net-ssh 1.0.10 → 1.1.0

data/bin/rb-keygen

@@ -0,0 +1,210 @@
+#!/usr/bin/env ruby
+# =======================================================================
+# Net::SSH -- A Ruby module implementing the SSH2 client protocol
+# Copyright (C) 2004-2007 Jamis Buck (jamis@37signals.com)
+# 
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+# =======================================================================
+
+require 'base64'
+require 'optparse'
+require 'net/ssh'
+require 'net/ssh/util/openssl'
+require 'net/ssh/util/buffer'
+
+begin
+  require 'password'
+  $use_password = true
+rescue LoadError
+  $use_password = false
+end
+
+# This class represents the "keygen" application for the Net::SSH suite.
+# It implements a subset of the functionality of ssh-keygen, and tries to
+# be reasonably commandline-compatible.
+class KeyGenerator
+
+  # Create a new KeyGenerator. By default the script's commandline will be
+  # used to initialize the generator, but you can specify a different array
+  # of options manually.
+  #
+  # If there is an error parsing the arguments, the application will halt
+  # after displaying the error and a description of available options.
+  def initialize( args=ARGV )
+    begin
+      parse_args( args )
+    rescue OptionParser::ParseError => e
+      puts "Error: #{e.message}"
+      puts @parser
+      exit
+    end
+  end
+
+  # The driver for the application. Currently, it just calls +generate_key+,
+  # but eventually other functionality may be added. This method would do
+  # the logic to determine which methods should be invoked.
+  def run
+    generate_key
+  end
+
+  KEYS = {
+    "rsa" => OpenSSL::PKey::RSA,
+    "dsa" => OpenSSL::PKey::DSA
+  }
+
+  # Generate and export public and private key files according to the settings
+  # given by the options array when the object was instantiated. For values that
+  # may not have been specified (like filename, and passphrase), the user will
+  # be prompted. If the 'ruby-password' module is installed, it will be used for
+  # prompting for the passphrase, otherwise a simple +gets+ will be used.
+  def generate_key
+    key_class = KEYS[ @options[:type] ] or
+      raise NotImplementedError, "unsupported key type `#{@options[:type]}'"
+
+    if_chatty "generating key..."
+    key = key_class.new( @options[ :bits ] )
+
+    unless ( filename = @options[ :filename ] )
+      default = "#{ENV['HOME']}/.ssh/id_#{@options[:type]}"
+      print "Enter file in which to save the key (#{default}): "
+      answer = gets.strip
+      filename = ( answer.length == 0 ? default : answer )
+    end
+
+    unless ( passphrase = @options[ :new_passphrase ] )
+      loop do
+        passphrase = get_password "Enter passphrase (empty for no passphrase): "
+        verify_phrase = get_password "Enter same passphrase again: "
+        break if passphrase == verify_phrase
+      end
+
+      passphrase = nil if passphrase.length == 0
+    end
+
+    if passphrase
+      private_pem = key.export( OpenSSL::Cipher::Cipher.new( "des-ede3-cbc" ), passphrase )
+    else
+      private_pem = key.export
+    end
+
+    public_pem = export_ssh_pubkey( key )
+
+    File.open( filename, "w" ) { |file| file.write private_pem }
+    File.open( filename + ".pub", "w" ) { |file| file.write public_pem }
+
+    if_chatty "done!"
+  end
+  private :generate_key
+
+  # Returns a string representing the SSH-formatted public key, suitable for inserting
+  # into (for instance) the authorized_keys file.
+  def export_ssh_pubkey( key )
+    s = key.ssh_type + " "
+
+    writer = Net::SSH::Util::WriterBuffer.new
+    writer.write_key key
+    s << Base64.encode64( writer.to_s ).strip.gsub( /[\n\r\t ]/, "" )
+    s << " #{ENV['USER']}@#{ENV['HOSTNAME']}"
+
+    s
+  end
+  private :export_ssh_pubkey
+
+  # A utility method for getting a password. If the 'ruby-password' module is available,
+  # it will be used, otherwise a +print+/+gets+ combination will be used. The entered
+  # password will be returned.
+  def get_password( prompt )
+    if $use_password
+      return Password.get( prompt )
+    else
+      print prompt
+      return gets.chomp
+    end
+  end
+  private :get_password
+
+  # Parse the given arguments as if they were commandline arguments.
+  def parse_args( args )
+    @options = {
+      :bits => 1024
+    }
+
+    @parser = OptionParser.new do |parser|
+      parser.banner = "Usage: rb-keygen [options]"
+
+      parser.separator ""
+      parser.separator "Options:"
+
+      parser.on( "-b", "--bits BITS",
+                 "Number of bits in the key to create." ) do |bits|
+        @options[ :bits ] = bits.to_i
+      end
+
+      parser.on( "-f", "--filename FILENAME",
+                 "Filename of the keyfile." ) do |filename|
+        @options[ :filename ] = filename
+      end
+                  
+      parser.on( "-q", "--quiet", "Suppress normal output." ) do
+        @options[ :quiet ] = true
+      end
+                  
+      parser.on( "-t", "--type TYPE",
+                 "Specify the TYPE of key to create (`rsa' or `dsa')" ) do |type|
+        unless [ "rsa", "dsa" ].include? type
+          raise OptionParser::ParseError, "`#{type}' is not a valid key type, must be `rsa' or `dsa'"
+        end
+        @options[ :type ] = type
+      end
+
+      parser.on( "-N", "--new-passphrase PHRASE",
+                 "Provide new passphrase" ) do |phrase|
+        @options[ :new_passphrase ] = phrase
+      end
+
+      parser.separator ""
+      parser.separator "Other options:"
+
+      parser.on_tail( "-h", "--help", "Show this message" ) do
+        puts parser
+        exit
+      end
+    end
+
+    @parser.parse! args
+
+    unless @options[ :type ]
+      raise OptionParser::ParseError, "You must specify a key type (-t)"
+    end
+
+    unless [ "rsa", "dsa" ].include? @options[ :type ]
+      raise OptionParser::ParseError, "You must specify a key type (-t)"
+    end
+  end
+  private :parse_args
+
+  # Used for logging optional messages. If the application was told to be
+  # quiet (with the -q option), this method does nothing; otherwise, it
+  # prints the messages to +stderr+.
+  def if_chatty( *args )
+    unless @options[ :quiet ]
+      $stderr.puts *args
+    end
+  end
+  private :if_chatty
+
+end
+
+KeyGenerator.new.run

data/doc/manual-html/chapter-1.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.0.10</strong><br />
-            Manual Last Updated: <strong>2006-09-09 23:59 UTC</strong>
+            Net::SSH Version: <strong>1.1.0</strong><br />
+            Manual Last Updated: <strong>2007-05-01 04:05 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-2.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.0.10</strong><br />
-            Manual Last Updated: <strong>2006-09-09 23:59 UTC</strong>
+            Net::SSH Version: <strong>1.1.0</strong><br />
+            Manual Last Updated: <strong>2007-05-01 04:05 UTC</strong>
           </div>
         </td></tr>
       </table>
@@ -378,6 +378,9 @@
 
 
 	<p>A future version of Net::SSH may include it&#8217;s own agent implementation as well, to make using an agent on a variety of platforms simpler.</p>
+
+
+	<p>Agent forwarding is available, and may be requested with the :forward_agent option to Net::SSH.start. Agents are not forwarded by default.</p>
    </div>
 
 
@@ -428,6 +431,10 @@
 			<td style="vertical-align:top;text-align:center;"><code>:encryption</code> </td>
 			<td> This is the cipher algorithm to use when sending/receiving data to/from the remote server. It defaults to <code>3des-cbc</code>. Other valid algorithms supported by Net::SSH are <code>aes128-cbc</code>, <code>blowfish-cbc</code>, <code>aes256-cbc</code>, <code>aes192-cbc</code>, <code>idea-cbc</code>, and <code>none</code>. Note that the values you specify here are only <em>suggestions</em>, and if the server you are contacting cannot use your recommended algorithm, a fallback algorithm will be used (typically chosen in the order the algorithms were listed, above). This option may take an array, if you want to specify the order of the fallback algorithms to try, as well. </td>
 		</tr>
+		<tr>
+			<td style="vertical-align:top;text-align:center;"><code>:forward_agent</code> </td>
+			<td> Set to a true value to request that the local authentication agent be forwarded to the remote host. By default the agent will not be forwarded. </td>
+		</tr>
 		<tr>
 			<td style="vertical-align:top;text-align:center;"><code>:hmac</code> </td>
 			<td> This specifies the &#8220;message authentication code&#8221; (MAC) algorithm to use to ensure that each packet transmitted and recieved is authentic. This defaults to <code>hmac-md5</code>. Other valid algorithms supported by Net::SSH are <code>hmac-sha1</code>, <code>hmac-md5-96</code>, <code>hmac-md5-sha1</code>, and <code>none</code>. Note that the values you specify here are only <em>suggestions</em>, and if the server you are contacting cannot use your recommended algorithm, a fallback algorithm will be used (typically chosen in the order the algorithms were listed, above).  This option may take an array, if you want to specify the order of the fallback algorithms to try, as well. </td>
@@ -456,6 +463,10 @@
 			<td style="vertical-align:top;text-align:center;"><code>:log</code> </td>
 			<td> Specifies either a string or an IO object. If it is a string, it names the file that all log messages should be written to. Otherwise, the messages will be written to the IO object directly. Defaults to <span class="caps">STDERR</span>.</td>
 		</tr>
+		<tr>
+			<td style="vertical-align:top;text-align:center;"><code>:paranoid</code> </td>
+			<td> Controls how Net::SSH responds to a server key that it does not recognize. The default, <code>true</code>, will result in all keys being accepted the first time they are seen for a particular host, and then an exception being raised if the key ever changes. However, no host key verification will be done if the connection appears to be tunneled over a locally forwarded port. If set to <code>false</code>, no server key verification is done. You can also set this to <code>:very</code>, in which case errors are raised even if the connection appears to be tunneled.</td>
+		</tr>
 		<tr>
 			<td style="vertical-align:top;text-align:center;"><code>:port</code> </td>
 			<td> This is the port number that should be used to connect to the remote machine. If you wish to specify the port, you are generally better off specifying it as the second parameter to <code>start</code>, rather than as an option, but you <em>can</em> specify it this way, if you prefer.</td>

data/doc/manual-html/chapter-3.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.0.10</strong><br />
-            Manual Last Updated: <strong>2006-09-09 23:59 UTC</strong>
+            Net::SSH Version: <strong>1.1.0</strong><br />
+            Manual Last Updated: <strong>2007-05-01 04:05 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-4.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.0.10</strong><br />
-            Manual Last Updated: <strong>2006-09-09 23:59 UTC</strong>
+            Net::SSH Version: <strong>1.1.0</strong><br />
+            Manual Last Updated: <strong>2007-05-01 04:05 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-5.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.0.10</strong><br />
-            Manual Last Updated: <strong>2006-09-09 23:59 UTC</strong>
+            Net::SSH Version: <strong>1.1.0</strong><br />
+            Manual Last Updated: <strong>2007-05-01 04:05 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-6.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.0.10</strong><br />
-            Manual Last Updated: <strong>2006-09-09 23:59 UTC</strong>
+            Net::SSH Version: <strong>1.1.0</strong><br />
+            Manual Last Updated: <strong>2007-05-01 04:05 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/chapter-7.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.0.10</strong><br />
-            Manual Last Updated: <strong>2006-09-09 23:59 UTC</strong>
+            Net::SSH Version: <strong>1.1.0</strong><br />
+            Manual Last Updated: <strong>2007-05-01 04:05 UTC</strong>
           </div>
         </td></tr>
       </table>

data/doc/manual-html/index.html

@@ -14,8 +14,8 @@
           </div>
         </td><td valign='middle' align='right'>
           <div class="info">
-            Net::SSH Version: <strong>1.0.10</strong><br />
-            Manual Last Updated: <strong>2006-09-09 23:59 UTC</strong>
+            Net::SSH Version: <strong>1.1.0</strong><br />
+            Manual Last Updated: <strong>2007-05-01 04:05 UTC</strong>
           </div>
         </td></tr>
       </table>
@@ -212,16 +212,16 @@
   <table border='0' cellpadding='0' cellspacing='0' align='center'><tr><td>
     <ul>
       
-        <li>Removed documentation indicating that ruby-password will be used if present (it won't)</li>
+        <li>Added information on ssh-agent forwarding.</li>
       
-        <li>Removed links to the wiki (which wasn't being used) and the faq (which never existed)</li>
+        <li>Added information about the :paranoid setting.</li>
       
     </ul>
   </table>
 
 
 <p class="copyright">
-  Copyright &copy; 2004-2006
+  Copyright &copy; 2004-2007
                    Jamis Buck
                    (<a href="mailto:jamis@jamisbuck.org">jamis@jamisbuck.org</a>)
 </p>

data/doc/manual/manual.yml

@@ -6,7 +6,7 @@
 #   http://creativecommons.org/licenses/by-sa/2.0/
 
 meta: !^meta
-  copyright: 2004-2006
+  copyright: 2004-2007
   author: Jamis Buck
   email: jamis@jamisbuck.org
 
@@ -21,8 +21,8 @@ product: !^product
     - API Documentation: http://net-ssh.rubyforge.org/api
 
 recent_updates:
-  - "Removed documentation indicating that ruby-password will be used if present (it won't)"
-  - "Removed links to the wiki (which wasn't being used) and the faq (which never existed)"
+  - "Added information on ssh-agent forwarding."
+  - "Added information about the :paranoid setting."
 
 chapters:
 

data/doc/manual/parts/0007.txt

@@ -63,3 +63,5 @@ On Unixish systems, you allow your Net::SSH programs to interface with a running
 On Windows, the pageant process will be detected automatically, if it is running.
 
 A future version of Net::SSH may include it's own agent implementation as well, to make using an agent on a variety of platforms simpler.
+
+Agent forwarding is available, and may be requested with the :forward_agent option to Net::SSH.start. Agents are not forwarded by default. 

data/doc/manual/parts/0008.txt

@@ -12,6 +12,7 @@ table(list).
 |^=. @:container@ | This is the dependency injection container to use when registering all of the services that Net::SSH uses internally. If unspecified (the default) a new container will be created. This option allows you to reuse a single container for multiple application components.|
 |^=. @:crypto_backend@ | This is the cryptography backend to use. It defaults to @:ossl@, which specifies the OpenSSL cryptography engine. Currently, this is the only supported backend, but in the future others may be provided, and this is how they would be selected.|
 |^=. @:encryption@ | This is the cipher algorithm to use when sending/receiving data to/from the remote server. It defaults to @3des-cbc@. Other valid algorithms supported by Net::SSH are @aes128-cbc@, @blowfish-cbc@, @aes256-cbc@, @aes192-cbc@, @idea-cbc@, and @none@. Note that the values you specify here are only _suggestions_, and if the server you are contacting cannot use your recommended algorithm, a fallback algorithm will be used (typically chosen in the order the algorithms were listed, above). This option may take an array, if you want to specify the order of the fallback algorithms to try, as well. |
+|^=. @:forward_agent@ | Set to a true value to request that the local authentication agent be forwarded to the remote host. By default the agent will not be forwarded. |
 |^=. @:hmac@ | This specifies the "message authentication code" (MAC) algorithm to use to ensure that each packet transmitted and recieved is authentic. This defaults to @hmac-md5@. Other valid algorithms supported by Net::SSH are @hmac-sha1@, @hmac-md5-96@, @hmac-md5-sha1@, and @none@. Note that the values you specify here are only _suggestions_, and if the server you are contacting cannot use your recommended algorithm, a fallback algorithm will be used (typically chosen in the order the algorithms were listed, above).  This option may take an array, if you want to specify the order of the fallback algorithms to try, as well. |
 |^=. @:host_key@ | This specifies the host key type that should be used when negotiating keys with the server. This defaults to @ssh-dss@, but may also be @ssh-rsa@. As with some other option types, the value you specify is only a recommendation, not a commandment, and if the server cannot honor the key type you specified, a fallback will be chosen from among the other supported types. If you wish to specify the fallback algorithms to try, you may pass an array as the value of this option, which contains (in order) the key types to try. |
 |^=. @:host_keys@ | This is an array of file names that contain the private keys which identify the host your script is running on. These default to @/etc/ssh/ssh_host_dsa_key@ and @/etc/ssh/ssh_host_rsa_key@ (which are both typically only readable by root). These keys are only used in hostbased authentication.|
@@ -19,6 +20,7 @@ table(list).
 |^=. @:keys@ | This specifies the list of private key files to use _instead_ of the defaults (@$HOME/.ssh/id_dsa@, @$HOME/.ssh2/id_dsa@, @$HOME/.ssh/id_rsa@, and @$HOME/.ssh2/id_rsa@). The value of this option should be an array of strings.|
 |^=. @:languages@ | This option specifies the preferred language (or languages) that should be used when communicating error messages. It has no effect on Net::SSH, but may cause the server (if it supports your suggested language) to send errors in the language you request. The default is empty.|
 |^=. @:log@ | Specifies either a string or an IO object. If it is a string, it names the file that all log messages should be written to. Otherwise, the messages will be written to the IO object directly. Defaults to STDERR.|
+|^=. @:paranoid@ | Controls how Net::SSH responds to a server key that it does not recognize. The default, @true@, will result in all keys being accepted the first time they are seen for a particular host, and then an exception being raised if the key ever changes. However, no host key verification will be done if the connection appears to be tunneled over a locally forwarded port. If set to @false@, no server key verification is done. You can also set this to @:very@, in which case errors are raised even if the connection appears to be tunneled.|
 |^=. @:port@ | This is the port number that should be used to connect to the remote machine. If you wish to specify the port, you are generally better off specifying it as the second parameter to @start@, rather than as an option, but you _can_ specify it this way, if you prefer.|
 |^=. @:registry_options@ | If the @:container@ option is not specified, a new container will be created. This option specifies a hash of additional options that may be used to configure the new container (registry). By default, it is empty.|
 |^=. @:verbose@ | Specifies how verbose the logging should be. Valid values are @:fatal@, @:error@, @:warn@, @:info@, and @:debug@. Defaults to @:warn@. WARNING: selecting @:debug@ will result in LOTS of output! (Further customization of verbosity can be accomplished by specifying which Net::SSH components should have which logging levels, via the @:registry_options@ option.)|

data/examples/auth-forward.rb

@@ -0,0 +1,41 @@
+require 'rubygems'
+
+$:.unshift "../lib"
+require 'net/ssh'
+
+
+
+Net::SSH.start( 'localhost', { :verbose => :debug, :forward_agent => true } ) do |session|
+#Net::SSH.start( 'localhost' ) do |session|
+
+  def exec( command )
+    lambda do |channel|
+      channel.exec command
+      channel.on_data do |ch,data|
+        ch[:data] ||= ""
+        ch[:data] << data
+      end
+      channel.on_extended_data do |ch,type,data|
+        ch[:extended_data] ||= []
+        ch[:extended_data][type] ||= ""
+        ch[:extended_data][type] << data
+      end
+    end
+  end
+
+  c = session.open_channel( &exec( "ssh -A munkyii.nodnol.org ssh-add -l" ) )
+
+  session.loop
+
+  puts "----------------------------------"
+  if c.valid?
+    puts c[:data]
+    if c[:extended_data] && c[:extended_data][1]
+      puts "-- stderr: --"
+      puts c[:extended_data][1]
+    end
+  else
+    puts "channel was not opened: #{c.reason} (#{c.reason_code})"
+  end
+
+end

data/lib/net/ssh/connection/driver.rb

@@ -134,7 +134,10 @@ module Net
         # +true+. If no block is given, then the loop continues until there
         # are no more open channels on this connection.
         def loop( &block )
-          block ||= proc { not @channel_map.empty? }
+          block ||= proc do 
+            channels = @channel_map.reject {|k,v| v.type == 'auth-agent@openssh.com' }
+            not channels.empty?
+          end
           process while block.call
         end
 
@@ -178,6 +181,17 @@ module Net
           self
         end
 
+        # Send a channel request packet to the server.
+        def channel_request( type )
+          writer = @buffers.writer
+          writer.write_byte CHANNEL_REQUEST
+          writer.write_long 0 # channel id
+          writer.write_string type
+          writer.write_byte 0 # want_confirm
+          
+          @session.send_message writer
+        end
+
         # A convenience method for sending messages.
         def send_message( msg )
           @session.send_message msg