net-ssh 5.2.0 → 6.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (69) hide show
  1. checksums.yaml +5 -5
  2. checksums.yaml.gz.sig +0 -0
  3. data.tar.gz.sig +0 -0
  4. data/.gitignore +1 -0
  5. data/.rubocop.yml +7 -4
  6. data/.rubocop_todo.yml +392 -379
  7. data/.travis.yml +16 -17
  8. data/CHANGES.txt +11 -0
  9. data/Manifest +0 -1
  10. data/README.md +286 -0
  11. data/Rakefile +1 -2
  12. data/appveyor.yml +4 -2
  13. data/lib/net/ssh.rb +7 -2
  14. data/lib/net/ssh/authentication/certificate.rb +10 -1
  15. data/lib/net/ssh/authentication/ed25519.rb +2 -1
  16. data/lib/net/ssh/authentication/ed25519_loader.rb +1 -1
  17. data/lib/net/ssh/authentication/key_manager.rb +34 -5
  18. data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +3 -1
  19. data/lib/net/ssh/authentication/pub_key_fingerprint.rb +0 -1
  20. data/lib/net/ssh/authentication/session.rb +9 -6
  21. data/lib/net/ssh/buffer.rb +1 -10
  22. data/lib/net/ssh/buffered_io.rb +0 -1
  23. data/lib/net/ssh/config.rb +51 -32
  24. data/lib/net/ssh/connection/channel.rb +17 -5
  25. data/lib/net/ssh/connection/event_loop.rb +0 -1
  26. data/lib/net/ssh/connection/session.rb +7 -4
  27. data/lib/net/ssh/key_factory.rb +6 -8
  28. data/lib/net/ssh/known_hosts.rb +27 -29
  29. data/lib/net/ssh/loggable.rb +2 -2
  30. data/lib/net/ssh/proxy/command.rb +0 -1
  31. data/lib/net/ssh/proxy/socks5.rb +0 -1
  32. data/lib/net/ssh/service/forward.rb +2 -1
  33. data/lib/net/ssh/test.rb +3 -2
  34. data/lib/net/ssh/transport/algorithms.rb +67 -42
  35. data/lib/net/ssh/transport/cipher_factory.rb +11 -27
  36. data/lib/net/ssh/transport/constants.rb +10 -6
  37. data/lib/net/ssh/transport/ctr.rb +1 -7
  38. data/lib/net/ssh/transport/hmac.rb +15 -13
  39. data/lib/net/ssh/transport/hmac/abstract.rb +16 -0
  40. data/lib/net/ssh/transport/hmac/sha2_256.rb +7 -11
  41. data/lib/net/ssh/transport/hmac/sha2_256_96.rb +4 -8
  42. data/lib/net/ssh/transport/hmac/sha2_256_etm.rb +12 -0
  43. data/lib/net/ssh/transport/hmac/sha2_512.rb +6 -9
  44. data/lib/net/ssh/transport/hmac/sha2_512_96.rb +4 -8
  45. data/lib/net/ssh/transport/hmac/sha2_512_etm.rb +12 -0
  46. data/lib/net/ssh/transport/kex.rb +14 -11
  47. data/lib/net/ssh/transport/kex/abstract.rb +123 -0
  48. data/lib/net/ssh/transport/kex/abstract5656.rb +72 -0
  49. data/lib/net/ssh/transport/kex/curve25519_sha256.rb +38 -0
  50. data/lib/net/ssh/transport/kex/curve25519_sha256_loader.rb +30 -0
  51. data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +1 -15
  52. data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +9 -118
  53. data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +0 -6
  54. data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +5 -9
  55. data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +18 -79
  56. data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +5 -4
  57. data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +5 -4
  58. data/lib/net/ssh/transport/openssl.rb +104 -107
  59. data/lib/net/ssh/transport/packet_stream.rb +44 -11
  60. data/lib/net/ssh/transport/state.rb +1 -1
  61. data/lib/net/ssh/version.rb +2 -2
  62. data/net-ssh-public_cert.pem +8 -8
  63. data/net-ssh.gemspec +9 -7
  64. metadata +46 -29
  65. metadata.gz.sig +2 -3
  66. data/Gemfile.noed25519.lock +0 -41
  67. data/README.rdoc +0 -194
  68. data/lib/net/ssh/ruby_compat.rb +0 -13
  69. data/support/arcfour_check.rb +0 -20
@@ -7,12 +7,12 @@ addon:
7
7
  gateway.netssh
8
8
 
9
9
  rvm:
10
- - 2.2.10
11
- - 2.3.7
12
- - 2.4.5
13
- - 2.5.3
14
- - 2.6.0-rc2
15
- - jruby-9.2.5.0
10
+ - 2.3.8
11
+ - 2.4.8
12
+ - 2.5.7
13
+ - 2.6.5
14
+ - 2.7.0
15
+ - jruby-9.2.11.1
16
16
  - rbx-3.107
17
17
  - ruby-head
18
18
  env:
@@ -21,33 +21,32 @@ env:
21
21
  matrix:
22
22
  exclude:
23
23
  - rvm: rbx-3.107
24
- - rvm: jruby-9.2.5.0
25
24
  include:
26
25
  - rvm: rbx-3.107
27
26
  env: NET_SSH_RUN_INTEGRATION_TESTS=
28
- - rvm: jruby-9.2.5.0
27
+ - rvm: jruby-9.2.11.1
29
28
  env: JRUBY_OPTS='--client -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -Xcext.enabled=false -J-Xss2m -Xcompile.invokedynamic=false' NET_SSH_RUN_INTEGRATION_TESTS=
30
29
  fast_finish: true
31
30
  allow_failures:
32
31
  - rvm: rbx-3.107
33
- - rvm: jruby-9.2.5.0
32
+ - rvm: jruby-9.2.11.1
34
33
  - rvm: ruby-head
35
34
 
36
35
  install:
37
36
  - export JRUBY_OPTS='--client -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -Xcext.enabled=false -J-Xss2m -Xcompile.invokedynamic=false'
38
37
  - sudo pip install ansible urllib3 pyOpenSSL ndg-httpsclient pyasn1
39
- - gem install bundler -v "= 1.16"
38
+ - gem install bundler -v "= 1.17"
40
39
  - gem list bundler
41
- - bundle _1.16_ install
42
- - bundle _1.16_ -v
43
- - BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.16_ install
40
+ - bundle _1.17_ install
41
+ - bundle _1.17_ -v
42
+ - BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.17_ install
44
43
  - sudo ansible-galaxy install rvm.ruby
45
44
  - sudo chown -R travis:travis /home/travis/.ansible
46
45
  - ansible-playbook ./test/integration/playbook.yml -i "localhost," --become -c local -e 'no_rvm=true' -e 'myuser=travis' -e 'mygroup=travis' -e 'homedir=/home/travis'
47
46
 
48
47
  script:
49
48
  - ssh -V
50
- - bundle _1.16_ exec rake test
51
- - BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.16_ exec rake test
52
- - bundle _1.16_ exec rake test_test
53
- - bundle _1.16_ exec rubocop
49
+ - bundle _1.17_ exec rake test
50
+ - BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.17_ exec rake test
51
+ - bundle _1.17_ exec rake test_test
52
+ - bundle _1.17_ exec rubocop
@@ -1,3 +1,14 @@
1
+ === 6.0.0 beta2
2
+
3
+ * Support :certkeys and CertificateFile configuration option [Anders Carling, #722]
4
+
5
+ === 6.0.0 beta1
6
+
7
+ * curve25519sha256 support [Florian Wininger ,#690]
8
+ * disabled insecure algs [Florian Wininger , #709]
9
+
10
+ === 5.2.0
11
+
1
12
  === 5.2.0.rc3
2
13
 
3
14
  * Fix check_host_ip read from config
data/Manifest CHANGED
@@ -33,7 +33,6 @@ lib/net/ssh/proxy/errors.rb
33
33
  lib/net/ssh/proxy/http.rb
34
34
  lib/net/ssh/proxy/socks4.rb
35
35
  lib/net/ssh/proxy/socks5.rb
36
- lib/net/ssh/ruby_compat.rb
37
36
  lib/net/ssh/service/forward.rb
38
37
  lib/net/ssh/test.rb
39
38
  lib/net/ssh/test/channel.rb
@@ -0,0 +1,286 @@
1
+ [![Gem Version](https://badge.fury.io/rb/net-ssh.svg)](https://badge.fury.io/rb/net-ssh)
2
+ [![Join the chat at https://gitter.im/net-ssh/net-ssh](https://badges.gitter.im/net-ssh/net-ssh.svg)](https://gitter.im/net-ssh/net-ssh?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
3
+ [![Build Status](https://travis-ci.org/net-ssh/net-ssh.svg?branch=master)](https://travis-ci.org/net-ssh/net-ssh)
4
+ [![Coverage status](https://codecov.io/gh/net-ssh/net-ssh/branch/master/graph/badge.svg)](https://codecov.io/gh/net-ssh/net-ssh)
5
+ [![Backers on Open Collective](https://opencollective.com/net-ssh/backers/badge.svg)](#backers])
6
+ [![Sponsors on Open Collective](https://opencollective.com/net-ssh/sponsors/badge.svg)](#sponsors)
7
+
8
+ # Net::SSH 6.x
9
+
10
+ * Docs: http://net-ssh.github.com/net-ssh
11
+ * Issues: https://github.com/net-ssh/net-ssh/issues
12
+ * Codes: https://github.com/net-ssh/net-ssh
13
+ * Email: net-ssh@solutious.com
14
+
15
+ *As of v2.6.4, all gem releases are signed. See [INSTALL](#install).*
16
+
17
+ ## DESCRIPTION:
18
+
19
+ Net::SSH is a pure-Ruby implementation of the SSH2 client protocol.
20
+ It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.
21
+
22
+ ## FEATURES:
23
+
24
+ * Execute processes on remote servers and capture their output
25
+ * Run multiple processes in parallel over a single SSH connection
26
+ * Support for SSH subsystems
27
+ * Forward local and remote ports via an SSH connection
28
+
29
+ ## Supported Algorithms
30
+
31
+ Net::SSH 6.0 disables by default the usage of weak algorithms.
32
+ We strongly recommend that you install a servers's version that supports the latest algorithms.
33
+
34
+ It is possible to return to the previous behavior by adding the option : `append_all_supported_algorithms: true`
35
+
36
+ Unsecure algoritms will be definively remove in Net::SSH 7.*.
37
+
38
+ ### Host Keys
39
+
40
+ | Name | Support | Details |
41
+ |----------------------|-----------------------|----------|
42
+ | ssh-rsa | OK | |
43
+ | ssh-ed25519 | OK | Require the gem `ed25519` |
44
+ | ecdsa-sha2-nistp521 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
45
+ | ecdsa-sha2-nistp384 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
46
+ | ecdsa-sha2-nistp256 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
47
+ | ssh-dss | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
48
+
49
+ ### Key Exchange
50
+
51
+ | Name | Support | Details |
52
+ |--------------------------------------|-----------------------|----------|
53
+ | curve25519-sha256 | OK | Require the gem `x25519` |
54
+ | ecdh-sha2-nistp521 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
55
+ | ecdh-sha2-nistp384 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
56
+ | ecdh-sha2-nistp256 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
57
+ | diffie-hellman-group1-sha1 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
58
+ | diffie-hellman-group14-sha1 | OK | |
59
+ | diffie-hellman-group-exchange-sha1 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
60
+ | diffie-hellman-group-exchange-sha256 | OK | |
61
+
62
+ ### Encryption algorithms (ciphers)
63
+
64
+ | Name | Support | Details |
65
+ |--------------------------------------|-----------------------|----------|
66
+ | aes256-ctr / aes192-ctr / aes128-ctr | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
67
+ | aes256-cbc / aes192-cbc / aes128-cbc | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
68
+ | rijndael-cbc@lysator.liu.se | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
69
+ | blowfish-ctr blowfish-cbc | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
70
+ | cast128-ctr cast128-cbc | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
71
+ | 3des-ctr 3des-cbc | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
72
+ | idea-cbc | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
73
+ | none | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
74
+
75
+ ### Message Authentication Code algorithms
76
+
77
+ | Name | Support | Details |
78
+ |----------------------|-----------------------|----------|
79
+ | hmac-sha2-512-etm | OK | |
80
+ | hmac-sha2-256-etm | OK | |
81
+ | hmac-sha2-512 | OK | |
82
+ | hmac-sha2-256 | OK | |
83
+ | hmac-sha2-512-96 | Deprecated in 6.0 | removed from the specification, will be removed in 7.0 |
84
+ | hmac-sha2-256-96 | Deprecated in 6.0 | removed from the specification, will be removed in 7.0 |
85
+ | hmac-sha1 | OK | for backward compatibility |
86
+ | hmac-sha1-96 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
87
+ | hmac-ripemd160 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
88
+ | hmac-md5 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
89
+ | hmac-md5-96 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
90
+ | none | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
91
+
92
+ ## SYNOPSIS:
93
+
94
+ In a nutshell:
95
+
96
+ ```ruby
97
+ require 'net/ssh'
98
+
99
+ Net::SSH.start('host', 'user', password: "password") do |ssh|
100
+ # capture all stderr and stdout output from a remote process
101
+ output = ssh.exec!("hostname")
102
+ puts output
103
+
104
+ # capture only stdout matching a particular pattern
105
+ stdout = ""
106
+ ssh.exec!("ls -l /home/jamis") do |channel, stream, data|
107
+ stdout << data if stream == :stdout
108
+ end
109
+ puts stdout
110
+
111
+ # run multiple processes in parallel to completion
112
+ ssh.exec "sed ..."
113
+ ssh.exec "awk ..."
114
+ ssh.exec "rm -rf ..."
115
+ ssh.loop
116
+
117
+ # open a new channel and configure a minimal set of callbacks, then run
118
+ # the event loop until the channel finishes (closes)
119
+ channel = ssh.open_channel do |ch|
120
+ ch.exec "/usr/local/bin/ruby /path/to/file.rb" do |ch, success|
121
+ raise "could not execute command" unless success
122
+
123
+ # "on_data" is called when the process writes something to stdout
124
+ ch.on_data do |c, data|
125
+ $stdout.print data
126
+ end
127
+
128
+ # "on_extended_data" is called when the process writes something to stderr
129
+ ch.on_extended_data do |c, type, data|
130
+ $stderr.print data
131
+ end
132
+
133
+ ch.on_close { puts "done!" }
134
+ end
135
+ end
136
+
137
+ channel.wait
138
+
139
+ # forward connections on local port 1234 to port 80 of www.capify.org
140
+ ssh.forward.local(1234, "www.capify.org", 80)
141
+ ssh.loop { true }
142
+ end
143
+ ```
144
+
145
+ See Net::SSH for more documentation, and links to further information.
146
+
147
+ ## REQUIREMENTS:
148
+
149
+ The only requirement you might be missing is the OpenSSL bindings for Ruby with a version greather than `1.0.1`.
150
+ These are built by default on most platforms, but you can verify that they're built and installed on your system by running the following command line:
151
+
152
+ ```sh
153
+ ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'
154
+ ```
155
+
156
+ If that spits out something like `OpenSSL 1.0.1 14 Mar 2012`, then you're set.
157
+ If you get an error, then you'll need to see about rebuilding ruby with OpenSSL support,
158
+ or (if your platform supports it) installing the OpenSSL bindings separately.
159
+
160
+ ## INSTALL:
161
+
162
+ ```sh
163
+ gem install net-ssh # might need sudo privileges
164
+ ```
165
+
166
+ NOTE: If you are running on jruby on windows you need to install `jruby-pageant` manually
167
+ (gemspec doesn't allow for platform specific dependencies).
168
+
169
+ However, in order to be sure the code you're installing hasn't been tampered with,
170
+ it's recommended that you verify the [signature](http://docs.rubygems.org/read/chapter/21).
171
+ To do this, you need to add my public key as a trusted certificate (you only need to do this once):
172
+
173
+ ```sh
174
+ # Add the public key as a trusted certificate
175
+ # (You only need to do this once)
176
+ curl -O https://raw.githubusercontent.com/net-ssh/net-ssh/master/net-ssh-public_cert.pem
177
+ gem cert --add net-ssh-public_cert.pem
178
+ ```
179
+
180
+ Then, when install the gem, do so with high security:
181
+
182
+ ```sh
183
+ gem install net-ssh -P HighSecurity
184
+ ```
185
+
186
+ If you don't add the public key, you'll see an error like "Couldn't verify data signature".
187
+ If you're still having trouble let me know and I'll give you a hand.
188
+
189
+ For ed25519 public key auth support your bundle file should contain `ed25519`, `bcrypt_pbkdf` dependencies.
190
+
191
+ ```sh
192
+ gem install ed25519
193
+ gem install bcrypt_pbkdf
194
+ ```
195
+
196
+ For curve25519-sha256 kex exchange support your bundle file should contain `x25519` dependency.
197
+
198
+ ## RUBY SUPPORT
199
+
200
+ * See [net-ssh.gemspec](https://github.com/net-ssh/net-ssh/blob/master/net-ssh.gemspec) for current versions ruby requirements
201
+
202
+ ## RUNNING TESTS
203
+
204
+ If you want to run the tests or use any of the Rake tasks, you'll need Mocha and
205
+ other dependencies listed in Gemfile
206
+
207
+ Run the test suite from the net-ssh directory with the following command:
208
+
209
+ ```sh
210
+ bundle exec rake test
211
+ ```
212
+
213
+ Run a single test file like this:
214
+
215
+ ```sh
216
+ ruby -Ilib -Itest test/transport/test_server_version.rb
217
+ ```
218
+
219
+ To run integration tests see test/integration/README.txt
220
+
221
+ ### BUILDING GEM
222
+
223
+ ```sh
224
+ rake build
225
+ ```
226
+
227
+ ### GEM SIGNING (for maintainers)
228
+
229
+ If you have the net-ssh private signing key, you will be able to create signed release builds. Make sure the private key path matches the `signing_key` path set in `net-ssh.gemspec` and tell rake to sign the gem by setting the `NET_SSH_BUILDGEM_SIGNED` flag:
230
+
231
+ ```sh
232
+ NET_SSH_BUILDGEM_SIGNED=true rake build
233
+ ```
234
+
235
+ For time to time, the public certificate associated to the private key needs to be renewed. You can do this with the following command:
236
+
237
+ ```sh
238
+ gem cert --build netssh@solutious.com --private-key path/2/net-ssh-private_key.pem
239
+ mv gem-public_cert.pem net-ssh-public_cert.pem
240
+ gem cert --add net-ssh-public_cert.pem
241
+ ```
242
+
243
+ ## CREDITS
244
+
245
+ ### Contributors
246
+
247
+ This project exists thanks to all the people who contribute.
248
+
249
+ [![contributors](https://opencollective.com/net-ssh/contributors.svg?width=890&button=false)](graphs/contributors)
250
+
251
+ ### Backers
252
+
253
+ Thank you to all our backers! 🙏 [Become a backer](https://opencollective.com/net-ssh#backer)
254
+
255
+ [![backers](https://opencollective.com/net-ssh/backers.svg?width=890)](https://opencollective.com/net-ssh#backers)
256
+
257
+ ### Sponsors
258
+
259
+ Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor](https://opencollective.com/net-ssh#sponsor)
260
+
261
+ [![Sponsor](https://opencollective.com/net-ssh/sponsor/0/avatar.svg)](https://opencollective.com/net-ssh/sponsor/0/website)
262
+
263
+ ## LICENSE:
264
+
265
+ (The MIT License)
266
+
267
+ Copyright (c) 2008 Jamis Buck
268
+
269
+ Permission is hereby granted, free of charge, to any person obtaining
270
+ a copy of this software and associated documentation files (the
271
+ 'Software'), to deal in the Software without restriction, including
272
+ without limitation the rights to use, copy, modify, merge, publish,
273
+ distribute, sublicense, and/or sell copies of the Software, and to
274
+ permit persons to whom the Software is furnished to do so, subject to
275
+ the following conditions:
276
+
277
+ The above copyright notice and this permission notice shall be
278
+ included in all copies or substantial portions of the Software.
279
+
280
+ THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
281
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
282
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
283
+ IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
284
+ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
285
+ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
286
+ SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/Rakefile CHANGED
@@ -1,4 +1,3 @@
1
-
2
1
  #
3
2
  # Also in your terminal environment run:
4
3
  # $ export LANG=en_US.UTF-8
@@ -32,7 +31,7 @@ RDoc::Task.new do |rdoc|
32
31
  rdoc.rdoc_dir = "rdoc"
33
32
  rdoc.title = "#{name} #{version}"
34
33
  rdoc.generator = 'hanna' # gem install hanna-nouveau
35
- rdoc.main = 'README.rdoc'
34
+ rdoc.main = 'README.md'
36
35
  rdoc.rdoc_files.include("README*")
37
36
  rdoc.rdoc_files.include("bin/*.rb")
38
37
  rdoc.rdoc_files.include("lib/**/*.rb")
@@ -5,9 +5,11 @@ skip_tags: true
5
5
  environment:
6
6
  matrix:
7
7
  - ruby_version: "jruby-9.1.2.0"
8
+ - ruby_version: "26-x64"
9
+ - ruby_version: "25-x64"
10
+ - ruby_version: "24-x64"
8
11
  - ruby_version: "23"
9
12
  - ruby_version: "23-x64"
10
- - ruby_version: "22-x64"
11
13
 
12
14
  matrix:
13
15
  allow_failures:
@@ -29,7 +31,7 @@ install:
29
31
  - if "%ruby_version%" == "jruby-9.1.2.0" ( cinst jruby --version 9.1.2.0 -i --allow-empty-checksums )
30
32
  - if "%ruby_version%" == "jruby-9.1.2.0" ( SET "PATH=C:\jruby-9.1.2.0\bin\;%PATH%" )
31
33
  - ruby --version
32
- - gem install bundler --no-document --user-install -v 1.16
34
+ - gem install bundler --no-document --user-install -v 1.17
33
35
  - SET BUNDLE_GEMFILE=Gemfile.noed25519
34
36
  - bundle install --retry=3
35
37
  - cinst freesshd
@@ -4,6 +4,7 @@ ENV['HOME'] ||= ENV['HOMEPATH'] ? "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}" : Dir.
4
4
 
5
5
  require 'logger'
6
6
  require 'etc'
7
+ require 'shellwords'
7
8
 
8
9
  require 'net/ssh/config'
9
10
  require 'net/ssh/errors'
@@ -66,11 +67,11 @@ module Net
66
67
  auth_methods bind_address compression compression_level config
67
68
  encryption forward_agent hmac host_key remote_user
68
69
  keepalive keepalive_interval keepalive_maxcount kex keys key_data
69
- languages logger paranoid password port proxy
70
+ keycerts languages logger paranoid password port proxy
70
71
  rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
71
72
  known_hosts global_known_hosts_file user_known_hosts_file host_key_alias
72
73
  host_name user properties passphrase keys_only max_pkt_size
73
- max_win_size send_env use_agent number_of_password_prompts
74
+ max_win_size send_env set_env use_agent number_of_password_prompts
74
75
  append_all_supported_algorithms non_interactive password_prompt
75
76
  agent_socket_factory minimum_dh_bits verify_host_key
76
77
  fingerprint_hash check_host_ip
@@ -144,6 +145,8 @@ module Net
144
145
  # * :kex => the key exchange algorithm (or algorithms) to use
145
146
  # * :keys => an array of file names of private keys to use for publickey
146
147
  # and hostbased authentication
148
+ # * :keycerts => an array of file names of key certificates to use
149
+ # with publickey authentication
147
150
  # * :key_data => an array of strings, with each element of the array being
148
151
  # a raw private key in PEM format.
149
152
  # * :keys_only => set to +true+ to use only private keys from +keys+ and
@@ -173,6 +176,8 @@ module Net
173
176
  # * :rekey_packet_limit => the max number of packets to process before rekeying
174
177
  # * :send_env => an array of local environment variable names to export to the
175
178
  # remote environment. Names may be given as String or Regexp.
179
+ # * :set_env => a hash of environment variable names and values to set to the
180
+ # remote environment. Override the ones if specified in +send_env+.
176
181
  # * :timeout => how long to wait for the initial connection to be made
177
182
  # * :user => the user name to log in as; this overrides the +user+
178
183
  # parameter, and is primarily only useful when provided via an SSH
@@ -31,7 +31,16 @@ module Net
31
31
  cert.key_id = buffer.read_string
32
32
  cert.valid_principals = buffer.read_buffer.read_all(&:read_string)
33
33
  cert.valid_after = Time.at(buffer.read_int64)
34
- cert.valid_before = Time.at(buffer.read_int64)
34
+
35
+ cert.valid_before = if RUBY_PLATFORM == "java"
36
+ # 0x20c49ba5e353f7 = 0x7fffffffffffffff/1000, the largest value possible for JRuby
37
+ # JRuby Time.at multiplies the arg by 1000, and then stores it in a signed long.
38
+ # 0x20c49ba5e353f7 = 292278994-08-17 01:12:55 -0600
39
+ Time.at([0x20c49ba5e353f7, buffer.read_int64].min)
40
+ else
41
+ Time.at(buffer.read_int64)
42
+ end
43
+
35
44
  cert.critical_options = read_options(buffer)
36
45
  cert.extensions = read_options(buffer)
37
46
  cert.reserved = buffer.read_string