net-ssh 7.3.2 → 7.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/.dockerignore +3 -0
- data/.rubocop_todo.yml +1 -1
- data/CHANGES.txt +9 -0
- data/lib/net/ssh/authentication/ed25519_loader.rb +2 -2
- data/lib/net/ssh/authentication/key_manager.rb +21 -6
- data/lib/net/ssh/config.rb +2 -1
- data/lib/net/ssh/known_hosts.rb +2 -0
- data/lib/net/ssh/service/forward.rb +3 -3
- data/lib/net/ssh/version.rb +1 -1
- data/lib/net/ssh.rb +0 -4
- data.tar.gz.sig +0 -0
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0d9097275f7c3c0123783d9c29f8c4c4bfe3a3c8d68410357078e91859950f3f
|
|
4
|
+
data.tar.gz: b5a1013faa8b1cfbe5645e849329c99b62db9d944894287747a12c33f5356d9a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 04ceefc617349311ddceebb606aa003dec8c6aa671363a13f939486d1bdfa5b55c49a56096651d8667f30f57ea109728e3cdae1f25545aa3c1c892b1db2948bf
|
|
7
|
+
data.tar.gz: 3a9f23ad8a0843628f5dc500c83ceabca815756f925fbddc9725a12e0e19a9eeacf42f26f924b9c038edf8e95f832720c2297b0d0c8fdfcd6844f94d72f834b9
|
checksums.yaml.gz.sig
CHANGED
|
Binary file
|
data/.dockerignore
CHANGED
data/.rubocop_todo.yml
CHANGED
|
@@ -235,7 +235,7 @@ Lint/UselessTimes:
|
|
|
235
235
|
# Offense count: 205
|
|
236
236
|
# Configuration parameters: IgnoredMethods, CountRepeatedAttributes.
|
|
237
237
|
Metrics/AbcSize:
|
|
238
|
-
Max:
|
|
238
|
+
Max: 76
|
|
239
239
|
|
|
240
240
|
# Offense count: 16
|
|
241
241
|
# Configuration parameters: CountComments, CountAsOne, ExcludedMethods, IgnoredMethods.
|
data/CHANGES.txt
CHANGED
|
@@ -1,3 +1,12 @@
|
|
|
1
|
+
=== 7.3.3
|
|
2
|
+
|
|
3
|
+
* Support .pub file as IdentityFile to filter/prioritize agent keys (1Password SSH agent use case) [#942]
|
|
4
|
+
* Fix cert signing regression when using a .pub companion file without an agent [#1006]
|
|
5
|
+
* Fix unreadable .pub IdentityFile silently skipped instead of raising [#1006]
|
|
6
|
+
* Allow multiple UserKnownHostsFile entries (space-separated, matching ssh_config(5)) [#979]
|
|
7
|
+
* Stop mutating ENV['HOME'] at require time [#997]
|
|
8
|
+
* Fix ED25519 loader with frozen string literals [#995]
|
|
9
|
+
|
|
1
10
|
=== 7.3.2 rc2
|
|
2
11
|
|
|
3
12
|
* Fix Ruby 2.6 compat: use public_to_der fallback for EC public keys [#993]
|
|
@@ -14,13 +14,13 @@ module Net
|
|
|
14
14
|
end
|
|
15
15
|
|
|
16
16
|
def self.raiseUnlessLoaded(message)
|
|
17
|
-
description = ERROR.is_a?(LoadError) ? dependenciesRequiredForED25519 : ''
|
|
17
|
+
description = ERROR.is_a?(LoadError) ? dependenciesRequiredForED25519 : +''
|
|
18
18
|
description << "#{ERROR.class} : \"#{ERROR.message}\"\n" if ERROR
|
|
19
19
|
raise NotImplementedError, "#{message}\n#{description}" unless LOADED
|
|
20
20
|
end
|
|
21
21
|
|
|
22
22
|
def self.dependenciesRequiredForED25519
|
|
23
|
-
result = "net-ssh requires the following gems for ed25519 support:\n"
|
|
23
|
+
result = +"net-ssh requires the following gems for ed25519 support:\n"
|
|
24
24
|
result << " * ed25519 (>= 1.2, < 2.0)\n"
|
|
25
25
|
result << " * bcrypt_pbkdf (>= 1.0, < 2.0)\n" unless RUBY_PLATFORM == "java"
|
|
26
26
|
result << "See https://github.com/net-ssh/net-ssh/issues/565 for more information\n"
|
|
@@ -72,12 +72,16 @@ module Net
|
|
|
72
72
|
def add(key_file)
|
|
73
73
|
key_files.push(File.expand_path(key_file)).uniq!
|
|
74
74
|
self
|
|
75
|
+
rescue ArgumentError
|
|
76
|
+
self
|
|
75
77
|
end
|
|
76
78
|
|
|
77
79
|
# Add the given keycert_file to the list of keycert files that will be used.
|
|
78
80
|
def add_keycert(keycert_file)
|
|
79
81
|
keycert_files.push(File.expand_path(keycert_file)).uniq!
|
|
80
82
|
self
|
|
83
|
+
rescue ArgumentError
|
|
84
|
+
self
|
|
81
85
|
end
|
|
82
86
|
|
|
83
87
|
# Add the given keycert_data to the list of keycerts that will be used.
|
|
@@ -172,7 +176,11 @@ module Net
|
|
|
172
176
|
def sign(identity, data, sig_alg = nil)
|
|
173
177
|
info = known_identities[identity] or raise KeyManagerError, "the given identity is unknown to the key manager"
|
|
174
178
|
|
|
175
|
-
if info[:
|
|
179
|
+
if info[:from] == :pubkey_file_only
|
|
180
|
+
raise KeyManagerError, "the given identity is a public key only and cannot be used for signing without an agent"
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
if info[:key].nil? && (info[:from] == :file || info[:from] == :pubkey_file)
|
|
176
184
|
begin
|
|
177
185
|
info[:key] = KeyFactory.load_private_key(info[:file], options[:passphrase], !options[:non_interactive], options[:password_prompt])
|
|
178
186
|
rescue OpenSSL::OpenSSLError, Exception => e
|
|
@@ -248,10 +256,14 @@ module Net
|
|
|
248
256
|
def prepare_identities_from_files
|
|
249
257
|
key_files.map do |file|
|
|
250
258
|
if readable_file?(file)
|
|
251
|
-
identity = {}
|
|
259
|
+
identity = { privkey_file: file }
|
|
252
260
|
cert_file = file + "-cert.pub"
|
|
253
261
|
public_key_file = file + ".pub"
|
|
254
|
-
if
|
|
262
|
+
if file.end_with?(".pub")
|
|
263
|
+
identity[:load_from] = :pubkey_file_only
|
|
264
|
+
identity[:pubkey_file] = file
|
|
265
|
+
identity.delete(:privkey_file)
|
|
266
|
+
elsif readable_file?(cert_file)
|
|
255
267
|
identity[:load_from] = :pubkey_file
|
|
256
268
|
identity[:pubkey_file] = cert_file
|
|
257
269
|
elsif readable_file?(public_key_file)
|
|
@@ -260,7 +272,7 @@ module Net
|
|
|
260
272
|
else
|
|
261
273
|
identity[:load_from] = :privkey_file
|
|
262
274
|
end
|
|
263
|
-
identity
|
|
275
|
+
identity
|
|
264
276
|
end
|
|
265
277
|
end.compact
|
|
266
278
|
end
|
|
@@ -282,7 +294,10 @@ module Net
|
|
|
282
294
|
case identity[:load_from]
|
|
283
295
|
when :pubkey_file
|
|
284
296
|
key = KeyFactory.load_public_key(identity[:pubkey_file])
|
|
285
|
-
{ public_key: key, from: :
|
|
297
|
+
{ public_key: key, from: :pubkey_file, file: identity[:privkey_file] }
|
|
298
|
+
when :pubkey_file_only
|
|
299
|
+
key = KeyFactory.load_public_key(identity[:pubkey_file])
|
|
300
|
+
{ public_key: key, from: :pubkey_file_only, file: identity[:privkey_file] }
|
|
286
301
|
when :privkey_file
|
|
287
302
|
private_key = KeyFactory.load_private_key(
|
|
288
303
|
identity[:privkey_file], options[:passphrase], ask_passphrase, options[:password_prompt]
|
|
@@ -313,7 +328,7 @@ module Net
|
|
|
313
328
|
|
|
314
329
|
def process_identity_loading_error(identity, e)
|
|
315
330
|
case identity[:load_from]
|
|
316
|
-
when :pubkey_file
|
|
331
|
+
when :pubkey_file, :pubkey_file_only
|
|
317
332
|
error { "could not load public key file `#{identity[:pubkey_file]}': #{e.class} (#{e.message})" }
|
|
318
333
|
when :privkey_file
|
|
319
334
|
error { "could not load private key file `#{identity[:privkey_file]}': #{e.class} (#{e.message})" }
|
data/lib/net/ssh/config.rb
CHANGED
|
@@ -229,7 +229,6 @@ module Net
|
|
|
229
229
|
fingerprinthash: :fingerprint_hash,
|
|
230
230
|
port: :port,
|
|
231
231
|
user: :user,
|
|
232
|
-
userknownhostsfile: :user_known_hosts_file,
|
|
233
232
|
checkhostip: :check_host_ip
|
|
234
233
|
}.freeze
|
|
235
234
|
def translate_config_key(hash, key, value, settings)
|
|
@@ -293,6 +292,8 @@ module Net
|
|
|
293
292
|
hash[:set_env] = Shellwords.split(value.to_s).map { |e| e.split '=', 2 }.to_h
|
|
294
293
|
when :numberofpasswordprompts
|
|
295
294
|
hash[:number_of_password_prompts] = value.to_i
|
|
295
|
+
when :userknownhostsfile
|
|
296
|
+
hash[:user_known_hosts_file] = value.split(/\s+/)
|
|
296
297
|
when *TRANSLATE_CONFIG_KEY_RENAME_MAP.keys
|
|
297
298
|
hash[TRANSLATE_CONFIG_KEY_RENAME_MAP[key]] = value
|
|
298
299
|
end
|
data/lib/net/ssh/known_hosts.rb
CHANGED
|
@@ -160,6 +160,8 @@ module Net
|
|
|
160
160
|
# file. The path is expanded file File.expand_path.
|
|
161
161
|
def initialize(source)
|
|
162
162
|
@source = File.expand_path(source)
|
|
163
|
+
rescue ArgumentError
|
|
164
|
+
@source = source
|
|
163
165
|
end
|
|
164
166
|
|
|
165
167
|
# Returns an array of all keys that are known to be associatd with the
|
|
@@ -48,9 +48,9 @@ module Net
|
|
|
48
48
|
# If three arguments are given, it is as if the local bind address is
|
|
49
49
|
# "127.0.0.1", and the rest are applied as above.
|
|
50
50
|
#
|
|
51
|
-
# To request an ephemeral port on the
|
|
52
|
-
# the port number. In all cases, this method will return the port
|
|
53
|
-
# has been assigned.
|
|
51
|
+
# To request an ephemeral port on the local server, provide 0 (zero) for
|
|
52
|
+
# the local port number. In all cases, this method will return the port
|
|
53
|
+
# that has been assigned.
|
|
54
54
|
#
|
|
55
55
|
# ssh.forward.local(1234, "www.capify.org", 80)
|
|
56
56
|
# assigned_port = ssh.forward.local("0.0.0.0", 0, "www.capify.org", 80)
|
data/lib/net/ssh/version.rb
CHANGED
data/lib/net/ssh.rb
CHANGED
data.tar.gz.sig
CHANGED
|
Binary file
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: net-ssh
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 7.3.
|
|
4
|
+
version: 7.3.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jamis Buck
|
|
@@ -32,7 +32,7 @@ cert_chain:
|
|
|
32
32
|
ufHf4AX2UIkJbh7zCPkiNCqIr7MSWLNFG/9lOlHYsEJM8XujT1ofPobYx6YSFx/C
|
|
33
33
|
7HBrI7UX7awt6UvBZebhcHzyMHxg/B5PVQllPA==
|
|
34
34
|
-----END CERTIFICATE-----
|
|
35
|
-
date: 2026-
|
|
35
|
+
date: 2026-06-27 00:00:00.000000000 Z
|
|
36
36
|
dependencies:
|
|
37
37
|
- !ruby/object:Gem::Dependency
|
|
38
38
|
name: bcrypt_pbkdf
|
metadata.gz.sig
CHANGED
|
Binary file
|