net-ssh 5.2.0 → 7.0.1

data/lib/net/ssh/transport/state.rb

@@ -2,10 +2,9 @@ require 'zlib'
 require 'net/ssh/transport/cipher_factory'
 require 'net/ssh/transport/hmac'
 
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Transport
-
       # Encapsulates state information about one end of an SSH connection. Such
       # state includes the packet sequence number, the algorithms in use, how
       # many packets and blocks have been processed since the last reset, and so
@@ -14,46 +13,46 @@ module Net
       class State
         # The socket object that owns this state object.
         attr_reader :socket
-    
+
         # The next packet sequence number for this socket endpoint.
         attr_reader :sequence_number
-    
+
         # The hmac algorithm in use for this endpoint.
         attr_reader :hmac
-    
+
         # The compression algorithm in use for this endpoint.
         attr_reader :compression
-    
+
         # The compression level to use when compressing data (or nil, for the default).
         attr_reader :compression_level
-    
+
         # The number of packets processed since the last call to #reset!
         attr_reader :packets
-    
+
         # The number of data blocks processed since the last call to #reset!
         attr_reader :blocks
-    
+
         # The cipher algorithm in use for this socket endpoint.
         attr_reader :cipher
-    
+
         # The block size for the cipher
         attr_reader :block_size
-    
+
         # The role that this state plays (either :client or :server)
         attr_reader :role
-    
+
         # The maximum number of packets that this endpoint wants to process before
         # needing a rekey.
         attr_accessor :max_packets
-    
+
         # The maximum number of blocks that this endpoint wants to process before
         # needing a rekey.
         attr_accessor :max_blocks
-    
+
         # The user-specified maximum number of bytes that this endpoint ought to
         # process before needing a rekey.
         attr_accessor :rekey_limit
-    
+
         # Creates a new state object, belonging to the given socket. Initializes
         # the algorithms to "none".
         def initialize(socket, role)
@@ -65,9 +64,9 @@ module Net
           @hmac = HMAC.get("none")
           @compression = nil
           @compressor = @decompressor = nil
-          @next_iv = ""
+          @next_iv = String.new
         end
-    
+
         # A convenience method for quickly setting multiple values in a single
         # command.
         def set(values)
@@ -76,19 +75,19 @@ module Net
           end
           reset!
         end
-    
+
         def update_cipher(data)
           result = cipher.update(data)
           update_next_iv(role == :client ? result : data)
           return result
         end
-    
+
         def final_cipher
           result = cipher.final
           update_next_iv(role == :client ? result : "", true)
           return result
         end
-    
+
         # Increments the counters. The sequence number is incremented (and remapped
         # so it always fits in a 32-bit integer). The number of packets and blocks
         # are also incremented.
@@ -97,18 +96,18 @@ module Net
           @packets += 1
           @blocks += (packet_length + 4) / @block_size
         end
-    
+
         # The compressor object to use when compressing data. This takes into account
         # the desired compression level.
         def compressor
           @compressor ||= Zlib::Deflate.new(compression_level || Zlib::DEFAULT_COMPRESSION)
         end
-    
+
         # The decompressor object to use when decompressing data.
         def decompressor
           @decompressor ||= Zlib::Inflate.new(nil)
         end
-    
+
         # Returns true if data compression/decompression is enabled. This will
         # return true if :standard compression is selected, or if :delayed
         # compression is selected and the :authenticated hint has been received
@@ -116,33 +115,35 @@ module Net
         def compression?
           compression == :standard || (compression == :delayed && socket.hints[:authenticated])
         end
-    
+
         # Compresses the data. If no compression is in effect, this will just return
         # the data unmodified, otherwise it uses #compressor to compress the data.
         def compress(data)
           data = data.to_s
           return data unless compression?
+
           compressor.deflate(data, Zlib::SYNC_FLUSH)
         end
-    
+
         # Deompresses the data. If no compression is in effect, this will just return
         # the data unmodified, otherwise it uses #decompressor to decompress the data.
         def decompress(data)
           data = data.to_s
           return data unless compression?
+
           decompressor.inflate(data)
         end
-    
+
         # Resets the counters on the state object, but leaves the sequence_number
         # unchanged. It also sets defaults for and recomputes the max_packets and
         # max_blocks values.
         def reset!
           @packets = @blocks = 0
-    
+
           @max_packets ||= 1 << 31
-    
-          @block_size = cipher.name == "RC4" ? 8 : cipher.block_size
-    
+
+          @block_size = cipher.block_size
+
           if max_blocks.nil?
             # cargo-culted from openssh. the idea is that "the 2^(blocksize*2)
             # limit is too expensive for 3DES, blowfish, etc., so enforce a 1GB
@@ -152,16 +153,16 @@ module Net
             else
               @max_blocks = (1 << 30) / @block_size
             end
-    
+
             # if a limit on the # of bytes has been given, convert that into a
             # minimum number of blocks processed.
-    
+
             @max_blocks = [@max_blocks, rekey_limit / @block_size].min if rekey_limit
           end
-    
+
           cleanup
         end
-    
+
         # Closes any the compressor and/or decompressor objects that have been
         # instantiated.
         def cleanup
@@ -169,17 +170,17 @@ module Net
             @compressor.finish if !@compressor.finished?
             @compressor.close
           end
-    
+
           if @decompressor
             # we call reset here so that we don't get warnings when we try to
             # close the decompressor
             @decompressor.reset
             @decompressor.close
           end
-    
+
           @compressor = @decompressor = nil
         end
-    
+
         # Returns true if the number of packets processed exceeds the maximum
         # number of packets, or if the number of blocks processed exceeds the
         # maximum number of blocks.
@@ -187,22 +188,21 @@ module Net
           max_packets && packets > max_packets ||
           max_blocks && blocks > max_blocks
         end
-    
+
         private
-    
-        def update_next_iv(data, reset=false)
+
+        def update_next_iv(data, reset = false)
           @next_iv << data
           @next_iv = @next_iv[@next_iv.size - cipher.iv_len..-1]
-    
+
           if reset
             cipher.reset
             cipher.iv = @next_iv
           end
-    
+
           return data
         end
       end
-
     end
   end
 end

data/lib/net/ssh/verifiers/accept_new.rb

@@ -5,7 +5,6 @@ require 'net/ssh/verifiers/always'
 module Net
   module SSH
     module Verifiers
-
       # Does a strict host verification, looking the server up in the known
       # host files to see if a key has already been seen for this server. If this
       # server does not appear in any host file, this will silently add the
@@ -29,7 +28,6 @@ module Net
           return true
         end
       end
-
     end
   end
 end

data/lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb

@@ -3,7 +3,6 @@ require 'net/ssh/verifiers/accept_new'
 module Net
   module SSH
     module Verifiers
-
       # Basically the same as the AcceptNew verifier, but does not try to actually
       # verify a connection if the server is the localhost and the port is a
       # nonstandard port number. Those two conditions will typically mean the
@@ -14,6 +13,7 @@ module Net
         # returns true. Otherwise, performs the standard strict verification.
         def verify(arguments)
           return true if tunnelled?(arguments)
+
           super
         end
 
@@ -28,7 +28,6 @@ module Net
           return ip == "127.0.0.1" || ip == "::1"
         end
       end
-
     end
   end
 end

data/lib/net/ssh/verifiers/always.rb

@@ -4,7 +4,6 @@ require 'net/ssh/known_hosts'
 module Net
   module SSH
     module Verifiers
-
       # Does a strict host verification, looking the server up in the known
       # host files to see if a key has already been seen for this server. If this
       # server does not appear in any host file, an exception will be raised
@@ -22,9 +21,13 @@ module Net
 
           # If we found any matches, check to see that the key type and
           # blob also match.
+
           found = host_keys.any? do |key|
-            key.ssh_type == arguments[:key].ssh_type &&
-            key.to_blob  == arguments[:key].to_blob
+            if key.respond_to?(:matches_key?)
+              key.matches_key?(arguments[:key])
+            else
+              key.ssh_type == arguments[:key].ssh_type && key.to_blob == arguments[:key].to_blob
+            end
           end
 
           # If a match was found, return true. Otherwise, raise an exception
@@ -50,7 +53,6 @@ module Net
           raise exception
         end
       end
-
     end
   end
 end

data/lib/net/ssh/verifiers/never.rb

@@ -1,7 +1,6 @@
 module Net
   module SSH
     module Verifiers
-
       # This host key verifier simply allows every key it sees, without
       # any verification. This is simple, but very insecure because it
       # exposes you to MiTM attacks.
@@ -15,7 +14,6 @@ module Net
           true
         end
       end
-
     end
   end
 end

data/lib/net/ssh/version.rb

@@ -46,13 +46,13 @@ module Net
       end
 
       # The major component of this version of the Net::SSH library
-      MAJOR = 5
+      MAJOR = 7
 
       # The minor component of this version of the Net::SSH library
-      MINOR = 2
+      MINOR = 0
 
       # The tiny component of this version of the Net::SSH library
-      TINY  = 0
+      TINY  = 1
 
       # The prerelease component of this version of the Net::SSH library
       # nil allowed

data/lib/net/ssh.rb

@@ -4,6 +4,7 @@ ENV['HOME'] ||= ENV['HOMEPATH'] ? "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}" : Dir.
 
 require 'logger'
 require 'etc'
+require 'shellwords'
 
 require 'net/ssh/config'
 require 'net/ssh/errors'
@@ -14,7 +15,6 @@ require 'net/ssh/connection/session'
 require 'net/ssh/prompt'
 
 module Net
-
   # Net::SSH is a library for interacting, programmatically, with remote
   # processes via the SSH2 protocol. Sessions are always initiated via
   # Net::SSH.start. From there, a program interacts with the new SSH session
@@ -66,11 +66,11 @@ module Net
       auth_methods bind_address compression compression_level config
       encryption forward_agent hmac host_key remote_user
       keepalive keepalive_interval keepalive_maxcount kex keys key_data
-      languages logger paranoid password port proxy
+      keycerts languages logger paranoid password port proxy
       rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
       known_hosts global_known_hosts_file user_known_hosts_file host_key_alias
       host_name user properties passphrase keys_only max_pkt_size
-      max_win_size send_env use_agent number_of_password_prompts
+      max_win_size send_env set_env use_agent number_of_password_prompts
       append_all_supported_algorithms non_interactive password_prompt
       agent_socket_factory minimum_dh_bits verify_host_key
       fingerprint_hash check_host_ip
@@ -121,7 +121,7 @@ module Net
     # * :forward_agent => set to true if you want the SSH agent connection to
     #   be forwarded
     # * :known_hosts => a custom object holding known hosts records.
-    #   It must implement #search_for and add in a similiar manner as KnownHosts.
+    #   It must implement #search_for and `add` in a similiar manner as KnownHosts.
     # * :global_known_hosts_file => the location of the global known hosts
     #   file. Set to an array if you want to specify multiple global known
     #   hosts files. Defaults to %w(/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2).
@@ -144,6 +144,8 @@ module Net
     # * :kex => the key exchange algorithm (or algorithms) to use
     # * :keys => an array of file names of private keys to use for publickey
     #   and hostbased authentication
+    # * :keycerts => an array of file names of key certificates to use
+    #    with publickey authentication
     # * :key_data => an array of strings, with each element of the array being
     #   a raw private key in PEM format.
     # * :keys_only => set to +true+ to use only private keys from +keys+ and
@@ -173,6 +175,8 @@ module Net
     # * :rekey_packet_limit => the max number of packets to process before rekeying
     # * :send_env => an array of local environment variable names to export to the
     #   remote environment. Names may be given as String or Regexp.
+    # * :set_env => a hash of environment variable names and values to set to the
+    #   remote environment. Override the ones if specified in +send_env+.
     # * :timeout => how long to wait for the initial connection to be made
     # * :user => the user name to log in as; this overrides the +user+
     #   parameter, and is primarily only useful when provided via an SSH
@@ -210,7 +214,7 @@ module Net
     # * :fingerprint_hash => 'MD5' or 'SHA256', defaults to 'SHA256'
     # If +user+ parameter is nil it defaults to USER from ssh_config, or
     # local username
-    def self.start(host, user=nil, options={}, &block)
+    def self.start(host, user = nil, options = {}, &block)
       invalid_options = options.keys - VALID_OPTIONS
       if invalid_options.any?
         raise ArgumentError, "invalid option(s): #{invalid_options.join(', ')}"
@@ -246,7 +250,7 @@ module Net
       transport = Transport::Session.new(host, options)
       auth = Authentication::Session.new(transport, options)
 
-      user = options.fetch(:user, user) || Etc.getlogin
+      user = options.fetch(:user, user) || Etc.getpwuid.name
       if auth.authenticate("ssh-connection", user, options[:password])
         connection = Connection::Session.new(transport, options)
         if block_given?
@@ -297,9 +301,9 @@ module Net
     end
 
     def self._sanitize_options(options)
-      invalid_option_values = [nil,[nil]]
+      invalid_option_values = [nil, [nil]]
       unless (options.values & invalid_option_values).empty?
-        nil_options = options.select { |_k,v| invalid_option_values.include?(v) }.map(&:first)
+        nil_options = options.select { |_k, v| invalid_option_values.include?(v) }.map(&:first)
         Kernel.warn "#{caller_locations(2, 1)[0]}: Passing nil, or [nil] to Net::SSH.start is deprecated for keys: #{nil_options.join(', ')}"
       end
     end

data/net-ssh-public_cert.pem

@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
 MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpuZXRz
-c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0xOTAzMTEwOTQ1MzZaFw0yMDAzMTAw
-OTQ1MzZaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
+c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMTA4MTAwODMyMzBaFw0yMjA4MTAw
+ODMyMzBaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
 IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxieE22fR/qmdPKUHyYTyUx2g
 wskLwrCkxay+Tvc97ZZUOwf85LDDDPqhQaTWLvRwnIOMgQE2nBPzwalVclK6a+pW
 x/18KDeZY15vm3Qn5p42b0wi9hUxOqPm3J2hdCLCcgtENgdX21nVzejn39WVqFJO
@@ -11,10 +11,10 @@ fBbmDnsMLAtAtauMOxORrbx3EOY7sHku/kSrMg3FXFay7jc6BkbbUij+MjJ/k82l
 AQABo3sweTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUBfKiwO2e
 M4NEiRrVG793qEPLYyMwHwYDVR0RBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20w
 HwYDVR0SBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20wDQYJKoZIhvcNAQELBQAD
-ggEBAILNXrrFaLruwlBoTx3F7iL5wiRUT+cOMfdon25gzX8Tf87hi6rITnRgFfak
-w+C/rbrYOuEfUJMeZSU5ASxzrB4ohgJ5AFxuxGNkWEQJC4nICGn3ML8PmHzEV12z
-+nMm9AtBM16dJTdTKA2B6du0ZtTtbm4M3ULB7rhkUO2L2RbDyyiGQw85IBdaVdzr
-GmrxZPAOhBABOREsvJU1+3GIyJncqXmtrYUGUoLiIf/WO0mxPzYALZC/6ZYfu2UP
-+MqVFjDxsJA7cDfACke51RypSH1gZoPjzoW6w0sMRAzZT8hU1eGyqtNuBiSZ1UKv
-B/ztNLEP0OWhpj/NZ1fnGRvo/T0=
+ggEBABRChgo0Jo+iXSnTpODNongzZoU0sWqwx3/FQVo8nyAyr1qFuiqpSPb4bDbU
+DsVnUn3t0X/gGA8qJhutlmfTpEQCjUeyj2x9rWpD3lvttlGWV6btQ0qN4Dfc2gsw
+rCp9Jpful0HGWhiwfjWfsarqAdtLzIG0UC47IN7LGeCMRJIijOsXQhiZ915eNBEw
+g9+WSSGHkMFt/7vi2pFkvXSC0+RF8ovvRWf4Zw2aYXtJ1GElgi4ZS/s6ZU0gmv20
+i4SfC5m5UXIVZvOBYiMuZ/1B2m6R9xU41027zfOVwRFNtlVDiNfQRq6sDmz44At/
+dv8pkxXDgySe41vzlRXFsgIgz5A=
 -----END CERTIFICATE-----

data/net-ssh.gemspec

@@ -1,4 +1,3 @@
-
 require_relative 'lib/net/ssh/version'
 
 Gem::Specification.new do |spec|
@@ -16,11 +15,14 @@ Gem::Specification.new do |spec|
   spec.description   = %q{Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.}
   spec.homepage      = "https://github.com/net-ssh/net-ssh"
   spec.license       = "MIT"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.2.6")
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.6")
+  spec.metadata = {
+    "changelog_uri" => "https://github.com/net-ssh/net-ssh/blob/master/CHANGES.txt"
+  }
 
   spec.extra_rdoc_files = [
     "LICENSE.txt",
-    "README.rdoc"
+    "README.md"
   ]
 
   spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
@@ -31,12 +33,12 @@ Gem::Specification.new do |spec|
   unless ENV['NET_SSH_NO_ED25519']
     spec.add_development_dependency("bcrypt_pbkdf", "~> 1.0") unless RUBY_PLATFORM == "java"
     spec.add_development_dependency("ed25519", "~> 1.2")
+    spec.add_development_dependency('x25519') unless RUBY_PLATFORM == 'java'
   end
 
-  spec.add_development_dependency "bundler", "~> 1.11"
-
+  spec.add_development_dependency "bundler", ">= 1.17"
   spec.add_development_dependency "minitest", "~> 5.10"
-  spec.add_development_dependency "mocha", ">= 1.2.1"
+  spec.add_development_dependency "mocha", "~> 1.11.2"
   spec.add_development_dependency "rake", "~> 12.0"
-  spec.add_development_dependency "rubocop", "~> 0.54.0"
+  spec.add_development_dependency "rubocop", "~> 1.28.0"
 end

data/support/ssh_tunnel_bug.rb

@@ -15,12 +15,12 @@
 #       visible_hostname netsshtest
 #     * Start squid squid -N -d 1 -D
 # * Run this script
-# * Configure browser proxy to use localhost with LOCAL_PORT. 
+# * Configure browser proxy to use localhost with LOCAL_PORT.
 # * Load any page, wait for it to load fully. If the page loads
 #   correctly, move on. If not, something needs to be corrected.
 # * Refresh the page several times. This should cause this
 #   script to failed with the error: "closed stream". You may
-#   need to try a few times. 
+#   need to try a few times.
 #
 
 require 'highline/import'
@@ -37,7 +37,7 @@ pass = ask("Password: ") { |q| q.echo = "*" }
 puts "Configure your browser proxy to localhost:#{LOCAL_PORT}"
 
 begin
-  session = Net::SSH.start(host, user, password: pass)  
+  session = Net::SSH.start(host, user, password: pass)
   session.forward.local(LOCAL_PORT, host, PROXY_PORT)
   session.loop {true}
 rescue StandardError => e