net-ssh 2.9.1 → 2.9.2.beta

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e4b83671580de0bd2d63e112c605feaefe41a5b0
+  data.tar.gz: f29b3c1c885a9868b09f18d03d988683e1c351d5
+SHA512:
+  metadata.gz: 97088cea6fb2f3b47c09e6911c2b52d0e79b97a1b1dc7e6033b44f44531dbef8751677acb7f03b63a0c4ff9978422c20beeafdb61ab8e36435e20e1aafbf0d5b
+  data.tar.gz: 228621bcee2649a0e05d38483ce4f74376116544e6db2a0edc326c63d9be9ea85e4a5e828f0a171382792cdda4763b9a5f3771ab480b8b5ae4b67a7572a7ced5

checksums.yaml.gz.sig

@@ -0,0 +1 @@
+)�������{
&���k��rÐ���E���z�{o�4���y5�a|�M��糮Q�[K~��h�y�!	�x���0g��T0	ѭsM��u�kq����^�ύS��=�������-Z�;h���f=�_<z=|���:k�2*��R��†lj}
G�E�����T�fWn�n`�FL���o����~��c��q������

data/CHANGES.txt

@@ -1,4 +1,9 @@
+=== 2.9.2-beta
 
+* Remove advertised algorithms that were not working (ssh-rsa-cert-* *ed25519 acm*-gcm@openssh.com) [mfazekas]
+* Unkown algorithms now ignored instead of failed [mfazekas]
+* Asks for password with password auth (up to number_of_password_prompts) [mfazekas]
+* Removed warnings [amatsuda]
 
 === 2.9.1 / 13 May 2014
 

data/README.rdoc

@@ -171,6 +171,11 @@ Run a single test file like this:
 
 * JRuby 1.5: 99% tests pass (448 tests, 1846 assertions, 1 failures)
 
+=== BUILDING GEM
+
+Since building the gem requires the private key if you want to build a .gem locally please use the NET_SSH_NOKEY=1 envirnoment variable:
+
+     rake build NET_SSH_NOKEY=1
 
 === PORT FORWARDING TESTS
 

data/Rakefile

@@ -34,10 +34,16 @@ begin
 
     s.license = "MIT"
 
-    s.signing_key = File.join('/mnt/gem/', 'gem-private_key.pem')
-    s.cert_chain  = ['gem-public_cert.pem']
+    unless ENV['NET_SSH_NOKEY']
+      signing_key = File.join('/mnt/gem/', 'net-ssh-private_key.pem')
+      s.signing_key = File.join('/mnt/gem/', 'net-ssh-private_key.pem')
+      s.cert_chain  = ['net-ssh-public_cert.pem']
+      unless (Rake.application.top_level_tasks & ['build','install']).empty?
+        raise "No key found at #{signing_key} for signing, use rake <taskname> NET_SSH_NOKEY=1 to build without key" unless File.exist?(signing_key)
+      end
+    end
   end
-  Jeweler::GemcutterTasks.new
+  Jeweler::RubygemsDotOrgTasks.new
 rescue LoadError
   puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
 end

data/lib/net/ssh.rb

@@ -63,7 +63,7 @@ module Net
     VALID_OPTIONS = [
       :auth_methods, :bind_address, :compression, :compression_level, :config,
       :encryption, :forward_agent, :hmac, :host_key,
-      :keepalive, :keepalive_interval, :kex, :keys, :key_data,
+      :keepalive, :keepalive_interval, :keepalive_maxcount, :kex, :keys, :key_data,
       :languages, :logger, :paranoid, :password, :port, :proxy,
       :rekey_blocks_limit,:rekey_limit, :rekey_packet_limit, :timeout, :verbose,
       :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
@@ -130,6 +130,7 @@ module Net
     #   the keepalive_interval seconds. Defaults to +false+.
     #   :keepalive_interval => the interval seconds for keepalive.
     #   Defaults to +300+ seconds.
+    #   :keepalive_countmax => the maximun number of keepalive packet miss allowed.
     # * :kex => the key exchange algorithm (or algorithms) to use
     # * :keys => an array of file names of private keys to use for publickey
     #   and hostbased authentication

data/lib/net/ssh/authentication/agent/socket.rb

@@ -94,10 +94,16 @@ module Net; module SSH; module Authentication
 
       identities = []
       body.read_long.times do
-        key = Buffer.new(body.read_string).read_key
-        key.extend(Comment)
-        key.comment = body.read_string
-        identities.push key
+        key_str = body.read_string
+        comment_str = body.read_string
+        begin
+          key = Buffer.new(key_str).read_key
+          key.extend(Comment)
+          key.comment = comment_str
+          identities.push key
+        rescue NotImplementedError => e
+          error { "ignoring unimplemented key:#{e.message} #{comment_str}" }
+        end
       end
 
       return identities

data/lib/net/ssh/authentication/methods/password.rb

@@ -1,4 +1,5 @@
 require 'net/ssh/errors'
+require 'net/ssh/prompt'
 require 'net/ssh/authentication/methods/abstract'
 
 module Net
@@ -8,25 +9,36 @@ module Net
 
         # Implements the "password" SSH authentication method.
         class Password < Abstract
+          include Prompt
+
           # Attempt to authenticate the given user for the given service. If
-          # the password parameter is nil, this will never do anything except
-          # return false.
+          # the password parameter is nil, this will ask for password
           def authenticate(next_service, username, password=nil)
-            return false unless password
+            retries = 0
+            max_retries =  get_max_retries
+            return false if !password && max_retries == 0
 
-            send_message(userauth_request(username, next_service, "password", false, password))
-            message = session.next_message
+            begin
+              password_to_send = password || ask_password(username)
 
-            case message.type
-              when USERAUTH_SUCCESS
-                debug { "password succeeded" }
-                return true
-              when USERAUTH_FAILURE
+              send_message(userauth_request(username, next_service, "password", false, password_to_send))
+              message = session.next_message
+              retries += 1
+
+              if message.type == USERAUTH_FAILURE
                 debug { "password failed" }
 
                 raise Net::SSH::Authentication::DisallowedMethod unless
                   message[:authentications].split(/,/).include? 'password'
+                password = nil
+              end
+            end until (message.type != USERAUTH_FAILURE || retries >= max_retries)
 
+            case message.type
+              when USERAUTH_SUCCESS
+                debug { "password succeeded" }
+                return true
+              when USERAUTH_FAILURE
                 return false
               when USERAUTH_PASSWD_CHANGEREQ
                 debug { "password change request received, failing" }
@@ -35,6 +47,19 @@ module Net
                 raise Net::SSH::Exception, "unexpected reply to USERAUTH_REQUEST: #{message.type} (#{message.inspect})"
             end
           end
+
+          private
+
+          NUMBER_OF_PASSWORD_PROMPTS = 3
+
+          def ask_password(username)
+            echo = false
+            prompt("#{username}@#{session.transport.host}'s password:", echo)
+          end
+
+          def get_max_retries
+            (session.transport.options||{})[:number_of_password_prompts] || NUMBER_OF_PASSWORD_PROMPTS
+          end
         end
 
       end

data/lib/net/ssh/buffer.rb

@@ -255,7 +255,7 @@ module Net; module SSH
           key.e = read_bignum
           key.n = read_bignum
 
-        when /^ecdsa\-sha2\-(\w*)$/, /^ssh-ed25519(-cert-v01@openssh.com)?$/
+        when /^ecdsa\-sha2\-(\w*)$/
           unless defined?(OpenSSL::PKey::EC)
             raise NotImplementedError, "unsupported key type `#{type}'"
           else

data/lib/net/ssh/config.rb

@@ -31,6 +31,7 @@ module Net; module SSH
   # * RekeyLimit => :rekey_limit
   # * User => :user
   # * UserKnownHostsFile => :user_known_hosts_file
+  # * NumberOfPasswordPrompts => :number_of_password_prompts
   #
   # Note that you will never need to use this class directly--you can control
   # whether the OpenSSH configuration files are read by passing the :config
@@ -59,7 +60,7 @@ module Net; module SSH
       # #default_files), translates the resulting hash into the options
       # recognized by Net::SSH, and returns them.
       def for(host, files=default_files)
-        hash = translate(files.inject({}) { |settings, file|
+        translate(files.inject({}) { |settings, file|
           load(file, host, settings)
         })
       end
@@ -76,7 +77,6 @@ module Net; module SSH
 
         globals = {}
         matched_host = nil
-        multi_host = []
         seen_host = false
         IO.foreach(file) do |line|
           next if line =~ /^\s*(?:#.*)?$/
@@ -220,6 +220,8 @@ module Net; module SSH
           when 'sendenv'
             multi_send_env = value.to_s.split(/\s+/)
             hash[:send_env] = multi_send_env.map { |e| Regexp.new pattern2regex(e).source, false }
+          when 'numberofpasswordprompts'
+            hash[:number_of_password_prompts] = value.to_i
           end
           hash
         end

data/lib/net/ssh/connection/keepalive.rb

@@ -0,0 +1,48 @@
+module Net; module SSH; module Connection
+
+module Keepalive
+  # Default IO.select timeout threshold
+  DEFAULT_IO_SELECT_TIMEOUT = 300
+
+  def initialize_keepalive
+    @last_keepalive_sent_at = nil
+    @unresponded_keepalive_count = 0
+  end
+
+  def keepalive_enabled?
+    options[:keepalive]
+  end
+
+  def keepalive_interval
+    options[:keepalive_interval] || DEFAULT_IO_SELECT_TIMEOUT
+  end
+
+  def should_send_keepalive?
+    return false unless keepalive_enabled?
+    return true unless @last_keepalive_sent_at
+    Time.now - @last_keepalive_sent_at >= keepalive_interval
+  end
+
+  def keepalive_maxcount
+    (options[:keepalive_maxcount] || 3).to_i
+  end
+
+  def send_keepalive_as_needed(readers, writers)
+    return unless readers.nil? && writers.nil?
+    return unless should_send_keepalive?
+    info { "sending keepalive #{@unresponded_keepalive_count}" }
+
+    @unresponded_keepalive_count += 1
+    send_global_request("keepalive@openssh.com") { |success, response|
+      puts "before zero => #{@unresponded_keepalive_count}"
+      @unresponded_keepalive_count = 0
+    }
+    @last_keepalive_sent_at = Time.now
+    if keepalive_maxcount > 0 && @unresponded_keepalive_count > keepalive_maxcount
+      error { "Timeout, server #{host} not responding. Missed #{@unresponded_keepalive_count-1} timeouts." }
+      raise Net::SSH::Timeout, "Timeout, server #{host} not responding."
+    end
+  end
+end
+
+end; end; end

data/lib/net/ssh/connection/session.rb

@@ -3,6 +3,7 @@ require 'net/ssh/ruby_compat'
 require 'net/ssh/connection/channel'
 require 'net/ssh/connection/constants'
 require 'net/ssh/service/forward'
+require 'net/ssh/connection/keepalive'
 
 module Net; module SSH; module Connection
 
@@ -23,10 +24,7 @@ module Net; module SSH; module Connection
   #     ssh.exec! "/etc/init.d/some_process start"
   #   end
   class Session
-    include Constants, Loggable
-
-    # Default IO.select timeout threshold
-    DEFAULT_IO_SELECT_TIMEOUT = 300
+    include Constants, Loggable, Keepalive
 
     # The underlying transport layer abstraction (see Net::SSH::Transport::Session).
     attr_reader :transport
@@ -79,7 +77,7 @@ module Net; module SSH; module Connection
       @max_pkt_size = (options.has_key?(:max_pkt_size) ? options[:max_pkt_size] : 0x8000)
       @max_win_size = (options.has_key?(:max_win_size) ? options[:max_win_size] : 0x20000)
 
-      @last_keepalive_sent_at = nil
+      initialize_keepalive
     end
 
     # Retrieves a custom property from this instance. This can be used to
@@ -598,29 +596,10 @@ module Net; module SSH; module Connection
 
       def io_select_wait(wait)
         return wait if wait
-        return wait unless options[:keepalive]
+        return wait unless keepalive_enabled?
         keepalive_interval
       end
 
-      def keepalive_interval
-        options[:keepalive_interval] || DEFAULT_IO_SELECT_TIMEOUT
-      end
-
-      def should_send_keepalive?
-        return false unless options[:keepalive]
-        return true unless @last_keepalive_sent_at
-        Time.now - @last_keepalive_sent_at >= keepalive_interval
-      end
-
-      def send_keepalive_as_needed(readers, writers)
-        return unless readers.nil? && writers.nil?
-        return unless should_send_keepalive?
-        info { "sending keepalive" }
-        msg = Net::SSH::Buffer.from(:byte, Packet::IGNORE, :string, "keepalive")
-        send_message(msg)
-        @last_keepalive_sent_at = Time.now
-      end
-
       MAP = Constants.constants.inject({}) do |memo, name|
         value = const_get(name)
         next unless Integer === value

data/lib/net/ssh/errors.rb

@@ -14,6 +14,10 @@ module Net; module SSH
   # unexpectedly.
   class Disconnect < Exception; end
 
+  # This exception is raised when the remote host has disconnected/
+  # timeouted unexpectedly.
+  class Timeout < Disconnect; end
+
   # This exception is primarily used internally, but if you have a channel
   # request handler (see Net::SSH::Connection::Channel#on_request) that you
   # want to fail in such a way that the server knows it failed, you can

data/lib/net/ssh/known_hosts.rb

@@ -15,17 +15,9 @@ module Net; module SSH
       SUPPORTED_TYPE = %w(ssh-rsa ssh-dss
                           ecdsa-sha2-nistp256
                           ecdsa-sha2-nistp384
-                          ecdsa-sha2-nistp521
-                          ssh-ed25519-cert-v01@openssh.com
-                          ssh-rsa-cert-v01@openssh.com
-                          ssh-rsa-cert-v00@openssh.com
-                          ssh-ed25519
-                          )
+                          ecdsa-sha2-nistp521)
     else
-      SUPPORTED_TYPE = %w(ssh-rsa ssh-dss
-                          ssh-rsa-cert-v01@openssh.com
-                          ssh-rsa-cert-v00@openssh.com
-                         )
+      SUPPORTED_TYPE = %w(ssh-rsa ssh-dss)
     end
 
 

data/lib/net/ssh/service/forward.rb

@@ -88,13 +88,13 @@ module Net; module SSH; module Service
         end
 
         prepare_client(client, channel, :local)
-  
+
         channel.on_open_failed do |ch, code, description|
           channel.error { "could not establish direct channel: #{description} (#{code})" }
           channel[:socket].close
         end
       end
-      
+
       local_port
     end
 
@@ -131,22 +131,52 @@ module Net; module SSH; module Service
     # the port number. The assigned port will show up in the # #active_remotes
     # list.
     #
+    # remote_host is interpreted by the server per RFC 4254, which has these
+    # special values:
+    #
+    # - "" means that connections are to be accepted on all protocol
+    #   families supported by the SSH implementation.
+    # - "0.0.0.0" means to listen on all IPv4 addresses.
+    # - "::" means to listen on all IPv6 addresses.
+    # - "localhost" means to listen on all protocol families supported by
+    #   the SSH implementation on loopback addresses only ([RFC3330] and
+    #   [RFC3513]).
+    # - "127.0.0.1" and "::1" indicate listening on the loopback
+    #   interfaces for IPv4 and IPv6, respectively.
+    #
+    # You may pass a block that will be called when the the port forward
+    # request receives a response.  This block will be passed the remote_port
+    # that was actually bound to, or nil if the binding failed.  If the block
+    # returns :no_exception, the "failed binding" exception will not be thrown.
+    #
     # If you want to block until the port is active, you could do something
     # like this:
     #
-    #   old_active_remotes = ssh.forward.active_remotes
-    #   ssh.forward.remote(80, "www.google.com", 0, "0.0.0.0")
-    #   ssh.loop { !(ssh.forward.active_remotes.length > old_active_remotes.length) }
-    #   assigned_port = (ssh.forward.active_remotes - old_active_remotes).first[0]
+    #   got_remote_port = nil
+    #   remote(port, host, remote_port, remote_host) do |actual_remote_port|
+    #     got_remote_port = actual_remote_port || :error
+    #     :no_exception # will yield the exception on my own thread
+    #   end
+    #   session.loop { !got_remote_port }
+    #   if got_remote_port == :error
+    #     raise Net::SSH::Exception, "remote forwarding request failed"
+    #   end
+    #
     def remote(port, host, remote_port, remote_host="127.0.0.1")
       session.send_global_request("tcpip-forward", :string, remote_host, :long, remote_port) do |success, response|
         if success
           remote_port = response.read_long if remote_port == 0
           debug { "remote forward from remote #{remote_host}:#{remote_port} to #{host}:#{port} established" }
           @remote_forwarded_ports[[remote_port, remote_host]] = Remote.new(host, port)
+          yield remote_port, remote_host if block_given?
         else
-          error { "remote forwarding request failed" }
-          raise Net::SSH::Exception, "remote forwarding request failed"
+          instruction = if block_given?
+            yield :error
+          end
+          unless instruction == :no_exception
+            error { "remote forwarding request failed" }
+            raise Net::SSH::Exception, "remote forwarding request failed"
+          end
         end
       end
     end
@@ -183,6 +213,16 @@ module Net; module SSH; module Service
       @remote_forwarded_ports.keys
     end
 
+    # Returns all active remote forwarded ports and where they forward to. The
+    # returned value is a hash from [<forwarding port on the local host>, <local forwarding address>]
+    # to [<port on the remote host>, <remote bind address>].
+    def active_remote_destinations
+      @remote_forwarded_ports.inject({}) do |result, (remote, local)|
+        result[[local.port, local.host]] = remote
+        result
+      end
+    end
+
     # Enables SSH agent forwarding on the given channel. The forwarded agent
     # will remain active even after the channel closes--the channel is only
     # used as the transport for enabling the forwarded connection. You should
@@ -216,7 +256,7 @@ module Net; module SSH; module Service
     end
 
     private
-      
+
       # Perform setup operations that are common to all forwarded channels.
       # +client+ is a socket, +channel+ is the channel that was just created,
       # and +type+ is an arbitrary string describing the type of the channel.
@@ -228,11 +268,11 @@ module Net; module SSH; module Service
         session.listen_to(client)
         channel[:socket] = client
 
-        channel.on_data do |ch, data|  
+        channel.on_data do |ch, data|
           debug { "data:#{data.length} on #{type} forwarded channel" }
           ch[:socket].enqueue(data)
         end
-        
+
         # Handles server close on the sending side by Miklós Fazekas
         channel.on_eof do |ch|
           debug { "eof #{type} on #{type} forwarded channel" }
@@ -251,7 +291,7 @@ module Net; module SSH; module Service
             debug { "enotconn in on_eof => shallowing exception:#{e}" }
           end
         end
-        
+
         channel.on_close do |ch|
           debug { "closing #{type} forwarded channel" }
           ch[:socket].close if !client.closed?