net-ssh 5.2.0 → 6.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.gitignore +1 -0
- data/.rubocop.yml +7 -4
- data/.rubocop_todo.yml +392 -379
- data/.travis.yml +16 -17
- data/CHANGES.txt +11 -0
- data/Manifest +0 -1
- data/README.md +286 -0
- data/Rakefile +1 -2
- data/appveyor.yml +4 -2
- data/lib/net/ssh.rb +7 -2
- data/lib/net/ssh/authentication/certificate.rb +10 -1
- data/lib/net/ssh/authentication/ed25519.rb +2 -1
- data/lib/net/ssh/authentication/ed25519_loader.rb +1 -1
- data/lib/net/ssh/authentication/key_manager.rb +34 -5
- data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +3 -1
- data/lib/net/ssh/authentication/pub_key_fingerprint.rb +0 -1
- data/lib/net/ssh/authentication/session.rb +9 -6
- data/lib/net/ssh/buffer.rb +1 -10
- data/lib/net/ssh/buffered_io.rb +0 -1
- data/lib/net/ssh/config.rb +51 -32
- data/lib/net/ssh/connection/channel.rb +17 -5
- data/lib/net/ssh/connection/event_loop.rb +0 -1
- data/lib/net/ssh/connection/session.rb +7 -4
- data/lib/net/ssh/key_factory.rb +6 -8
- data/lib/net/ssh/known_hosts.rb +27 -29
- data/lib/net/ssh/loggable.rb +2 -2
- data/lib/net/ssh/proxy/command.rb +0 -1
- data/lib/net/ssh/proxy/socks5.rb +0 -1
- data/lib/net/ssh/service/forward.rb +2 -1
- data/lib/net/ssh/test.rb +3 -2
- data/lib/net/ssh/transport/algorithms.rb +67 -42
- data/lib/net/ssh/transport/cipher_factory.rb +11 -27
- data/lib/net/ssh/transport/constants.rb +10 -6
- data/lib/net/ssh/transport/ctr.rb +1 -7
- data/lib/net/ssh/transport/hmac.rb +15 -13
- data/lib/net/ssh/transport/hmac/abstract.rb +16 -0
- data/lib/net/ssh/transport/hmac/sha2_256.rb +7 -11
- data/lib/net/ssh/transport/hmac/sha2_256_96.rb +4 -8
- data/lib/net/ssh/transport/hmac/sha2_256_etm.rb +12 -0
- data/lib/net/ssh/transport/hmac/sha2_512.rb +6 -9
- data/lib/net/ssh/transport/hmac/sha2_512_96.rb +4 -8
- data/lib/net/ssh/transport/hmac/sha2_512_etm.rb +12 -0
- data/lib/net/ssh/transport/kex.rb +14 -11
- data/lib/net/ssh/transport/kex/abstract.rb +123 -0
- data/lib/net/ssh/transport/kex/abstract5656.rb +72 -0
- data/lib/net/ssh/transport/kex/curve25519_sha256.rb +38 -0
- data/lib/net/ssh/transport/kex/curve25519_sha256_loader.rb +30 -0
- data/lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb +1 -15
- data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +9 -118
- data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +0 -6
- data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +5 -9
- data/lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb +18 -79
- data/lib/net/ssh/transport/kex/ecdh_sha2_nistp384.rb +5 -4
- data/lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb +5 -4
- data/lib/net/ssh/transport/openssl.rb +104 -107
- data/lib/net/ssh/transport/packet_stream.rb +44 -11
- data/lib/net/ssh/transport/state.rb +1 -1
- data/lib/net/ssh/version.rb +2 -2
- data/net-ssh-public_cert.pem +8 -8
- data/net-ssh.gemspec +9 -7
- metadata +46 -29
- metadata.gz.sig +2 -3
- data/Gemfile.noed25519.lock +0 -41
- data/README.rdoc +0 -194
- data/lib/net/ssh/ruby_compat.rb +0 -13
- data/support/arcfour_check.rb +0 -20
data/.travis.yml
CHANGED
@@ -7,12 +7,12 @@ addon:
|
|
7
7
|
gateway.netssh
|
8
8
|
|
9
9
|
rvm:
|
10
|
-
- 2.
|
11
|
-
- 2.
|
12
|
-
- 2.
|
13
|
-
- 2.5
|
14
|
-
- 2.
|
15
|
-
- jruby-9.2.
|
10
|
+
- 2.3.8
|
11
|
+
- 2.4.8
|
12
|
+
- 2.5.7
|
13
|
+
- 2.6.5
|
14
|
+
- 2.7.0
|
15
|
+
- jruby-9.2.11.1
|
16
16
|
- rbx-3.107
|
17
17
|
- ruby-head
|
18
18
|
env:
|
@@ -21,33 +21,32 @@ env:
|
|
21
21
|
matrix:
|
22
22
|
exclude:
|
23
23
|
- rvm: rbx-3.107
|
24
|
-
- rvm: jruby-9.2.5.0
|
25
24
|
include:
|
26
25
|
- rvm: rbx-3.107
|
27
26
|
env: NET_SSH_RUN_INTEGRATION_TESTS=
|
28
|
-
- rvm: jruby-9.2.
|
27
|
+
- rvm: jruby-9.2.11.1
|
29
28
|
env: JRUBY_OPTS='--client -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -Xcext.enabled=false -J-Xss2m -Xcompile.invokedynamic=false' NET_SSH_RUN_INTEGRATION_TESTS=
|
30
29
|
fast_finish: true
|
31
30
|
allow_failures:
|
32
31
|
- rvm: rbx-3.107
|
33
|
-
- rvm: jruby-9.2.
|
32
|
+
- rvm: jruby-9.2.11.1
|
34
33
|
- rvm: ruby-head
|
35
34
|
|
36
35
|
install:
|
37
36
|
- export JRUBY_OPTS='--client -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -Xcext.enabled=false -J-Xss2m -Xcompile.invokedynamic=false'
|
38
37
|
- sudo pip install ansible urllib3 pyOpenSSL ndg-httpsclient pyasn1
|
39
|
-
- gem install bundler -v "= 1.
|
38
|
+
- gem install bundler -v "= 1.17"
|
40
39
|
- gem list bundler
|
41
|
-
- bundle _1.
|
42
|
-
- bundle _1.
|
43
|
-
- BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.
|
40
|
+
- bundle _1.17_ install
|
41
|
+
- bundle _1.17_ -v
|
42
|
+
- BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.17_ install
|
44
43
|
- sudo ansible-galaxy install rvm.ruby
|
45
44
|
- sudo chown -R travis:travis /home/travis/.ansible
|
46
45
|
- ansible-playbook ./test/integration/playbook.yml -i "localhost," --become -c local -e 'no_rvm=true' -e 'myuser=travis' -e 'mygroup=travis' -e 'homedir=/home/travis'
|
47
46
|
|
48
47
|
script:
|
49
48
|
- ssh -V
|
50
|
-
- bundle _1.
|
51
|
-
- BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.
|
52
|
-
- bundle _1.
|
53
|
-
- bundle _1.
|
49
|
+
- bundle _1.17_ exec rake test
|
50
|
+
- BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.17_ exec rake test
|
51
|
+
- bundle _1.17_ exec rake test_test
|
52
|
+
- bundle _1.17_ exec rubocop
|
data/CHANGES.txt
CHANGED
@@ -1,3 +1,14 @@
|
|
1
|
+
=== 6.0.0 beta2
|
2
|
+
|
3
|
+
* Support :certkeys and CertificateFile configuration option [Anders Carling, #722]
|
4
|
+
|
5
|
+
=== 6.0.0 beta1
|
6
|
+
|
7
|
+
* curve25519sha256 support [Florian Wininger ,#690]
|
8
|
+
* disabled insecure algs [Florian Wininger , #709]
|
9
|
+
|
10
|
+
=== 5.2.0
|
11
|
+
|
1
12
|
=== 5.2.0.rc3
|
2
13
|
|
3
14
|
* Fix check_host_ip read from config
|
data/Manifest
CHANGED
data/README.md
ADDED
@@ -0,0 +1,286 @@
|
|
1
|
+
[![Gem Version](https://badge.fury.io/rb/net-ssh.svg)](https://badge.fury.io/rb/net-ssh)
|
2
|
+
[![Join the chat at https://gitter.im/net-ssh/net-ssh](https://badges.gitter.im/net-ssh/net-ssh.svg)](https://gitter.im/net-ssh/net-ssh?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
|
3
|
+
[![Build Status](https://travis-ci.org/net-ssh/net-ssh.svg?branch=master)](https://travis-ci.org/net-ssh/net-ssh)
|
4
|
+
[![Coverage status](https://codecov.io/gh/net-ssh/net-ssh/branch/master/graph/badge.svg)](https://codecov.io/gh/net-ssh/net-ssh)
|
5
|
+
[![Backers on Open Collective](https://opencollective.com/net-ssh/backers/badge.svg)](#backers])
|
6
|
+
[![Sponsors on Open Collective](https://opencollective.com/net-ssh/sponsors/badge.svg)](#sponsors)
|
7
|
+
|
8
|
+
# Net::SSH 6.x
|
9
|
+
|
10
|
+
* Docs: http://net-ssh.github.com/net-ssh
|
11
|
+
* Issues: https://github.com/net-ssh/net-ssh/issues
|
12
|
+
* Codes: https://github.com/net-ssh/net-ssh
|
13
|
+
* Email: net-ssh@solutious.com
|
14
|
+
|
15
|
+
*As of v2.6.4, all gem releases are signed. See [INSTALL](#install).*
|
16
|
+
|
17
|
+
## DESCRIPTION:
|
18
|
+
|
19
|
+
Net::SSH is a pure-Ruby implementation of the SSH2 client protocol.
|
20
|
+
It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.
|
21
|
+
|
22
|
+
## FEATURES:
|
23
|
+
|
24
|
+
* Execute processes on remote servers and capture their output
|
25
|
+
* Run multiple processes in parallel over a single SSH connection
|
26
|
+
* Support for SSH subsystems
|
27
|
+
* Forward local and remote ports via an SSH connection
|
28
|
+
|
29
|
+
## Supported Algorithms
|
30
|
+
|
31
|
+
Net::SSH 6.0 disables by default the usage of weak algorithms.
|
32
|
+
We strongly recommend that you install a servers's version that supports the latest algorithms.
|
33
|
+
|
34
|
+
It is possible to return to the previous behavior by adding the option : `append_all_supported_algorithms: true`
|
35
|
+
|
36
|
+
Unsecure algoritms will be definively remove in Net::SSH 7.*.
|
37
|
+
|
38
|
+
### Host Keys
|
39
|
+
|
40
|
+
| Name | Support | Details |
|
41
|
+
|----------------------|-----------------------|----------|
|
42
|
+
| ssh-rsa | OK | |
|
43
|
+
| ssh-ed25519 | OK | Require the gem `ed25519` |
|
44
|
+
| ecdsa-sha2-nistp521 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
|
45
|
+
| ecdsa-sha2-nistp384 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
|
46
|
+
| ecdsa-sha2-nistp256 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
|
47
|
+
| ssh-dss | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
48
|
+
|
49
|
+
### Key Exchange
|
50
|
+
|
51
|
+
| Name | Support | Details |
|
52
|
+
|--------------------------------------|-----------------------|----------|
|
53
|
+
| curve25519-sha256 | OK | Require the gem `x25519` |
|
54
|
+
| ecdh-sha2-nistp521 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
|
55
|
+
| ecdh-sha2-nistp384 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
|
56
|
+
| ecdh-sha2-nistp256 | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
|
57
|
+
| diffie-hellman-group1-sha1 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
58
|
+
| diffie-hellman-group14-sha1 | OK | |
|
59
|
+
| diffie-hellman-group-exchange-sha1 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
60
|
+
| diffie-hellman-group-exchange-sha256 | OK | |
|
61
|
+
|
62
|
+
### Encryption algorithms (ciphers)
|
63
|
+
|
64
|
+
| Name | Support | Details |
|
65
|
+
|--------------------------------------|-----------------------|----------|
|
66
|
+
| aes256-ctr / aes192-ctr / aes128-ctr | OK | [using weak elliptic curves](https://safecurves.cr.yp.to/) |
|
67
|
+
| aes256-cbc / aes192-cbc / aes128-cbc | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
68
|
+
| rijndael-cbc@lysator.liu.se | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
69
|
+
| blowfish-ctr blowfish-cbc | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
70
|
+
| cast128-ctr cast128-cbc | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
71
|
+
| 3des-ctr 3des-cbc | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
72
|
+
| idea-cbc | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
73
|
+
| none | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
74
|
+
|
75
|
+
### Message Authentication Code algorithms
|
76
|
+
|
77
|
+
| Name | Support | Details |
|
78
|
+
|----------------------|-----------------------|----------|
|
79
|
+
| hmac-sha2-512-etm | OK | |
|
80
|
+
| hmac-sha2-256-etm | OK | |
|
81
|
+
| hmac-sha2-512 | OK | |
|
82
|
+
| hmac-sha2-256 | OK | |
|
83
|
+
| hmac-sha2-512-96 | Deprecated in 6.0 | removed from the specification, will be removed in 7.0 |
|
84
|
+
| hmac-sha2-256-96 | Deprecated in 6.0 | removed from the specification, will be removed in 7.0 |
|
85
|
+
| hmac-sha1 | OK | for backward compatibility |
|
86
|
+
| hmac-sha1-96 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
87
|
+
| hmac-ripemd160 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
88
|
+
| hmac-md5 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
89
|
+
| hmac-md5-96 | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
90
|
+
| none | Deprecated in 6.0 | unsecure, will be removed in 7.0 |
|
91
|
+
|
92
|
+
## SYNOPSIS:
|
93
|
+
|
94
|
+
In a nutshell:
|
95
|
+
|
96
|
+
```ruby
|
97
|
+
require 'net/ssh'
|
98
|
+
|
99
|
+
Net::SSH.start('host', 'user', password: "password") do |ssh|
|
100
|
+
# capture all stderr and stdout output from a remote process
|
101
|
+
output = ssh.exec!("hostname")
|
102
|
+
puts output
|
103
|
+
|
104
|
+
# capture only stdout matching a particular pattern
|
105
|
+
stdout = ""
|
106
|
+
ssh.exec!("ls -l /home/jamis") do |channel, stream, data|
|
107
|
+
stdout << data if stream == :stdout
|
108
|
+
end
|
109
|
+
puts stdout
|
110
|
+
|
111
|
+
# run multiple processes in parallel to completion
|
112
|
+
ssh.exec "sed ..."
|
113
|
+
ssh.exec "awk ..."
|
114
|
+
ssh.exec "rm -rf ..."
|
115
|
+
ssh.loop
|
116
|
+
|
117
|
+
# open a new channel and configure a minimal set of callbacks, then run
|
118
|
+
# the event loop until the channel finishes (closes)
|
119
|
+
channel = ssh.open_channel do |ch|
|
120
|
+
ch.exec "/usr/local/bin/ruby /path/to/file.rb" do |ch, success|
|
121
|
+
raise "could not execute command" unless success
|
122
|
+
|
123
|
+
# "on_data" is called when the process writes something to stdout
|
124
|
+
ch.on_data do |c, data|
|
125
|
+
$stdout.print data
|
126
|
+
end
|
127
|
+
|
128
|
+
# "on_extended_data" is called when the process writes something to stderr
|
129
|
+
ch.on_extended_data do |c, type, data|
|
130
|
+
$stderr.print data
|
131
|
+
end
|
132
|
+
|
133
|
+
ch.on_close { puts "done!" }
|
134
|
+
end
|
135
|
+
end
|
136
|
+
|
137
|
+
channel.wait
|
138
|
+
|
139
|
+
# forward connections on local port 1234 to port 80 of www.capify.org
|
140
|
+
ssh.forward.local(1234, "www.capify.org", 80)
|
141
|
+
ssh.loop { true }
|
142
|
+
end
|
143
|
+
```
|
144
|
+
|
145
|
+
See Net::SSH for more documentation, and links to further information.
|
146
|
+
|
147
|
+
## REQUIREMENTS:
|
148
|
+
|
149
|
+
The only requirement you might be missing is the OpenSSL bindings for Ruby with a version greather than `1.0.1`.
|
150
|
+
These are built by default on most platforms, but you can verify that they're built and installed on your system by running the following command line:
|
151
|
+
|
152
|
+
```sh
|
153
|
+
ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'
|
154
|
+
```
|
155
|
+
|
156
|
+
If that spits out something like `OpenSSL 1.0.1 14 Mar 2012`, then you're set.
|
157
|
+
If you get an error, then you'll need to see about rebuilding ruby with OpenSSL support,
|
158
|
+
or (if your platform supports it) installing the OpenSSL bindings separately.
|
159
|
+
|
160
|
+
## INSTALL:
|
161
|
+
|
162
|
+
```sh
|
163
|
+
gem install net-ssh # might need sudo privileges
|
164
|
+
```
|
165
|
+
|
166
|
+
NOTE: If you are running on jruby on windows you need to install `jruby-pageant` manually
|
167
|
+
(gemspec doesn't allow for platform specific dependencies).
|
168
|
+
|
169
|
+
However, in order to be sure the code you're installing hasn't been tampered with,
|
170
|
+
it's recommended that you verify the [signature](http://docs.rubygems.org/read/chapter/21).
|
171
|
+
To do this, you need to add my public key as a trusted certificate (you only need to do this once):
|
172
|
+
|
173
|
+
```sh
|
174
|
+
# Add the public key as a trusted certificate
|
175
|
+
# (You only need to do this once)
|
176
|
+
curl -O https://raw.githubusercontent.com/net-ssh/net-ssh/master/net-ssh-public_cert.pem
|
177
|
+
gem cert --add net-ssh-public_cert.pem
|
178
|
+
```
|
179
|
+
|
180
|
+
Then, when install the gem, do so with high security:
|
181
|
+
|
182
|
+
```sh
|
183
|
+
gem install net-ssh -P HighSecurity
|
184
|
+
```
|
185
|
+
|
186
|
+
If you don't add the public key, you'll see an error like "Couldn't verify data signature".
|
187
|
+
If you're still having trouble let me know and I'll give you a hand.
|
188
|
+
|
189
|
+
For ed25519 public key auth support your bundle file should contain `ed25519`, `bcrypt_pbkdf` dependencies.
|
190
|
+
|
191
|
+
```sh
|
192
|
+
gem install ed25519
|
193
|
+
gem install bcrypt_pbkdf
|
194
|
+
```
|
195
|
+
|
196
|
+
For curve25519-sha256 kex exchange support your bundle file should contain `x25519` dependency.
|
197
|
+
|
198
|
+
## RUBY SUPPORT
|
199
|
+
|
200
|
+
* See [net-ssh.gemspec](https://github.com/net-ssh/net-ssh/blob/master/net-ssh.gemspec) for current versions ruby requirements
|
201
|
+
|
202
|
+
## RUNNING TESTS
|
203
|
+
|
204
|
+
If you want to run the tests or use any of the Rake tasks, you'll need Mocha and
|
205
|
+
other dependencies listed in Gemfile
|
206
|
+
|
207
|
+
Run the test suite from the net-ssh directory with the following command:
|
208
|
+
|
209
|
+
```sh
|
210
|
+
bundle exec rake test
|
211
|
+
```
|
212
|
+
|
213
|
+
Run a single test file like this:
|
214
|
+
|
215
|
+
```sh
|
216
|
+
ruby -Ilib -Itest test/transport/test_server_version.rb
|
217
|
+
```
|
218
|
+
|
219
|
+
To run integration tests see test/integration/README.txt
|
220
|
+
|
221
|
+
### BUILDING GEM
|
222
|
+
|
223
|
+
```sh
|
224
|
+
rake build
|
225
|
+
```
|
226
|
+
|
227
|
+
### GEM SIGNING (for maintainers)
|
228
|
+
|
229
|
+
If you have the net-ssh private signing key, you will be able to create signed release builds. Make sure the private key path matches the `signing_key` path set in `net-ssh.gemspec` and tell rake to sign the gem by setting the `NET_SSH_BUILDGEM_SIGNED` flag:
|
230
|
+
|
231
|
+
```sh
|
232
|
+
NET_SSH_BUILDGEM_SIGNED=true rake build
|
233
|
+
```
|
234
|
+
|
235
|
+
For time to time, the public certificate associated to the private key needs to be renewed. You can do this with the following command:
|
236
|
+
|
237
|
+
```sh
|
238
|
+
gem cert --build netssh@solutious.com --private-key path/2/net-ssh-private_key.pem
|
239
|
+
mv gem-public_cert.pem net-ssh-public_cert.pem
|
240
|
+
gem cert --add net-ssh-public_cert.pem
|
241
|
+
```
|
242
|
+
|
243
|
+
## CREDITS
|
244
|
+
|
245
|
+
### Contributors
|
246
|
+
|
247
|
+
This project exists thanks to all the people who contribute.
|
248
|
+
|
249
|
+
[![contributors](https://opencollective.com/net-ssh/contributors.svg?width=890&button=false)](graphs/contributors)
|
250
|
+
|
251
|
+
### Backers
|
252
|
+
|
253
|
+
Thank you to all our backers! 🙏 [Become a backer](https://opencollective.com/net-ssh#backer)
|
254
|
+
|
255
|
+
[![backers](https://opencollective.com/net-ssh/backers.svg?width=890)](https://opencollective.com/net-ssh#backers)
|
256
|
+
|
257
|
+
### Sponsors
|
258
|
+
|
259
|
+
Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor](https://opencollective.com/net-ssh#sponsor)
|
260
|
+
|
261
|
+
[![Sponsor](https://opencollective.com/net-ssh/sponsor/0/avatar.svg)](https://opencollective.com/net-ssh/sponsor/0/website)
|
262
|
+
|
263
|
+
## LICENSE:
|
264
|
+
|
265
|
+
(The MIT License)
|
266
|
+
|
267
|
+
Copyright (c) 2008 Jamis Buck
|
268
|
+
|
269
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
270
|
+
a copy of this software and associated documentation files (the
|
271
|
+
'Software'), to deal in the Software without restriction, including
|
272
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
273
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
274
|
+
permit persons to whom the Software is furnished to do so, subject to
|
275
|
+
the following conditions:
|
276
|
+
|
277
|
+
The above copyright notice and this permission notice shall be
|
278
|
+
included in all copies or substantial portions of the Software.
|
279
|
+
|
280
|
+
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
|
281
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
282
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
283
|
+
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
284
|
+
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
285
|
+
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
286
|
+
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Rakefile
CHANGED
@@ -1,4 +1,3 @@
|
|
1
|
-
|
2
1
|
#
|
3
2
|
# Also in your terminal environment run:
|
4
3
|
# $ export LANG=en_US.UTF-8
|
@@ -32,7 +31,7 @@ RDoc::Task.new do |rdoc|
|
|
32
31
|
rdoc.rdoc_dir = "rdoc"
|
33
32
|
rdoc.title = "#{name} #{version}"
|
34
33
|
rdoc.generator = 'hanna' # gem install hanna-nouveau
|
35
|
-
rdoc.main = 'README.
|
34
|
+
rdoc.main = 'README.md'
|
36
35
|
rdoc.rdoc_files.include("README*")
|
37
36
|
rdoc.rdoc_files.include("bin/*.rb")
|
38
37
|
rdoc.rdoc_files.include("lib/**/*.rb")
|
data/appveyor.yml
CHANGED
@@ -5,9 +5,11 @@ skip_tags: true
|
|
5
5
|
environment:
|
6
6
|
matrix:
|
7
7
|
- ruby_version: "jruby-9.1.2.0"
|
8
|
+
- ruby_version: "26-x64"
|
9
|
+
- ruby_version: "25-x64"
|
10
|
+
- ruby_version: "24-x64"
|
8
11
|
- ruby_version: "23"
|
9
12
|
- ruby_version: "23-x64"
|
10
|
-
- ruby_version: "22-x64"
|
11
13
|
|
12
14
|
matrix:
|
13
15
|
allow_failures:
|
@@ -29,7 +31,7 @@ install:
|
|
29
31
|
- if "%ruby_version%" == "jruby-9.1.2.0" ( cinst jruby --version 9.1.2.0 -i --allow-empty-checksums )
|
30
32
|
- if "%ruby_version%" == "jruby-9.1.2.0" ( SET "PATH=C:\jruby-9.1.2.0\bin\;%PATH%" )
|
31
33
|
- ruby --version
|
32
|
-
- gem install bundler --no-document --user-install -v 1.
|
34
|
+
- gem install bundler --no-document --user-install -v 1.17
|
33
35
|
- SET BUNDLE_GEMFILE=Gemfile.noed25519
|
34
36
|
- bundle install --retry=3
|
35
37
|
- cinst freesshd
|
data/lib/net/ssh.rb
CHANGED
@@ -4,6 +4,7 @@ ENV['HOME'] ||= ENV['HOMEPATH'] ? "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}" : Dir.
|
|
4
4
|
|
5
5
|
require 'logger'
|
6
6
|
require 'etc'
|
7
|
+
require 'shellwords'
|
7
8
|
|
8
9
|
require 'net/ssh/config'
|
9
10
|
require 'net/ssh/errors'
|
@@ -66,11 +67,11 @@ module Net
|
|
66
67
|
auth_methods bind_address compression compression_level config
|
67
68
|
encryption forward_agent hmac host_key remote_user
|
68
69
|
keepalive keepalive_interval keepalive_maxcount kex keys key_data
|
69
|
-
languages logger paranoid password port proxy
|
70
|
+
keycerts languages logger paranoid password port proxy
|
70
71
|
rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
|
71
72
|
known_hosts global_known_hosts_file user_known_hosts_file host_key_alias
|
72
73
|
host_name user properties passphrase keys_only max_pkt_size
|
73
|
-
max_win_size send_env use_agent number_of_password_prompts
|
74
|
+
max_win_size send_env set_env use_agent number_of_password_prompts
|
74
75
|
append_all_supported_algorithms non_interactive password_prompt
|
75
76
|
agent_socket_factory minimum_dh_bits verify_host_key
|
76
77
|
fingerprint_hash check_host_ip
|
@@ -144,6 +145,8 @@ module Net
|
|
144
145
|
# * :kex => the key exchange algorithm (or algorithms) to use
|
145
146
|
# * :keys => an array of file names of private keys to use for publickey
|
146
147
|
# and hostbased authentication
|
148
|
+
# * :keycerts => an array of file names of key certificates to use
|
149
|
+
# with publickey authentication
|
147
150
|
# * :key_data => an array of strings, with each element of the array being
|
148
151
|
# a raw private key in PEM format.
|
149
152
|
# * :keys_only => set to +true+ to use only private keys from +keys+ and
|
@@ -173,6 +176,8 @@ module Net
|
|
173
176
|
# * :rekey_packet_limit => the max number of packets to process before rekeying
|
174
177
|
# * :send_env => an array of local environment variable names to export to the
|
175
178
|
# remote environment. Names may be given as String or Regexp.
|
179
|
+
# * :set_env => a hash of environment variable names and values to set to the
|
180
|
+
# remote environment. Override the ones if specified in +send_env+.
|
176
181
|
# * :timeout => how long to wait for the initial connection to be made
|
177
182
|
# * :user => the user name to log in as; this overrides the +user+
|
178
183
|
# parameter, and is primarily only useful when provided via an SSH
|
@@ -31,7 +31,16 @@ module Net
|
|
31
31
|
cert.key_id = buffer.read_string
|
32
32
|
cert.valid_principals = buffer.read_buffer.read_all(&:read_string)
|
33
33
|
cert.valid_after = Time.at(buffer.read_int64)
|
34
|
-
|
34
|
+
|
35
|
+
cert.valid_before = if RUBY_PLATFORM == "java"
|
36
|
+
# 0x20c49ba5e353f7 = 0x7fffffffffffffff/1000, the largest value possible for JRuby
|
37
|
+
# JRuby Time.at multiplies the arg by 1000, and then stores it in a signed long.
|
38
|
+
# 0x20c49ba5e353f7 = 292278994-08-17 01:12:55 -0600
|
39
|
+
Time.at([0x20c49ba5e353f7, buffer.read_int64].min)
|
40
|
+
else
|
41
|
+
Time.at(buffer.read_int64)
|
42
|
+
end
|
43
|
+
|
35
44
|
cert.critical_options = read_options(buffer)
|
36
45
|
cert.extensions = read_options(buffer)
|
37
46
|
cert.reserved = buffer.read_string
|