net-ssh 5.0.0.beta2 → 5.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 48a24c2c82458981b13750a8f0320e9d9390c433476d4412486a1b0f8da8b58b
-  data.tar.gz: 0a1b588333716df66a2424d84e8b2474a76b4095199a424f873bacba9bf1577d
+  metadata.gz: bb3a015ee41b0d474fe7c702a00f8825674084df411eee8f617e6b6fa21cf81e
+  data.tar.gz: f75d9ca1f7b20f09f24c9622d6c72e206a6f20636c81a19c95c3a16a88b2742c
 SHA512:
-  metadata.gz: 561a83217e1bc4fc30f720d72c15b38080a19177383cfcb884c638448f8e366979f8763dd9ef644a43f877b14352b773da5813ce6b24d337e40651dc08544248
-  data.tar.gz: fbf8ff877139f7d936544d65dfe741f875cb25062572dd693553dcb564ab5b03a73af3949e004e3109cecf2fec76876a5f6d31e28fc471d458fe3a6b321c47e0
+  metadata.gz: 32546cfff9b3fa6e6b92b9fe7cd49a86dfe79c75936026681b12a5befcf3658ccd779d6e15496333185143c2236e2fb9dd3aa9435101fee0bc4048d16fd2057c
+  data.tar.gz: 98998932593dfded2649ca4bb0e4426d38b2ab38a7b4f2043c2a57850e42136f15d31c529f76055ecb62b5b63878801d2897219220e5acd4e0e19026036845e7

data/.rubocop_todo.yml

@@ -333,7 +333,7 @@ Style/BlockDelimiters:
     - 'lib/net/ssh/proxy/command.rb'
     - 'lib/net/ssh/transport/ctr.rb'
     - 'test/test_buffer.rb'
-    - 'test/verifiers/test_secure.rb'
+    - 'test/verifiers/test_always.rb'
 
 # Offense count: 8
 # Cop supports --auto-correct.
@@ -554,7 +554,7 @@ Style/LineEndConcatenation:
     - 'lib/net/ssh/transport/kex/diffie_hellman_group14_sha1.rb'
     - 'lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb'
     - 'lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb'
-    - 'lib/net/ssh/verifiers/secure.rb'
+    - 'lib/net/ssh/verifiers/always.rb'
 
 # Offense count: 12
 # Cop supports --auto-correct.
@@ -611,7 +611,7 @@ Layout/MultilineOperationIndentation:
     - 'lib/net/ssh/transport/algorithms.rb'
     - 'lib/net/ssh/transport/kex/ecdh_sha2_nistp256.rb'
     - 'lib/net/ssh/transport/state.rb'
-    - 'lib/net/ssh/verifiers/secure.rb'
+    - 'lib/net/ssh/verifiers/always.rb'
     - 'test/authentication/methods/test_hostbased.rb'
     - 'test/authentication/methods/test_publickey.rb'
 
@@ -736,7 +736,7 @@ Style/Proc:
     - 'lib/net/ssh/connection/session.rb'
     - 'lib/net/ssh/test/channel.rb'
     - 'lib/net/ssh/transport/algorithms.rb'
-    - 'lib/net/ssh/verifiers/secure.rb'
+    - 'lib/net/ssh/verifiers/always.rb'
     - 'test/authentication/methods/test_hostbased.rb'
     - 'test/authentication/methods/test_publickey.rb'
     - 'test/connection/test_channel.rb'
@@ -755,7 +755,7 @@ Style/RaiseArgs:
 Style/RedundantBegin:
   Exclude:
     - 'lib/net/ssh/buffered_io.rb'
-    - 'lib/net/ssh/verifiers/strict.rb'
+    - 'lib/net/ssh/verifiers/accept_new.rb'
     - 'test/manual/test_pageant.rb'
 
 # Offense count: 1
@@ -825,7 +825,7 @@ Layout/SpaceAfterColon:
   Exclude:
     - 'lib/net/ssh/authentication/ed25519.rb'
     - 'test/integration/test_ed25519_pkeys.rb'
-    - 'test/verifiers/test_secure.rb'
+    - 'test/verifiers/test_always.rb'
 
 # Offense count: 254
 # Cop supports --auto-correct.

data/CHANGES.txt

@@ -1,5 +1,8 @@
-=== 5.0.0
+=== 5.0.0.rc1
  * Breaking change: ed25519 now requires ed25519 gem instead of RbNaCl gem [#563]
+ * Fix larger than 4GB file transfers [#599]
+ * Update HTTP proxy to version 1.1 [Connor Dunn, #597]
+ * Verify_host_key options rename (true, false, :very, :secure depreacted new equivalents are :never, :accept_new_or_local_tunnel :accept_new :always) [Jared Beck, #595]
 
 === 5.0.0.beta2
  * Support for sha256 pubkey fingerprint [Tom Maher, #585]

data/Manifest

@@ -75,10 +75,10 @@ lib/net/ssh/transport/packet_stream.rb
 lib/net/ssh/transport/server_version.rb
 lib/net/ssh/transport/session.rb
 lib/net/ssh/transport/state.rb
-lib/net/ssh/verifiers/lenient.rb
-lib/net/ssh/verifiers/null.rb
-lib/net/ssh/verifiers/secure.rb
-lib/net/ssh/verifiers/strict.rb
+lib/net/ssh/verifiers/accept_new.rb
+lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb
+lib/net/ssh/verifiers/always.rb
+lib/net/ssh/verifiers/never.rb
 lib/net/ssh/version.rb
 net-ssh.gemspec
 setup.rb

data/lib/net/ssh.rb

@@ -195,8 +195,12 @@ module Net
     # * :agent_socket_factory => enables the user to pass a lambda/block that will serve as the socket factory
     #    Net::SSH.start(host,user,agent_socket_factory: ->{ UNIXSocket.open('/foo/bar') })
     #    example: ->{ UNIXSocket.open('/foo/bar')}
-    # * :verify_host_key => either false, true, :very, or :secure specifying how
-    #   strict host-key verification should be (in increasing order here).
+    # * :verify_host_key => specify how strict host-key verification should be.
+    #   In order of increasing strictness:
+    #   * :never (very insecure) ::Net::SSH::Verifiers::Never
+    #   * :accept_new_or_local_tunnel (insecure) ::Net::SSH::Verifiers::AcceptNewOrLocalTunnel
+    #   * :accept_new (insecure) ::Net::SSH::Verifiers::AcceptNew
+    #   * :always (secure) ::Net::SSH::Verifiers::Always
     #   You can also provide an own Object which responds to +verify+. The argument
     #   given to +verify+ is a hash consisting of the +:key+, the +:key_blob+,
     #   the +:fingerprint+ and the +:session+. Returning true accepts the host key,

data/lib/net/ssh/config.rb

@@ -122,7 +122,7 @@ module Net
               block_seen = true
               settings[key] = host
             elsif key == 'match'
-              block_matched = eval_match_condition(value, host, settings)
+              block_matched = eval_match_conditions(value, host, settings)
               block_seen = true
             elsif !block_seen
               case key
@@ -325,22 +325,33 @@ module Net
           str.scan(/([^"\s]+)?(?:"([^"]+)")?\s*/).map(&:join)
         end
 
-        def eval_match_condition(condition, host, settings)
-          if condition.start_with?('!')
-            negated = true
-            condition = condition[1..-1]
-          else
-            negated = false
-          end
+        def eval_match_conditions(condition, host, settings)
+          conditions = condition.split(/\s+/)
+          return true if conditions == ["all"]
 
-          condition_met =
-            case condition
-            when 'all'
-              true
+          conditions = conditions.each_slice(2)
+          matching = true
+          conditions.each do |(kind,exprs)|
+            case kind.downcase
+            when "all"
+              raise "all cannot be mixed with other conditions"
+            when "host"
+              if exprs.start_with?('!')
+                negated = true
+                exprs = exprs[1..-1]
+              else
+                negated = false
+              end
+              condition_met = false
+              exprs.split(",").each do |expr|
+                condition_met = condition_met || host =~ pattern2regex(expr)
+              end
+              matching = matching && negated ^ condition_met
+              # else
+              # warn "net-ssh: Unsupported expr in Match block: #{kind}"
             end
-
-          # return false for unsupported conditions
-          condition_met.nil? ? false : (negated ^ condition_met)
+          end
+          matching
         end
       end
     end

data/lib/net/ssh/connection/channel.rb

@@ -629,15 +629,18 @@ module Net
             error { "channel success received with no pending request to handle it (bug?)" }
           end
         end
-    
+
         private
-    
+
         # Runs the SSH event loop until the remote confirmed channel open
         # experimental api
         def wait_until_open_confirmed
           connection.loop { !remote_id }
         end
-    
+
+        LOCAL_WINDOW_SIZE_INCREMENT = 0x20000
+        GOOD_LOCAL_MAXIUMUM_WINDOW_SIZE = 10 * LOCAL_WINDOW_SIZE_INCREMENT
+
         # Updates the local window size by the given amount. If the window
         # size drops to less than half of the local maximum (an arbitrary
         # threshold), a CHANNEL_WINDOW_ADJUST message will be sent to the
@@ -646,12 +649,12 @@ module Net
           @local_window_size -= size
           if local_window_size < local_maximum_window_size / 2
             connection.send_message(Buffer.from(:byte, CHANNEL_WINDOW_ADJUST,
-              :long, remote_id, :long, 0x20000))
-            @local_window_size += 0x20000
-            @local_maximum_window_size += 0x20000
+              :long, remote_id, :long, LOCAL_WINDOW_SIZE_INCREMENT))
+            @local_window_size += LOCAL_WINDOW_SIZE_INCREMENT
+            @local_maximum_window_size += LOCAL_WINDOW_SIZE_INCREMENT if @local_maximum_window_size < @local_window_size || @local_maximum_window_size < GOOD_LOCAL_MAXIUMUM_WINDOW_SIZE
           end
         end
-    
+
         # Gets an +Array+ of local environment variables in the remote process'
         # environment.
         # A variable name can either be described by a +Regexp+ or +String+.

data/lib/net/ssh/proxy/http.rb

@@ -51,7 +51,8 @@ module Net
         # proxy that was requested when the socket factory was instantiated.
         def open(host, port, connection_options)
           socket = establish_connection(connection_options[:timeout])
-          socket.write "CONNECT #{host}:#{port} HTTP/1.0\r\n"
+          socket.write "CONNECT #{host}:#{port} HTTP/1.1\r\n"
+          socket.write "Host: #{host}:#{port}\r\n"
     
           if options[:user]
             credentials = ["#{options[:user]}:#{options[:password]}"].pack("m*").gsub(/\s/, "")

data/lib/net/ssh/transport/session.rb

@@ -7,13 +7,13 @@ require 'net/ssh/transport/algorithms'
 require 'net/ssh/transport/constants'
 require 'net/ssh/transport/packet_stream'
 require 'net/ssh/transport/server_version'
-require 'net/ssh/verifiers/null'
-require 'net/ssh/verifiers/secure'
-require 'net/ssh/verifiers/strict'
-require 'net/ssh/verifiers/lenient'
+require 'net/ssh/verifiers/accept_new_or_local_tunnel'
+require 'net/ssh/verifiers/accept_new'
+require 'net/ssh/verifiers/always'
+require 'net/ssh/verifiers/never'
 
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Transport
 
       # The transport layer represents the lowest level of the SSH protocol, and
@@ -24,46 +24,46 @@ module Net
       class Session
         include Loggable
         include Constants
-    
+
         # The standard port for the SSH protocol.
         DEFAULT_PORT = 22
-    
+
         # The host to connect to, as given to the constructor.
         attr_reader :host
-    
+
         # The port number to connect to, as given in the options to the constructor.
         # If no port number was given, this will default to DEFAULT_PORT.
         attr_reader :port
-    
+
         # The underlying socket object being used to communicate with the remote
         # host.
         attr_reader :socket
-    
+
         # The ServerVersion instance that encapsulates the negotiated protocol
         # version.
         attr_reader :server_version
-    
+
         # The Algorithms instance used to perform key exchanges.
         attr_reader :algorithms
-    
+
         # The host-key verifier object used to verify host keys, to ensure that
         # the connection is not being spoofed.
         attr_reader :host_key_verifier
-    
+
         # The hash of options that were given to the object at initialization.
         attr_reader :options
-    
+
         # Instantiates a new transport layer abstraction. This will block until
         # the initial key exchange completes, leaving you with a ready-to-use
         # transport session.
         def initialize(host, options={})
           self.logger = options[:logger]
-    
+
           @host = host
           @port = options[:port] || DEFAULT_PORT
           @bind_address = options[:bind_address] || nil
           @options = options
-    
+
           @socket =
             if (factory = options[:proxy])
               debug { "establishing connection to #{@host}:#{@port} through proxy" }
@@ -73,63 +73,63 @@ module Net
               Socket.tcp(@host, @port, @bind_address, nil,
                          connect_timeout: options[:timeout])
             end
-    
+
           @socket.extend(PacketStream)
           @socket.logger = @logger
-    
+
           debug { "connection established" }
-    
+
           @queue = []
-    
+
           @host_key_verifier = select_host_key_verifier(options[:verify_host_key])
-    
+
           @server_version = ServerVersion.new(socket, logger, options[:timeout])
-    
+
           @algorithms = Algorithms.new(self, options)
           @algorithms.start
           wait { algorithms.initialized? }
         rescue Errno::ETIMEDOUT
           raise Net::SSH::ConnectionTimeout
         end
-    
+
         def host_keys
           @host_keys ||= begin
             known_hosts = options.fetch(:known_hosts, KnownHosts)
             known_hosts.search_for(options[:host_key_alias] || host_as_string, options)
           end
         end
-    
+
         # Returns the host (and possibly IP address) in a format compatible with
         # SSH known-host files.
         def host_as_string
           @host_as_string ||= begin
             string = "#{host}"
             string = "[#{string}]:#{port}" if port != DEFAULT_PORT
-    
+
             peer_ip = socket.peer_ip
-    
+
             if peer_ip != Net::SSH::Transport::PacketStream::PROXY_COMMAND_HOST_IP &&
                peer_ip != host
               string2 = peer_ip
               string2 = "[#{string2}]:#{port}" if port != DEFAULT_PORT
               string << "," << string2
             end
-    
+
             string
           end
         end
-    
+
         # Returns true if the underlying socket has been closed.
         def closed?
           socket.closed?
         end
-    
+
         # Cleans up (see PacketStream#cleanup) and closes the underlying socket.
         def close
           socket.cleanup
           socket.close
         end
-    
+
         # Performs a "hard" shutdown of the connection. In general, this should
         # never be done, but it might be necessary (in a rescue clause, for instance,
         # when the connection needs to close but you don't know the status of the
@@ -138,13 +138,13 @@ module Net
           error { "forcing connection closed" }
           socket.close
         end
-    
+
         # Returns a new service_request packet for the given service name, ready
         # for sending to the server.
         def service_request(service)
           Net::SSH::Buffer.from(:byte, SERVICE_REQUEST, :string, service)
         end
-    
+
         # Requests a rekey operation, and blocks until the operation completes.
         # If a rekey is already pending, this returns immediately, having no
         # effect.
@@ -154,7 +154,7 @@ module Net
             wait { algorithms.initialized? }
           end
         end
-    
+
         # Returns immediately if a rekey is already in process. Otherwise, if a
         # rekey is needed (as indicated by the socket, see PacketStream#if_needs_rekey?)
         # one is performed, causing this method to block until it completes.
@@ -162,19 +162,19 @@ module Net
           return if algorithms.pending?
           socket.if_needs_rekey? { rekey! }
         end
-    
+
         # Returns a hash of information about the peer (remote) side of the socket,
         # including :ip, :port, :host, and :canonized (see #host_as_string).
         def peer
           @peer ||= { ip: socket.peer_ip, port: @port.to_i, host: @host, canonized: host_as_string }
         end
-    
+
         # Blocks until a new packet is available to be read, and returns that
         # packet. See #poll_message.
         def next_message
           poll_message(:block)
         end
-    
+
         # Tries to read the next packet from the socket. If mode is :nonblock (the
         # default), this will not block and will return nil if there are no packets
         # waiting to be read. Otherwise, this will block until a packet is
@@ -189,33 +189,33 @@ module Net
         def poll_message(mode=:nonblock, consume_queue=true)
           loop do
             return @queue.shift if consume_queue && @queue.any? && algorithms.allow?(@queue.first)
-    
+
             packet = socket.next_packet(mode)
             return nil if packet.nil?
-    
+
             case packet.type
             when DISCONNECT
               raise Net::SSH::Disconnect, "disconnected: #{packet[:description]} (#{packet[:reason_code]})"
-    
+
             when IGNORE
               debug { "IGNORE packet received: #{packet[:data].inspect}" }
-    
+
             when UNIMPLEMENTED
               lwarn { "UNIMPLEMENTED: #{packet[:number]}" }
-    
+
             when DEBUG
               send(packet[:always_display] ? :fatal : :debug) { packet[:message] }
-    
+
             when KEXINIT
               algorithms.accept_kexinit(packet)
-    
+
             else
               return packet if algorithms.allow?(packet)
               push(packet)
             end
           end
         end
-    
+
         # Waits (blocks) until the given block returns true. If no block is given,
         # this just waits long enough to see if there are any pending packets. Any
         # packets read are enqueued (see #push).
@@ -227,78 +227,99 @@ module Net
             break if !block_given?
           end
         end
-    
+
         # Adds the given packet to the packet queue. If the queue is non-empty,
         # #poll_message will return packets from the queue in the order they
         # were received.
         def push(packet)
           @queue.push(packet)
         end
-    
+
         # Sends the given message via the packet stream, blocking until the
         # entire message has been sent.
         def send_message(message)
           socket.send_packet(message)
         end
-    
+
         # Enqueues the given message, such that it will be sent at the earliest
         # opportunity. This does not block, but returns immediately.
         def enqueue_message(message)
           socket.enqueue_packet(message)
         end
-    
+
         # Configure's the packet stream's client state with the given set of
         # options. This is typically used to define the cipher, compression, and
         # hmac algorithms to use when sending packets to the server.
         def configure_client(options={})
           socket.client.set(options)
         end
-    
+
         # Configure's the packet stream's server state with the given set of
         # options. This is typically used to define the cipher, compression, and
         # hmac algorithms to use when reading packets from the server.
         def configure_server(options={})
           socket.server.set(options)
         end
-    
+
         # Sets a new hint for the packet stream, which the packet stream may use
         # to change its behavior. (See PacketStream#hints).
         def hint(which, value=true)
           socket.hints[which] = value
         end
-    
+
         public
-    
+
         # this method is primarily for use in tests
         attr_reader :queue #:nodoc:
-    
+
         private
-    
+
         # Instantiates a new host-key verification class, based on the value of
-        # the parameter. When true or nil, the default Lenient verifier is
-        # returned. If it is false, the Null verifier is returned, and if it is
-        # :very, the Strict verifier is returned. If it is :secure, the even more
-        # strict Secure verifier is returned. If the argument happens to respond
-        # to :verify, it is returned directly. Otherwise, an exception
-        # is raised.
-        def select_host_key_verifier(verify_host_key)
-          case verify_host_key
-          when true, nil then
-            Net::SSH::Verifiers::Lenient.new
-          when false then
-            Net::SSH::Verifiers::Null.new
-          when :very then
-            Net::SSH::Verifiers::Strict.new
+        # the parameter.
+        #
+        # Usually, the argument is a symbol like `:never` which corresponds to
+        # a verifier, like `::Net::SSH::Verifiers::Never`.
+        #
+        # - :never (very insecure)
+        # - :accept_new_or_local_tunnel (insecure)
+        # - :accept_new (insecure)
+        # - :always (secure)
+        #
+        # If the argument happens to respond to :verify, it is returned
+        # directly. Otherwise, an exception is raised.
+        #
+        # Values false, true, and :very were deprecated in
+        # [#595](https://github.com/net-ssh/net-ssh/pull/595)
+        def select_host_key_verifier(verifier)
+          case verifier
+          when false
+            Kernel.warn('verify_host_key: false is deprecated, use :never')
+            Net::SSH::Verifiers::Never.new
+          when :never then
+            Net::SSH::Verifiers::Never.new
+          when true
+            Kernel.warn('verify_host_key: true is deprecated, use :accept_new_or_local_tunnel')
+            Net::SSH::Verifiers::AcceptNewOrLocalTunnel.new
+          when :accept_new_or_local_tunnel, nil then
+            Net::SSH::Verifiers::AcceptNewOrLocalTunnel.new
+          when :very
+            Kernel.warn('verify_host_key: :very is deprecated, use :accept_new')
+            Net::SSH::Verifiers::AcceptNew.new
+          when :accept_new then
+            Net::SSH::Verifiers::AcceptNew.new
           when :secure then
-            Net::SSH::Verifiers::Secure.new
+            Kernel.warn('verify_host_key: :secure is deprecated, use :always')
+            Net::SSH::Verifiers::Always.new
+          when :always then
+            Net::SSH::Verifiers::Always.new
           else
-            if verify_host_key.respond_to?(:verify)
-              verify_host_key
+            if verifier.respond_to?(:verify)
+              verifier
             else
               raise(
                 ArgumentError,
                 "Invalid argument to :verify_host_key (or deprecated " \
-                ":paranoid): #{verify_host_key.inspect}"
+                ":paranoid): #{verifier.inspect}"
               )
             end
           end

data/lib/net/ssh/verifiers/{strict.rb → accept_new.rb}

@@ -1,9 +1,9 @@
 require 'net/ssh/errors'
 require 'net/ssh/known_hosts'
-require 'net/ssh/verifiers/secure'
+require 'net/ssh/verifiers/always'
 
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Verifiers
 
       # Does a strict host verification, looking the server up in the known
@@ -12,7 +12,7 @@ module Net
       # server. If the server does appear at least once, but the key given does
       # not match any known for the server, an exception will be raised (HostKeyMismatch).
       # Otherwise, this returns true.
-      class Strict < Secure
+      class AcceptNew < Always
         def verify(arguments)
           begin
             super

data/lib/net/ssh/verifiers/{lenient.rb → accept_new_or_local_tunnel.rb}

@@ -1,29 +1,29 @@
-require 'net/ssh/verifiers/strict'
+require 'net/ssh/verifiers/accept_new'
 
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Verifiers
 
-      # Basically the same as the Strict verifier, but does not try to actually
+      # Basically the same as the AcceptNew verifier, but does not try to actually
       # verify a connection if the server is the localhost and the port is a
       # nonstandard port number. Those two conditions will typically mean the
       # connection is being tunnelled through a forwarded port, so the known-hosts
       # file will not be helpful (in general).
-      class Lenient < Strict
+      class AcceptNewOrLocalTunnel < AcceptNew
         # Tries to determine if the connection is being tunnelled, and if so,
         # returns true. Otherwise, performs the standard strict verification.
         def verify(arguments)
           return true if tunnelled?(arguments)
           super
         end
-    
+
         private
-    
+
         # A connection is potentially being tunnelled if the port is not 22,
         # and the ip refers to the localhost.
         def tunnelled?(args)
           return false if args[:session].port == Net::SSH::Transport::Session::DEFAULT_PORT
-          
+
           ip = args[:session].peer[:ip]
           return ip == "127.0.0.1" || ip == "::1"
         end
@@ -31,4 +31,4 @@ module Net
 
     end
   end
-end
+end

data/lib/net/ssh/verifiers/{secure.rb → always.rb}

@@ -1,8 +1,8 @@
 require 'net/ssh/errors'
 require 'net/ssh/known_hosts'
 
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Verifiers
 
       # Does a strict host verification, looking the server up in the known
@@ -13,29 +13,29 @@ module Net
       # least once, but the key given does not match any known for the server, an
       # exception will be raised (HostKeyMismatch).
       # Otherwise, this returns true.
-      class Secure
+      class Always
         def verify(arguments)
           host_keys = arguments[:session].host_keys
-    
+
           # We've never seen this host before, so raise an exception.
           process_cache_miss(host_keys, arguments, HostKeyUnknown, "is unknown") if host_keys.empty?
-    
+
           # If we found any matches, check to see that the key type and
           # blob also match.
           found = host_keys.any? do |key|
             key.ssh_type == arguments[:key].ssh_type &&
             key.to_blob  == arguments[:key].to_blob
           end
-    
+
           # If a match was found, return true. Otherwise, raise an exception
           # indicating that the key was not recognized.
           process_cache_miss(host_keys, arguments, HostKeyMismatch, "does not match") unless found
-    
+
           found
         end
-    
+
         private
-    
+
         def process_cache_miss(host_keys, args, exc_class, message)
           exception = exc_class.new("fingerprint #{args[:fingerprint]} " +
                                     "#{message} for #{host_keys.host.inspect}")

data/lib/net/ssh/verifiers/never.rb

@@ -0,0 +1,17 @@
+module Net
+  module SSH
+    module Verifiers
+
+      # This host key verifier simply allows every key it sees, without
+      # any verification. This is simple, but very insecure because it
+      # exposes you to MiTM attacks.
+      class Never
+        # Returns true.
+        def verify(arguments)
+          true
+        end
+      end
+
+    end
+  end
+end

data/lib/net/ssh/version.rb

@@ -56,7 +56,7 @@ module Net
 
       # The prerelease component of this version of the Net::SSH library
       # nil allowed
-      PRE   = "beta2"
+      PRE   = "rc1"
 
       # The current version of the Net::SSH library as a Version instance
       CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 5.0.0.beta2
+  version: 5.0.0.rc1
 platform: ruby
 authors:
 - Jamis Buck
@@ -32,7 +32,7 @@ cert_chain:
   ZFwoIuXKeDmTTpryd/vI7sdLXDuV6MbWOLGh6gXn9RDDXG1EqEXW0bjovATBMpdH
   9OGohJvAFzcvhDTWPwT6w3PG5B80pqb9j1hEAg==
   -----END CERTIFICATE-----
-date: 2018-03-22 00:00:00.000000000 Z
+date: 2018-05-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt_pbkdf
@@ -238,10 +238,10 @@ files:
 - lib/net/ssh/transport/server_version.rb
 - lib/net/ssh/transport/session.rb
 - lib/net/ssh/transport/state.rb
-- lib/net/ssh/verifiers/lenient.rb
-- lib/net/ssh/verifiers/null.rb
-- lib/net/ssh/verifiers/secure.rb
-- lib/net/ssh/verifiers/strict.rb
+- lib/net/ssh/verifiers/accept_new.rb
+- lib/net/ssh/verifiers/accept_new_or_local_tunnel.rb
+- lib/net/ssh/verifiers/always.rb
+- lib/net/ssh/verifiers/never.rb
 - lib/net/ssh/version.rb
 - net-ssh-public_cert.pem
 - net-ssh.gemspec

data/lib/net/ssh/verifiers/null.rb

@@ -1,16 +0,0 @@
-module Net 
-  module SSH 
-    module Verifiers
-
-      # The Null host key verifier simply allows every key it sees, without
-      # bothering to verify. This is simple, but is not particularly secure.
-      class Null
-        # Returns true.
-        def verify(arguments)
-          true
-        end
-      end
-
-    end
-  end
-end