RubyGems - sonixlabs-net-ssh - Versions diffs - 2.3.0 - Mend

sonixlabs-net-ssh 2.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (123) hide show

data/CHANGELOG.rdoc +262 -0
data/Manifest +121 -0
data/README.rdoc +184 -0
data/Rakefile +86 -0
data/Rudyfile +96 -0
data/THANKS.rdoc +19 -0
data/lib/net/ssh.rb +223 -0
data/lib/net/ssh/authentication/agent.rb +179 -0
data/lib/net/ssh/authentication/constants.rb +18 -0
data/lib/net/ssh/authentication/key_manager.rb +253 -0
data/lib/net/ssh/authentication/methods/abstract.rb +60 -0
data/lib/net/ssh/authentication/methods/hostbased.rb +75 -0
data/lib/net/ssh/authentication/methods/keyboard_interactive.rb +70 -0
data/lib/net/ssh/authentication/methods/password.rb +43 -0
data/lib/net/ssh/authentication/methods/publickey.rb +96 -0
data/lib/net/ssh/authentication/pageant.rb +264 -0
data/lib/net/ssh/authentication/session.rb +146 -0
data/lib/net/ssh/buffer.rb +340 -0
data/lib/net/ssh/buffered_io.rb +198 -0
data/lib/net/ssh/config.rb +207 -0
data/lib/net/ssh/connection/channel.rb +630 -0
data/lib/net/ssh/connection/constants.rb +33 -0
data/lib/net/ssh/connection/session.rb +597 -0
data/lib/net/ssh/connection/term.rb +178 -0
data/lib/net/ssh/errors.rb +88 -0
data/lib/net/ssh/key_factory.rb +102 -0
data/lib/net/ssh/known_hosts.rb +129 -0
data/lib/net/ssh/loggable.rb +61 -0
data/lib/net/ssh/packet.rb +102 -0
data/lib/net/ssh/prompt.rb +93 -0
data/lib/net/ssh/proxy/command.rb +75 -0
data/lib/net/ssh/proxy/errors.rb +14 -0
data/lib/net/ssh/proxy/http.rb +94 -0
data/lib/net/ssh/proxy/socks4.rb +70 -0
data/lib/net/ssh/proxy/socks5.rb +142 -0
data/lib/net/ssh/ruby_compat.rb +43 -0
data/lib/net/ssh/service/forward.rb +298 -0
data/lib/net/ssh/test.rb +89 -0
data/lib/net/ssh/test/channel.rb +129 -0
data/lib/net/ssh/test/extensions.rb +152 -0
data/lib/net/ssh/test/kex.rb +44 -0
data/lib/net/ssh/test/local_packet.rb +51 -0
data/lib/net/ssh/test/packet.rb +81 -0
data/lib/net/ssh/test/remote_packet.rb +38 -0
data/lib/net/ssh/test/script.rb +157 -0
data/lib/net/ssh/test/socket.rb +64 -0
data/lib/net/ssh/transport/algorithms.rb +386 -0
data/lib/net/ssh/transport/cipher_factory.rb +79 -0
data/lib/net/ssh/transport/constants.rb +30 -0
data/lib/net/ssh/transport/hmac.rb +42 -0
data/lib/net/ssh/transport/hmac/abstract.rb +79 -0
data/lib/net/ssh/transport/hmac/md5.rb +12 -0
data/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
data/lib/net/ssh/transport/hmac/none.rb +15 -0
data/lib/net/ssh/transport/hmac/sha1.rb +13 -0
data/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
data/lib/net/ssh/transport/hmac/sha2_256.rb +15 -0
data/lib/net/ssh/transport/hmac/sha2_256_96.rb +13 -0
data/lib/net/ssh/transport/hmac/sha2_512.rb +14 -0
data/lib/net/ssh/transport/hmac/sha2_512_96.rb +13 -0
data/lib/net/ssh/transport/identity_cipher.rb +55 -0
data/lib/net/ssh/transport/kex.rb +17 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +80 -0
data/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb +15 -0
data/lib/net/ssh/transport/key_expander.rb +26 -0
data/lib/net/ssh/transport/openssl.rb +127 -0
data/lib/net/ssh/transport/packet_stream.rb +235 -0
data/lib/net/ssh/transport/server_version.rb +71 -0
data/lib/net/ssh/transport/session.rb +278 -0
data/lib/net/ssh/transport/state.rb +206 -0
data/lib/net/ssh/verifiers/lenient.rb +30 -0
data/lib/net/ssh/verifiers/null.rb +12 -0
data/lib/net/ssh/verifiers/strict.rb +53 -0
data/lib/net/ssh/version.rb +62 -0
data/lib/sonixlabs-net-ssh.rb +1 -0
data/net-ssh.gemspec +145 -0
data/setup.rb +1585 -0
data/support/arcfour_check.rb +20 -0
data/support/ssh_tunnel_bug.rb +65 -0
data/test/authentication/methods/common.rb +28 -0
data/test/authentication/methods/test_abstract.rb +51 -0
data/test/authentication/methods/test_hostbased.rb +114 -0
data/test/authentication/methods/test_keyboard_interactive.rb +100 -0
data/test/authentication/methods/test_password.rb +52 -0
data/test/authentication/methods/test_publickey.rb +148 -0
data/test/authentication/test_agent.rb +205 -0
data/test/authentication/test_key_manager.rb +171 -0
data/test/authentication/test_session.rb +106 -0
data/test/common.rb +107 -0
data/test/configs/eqsign +3 -0
data/test/configs/exact_match +8 -0
data/test/configs/host_plus +10 -0
data/test/configs/multihost +4 -0
data/test/configs/wild_cards +14 -0
data/test/connection/test_channel.rb +467 -0
data/test/connection/test_session.rb +488 -0
data/test/test_all.rb +9 -0
data/test/test_buffer.rb +336 -0
data/test/test_buffered_io.rb +63 -0
data/test/test_config.rb +120 -0
data/test/test_key_factory.rb +79 -0
data/test/transport/hmac/test_md5.rb +39 -0
data/test/transport/hmac/test_md5_96.rb +25 -0
data/test/transport/hmac/test_none.rb +34 -0
data/test/transport/hmac/test_sha1.rb +34 -0
data/test/transport/hmac/test_sha1_96.rb +25 -0
data/test/transport/hmac/test_sha2_256.rb +35 -0
data/test/transport/hmac/test_sha2_256_96.rb +25 -0
data/test/transport/hmac/test_sha2_512.rb +35 -0
data/test/transport/hmac/test_sha2_512_96.rb +25 -0
data/test/transport/kex/test_diffie_hellman_group1_sha1.rb +146 -0
data/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +92 -0
data/test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb +33 -0
data/test/transport/test_algorithms.rb +308 -0
data/test/transport/test_cipher_factory.rb +213 -0
data/test/transport/test_hmac.rb +34 -0
data/test/transport/test_identity_cipher.rb +40 -0
data/test/transport/test_packet_stream.rb +736 -0
data/test/transport/test_server_version.rb +78 -0
data/test/transport/test_session.rb +315 -0
data/test/transport/test_state.rb +179 -0
metadata +178 -0

data/test/authentication/test_agent.rb ADDED Viewed

@@ -0,0 +1,205 @@
+require 'common'
+require 'net/ssh/authentication/agent'
+module Authentication
+  class TestAgent < Test::Unit::TestCase
+    SSH2_AGENT_REQUEST_VERSION    = 1
+    SSH2_AGENT_REQUEST_IDENTITIES = 11
+    SSH2_AGENT_IDENTITIES_ANSWER  = 12
+    SSH2_AGENT_SIGN_REQUEST       = 13
+    SSH2_AGENT_SIGN_RESPONSE      = 14
+    SSH2_AGENT_FAILURE            = 30
+    SSH2_AGENT_VERSION_RESPONSE   = 103
+    SSH_COM_AGENT2_FAILURE        = 102
+    SSH_AGENT_REQUEST_RSA_IDENTITIES = 1
+    SSH_AGENT_RSA_IDENTITIES_ANSWER  = 2
+    SSH_AGENT_FAILURE                = 5
+    def setup
+      @original, ENV['SSH_AUTH_SOCK'] = ENV['SSH_AUTH_SOCK'], "/path/to/ssh.agent.sock"
+    end
+    def teardown
+      ENV['SSH_AUTH_SOCK'] = @original
+    end
+    def test_connect_should_use_agent_factory_to_determine_connection_type
+      factory.expects(:open).with("/path/to/ssh.agent.sock").returns(socket)
+      agent(false).connect!
+    end
+    def test_connect_should_raise_error_if_connection_could_not_be_established
+      factory.expects(:open).raises(SocketError)
+      assert_raises(Net::SSH::Authentication::AgentNotAvailable) { agent(false).connect! }
+    end
+    def test_negotiate_should_raise_error_if_ssh2_agent_response_recieved
+      socket.expect do |s, type, buffer|
+        assert_equal SSH2_AGENT_REQUEST_VERSION, type
+        assert_equal Net::SSH::Transport::ServerVersion::PROTO_VERSION, buffer.read_string
+        s.return(SSH2_AGENT_VERSION_RESPONSE)
+      end
+      assert_raises(NotImplementedError) { agent.negotiate! }
+    end
+    def test_negotiate_should_raise_error_if_response_was_unexpected
+      socket.expect do |s, type, buffer|
+        assert_equal SSH2_AGENT_REQUEST_VERSION, type
+        s.return(255)
+      end
+      assert_raises(Net::SSH::Authentication::AgentError) { agent.negotiate! }
+    end
+    def test_negotiate_should_be_successful_with_expected_response
+      socket.expect do |s, type, buffer|
+        assert_equal SSH2_AGENT_REQUEST_VERSION, type
+        s.return(SSH_AGENT_RSA_IDENTITIES_ANSWER)
+      end
+      assert_nothing_raised { agent(:connect).negotiate! }
+    end
+    def test_identities_should_fail_if_SSH_AGENT_FAILURE_recieved
+      socket.expect do |s, type, buffer|
+        assert_equal SSH2_AGENT_REQUEST_IDENTITIES, type
+        s.return(SSH_AGENT_FAILURE)
+      end
+      assert_raises(Net::SSH::Authentication::AgentError) { agent.identities }
+    end
+    def test_identities_should_fail_if_SSH2_AGENT_FAILURE_recieved
+      socket.expect do |s, type, buffer|
+        assert_equal SSH2_AGENT_REQUEST_IDENTITIES, type
+        s.return(SSH2_AGENT_FAILURE)
+      end
+      assert_raises(Net::SSH::Authentication::AgentError) { agent.identities }
+    end
+    def test_identities_should_fail_if_SSH_COM_AGENT2_FAILURE_recieved
+      socket.expect do |s, type, buffer|
+        assert_equal SSH2_AGENT_REQUEST_IDENTITIES, type
+        s.return(SSH_COM_AGENT2_FAILURE)
+      end
+      assert_raises(Net::SSH::Authentication::AgentError) { agent.identities }
+    end
+    def test_identities_should_fail_if_response_is_not_SSH2_AGENT_IDENTITIES_ANSWER
+      socket.expect do |s, type, buffer|
+        assert_equal SSH2_AGENT_REQUEST_IDENTITIES, type
+        s.return(255)
+      end
+      assert_raises(Net::SSH::Authentication::AgentError) { agent.identities }
+    end
+    def test_identities_should_augment_identities_with_comment_field
+      key1 = key
+      key2 = OpenSSL::PKey::DSA.new(512)
+      socket.expect do |s, type, buffer|
+        assert_equal SSH2_AGENT_REQUEST_IDENTITIES, type
+        s.return(SSH2_AGENT_IDENTITIES_ANSWER, :long, 2, :string, Net::SSH::Buffer.from(:key, key1), :string, "My favorite key", :string, Net::SSH::Buffer.from(:key, key2), :string, "Okay, but not the best")
+      end
+      result = agent.identities
+      assert_equal key1.to_blob, result.first.to_blob
+      assert_equal key2.to_blob, result.last.to_blob
+      assert_equal "My favorite key", result.first.comment
+      assert_equal "Okay, but not the best", result.last.comment
+    end
+    def test_close_should_close_socket
+      socket.expects(:close)
+      agent.close
+    end
+    def test_sign_should_fail_if_response_is_SSH_AGENT_FAILURE
+      socket.expect { |s,| s.return(SSH_AGENT_FAILURE) }
+      assert_raises(Net::SSH::Authentication::AgentError) { agent.sign(key, "hello world") }
+    end
+    def test_sign_should_fail_if_response_is_SSH2_AGENT_FAILURE
+      socket.expect { |s,| s.return(SSH2_AGENT_FAILURE) }
+      assert_raises(Net::SSH::Authentication::AgentError) { agent.sign(key, "hello world") }
+    end
+    def test_sign_should_fail_if_response_is_SSH_COM_AGENT2_FAILURE
+      socket.expect { |s,| s.return(SSH_COM_AGENT2_FAILURE) }
+      assert_raises(Net::SSH::Authentication::AgentError) { agent.sign(key, "hello world") }
+    end
+    def test_sign_should_fail_if_response_is_not_SSH2_AGENT_SIGN_RESPONSE
+      socket.expect { |s,| s.return(255) }
+      assert_raises(Net::SSH::Authentication::AgentError) { agent.sign(key, "hello world") }
+    end
+    def test_sign_should_return_signed_data_from_agent
+      socket.expect do |s,type,buffer|
+        assert_equal SSH2_AGENT_SIGN_REQUEST, type
+        assert_equal key.to_blob, Net::SSH::Buffer.new(buffer.read_string).read_key.to_blob
+        assert_equal "hello world", buffer.read_string
+        assert_equal 0, buffer.read_long
+        s.return(SSH2_AGENT_SIGN_RESPONSE, :string, "abcxyz123")
+      end
+      assert_equal "abcxyz123", agent.sign(key, "hello world")
+    end
+    private
+      class MockSocket
+        def initialize
+          @expectation = nil
+          @buffer = Net::SSH::Buffer.new
+        end
+        def expect(&block)
+          @expectation = block
+        end
+        def return(type, *args)
+          data = Net::SSH::Buffer.from(*args)
+          @buffer.append([data.length+1, type, data.to_s].pack("NCA*"))
+        end
+        def send(data, flags)
+          raise "got #{data.inspect} but no packet was expected" unless @expectation
+          buffer = Net::SSH::Buffer.new(data)
+          buffer.read_long # skip the length
+          type = buffer.read_byte
+          @expectation.call(self, type, buffer)
+          @expectation = nil
+        end
+        def read(length)
+          @buffer.read(length)
+        end
+      end
+      def key
+        @key ||= OpenSSL::PKey::RSA.new(512)
+      end
+      def socket
+        @socket ||= MockSocket.new
+      end
+      def factory
+        @factory ||= stub("socket factory", :open => socket)
+      end
+      def agent(auto=:connect)
+        @agent ||= begin
+          agent = Net::SSH::Authentication::Agent.new
+          agent.stubs(:agent_socket_factory).returns(factory)
+          agent.connect! if auto == :connect
+          agent
+        end
+      end
+  end
+end

data/test/authentication/test_key_manager.rb ADDED Viewed

@@ -0,0 +1,171 @@
+require 'common'
+require 'net/ssh/authentication/key_manager'
+module Authentication
+  class TestKeyManager < Test::Unit::TestCase
+    def test_key_files_and_known_identities_are_empty_by_default
+      assert manager.key_files.empty?
+      assert manager.known_identities.empty?
+    end
+    def test_assume_agent_is_available_by_default
+      assert manager.use_agent?
+    end
+    def test_add_ensures_list_is_unique
+      manager.add "/first"
+      manager.add "/second"
+      manager.add "/third"
+      manager.add "/second"
+      assert_true manager.key_files.length == 3
+      final_files = manager.key_files.map {|item| item.split('/').last}
+      assert_equal %w(first second third), final_files
+    end
+    def test_use_agent_should_be_set_to_false_if_agent_could_not_be_found
+      Net::SSH::Authentication::Agent.expects(:connect).raises(Net::SSH::Authentication::AgentNotAvailable)
+      assert manager.use_agent?
+      assert_nil manager.agent
+      assert !manager.use_agent?
+    end
+    def test_each_identity_should_load_from_key_files
+      manager.stubs(:agent).returns(nil)
+      first = File.expand_path("/first")
+      second = File.expand_path("/second")
+      stub_file_private_key first, rsa
+      stub_file_private_key second, dsa
+      identities = []
+      manager.each_identity { |identity| identities << identity }
+      assert_equal 2, identities.length
+      assert_equal rsa.to_blob, identities.first.to_blob
+      assert_equal dsa.to_blob, identities.last.to_blob
+      assert_equal({:from => :file, :file => first, :key => rsa}, manager.known_identities[rsa])
+      assert_equal({:from => :file, :file => second, :key => dsa}, manager.known_identities[dsa])
+    end
+    def test_identities_should_load_from_agent
+      manager.stubs(:agent).returns(agent)
+      identities = []
+      manager.each_identity { |identity| identities << identity }
+      assert_equal 2, identities.length
+      assert_equal rsa.to_blob, identities.first.to_blob
+      assert_equal dsa.to_blob, identities.last.to_blob
+      assert_equal({:from => :agent}, manager.known_identities[rsa])
+      assert_equal({:from => :agent}, manager.known_identities[dsa])
+    end
+    def test_only_identities_with_key_files_should_load_from_agent_of_keys_only_set
+      manager(:keys_only => true).stubs(:agent).returns(agent)
+      first = File.expand_path("/first")
+      stub_file_private_key first, rsa
+      identities = []
+      manager.each_identity { |identity| identities << identity }
+      assert_equal 1, identities.length
+      assert_equal rsa.to_blob, identities.first.to_blob
+      assert_equal({:from => :agent}, manager.known_identities[rsa])
+    end
+    def test_identities_without_public_key_files_should_not_be_touched_if_identity_loaded_from_agent
+      manager.stubs(:agent).returns(agent)
+      first = File.expand_path("/first")
+      stub_file_public_key  first, rsa
+      second = File.expand_path("/second")
+      stub_file_private_key second, dsa, :passphrase => :should_not_be_asked
+      identities = []
+      manager.each_identity do |identity|
+        identities << identity
+        break if manager.known_identities[identity][:from] == :agent
+      end
+      assert_equal 1, identities.length
+      assert_equal rsa.to_blob, identities.first.to_blob
+    end
+    def test_sign_with_agent_originated_key_should_request_signature_from_agent
+      manager.stubs(:agent).returns(agent)
+      manager.each_identity { |identity| } # preload the known_identities
+      agent.expects(:sign).with(rsa, "hello, world").returns("abcxyz123")
+      assert_equal "abcxyz123", manager.sign(rsa, "hello, world")
+    end
+    def test_sign_with_file_originated_key_should_load_private_key_and_sign_with_it
+      manager.stubs(:agent).returns(nil)
+      first = File.expand_path("/first")
+      stub_file_private_key first, rsa(512)
+      rsa.expects(:ssh_do_sign).with("hello, world").returns("abcxyz123")
+      manager.each_identity { |identity| } # preload the known_identities
+      assert_equal "\0\0\0\assh-rsa\0\0\0\011abcxyz123", manager.sign(rsa, "hello, world")
+    end
+    def test_sign_with_file_originated_key_should_raise_key_manager_error_if_unloadable
+      manager.known_identities[rsa] = { :from => :file, :file => "/first" }
+      Net::SSH::KeyFactory.expects(:load_private_key).raises(OpenSSL::PKey::RSAError)
+      assert_raises Net::SSH::Authentication::KeyManagerError do
+        manager.sign(rsa, "hello, world")
+      end
+    end
+    private
+      def stub_file_private_key(name, key, options = {})
+        manager.add(name)
+        File.stubs(:readable?).with(name).returns(true)
+        File.stubs(:readable?).with(name + ".pub").returns(false)
+        case options.fetch(:passphrase, :indifferently)
+        when :should_be_asked
+          Net::SSH::KeyFactory.expects(:load_private_key).with(name, nil, false).raises(OpenSSL::PKey::RSAError).at_least_once
+          Net::SSH::KeyFactory.expects(:load_private_key).with(name, nil, true).returns(key).at_least_once
+        when :should_not_be_asked
+          Net::SSH::KeyFactory.expects(:load_private_key).with(name, nil, false).raises(OpenSSL::PKey::RSAError).at_least_once
+          Net::SSH::KeyFactory.expects(:load_private_key).with(name, nil, true).never
+        else # :indifferently
+          Net::SSH::KeyFactory.expects(:load_private_key).with(name, nil, any_of(true, false)).returns(key).at_least_once
+        end
+        key.stubs(:public_key).returns(key)
+      end
+      def stub_file_public_key(name, key)
+        manager.add(name)
+        File.stubs(:readable?).with(name).returns(false)
+        File.stubs(:readable?).with(name + ".pub").returns(true)
+        Net::SSH::KeyFactory.expects(:load_public_key).with(name + ".pub").returns(key).at_least_once
+      end
+      def rsa(size=512)
+        @rsa ||= OpenSSL::PKey::RSA.new(size)
+      end
+      def dsa
+        @dsa ||= OpenSSL::PKey::DSA.new(512)
+      end
+      def agent
+        @agent ||= stub("agent", :identities => [rsa, dsa])
+      end
+      def manager(options = {})
+        @manager ||= Net::SSH::Authentication::KeyManager.new(nil, options)
+      end
+  end
+end

data/test/authentication/test_session.rb ADDED Viewed

@@ -0,0 +1,106 @@
+require 'common'
+require 'net/ssh/authentication/session'
+module Authentication
+  class TestSession < Test::Unit::TestCase
+    include Net::SSH::Transport::Constants
+    include Net::SSH::Authentication::Constants
+    def test_constructor_should_set_defaults
+      assert_equal %w(publickey hostbased password keyboard-interactive), session.auth_methods
+      assert_equal session.auth_methods, session.allowed_auth_methods
+    end
+    def test_authenticate_should_continue_if_method_disallowed
+      transport.expect do |t, packet|
+        assert_equal SERVICE_REQUEST, packet.type
+        assert_equal "ssh-userauth", packet.read_string
+        t.return(SERVICE_ACCEPT)
+      end
+      Net::SSH::Authentication::Methods::Publickey.any_instance.expects(:authenticate).with("next service", "username", "password").raises(Net::SSH::Authentication::DisallowedMethod)
+      Net::SSH::Authentication::Methods::Hostbased.any_instance.expects(:authenticate).with("next service", "username", "password").returns(true)
+      assert session.authenticate("next service", "username", "password")
+    end
+    def test_authenticate_should_raise_error_if_service_request_fails
+      transport.expect do |t, packet|
+        assert_equal SERVICE_REQUEST, packet.type
+        assert_equal "ssh-userauth", packet.read_string
+        t.return(255)
+      end
+      assert_raises(Net::SSH::Exception) { session.authenticate("next service", "username", "password") }
+    end
+    def test_authenticate_should_return_false_if_all_auth_methods_fail
+      transport.expect do |t, packet|
+        assert_equal SERVICE_REQUEST, packet.type
+        assert_equal "ssh-userauth", packet.read_string
+        t.return(SERVICE_ACCEPT)
+      end
+      Net::SSH::Authentication::Methods::Publickey.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
+      Net::SSH::Authentication::Methods::Hostbased.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
+      Net::SSH::Authentication::Methods::Password.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
+      Net::SSH::Authentication::Methods::KeyboardInteractive.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
+      assert_equal false, session.authenticate("next service", "username", "password")
+    end
+    def test_next_message_should_silently_handle_USERAUTH_BANNER_packets
+      transport.return(USERAUTH_BANNER, :string, "Howdy, folks!")
+      transport.return(SERVICE_ACCEPT)
+      assert_equal SERVICE_ACCEPT, session.next_message.type
+    end
+    def test_next_message_should_understand_USERAUTH_FAILURE
+      transport.return(USERAUTH_FAILURE, :string, "a,b,c", :bool, false)
+      packet = session.next_message
+      assert_equal USERAUTH_FAILURE, packet.type
+      assert_equal %w(a b c), session.allowed_auth_methods
+    end
+    (60..79).each do |type|
+      define_method("test_next_message_should_return_packets_of_type_#{type}") do
+        transport.return(type)
+        assert_equal type, session.next_message.type
+      end
+    end
+    def test_next_message_should_understand_USERAUTH_SUCCESS
+      transport.return(USERAUTH_SUCCESS)
+      assert !transport.hints[:authenticated]
+      assert_equal USERAUTH_SUCCESS, session.next_message.type
+      assert transport.hints[:authenticated]
+    end
+    def test_next_message_should_raise_error_on_unrecognized_packet_types
+      transport.return(1)
+      assert_raises(Net::SSH::Exception) { session.next_message }
+    end
+    def test_expect_message_should_raise_exception_if_next_packet_is_not_expected_type
+      transport.return(SERVICE_ACCEPT)
+      assert_raises(Net::SSH::Exception) { session.expect_message(USERAUTH_BANNER) }
+    end
+    def test_expect_message_should_return_packet_if_next_packet_is_expected_type
+      transport.return(SERVICE_ACCEPT)
+      assert_equal SERVICE_ACCEPT, session.expect_message(SERVICE_ACCEPT).type
+    end
+    private
+      def session(options={})
+        @session ||= Net::SSH::Authentication::Session.new(transport(options), options)
+      end
+      def transport(options={})
+        @transport ||= MockTransport.new(options)
+      end
+  end
+end