net-ssh 7.2.0.rc1 → 7.2.1.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/.github/workflows/ci.yml +3 -2
- data/.gitignore +2 -0
- data/CHANGES.txt +7 -0
- data/Dockerfile +3 -1
- data/Rakefile +41 -13
- data/docker-compose.yml +2 -0
- data/lib/net/ssh/authentication/key_manager.rb +19 -2
- data/lib/net/ssh/authentication/methods/publickey.rb +1 -1
- data/lib/net/ssh/authentication/session.rb +7 -0
- data/lib/net/ssh/buffered_io.rb +1 -1
- data/lib/net/ssh/version.rb +1 -1
- data/lib/net/ssh.rb +3 -1
- data/net-ssh.gemspec +2 -2
- data.tar.gz.sig +0 -0
- metadata +6 -6
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a17dfe9f90130318edc6753cf4f4a203a840425f3b08ba3c9613c2d64f619d00
|
|
4
|
+
data.tar.gz: d8b3be6e4d44328462c85dd423cf29a7089aae1ea2fe838859b8be798915a234
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 86f2886564ba68702ae6e82ed911af1912688b5104d79455510654109b72971ede576e2255bf88ef756a03be00f815c7f5320d5a1e24f63cac8261940e1bbad8
|
|
7
|
+
data.tar.gz: 6262e90adef7ef84d991295a6ba53bb0f4504b9ad3587674149a6cb619426f03ce578ab5032097b0bbdcfc4424252bdf3138a4bca98debae4dbc9f03e19f0b4a
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data/.github/workflows/ci.yml
CHANGED
|
@@ -7,7 +7,7 @@ jobs:
|
|
|
7
7
|
runs-on: ubuntu-22.04
|
|
8
8
|
strategy:
|
|
9
9
|
matrix:
|
|
10
|
-
ruby-version: [2.6.10, 2.7.7, 3.0.
|
|
10
|
+
ruby-version: [2.6.10, 2.7.7, 3.0.6, 3.1.3, 3.2.1, '3.3.0-rc1']
|
|
11
11
|
steps:
|
|
12
12
|
- uses: actions/checkout@v3
|
|
13
13
|
|
|
@@ -39,13 +39,14 @@ jobs:
|
|
|
39
39
|
${{ runner.os }}-pip-v1
|
|
40
40
|
- name: Bundle install
|
|
41
41
|
run: |
|
|
42
|
-
gem install bundler
|
|
42
|
+
gem install bundler ${{ (startsWith(matrix.ruby-version, '2.6.') || startsWith(matrix.ruby-version, '2.7.')) && '-v 2.4.22' || '' }}
|
|
43
43
|
bundle config set path 'vendor/bundle'
|
|
44
44
|
bundle config set --local path 'vendor/bundle'
|
|
45
45
|
bundle install --jobs 4 --retry 3 --path vendor/bundle
|
|
46
46
|
BUNDLE_GEMFILE=./Gemfile.noed25519 bundle install --jobs 4 --retry 3 --path vendor/bundle
|
|
47
47
|
env:
|
|
48
48
|
BUNDLE_PATH: vendor/bundle
|
|
49
|
+
|
|
49
50
|
|
|
50
51
|
- name: Add to etc/hosts
|
|
51
52
|
run: |
|
data/.gitignore
CHANGED
data/CHANGES.txt
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
|
+
=== 7.2.1 rc1
|
|
2
|
+
|
|
3
|
+
* feat: allow load of certkey from string [#926]
|
|
4
|
+
* fix: fix for Socket#recv returning nil on ruby 3.3.0 [#928]
|
|
5
|
+
|
|
1
6
|
=== 7.2.0
|
|
2
7
|
|
|
8
|
+
* Add debugging information for algorithm of pubkey in use [#918]
|
|
9
|
+
|
|
3
10
|
=== 7.2.0 rc1
|
|
4
11
|
|
|
5
12
|
* Allow IdentityAgent as option to Net::SSH.start [#912]
|
data/Dockerfile
CHANGED
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
ARG RUBY_VERSION=3.1
|
|
2
2
|
FROM ruby:${RUBY_VERSION}
|
|
3
3
|
|
|
4
|
+
ARG BUNDLERV=
|
|
5
|
+
|
|
4
6
|
RUN apt update && apt install -y openssh-server sudo netcat-openbsd \
|
|
5
7
|
&& useradd --create-home --shell '/bin/bash' --comment 'NetSSH' 'net_ssh_1' \
|
|
6
8
|
&& useradd --create-home --shell '/bin/bash' --comment 'NetSSH' 'net_ssh_2' \
|
|
@@ -20,7 +22,7 @@ COPY Gemfile net-ssh.gemspec $INSTALL_PATH/
|
|
|
20
22
|
|
|
21
23
|
COPY lib/net/ssh/version.rb $INSTALL_PATH/lib/net/ssh/version.rb
|
|
22
24
|
|
|
23
|
-
RUN gem install bundler && bundle install
|
|
25
|
+
RUN gem install bundler ${BUNDLERV} && bundle install
|
|
24
26
|
|
|
25
27
|
COPY . $INSTALL_PATH/
|
|
26
28
|
|
data/Rakefile
CHANGED
|
@@ -59,29 +59,48 @@ def change_version(&block)
|
|
|
59
59
|
version_file = 'lib/net/ssh/version.rb'
|
|
60
60
|
require_relative version_file
|
|
61
61
|
pre = Net::SSH::Version::PRE
|
|
62
|
-
|
|
62
|
+
tiny = Net::SSH::Version::TINY
|
|
63
|
+
result = block[pre: pre, tiny: Net::SSH::Version::TINY]
|
|
63
64
|
raise "Version change logic should always return a pre", ArgumentError unless result.key?(:pre)
|
|
64
65
|
|
|
65
66
|
new_pre = result[:pre]
|
|
66
|
-
|
|
67
|
+
new_tiny = result[:tiny] || tiny
|
|
68
|
+
found = { pre: false, tiny: false }
|
|
67
69
|
File.open("#{version_file}.new", "w") do |f|
|
|
68
70
|
File.readlines(version_file).each do |line|
|
|
69
|
-
match =
|
|
71
|
+
match =
|
|
72
|
+
if pre.nil?
|
|
73
|
+
/^(\s+PRE\s+=\s+)nil(\s*)$/.match(line)
|
|
74
|
+
else
|
|
75
|
+
/^(\s+PRE\s+=\s+")#{pre}("\s*)$/.match(line)
|
|
76
|
+
end
|
|
70
77
|
if match
|
|
71
78
|
prefix = match[1]
|
|
72
79
|
postfix = match[2]
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
postfix.delete_prefix!('"')
|
|
76
|
-
end
|
|
80
|
+
prefix.delete_suffix!('"')
|
|
81
|
+
postfix.delete_prefix!('"')
|
|
77
82
|
new_line = "#{prefix}#{new_pre.inspect}#{postfix}"
|
|
78
83
|
puts "Changing:\n - #{line} + #{new_line}"
|
|
79
84
|
line = new_line
|
|
80
|
-
found = true
|
|
85
|
+
found[:pre] = true
|
|
86
|
+
end
|
|
87
|
+
|
|
88
|
+
if new_tiny != tiny
|
|
89
|
+
match = /^(\s+TINY\s+=\s+)#{tiny}(\s*)$/.match(line)
|
|
90
|
+
if match
|
|
91
|
+
prefix = match[1]
|
|
92
|
+
postfix = match[2]
|
|
93
|
+
new_line = "#{prefix}#{new_tiny}#{postfix}"
|
|
94
|
+
puts "Changing:\n - #{line} + #{new_line}"
|
|
95
|
+
line = new_line
|
|
96
|
+
found[:tiny] = true
|
|
97
|
+
end
|
|
81
98
|
end
|
|
99
|
+
|
|
82
100
|
f.write(line)
|
|
83
101
|
end
|
|
84
|
-
raise
|
|
102
|
+
raise ArgumentError, "Cound not find line: PRE = \"#{pre}\" in #{version_file}" unless found[:pre]
|
|
103
|
+
raise ArgumentError, "Cound not find line: TINY = \"#{tiny}\" in #{version_file}" unless found[:tiny]
|
|
85
104
|
end
|
|
86
105
|
|
|
87
106
|
FileUtils.mv version_file, "#{version_file}.old"
|
|
@@ -99,12 +118,21 @@ namespace :vbump do
|
|
|
99
118
|
end
|
|
100
119
|
|
|
101
120
|
desc "Increment prerelease"
|
|
102
|
-
task :pre do
|
|
103
|
-
change_version do |pre:|
|
|
121
|
+
task :pre, [:type] do |_t, args|
|
|
122
|
+
change_version do |pre:, tiny:|
|
|
123
|
+
puts " PRE => #{pre.inspect}"
|
|
104
124
|
match = /^([a-z]+)(\d+)/.match(pre)
|
|
105
|
-
raise ArgumentError, "Unexpected pre: #{pre}" if match.nil?
|
|
125
|
+
raise ArgumentError, "Unexpected pre: #{pre}" if match.nil? && args[:type].nil?
|
|
106
126
|
|
|
107
|
-
|
|
127
|
+
if match.nil? || (!args[:type].nil? && args[:type] != match[1])
|
|
128
|
+
if pre.nil?
|
|
129
|
+
{ pre: "#{args[:type]}1", tiny: tiny + 1 }
|
|
130
|
+
else
|
|
131
|
+
{ pre: "#{args[:type]}1" }
|
|
132
|
+
end
|
|
133
|
+
else
|
|
134
|
+
{ pre: "#{match[1]}#{match[2].to_i + 1}" }
|
|
135
|
+
end
|
|
108
136
|
end
|
|
109
137
|
end
|
|
110
138
|
end
|
data/docker-compose.yml
CHANGED
|
@@ -32,6 +32,9 @@ module Net
|
|
|
32
32
|
# The list of user key certificate files that will be examined
|
|
33
33
|
attr_reader :keycert_files
|
|
34
34
|
|
|
35
|
+
# The list of user key certificate data that will be examined
|
|
36
|
+
attr_reader :keycert_data
|
|
37
|
+
|
|
35
38
|
# The map of loaded identities
|
|
36
39
|
attr_reader :known_identities
|
|
37
40
|
|
|
@@ -46,6 +49,7 @@ module Net
|
|
|
46
49
|
@key_files = []
|
|
47
50
|
@key_data = []
|
|
48
51
|
@keycert_files = []
|
|
52
|
+
@keycert_data = []
|
|
49
53
|
@use_agent = options[:use_agent] != false
|
|
50
54
|
@known_identities = {}
|
|
51
55
|
@agent = nil
|
|
@@ -59,6 +63,7 @@ module Net
|
|
|
59
63
|
def clear!
|
|
60
64
|
key_files.clear
|
|
61
65
|
key_data.clear
|
|
66
|
+
keycert_data.clear
|
|
62
67
|
known_identities.clear
|
|
63
68
|
self
|
|
64
69
|
end
|
|
@@ -75,6 +80,12 @@ module Net
|
|
|
75
80
|
self
|
|
76
81
|
end
|
|
77
82
|
|
|
83
|
+
# Add the given keycert_data to the list of keycerts that will be used.
|
|
84
|
+
def add_keycert_data(keycert_data_)
|
|
85
|
+
keycert_data.push(keycert_data_).uniq!
|
|
86
|
+
self
|
|
87
|
+
end
|
|
88
|
+
|
|
78
89
|
# Add the given key_file to the list of keys that will be used.
|
|
79
90
|
def add_key_data(key_data_)
|
|
80
91
|
key_data.push(key_data_).uniq!
|
|
@@ -132,8 +143,8 @@ module Net
|
|
|
132
143
|
end
|
|
133
144
|
|
|
134
145
|
known_identity_blobs = known_identities.keys.map(&:to_blob)
|
|
135
|
-
|
|
136
|
-
|
|
146
|
+
|
|
147
|
+
keycerts.each do |keycert|
|
|
137
148
|
next if known_identity_blobs.include?(keycert.to_blob)
|
|
138
149
|
|
|
139
150
|
(_, corresponding_identity) = known_identities.detect { |public_key, _|
|
|
@@ -227,6 +238,12 @@ module Net
|
|
|
227
238
|
|
|
228
239
|
private
|
|
229
240
|
|
|
241
|
+
# Load keycerts from files and data.
|
|
242
|
+
def keycerts
|
|
243
|
+
keycert_files.map { |keycert_file| KeyFactory.load_public_key(keycert_file) } +
|
|
244
|
+
keycert_data.map { |data| KeyFactory.load_data_public_key(data) }
|
|
245
|
+
end
|
|
246
|
+
|
|
230
247
|
# Prepares identities from user key_files for loading, preserving their order and sources.
|
|
231
248
|
def prepare_identities_from_files
|
|
232
249
|
key_files.map do |file|
|
|
@@ -44,7 +44,7 @@ module Net
|
|
|
44
44
|
end
|
|
45
45
|
|
|
46
46
|
def authenticate_with_alg(identity, next_service, username, alg, sig_alg = nil)
|
|
47
|
-
debug { "trying publickey (#{identity.fingerprint})" }
|
|
47
|
+
debug { "trying publickey (#{identity.fingerprint}) alg #{alg}" }
|
|
48
48
|
send_request(identity, username, next_service, alg)
|
|
49
49
|
|
|
50
50
|
message = session.next_message
|
|
@@ -63,6 +63,7 @@ module Net
|
|
|
63
63
|
key_manager = KeyManager.new(logger, options)
|
|
64
64
|
keys.each { |key| key_manager.add(key) } unless keys.empty?
|
|
65
65
|
keycerts.each { |keycert| key_manager.add_keycert(keycert) } unless keycerts.empty?
|
|
66
|
+
keycert_data.each { |data| key_manager.add_keycert_data(data) } unless keycert_data.empty?
|
|
66
67
|
key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty?
|
|
67
68
|
default_keys.each { |key| key_manager.add(key) } unless options.key?(:keys) || options.key?(:key_data)
|
|
68
69
|
|
|
@@ -154,6 +155,12 @@ module Net
|
|
|
154
155
|
Array(options[:keycerts])
|
|
155
156
|
end
|
|
156
157
|
|
|
158
|
+
# Returns an array of the keycert data that should be used when
|
|
159
|
+
# attempting any key-based authentication mechanism.
|
|
160
|
+
def keycert_data
|
|
161
|
+
Array(options[:keycert_data])
|
|
162
|
+
end
|
|
163
|
+
|
|
157
164
|
# Returns an array of the key data that should be used when
|
|
158
165
|
# attempting any key-based authentication mechanism.
|
|
159
166
|
def key_data
|
data/lib/net/ssh/buffered_io.rb
CHANGED
data/lib/net/ssh/version.rb
CHANGED
data/lib/net/ssh.rb
CHANGED
|
@@ -66,7 +66,7 @@ module Net
|
|
|
66
66
|
auth_methods bind_address compression compression_level config
|
|
67
67
|
encryption forward_agent hmac host_key identity_agent remote_user
|
|
68
68
|
keepalive keepalive_interval keepalive_maxcount kex keys key_data
|
|
69
|
-
keycerts languages logger paranoid password port proxy
|
|
69
|
+
keycerts keycert_data languages logger paranoid password port proxy
|
|
70
70
|
rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
|
|
71
71
|
known_hosts global_known_hosts_file user_known_hosts_file host_key_alias
|
|
72
72
|
host_name user properties passphrase keys_only max_pkt_size
|
|
@@ -146,6 +146,8 @@ module Net
|
|
|
146
146
|
# and hostbased authentication
|
|
147
147
|
# * :keycerts => an array of file names of key certificates to use
|
|
148
148
|
# with publickey authentication
|
|
149
|
+
# * :keycert_data => an array of strings, which each element of the array
|
|
150
|
+
# being a key certificate to use with publickey authentication
|
|
149
151
|
# * :key_data => an array of strings, with each element of the array being
|
|
150
152
|
# a raw private key in PEM format.
|
|
151
153
|
# * :keys_only => set to +true+ to use only private keys from +keys+ and
|
data/net-ssh.gemspec
CHANGED
|
@@ -39,8 +39,8 @@ Gem::Specification.new do |spec|
|
|
|
39
39
|
spec.add_development_dependency('rbnacl', '~> 7.1') unless ENV['NET_SSH_NO_RBNACL']
|
|
40
40
|
|
|
41
41
|
spec.add_development_dependency "bundler", ">= 1.17"
|
|
42
|
-
spec.add_development_dependency "minitest", "~> 5.
|
|
43
|
-
spec.add_development_dependency "mocha", "~> 1.
|
|
42
|
+
spec.add_development_dependency "minitest", "~> 5.19"
|
|
43
|
+
spec.add_development_dependency "mocha", "~> 2.1.0"
|
|
44
44
|
spec.add_development_dependency "rake", "~> 12.0"
|
|
45
45
|
spec.add_development_dependency "rubocop", "~> 1.28.0"
|
|
46
46
|
end
|
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: net-ssh
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.2.
|
|
4
|
+
version: 7.2.1.rc1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jamis Buck
|
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
|
31
31
|
v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
|
|
32
32
|
6tfjgZ6OvGSScvbCMHkCE9XjonE=
|
|
33
33
|
-----END CERTIFICATE-----
|
|
34
|
-
date: 2023-
|
|
34
|
+
date: 2023-12-16 00:00:00.000000000 Z
|
|
35
35
|
dependencies:
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: bcrypt_pbkdf
|
|
@@ -109,28 +109,28 @@ dependencies:
|
|
|
109
109
|
requirements:
|
|
110
110
|
- - "~>"
|
|
111
111
|
- !ruby/object:Gem::Version
|
|
112
|
-
version: '5.
|
|
112
|
+
version: '5.19'
|
|
113
113
|
type: :development
|
|
114
114
|
prerelease: false
|
|
115
115
|
version_requirements: !ruby/object:Gem::Requirement
|
|
116
116
|
requirements:
|
|
117
117
|
- - "~>"
|
|
118
118
|
- !ruby/object:Gem::Version
|
|
119
|
-
version: '5.
|
|
119
|
+
version: '5.19'
|
|
120
120
|
- !ruby/object:Gem::Dependency
|
|
121
121
|
name: mocha
|
|
122
122
|
requirement: !ruby/object:Gem::Requirement
|
|
123
123
|
requirements:
|
|
124
124
|
- - "~>"
|
|
125
125
|
- !ruby/object:Gem::Version
|
|
126
|
-
version: 1.
|
|
126
|
+
version: 2.1.0
|
|
127
127
|
type: :development
|
|
128
128
|
prerelease: false
|
|
129
129
|
version_requirements: !ruby/object:Gem::Requirement
|
|
130
130
|
requirements:
|
|
131
131
|
- - "~>"
|
|
132
132
|
- !ruby/object:Gem::Version
|
|
133
|
-
version: 1.
|
|
133
|
+
version: 2.1.0
|
|
134
134
|
- !ruby/object:Gem::Dependency
|
|
135
135
|
name: rake
|
|
136
136
|
requirement: !ruby/object:Gem::Requirement
|
metadata.gz.sig
CHANGED
|
Binary file
|