.0"
-  spec.add_development_dependency "rubocop", "~> 0.54.0"
+  spec.add_development_dependency "rubocop", "~> 0.74.0"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 5.2.0
+  version: 6.0.0.beta1
 platform: ruby
 authors:
 - Jamis Buck
@@ -31,7 +31,7 @@ cert_chain:
   +MqVFjDxsJA7cDfACke51RypSH1gZoPjzoW6w0sMRAzZT8hU1eGyqtNuBiSZ1UKv
   B/ztNLEP0OWhpj/NZ1fnGRvo/T0=
   -----END CERTIFICATE-----
-date: 2019-03-11 00:00:00.000000000 Z
+date: 2019-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt_pbkdf
@@ -61,20 +61,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: x25519
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '1.17'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.11'
+        version: '1.17'
 - !ruby/object:Gem::Dependency
   name: minitest
   requirement: !ruby/object:Gem::Requirement
@@ -123,14 +137,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.54.0
+        version: 0.74.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.54.0
+        version: 0.74.0
 description: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It
   allows you to write programs that invoke and interact with processes on remote servers,
   via SSH2.'
@@ -140,7 +154,7 @@ executables: []
 extensions: []
 extra_rdoc_files:
 - LICENSE.txt
-- README.rdoc
+- README.md
 files:
 - ".gitignore"
 - ".rubocop.yml"
@@ -149,11 +163,10 @@ files:
 - CHANGES.txt
 - Gemfile
 - Gemfile.noed25519
-- Gemfile.noed25519.lock
 - ISSUE_TEMPLATE.md
 - LICENSE.txt
 - Manifest
-- README.rdoc
+- README.md
 - Rakefile
 - THANKS.txt
 - appveyor.yml
@@ -220,10 +233,16 @@ files:
 - lib/net/ssh/transport/hmac/sha1_96.rb
 - lib/net/ssh/transport/hmac/sha2_256.rb
 - lib/net/ssh/transport/hmac/sha2_256_96.rb
+- lib/net/ssh/transport/hmac/sha2_256_etm.rb
 - lib/net/ssh/transport/hmac/sha2_512.rb
 - lib/net/ssh/transport/hmac/sha2_512_96.rb
+- lib/net/ssh/transport/hmac/sha2_512_etm.rb
 - lib/net/ssh/transport/identity_cipher.rb
 - lib/net/ssh/transport/kex.rb
+- lib/net/ssh/transport/kex/abstract.rb
+- lib/net/ssh/transport/kex/abstract5656.rb
+- lib/net/ssh/transport/kex/curve25519_sha256.rb
+- lib/net/ssh/transport/kex/curve25519_sha256_loader.rb
 - lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb
 - lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb
 - lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb
@@ -244,12 +263,12 @@ files:
 - lib/net/ssh/version.rb
 - net-ssh-public_cert.pem
 - net-ssh.gemspec
-- support/arcfour_check.rb
 - support/ssh_tunnel_bug.rb
 homepage: https://github.com/net-ssh/net-ssh
 licenses:
 - MIT
-metadata: {}
+metadata:
+  changelog_uri: https://github.com/net-ssh/net-ssh/blob/master/CHANGES.txt
 post_install_message:
 rdoc_options: []
 require_paths:
@@ -258,12 +277,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.2.6
+      version: '2.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project:
 rubygems_version: 2.6.8