net-ssh 6.0.0.beta1 → 6.0.0.beta2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/CHANGES.txt +4 -0
- data/Manifest +0 -1
- data/lib/net/ssh.rb +3 -1
- data/lib/net/ssh/authentication/key_manager.rb +27 -2
- data/lib/net/ssh/authentication/session.rb +7 -0
- data/lib/net/ssh/buffer.rb +0 -1
- data/lib/net/ssh/buffered_io.rb +0 -1
- data/lib/net/ssh/config.rb +25 -23
- data/lib/net/ssh/connection/event_loop.rb +0 -1
- data/lib/net/ssh/connection/session.rb +0 -1
- data/lib/net/ssh/proxy/command.rb +0 -1
- data/lib/net/ssh/proxy/socks5.rb +0 -1
- data/lib/net/ssh/transport/packet_stream.rb +0 -1
- data/lib/net/ssh/version.rb +1 -1
- metadata +3 -5
- metadata.gz.sig +0 -0
- data/lib/net/ssh/ruby_compat.rb +0 -13
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 5614d2fa5b1b6396aae6c99ee8dab8a7c4c9dfddfaed4ba2f2666539b56d22df
|
4
|
+
data.tar.gz: f999a5eb2e98e9e81efe4f628d02350fd33d3fd4e101f286ec36d83a538a7d60
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 389e60f10a0db01d775135b59837cd8d115777f6587d866c9afc821f239139d77f874cea4128672ef7a3d102a96c25be7dce025fda2667c89e9111f2ac6fc809
|
7
|
+
data.tar.gz: fed18846ef1d1e99407ae179b143f88338d258ed8e89bc5c18d4d31d0f15f8c75a004f0c93d25259c9f35e51cdaa581d4a066cc1f51a28e394b29d5afeda1910
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
data/CHANGES.txt
CHANGED
data/Manifest
CHANGED
data/lib/net/ssh.rb
CHANGED
@@ -66,7 +66,7 @@ module Net
|
|
66
66
|
auth_methods bind_address compression compression_level config
|
67
67
|
encryption forward_agent hmac host_key remote_user
|
68
68
|
keepalive keepalive_interval keepalive_maxcount kex keys key_data
|
69
|
-
languages logger paranoid password port proxy
|
69
|
+
keycerts languages logger paranoid password port proxy
|
70
70
|
rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
|
71
71
|
known_hosts global_known_hosts_file user_known_hosts_file host_key_alias
|
72
72
|
host_name user properties passphrase keys_only max_pkt_size
|
@@ -144,6 +144,8 @@ module Net
|
|
144
144
|
# * :kex => the key exchange algorithm (or algorithms) to use
|
145
145
|
# * :keys => an array of file names of private keys to use for publickey
|
146
146
|
# and hostbased authentication
|
147
|
+
# * :keycerts => an array of file names of key certificates to use
|
148
|
+
# with publickey authentication
|
147
149
|
# * :key_data => an array of strings, with each element of the array being
|
148
150
|
# a raw private key in PEM format.
|
149
151
|
# * :keys_only => set to +true+ to use only private keys from +keys+ and
|
@@ -30,6 +30,9 @@ module Net
|
|
30
30
|
# The list of user key data that will be examined
|
31
31
|
attr_reader :key_data
|
32
32
|
|
33
|
+
# The list of user key certificate files that will be examined
|
34
|
+
attr_reader :keycert_files
|
35
|
+
|
33
36
|
# The map of loaded identities
|
34
37
|
attr_reader :known_identities
|
35
38
|
|
@@ -43,6 +46,7 @@ module Net
|
|
43
46
|
self.logger = logger
|
44
47
|
@key_files = []
|
45
48
|
@key_data = []
|
49
|
+
@keycert_files = []
|
46
50
|
@use_agent = options[:use_agent] != false
|
47
51
|
@known_identities = {}
|
48
52
|
@agent = nil
|
@@ -66,6 +70,12 @@ module Net
|
|
66
70
|
self
|
67
71
|
end
|
68
72
|
|
73
|
+
# Add the given keycert_file to the list of keycert files that will be used.
|
74
|
+
def add_keycert(keycert_file)
|
75
|
+
keycert_files.push(File.expand_path(keycert_file)).uniq!
|
76
|
+
self
|
77
|
+
end
|
78
|
+
|
69
79
|
# Add the given key_file to the list of keys that will be used.
|
70
80
|
def add_key_data(key_data_)
|
71
81
|
key_data.push(key_data_).uniq!
|
@@ -108,7 +118,7 @@ module Net
|
|
108
118
|
user_identities.delete(corresponding_user_identity) if corresponding_user_identity
|
109
119
|
|
110
120
|
if !options[:keys_only] || corresponding_user_identity
|
111
|
-
known_identities[key] = { from: :agent }
|
121
|
+
known_identities[key] = { from: :agent, identity: key }
|
112
122
|
yield key
|
113
123
|
end
|
114
124
|
end
|
@@ -122,6 +132,21 @@ module Net
|
|
122
132
|
yield key
|
123
133
|
end
|
124
134
|
|
135
|
+
known_identity_blobs = known_identities.keys.map(&:to_blob)
|
136
|
+
keycert_files.each do |keycert_file|
|
137
|
+
keycert = KeyFactory.load_public_key(keycert_file)
|
138
|
+
next if known_identity_blobs.include?(keycert.to_blob)
|
139
|
+
|
140
|
+
(_, corresponding_identity) = known_identities.detect { |public_key, _|
|
141
|
+
public_key.to_pem == keycert.to_pem
|
142
|
+
}
|
143
|
+
|
144
|
+
if corresponding_identity
|
145
|
+
known_identities[keycert] = corresponding_identity
|
146
|
+
yield keycert
|
147
|
+
end
|
148
|
+
end
|
149
|
+
|
125
150
|
self
|
126
151
|
end
|
127
152
|
|
@@ -152,7 +177,7 @@ module Net
|
|
152
177
|
|
153
178
|
if info[:from] == :agent
|
154
179
|
raise KeyManagerError, "the agent is no longer available" unless agent
|
155
|
-
return agent.sign(identity, data.to_s)
|
180
|
+
return agent.sign(info[:identity], data.to_s)
|
156
181
|
end
|
157
182
|
|
158
183
|
raise KeyManagerError, "[BUG] can't determine identity origin (#{info.inspect})"
|
@@ -63,6 +63,7 @@ module Net
|
|
63
63
|
|
64
64
|
key_manager = KeyManager.new(logger, options)
|
65
65
|
keys.each { |key| key_manager.add(key) } unless keys.empty?
|
66
|
+
keycerts.each { |keycert| key_manager.add_keycert(keycert) } unless keycerts.empty?
|
66
67
|
key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty?
|
67
68
|
default_keys.each { |key| key_manager.add(key) } unless options.key?(:keys) || options.key?(:key_data)
|
68
69
|
|
@@ -146,6 +147,12 @@ module Net
|
|
146
147
|
Array(options[:keys])
|
147
148
|
end
|
148
149
|
|
150
|
+
# Returns an array of paths to the keycert files that should be used when
|
151
|
+
# attempting any key-based authentication mechanism.
|
152
|
+
def keycerts
|
153
|
+
Array(options[:keycerts])
|
154
|
+
end
|
155
|
+
|
149
156
|
# Returns an array of the key data that should be used when
|
150
157
|
# attempting any key-based authentication mechanism.
|
151
158
|
def key_data
|
data/lib/net/ssh/buffer.rb
CHANGED
data/lib/net/ssh/buffered_io.rb
CHANGED
data/lib/net/ssh/config.rb
CHANGED
@@ -11,6 +11,7 @@ module Net
|
|
11
11
|
#
|
12
12
|
# * ChallengeResponseAuthentication => maps to the :auth_methods option challenge-response (then coleasced into keyboard-interactive)
|
13
13
|
# * KbdInteractiveAuthentication => maps to the :auth_methods keyboard-interactive
|
14
|
+
# * CertificateFile => maps to the :keycerts option
|
14
15
|
# * Ciphers => maps to the :encryption option
|
15
16
|
# * Compression => :compression
|
16
17
|
# * CompressionLevel => :compression_level
|
@@ -129,7 +130,7 @@ module Net
|
|
129
130
|
block_seen = true
|
130
131
|
elsif !block_seen
|
131
132
|
case key
|
132
|
-
when 'identityfile'
|
133
|
+
when 'identityfile', 'certificatefile'
|
133
134
|
(globals[key] ||= []) << value
|
134
135
|
when 'include'
|
135
136
|
included_file_paths(base_dir, value).each do |file_path|
|
@@ -140,7 +141,7 @@ module Net
|
|
140
141
|
end
|
141
142
|
elsif block_matched
|
142
143
|
case key
|
143
|
-
when 'identityfile'
|
144
|
+
when 'identityfile', 'certificatefile'
|
144
145
|
(settings[key] ||= []) << value
|
145
146
|
when 'include'
|
146
147
|
included_file_paths(base_dir, value).each do |file_path|
|
@@ -161,7 +162,7 @@ module Net
|
|
161
162
|
|
162
163
|
globals.merge(settings) do |key, oldval, newval|
|
163
164
|
case key
|
164
|
-
when 'identityfile'
|
165
|
+
when 'identityfile', 'certificatefile'
|
165
166
|
oldval + newval
|
166
167
|
else
|
167
168
|
newval
|
@@ -196,25 +197,26 @@ module Net
|
|
196
197
|
|
197
198
|
private
|
198
199
|
|
200
|
+
TRANSLATE_CONFIG_KEY_RENAME_MAP = {
|
201
|
+
bindaddress: :bind_address,
|
202
|
+
compression: :compression,
|
203
|
+
compressionlevel: :compression_level,
|
204
|
+
certificatefile: :keycerts,
|
205
|
+
connecttimeout: :timeout,
|
206
|
+
forwardagent: :forward_agent,
|
207
|
+
identitiesonly: :keys_only,
|
208
|
+
identityagent: :identity_agent,
|
209
|
+
globalknownhostsfile: :global_known_hosts_file,
|
210
|
+
hostkeyalias: :host_key_alias,
|
211
|
+
identityfile: :keys,
|
212
|
+
fingerprinthash: :fingerprint_hash,
|
213
|
+
port: :port,
|
214
|
+
stricthostkeychecking: :strict_host_key_checking,
|
215
|
+
user: :user,
|
216
|
+
userknownhostsfile: :user_known_hosts_file,
|
217
|
+
checkhostip: :check_host_ip
|
218
|
+
}.freeze
|
199
219
|
def translate_config_key(hash, key, value, settings)
|
200
|
-
rename = {
|
201
|
-
bindaddress: :bind_address,
|
202
|
-
compression: :compression,
|
203
|
-
compressionlevel: :compression_level,
|
204
|
-
connecttimeout: :timeout,
|
205
|
-
forwardagent: :forward_agent,
|
206
|
-
identitiesonly: :keys_only,
|
207
|
-
identityagent: :identity_agent,
|
208
|
-
globalknownhostsfile: :global_known_hosts_file,
|
209
|
-
hostkeyalias: :host_key_alias,
|
210
|
-
identityfile: :keys,
|
211
|
-
fingerprinthash: :fingerprint_hash,
|
212
|
-
port: :port,
|
213
|
-
stricthostkeychecking: :strict_host_key_checking,
|
214
|
-
user: :user,
|
215
|
-
userknownhostsfile: :user_known_hosts_file,
|
216
|
-
checkhostip: :check_host_ip
|
217
|
-
}
|
218
220
|
case key
|
219
221
|
when :ciphers
|
220
222
|
hash[:encryption] = value.split(/,/)
|
@@ -276,8 +278,8 @@ module Net
|
|
276
278
|
hash[:send_env] = multi_send_env.map { |e| Regexp.new pattern2regex(e).source, false }
|
277
279
|
when :numberofpasswordprompts
|
278
280
|
hash[:number_of_password_prompts] = value.to_i
|
279
|
-
when *
|
280
|
-
hash[
|
281
|
+
when *TRANSLATE_CONFIG_KEY_RENAME_MAP.keys
|
282
|
+
hash[TRANSLATE_CONFIG_KEY_RENAME_MAP[key]] = value
|
281
283
|
end
|
282
284
|
end
|
283
285
|
|
data/lib/net/ssh/proxy/socks5.rb
CHANGED
data/lib/net/ssh/version.rb
CHANGED
@@ -56,7 +56,7 @@ module Net
|
|
56
56
|
|
57
57
|
# The prerelease component of this version of the Net::SSH library
|
58
58
|
# nil allowed
|
59
|
-
PRE = "
|
59
|
+
PRE = "beta2"
|
60
60
|
|
61
61
|
# The current version of the Net::SSH library as a Version instance
|
62
62
|
CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: net-ssh
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.0.0.
|
4
|
+
version: 6.0.0.beta2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jamis Buck
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
31
31
|
+MqVFjDxsJA7cDfACke51RypSH1gZoPjzoW6w0sMRAzZT8hU1eGyqtNuBiSZ1UKv
|
32
32
|
B/ztNLEP0OWhpj/NZ1fnGRvo/T0=
|
33
33
|
-----END CERTIFICATE-----
|
34
|
-
date:
|
34
|
+
date: 2020-01-19 00:00:00.000000000 Z
|
35
35
|
dependencies:
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: bcrypt_pbkdf
|
@@ -208,7 +208,6 @@ files:
|
|
208
208
|
- lib/net/ssh/proxy/jump.rb
|
209
209
|
- lib/net/ssh/proxy/socks4.rb
|
210
210
|
- lib/net/ssh/proxy/socks5.rb
|
211
|
-
- lib/net/ssh/ruby_compat.rb
|
212
211
|
- lib/net/ssh/service/forward.rb
|
213
212
|
- lib/net/ssh/test.rb
|
214
213
|
- lib/net/ssh/test/channel.rb
|
@@ -284,8 +283,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
284
283
|
- !ruby/object:Gem::Version
|
285
284
|
version: 1.3.1
|
286
285
|
requirements: []
|
287
|
-
|
288
|
-
rubygems_version: 2.6.8
|
286
|
+
rubygems_version: 3.0.3
|
289
287
|
signing_key:
|
290
288
|
specification_version: 4
|
291
289
|
summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'
|
metadata.gz.sig
CHANGED
Binary file
|