sonixlabs-net-ssh 2.3.0

data/Rakefile

@@ -0,0 +1,86 @@
+require 'rubygems'
+require 'rake/clean'
+require 'rake/gempackagetask'
+require 'fileutils'
+include FileUtils
+
+begin
+  require 'hanna/rdoctask'
+rescue LoadError
+  require 'rdoc/task'
+end
+
+
+task :default => :package
+ 
+# CONFIG =============================================================
+
+# Change the following according to your needs
+README = "README.rdoc"
+CHANGES = "CHANGELOG.rdoc"
+THANKS = 'THANKS.rdoc'
+
+# Files and directories to be deleted when you run "rake clean"
+CLEAN.include [ 'pkg', '*.gem', '.config', 'doc']
+
+# Virginia assumes your project and gemspec have the same name
+name = 'net-ssh'
+load "#{name}.gemspec"
+version = @spec.version
+
+# That's it! The following defaults should allow you to get started
+# on other things. 
+
+
+# TESTS/SPECS =========================================================
+
+
+
+# INSTALL =============================================================
+
+Rake::GemPackageTask.new(@spec) do |p|
+  p.need_tar = true if RUBY_PLATFORM !~ /mswin/
+end
+
+task :build => [ :package ]
+task :release => [ :rdoc, :package ]
+task :install => [ :rdoc, :package ] do
+	sh %{sudo gem install pkg/#{name}-#{version}.gem}
+end
+task :uninstall => [ :clean ] do
+	sh %{sudo gem uninstall #{name}}
+end
+
+
+# RUBYFORGE RELEASE / PUBLISH TASKS ==================================
+
+if @spec.rubyforge_project
+  desc 'Publish website to rubyforge'
+  task 'publish:rdoc' => 'doc/index.html' do
+    sh "scp -r doc/* rubyforge.org:/var/www/gforge-projects/#{name}/ssh/v2/api/"
+  end
+
+  desc 'Public release to rubyforge'
+  task 'publish:gem' => [:package] do |t|
+    sh <<-end
+      rubyforge add_release -o Any -a #{CHANGES} -f -n #{README} #{name} #{name} #{@spec.version} pkg/#{name}-#{@spec.version}.gem &&
+      rubyforge add_file -o Any -a #{CHANGES} -f -n #{README} #{name} #{name} #{@spec.version} pkg/#{name}-#{@spec.version}.tgz 
+    end
+  end
+end
+
+
+
+# RUBY DOCS TASK ==================================
+
+Rake::RDocTask.new do |t|
+	t.rdoc_dir = 'doc'
+	t.title    = @spec.summary
+	t.options << '--line-numbers' << '-A cattr_accessor=object'
+	t.options << '--charset' << 'utf-8'
+	t.rdoc_files.include(README)
+	t.rdoc_files.include(CHANGES)
+	t.rdoc_files.include(THANKS)
+	t.rdoc_files.include('lib/**/*.rb')
+end
+

data/Rudyfile

@@ -0,0 +1,96 @@
+# Rudyfile
+#
+# This configuration is used to test installing
+# and running net-ssh on a clean machine. 
+#
+# Usage:
+#
+#     $ rudy -vv startup
+#     $ rudy -vv testsuite
+#     $ rudy -vv shutdown
+#
+# Requires: Rudy 0.9 (http://code.google.com/p/rudy/)
+#
+
+defaults do
+  color true
+  environment :test
+  role :netssh
+end
+
+machines do
+  region :'us-east-1' do
+    ami 'ami-e348af8a'               # Alestic Debian 5.0, 32-bit (US)
+  end
+  env :test do
+    role :netssh do
+      user :root
+    end
+  end
+end
+
+commands do
+  allow :apt_get, "apt-get", :y, :q
+  allow :gem_install, "/usr/bin/gem", "install", :n, '/usr/bin', :y, :V, "--no-rdoc", "--no-ri"
+  allow :gem_sources, "/usr/bin/gem", "sources"
+  allow :gem_uninstall, "/usr/bin/gem", "uninstall", :V
+  allow :update_rubygems
+  allow :rm
+end
+
+routines do
+  
+  testsuite do
+    before :sysupdate, :installdeps, :install_gem
+    
+    remote :root do
+      directory_upload 'test', '/tmp/'
+      cd '/tmp'
+      ruby :I, 'lib/', :I, 'test/', :r, 'rubygems', 'test/test_all.rb'
+    end
+    
+    after :install_rubyforge, :install_github
+  end
+  
+  install_gem do
+    before :package_gem
+    remote :root do
+      disable_safe_mode
+      file_upload "pkg/net-ssh-*.gem", "/tmp/"
+      gem_install "/tmp/net-ssh-*.gem"
+    end
+  end
+  
+  package_gem do
+    local do
+      rm :r, :f, 'pkg'
+      rake 'package'
+    end
+  end
+  
+  remove do
+    remote :root do
+      gem_uninstall 'net-ssh'
+    end
+  end
+  
+  installdeps do
+    remote :root do
+      gem_install "rye", "test-unit", "mocha"
+      rye 'authorize-local'
+    end
+  end
+  
+  sysupdate do
+    remote :root do                  
+      apt_get "update"               
+      apt_get "install", "build-essential", "git-core"
+      apt_get "install", "ruby1.8-dev", "rdoc", "libzlib-ruby", "rubygems"
+      mkdir :p, "/var/lib/gems/1.8/bin" # Doesn't get created, but causes Rubygems to fail
+      gem_install "builder", "session"
+      gem_install 'rubygems-update', "-v=1.3.4"  # circular issue with 1.3.5 and hoe
+      update_rubygems
+    end
+  end
+end
+

data/THANKS.rdoc

@@ -0,0 +1,19 @@
+Net::SSH was originally written by Jamis Buck <jamis@37signals.com>. In
+addition, the following individuals are gratefully acknowledged for their
+contributions:
+
+GOTOU Yuuzou <gotoyuzo@notwork.org>
+  * help and code related to OpenSSL
+
+Guillaume Marçais <guillaume.marcais@free.fr>
+  * support for communicating with the the PuTTY "pageant" process
+
+Daniel Berger <djberg96@yahoo.com>
+  * help getting unit tests in earlier Net::SSH versions to pass in Windows
+  * initial version of Net::SSH::Config provided inspiration and encouragement
+
+Chris Andrews <chris@nodnol.org> and Lee Jensen <lee@outerim.com>
+  * support for ssh agent forwarding
+
+Hiroshi Nakamura
+  * fixed errors with JRuby tests

data/lib/net/ssh.rb

@@ -0,0 +1,223 @@
+# Make sure HOME is set, regardless of OS, so that File.expand_path works
+# as expected with tilde characters.
+ENV['HOME'] ||= ENV['HOMEPATH'] ? "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}" : "."
+
+require 'logger'
+
+require 'net/ssh/config'
+require 'net/ssh/errors'
+require 'net/ssh/loggable'
+require 'net/ssh/transport/session'
+require 'net/ssh/authentication/session'
+require 'net/ssh/connection/session'
+
+module Net
+
+  # Net::SSH is a library for interacting, programmatically, with remote
+  # processes via the SSH2 protocol. Sessions are always initiated via
+  # Net::SSH.start. From there, a program interacts with the new SSH session
+  # via the convenience methods on Net::SSH::Connection::Session, by opening
+  # and interacting with new channels (Net::SSH::Connection:Session#open_channel
+  # and Net::SSH::Connection::Channel), or by forwarding local and/or
+  # remote ports through the connection (Net::SSH::Service::Forward).
+  #
+  # The SSH protocol is very event-oriented. Requests are sent from the client
+  # to the server, and are answered asynchronously. This gives great flexibility
+  # (since clients can have multiple requests pending at a time), but it also
+  # adds complexity. Net::SSH tries to manage this complexity by providing
+  # some simpler methods of synchronous communication (see Net::SSH::Connection::Session#exec!).
+  #
+  # In general, though, and if you want to do anything more complicated than
+  # simply executing commands and capturing their output, you'll need to use
+  # channels (Net::SSH::Connection::Channel) to build state machines that are
+  # executed while the event loop runs (Net::SSH::Connection::Session#loop).
+  #
+  # Net::SSH::Connection::Session and Net::SSH::Connection::Channel have more
+  # information about this technique.
+  #
+  # = "Um, all I want to do is X, just show me how!"
+  #
+  # == X == "execute a command and capture the output"
+  #
+  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #     result = ssh.exec!("ls -l")
+  #     puts result
+  #   end
+  #
+  # == X == "forward connections on a local port to a remote host"
+  #
+  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #     ssh.forward.local(1234, "www.google.com", 80)
+  #     ssh.loop { true }
+  #   end
+  #
+  # == X == "forward connections on a remote port to the local host"
+  #
+  #   Net::SSH.start("host", "user", :password => "password") do |ssh|
+  #     ssh.forward.remote(80, "www.google.com", 1234)
+  #     ssh.loop { true }
+  #   end
+  module SSH
+    # This is the set of options that Net::SSH.start recognizes. See
+    # Net::SSH.start for a description of each option.
+    VALID_OPTIONS = [
+      :auth_methods, :bind_address, :compression, :compression_level, :config, 
+      :encryption, :forward_agent, :hmac, :host_key, :kex, :keys, :key_data, 
+      :languages, :logger, :paranoid, :password, :port, :proxy, 
+      :rekey_blocks_limit,:rekey_limit, :rekey_packet_limit, :timeout, :verbose,
+      :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
+      :host_name, :user, :properties, :passphrase, :keys_only
+    ]
+
+    # The standard means of starting a new SSH connection. When used with a
+    # block, the connection will be closed when the block terminates, otherwise
+    # the connection will just be returned. The yielded (or returned) value
+    # will be an instance of Net::SSH::Connection::Session (q.v.). (See also
+    # Net::SSH::Connection::Channel and Net::SSH::Service::Forward.)
+    #
+    #   Net::SSH.start("host", "user") do |ssh|
+    #     ssh.exec! "cp /some/file /another/location"
+    #     hostname = ssh.exec!("hostname")
+    #
+    #     ssh.open_channel do |ch|
+    #       ch.exec "sudo -p 'sudo password: ' ls" do |ch, success|
+    #         abort "could not execute sudo ls" unless success
+    #
+    #         ch.on_data do |ch, data|
+    #           print data
+    #           if data =~ /sudo password: /
+    #             ch.send_data("password\n")
+    #           end
+    #         end
+    #       end
+    #     end
+    #
+    #     ssh.loop
+    #   end
+    #
+    # This method accepts the following options (all are optional):
+    #
+    # * :auth_methods => an array of authentication methods to try
+    # * :bind_address => the IP address on the connecting machine to use in
+    #   establishing connection. (:bind_address is discarded if :proxy
+    #   is set.)
+    # * :compression => the compression algorithm to use, or +true+ to use
+    #   whatever is supported.
+    # * :compression_level => the compression level to use when sending data
+    # * :config => set to +true+ to load the default OpenSSH config files
+    #   (~/.ssh/config, /etc/ssh_config), or to +false+ to not load them, or to
+    #   a file-name (or array of file-names) to load those specific configuration
+    #   files. Defaults to +true+.
+    # * :encryption => the encryption cipher (or ciphers) to use
+    # * :forward_agent => set to true if you want the SSH agent connection to
+    #   be forwarded
+    # * :global_known_hosts_file => the location of the global known hosts
+    #   file. Set to an array if you want to specify multiple global known
+    #   hosts files. Defaults to %w(/etc/ssh/known_hosts /etc/ssh/known_hosts2).
+    # * :hmac => the hmac algorithm (or algorithms) to use
+    # * :host_key => the host key algorithm (or algorithms) to use
+    # * :host_key_alias => the host name to use when looking up or adding a
+    #   host to a known_hosts dictionary file
+    # * :host_name => the real host name or IP to log into. This is used
+    #   instead of the +host+ parameter, and is primarily only useful when
+    #   specified in an SSH configuration file. It lets you specify an 
+    #   "alias", similarly to adding an entry in /etc/hosts but without needing
+    #   to modify /etc/hosts.
+    # * :kex => the key exchange algorithm (or algorithms) to use
+    # * :keys => an array of file names of private keys to use for publickey
+    #   and hostbased authentication
+    # * :key_data => an array of strings, with each element of the array being
+    #   a raw private key in PEM format.
+    # * :keys_only => set to +true+ to use only private keys from +keys+ and
+    #   +key_data+ parameters, even if ssh-agent offers more identities. This
+    #   option is intended for situations where ssh-agent offers many different
+    #   identites.
+    # * :logger => the logger instance to use when logging
+    # * :paranoid => either true, false, or :very, specifying how strict
+    #   host-key verification should be
+    # * :passphrase => the passphrase to use when loading a private key (default
+    #   is +nil+, for no passphrase)
+    # * :password => the password to use to login
+    # * :port => the port to use when connecting to the remote host
+    # * :properties => a hash of key/value pairs to add to the new connection's
+    #   properties (see Net::SSH::Connection::Session#properties)
+    # * :proxy => a proxy instance (see Proxy) to use when connecting
+    # * :rekey_blocks_limit => the max number of blocks to process before rekeying
+    # * :rekey_limit => the max number of bytes to process before rekeying
+    # * :rekey_packet_limit => the max number of packets to process before rekeying
+    # * :timeout => how long to wait for the initial connection to be made
+    # * :user => the user name to log in as; this overrides the +user+
+    #   parameter, and is primarily only useful when provided via an SSH
+    #   configuration file.
+    # * :user_known_hosts_file => the location of the user known hosts file.
+    #   Set to an array to specify multiple user known hosts files.
+    #   Defaults to %w(~/.ssh/known_hosts ~/.ssh/known_hosts2).
+    # * :verbose => how verbose to be (Logger verbosity constants, Logger::DEBUG
+    #   is very verbose, Logger::FATAL is all but silent). Logger::FATAL is the
+    #   default. The symbols :debug, :info, :warn, :error, and :fatal are also
+    #   supported and are translated to the corresponding Logger constant.
+    def self.start(host, user, options={}, &block)
+      invalid_options = options.keys - VALID_OPTIONS
+      if invalid_options.any?
+        raise ArgumentError, "invalid option(s): #{invalid_options.join(', ')}"
+      end
+
+      options[:user] = user if user
+      options = configuration_for(host, options.fetch(:config, true)).merge(options)
+      host = options.fetch(:host_name, host)
+
+      if !options.key?(:logger)
+        options[:logger] = Logger.new(STDERR)
+        options[:logger].level = Logger::FATAL
+      end
+
+      if options[:verbose]
+        options[:logger].level = case options[:verbose]
+          when Fixnum then options[:verbose]
+          when :debug then Logger::DEBUG
+          when :info  then Logger::INFO
+          when :warn  then Logger::WARN
+          when :error then Logger::ERROR
+          when :fatal then Logger::FATAL
+          else raise ArgumentError, "can't convert #{options[:verbose].inspect} to any of the Logger level constants"
+        end
+      end
+
+      transport = Transport::Session.new(host, options)
+      auth = Authentication::Session.new(transport, options)
+
+      user = options.fetch(:user, user)
+      if auth.authenticate("ssh-connection", user, options[:password])
+        connection = Connection::Session.new(transport, options)
+        if block_given?
+          yield connection
+          connection.close
+        else
+          return connection
+        end
+      else
+        transport.close
+        raise AuthenticationFailed, user
+      end
+    end
+
+    # Returns a hash of the configuration options for the given host, as read
+    # from the SSH configuration file(s). If +use_ssh_config+ is true (the
+    # default), this will load configuration from both ~/.ssh/config and
+    # /etc/ssh_config. If +use_ssh_config+ is nil or false, nothing will be
+    # loaded (and an empty hash returned). Otherwise, +use_ssh_config+ may
+    # be a file name (or array of file names) of SSH configuration file(s)
+    # to read.
+    #
+    # See Net::SSH::Config for the full description of all supported options.
+    def self.configuration_for(host, use_ssh_config=true)
+      files = case use_ssh_config
+        when true then Net::SSH::Config.default_files
+        when false, nil then return {}
+        else Array(use_ssh_config)
+        end
+      
+      Net::SSH::Config.for(host, files)
+    end
+  end
+end

data/lib/net/ssh/authentication/agent.rb

@@ -0,0 +1,179 @@
+require 'net/ssh/buffer'
+require 'net/ssh/errors'
+require 'net/ssh/loggable'
+require 'net/ssh/transport/server_version'
+
+# Only load pageant on Windows
+if File::ALT_SEPARATOR && !(RUBY_PLATFORM =~ /java/)
+  require 'net/ssh/authentication/pageant' 
+end
+
+module Net; module SSH; module Authentication
+
+  # A trivial exception class for representing agent-specific errors.
+  class AgentError < Net::SSH::Exception; end
+
+  # An exception for indicating that the SSH agent is not available.
+  class AgentNotAvailable < AgentError; end
+
+  # This class implements a simple client for the ssh-agent protocol. It
+  # does not implement any specific protocol, but instead copies the
+  # behavior of the ssh-agent functions in the OpenSSH library (3.8).
+  #
+  # This means that although it behaves like a SSH1 client, it also has
+  # some SSH2 functionality (like signing data).
+  class Agent
+    include Loggable
+
+    # A simple module for extending keys, to allow comments to be specified
+    # for them.
+    module Comment
+      attr_accessor :comment
+    end
+
+    SSH2_AGENT_REQUEST_VERSION    = 1
+    SSH2_AGENT_REQUEST_IDENTITIES = 11
+    SSH2_AGENT_IDENTITIES_ANSWER  = 12
+    SSH2_AGENT_SIGN_REQUEST       = 13
+    SSH2_AGENT_SIGN_RESPONSE      = 14
+    SSH2_AGENT_FAILURE            = 30
+    SSH2_AGENT_VERSION_RESPONSE   = 103
+
+    SSH_COM_AGENT2_FAILURE        = 102
+
+    SSH_AGENT_REQUEST_RSA_IDENTITIES = 1
+    SSH_AGENT_RSA_IDENTITIES_ANSWER1 = 2
+    SSH_AGENT_RSA_IDENTITIES_ANSWER2 = 5
+    SSH_AGENT_FAILURE                = 5
+
+    # The underlying socket being used to communicate with the SSH agent.
+    attr_reader :socket
+
+    # Instantiates a new agent object, connects to a running SSH agent,
+    # negotiates the agent protocol version, and returns the agent object.
+    def self.connect(logger=nil)
+      agent = new(logger)
+      agent.connect!
+      agent.negotiate!
+      agent
+    end
+
+    # Creates a new Agent object, using the optional logger instance to
+    # report status.
+    def initialize(logger=nil)
+      self.logger = logger
+    end
+
+    # Connect to the agent process using the socket factory and socket name
+    # given by the attribute writers. If the agent on the other end of the
+    # socket reports that it is an SSH2-compatible agent, this will fail
+    # (it only supports the ssh-agent distributed by OpenSSH).
+    def connect!
+      begin
+        debug { "connecting to ssh-agent" }
+        @socket = agent_socket_factory.open(ENV['SSH_AUTH_SOCK'])
+      rescue
+        error { "could not connect to ssh-agent" }
+        raise AgentNotAvailable, $!.message
+      end
+    end
+
+    # Attempts to negotiate the SSH agent protocol version. Raises an error
+    # if the version could not be negotiated successfully.
+    def negotiate!
+      # determine what type of agent we're communicating with
+      type, body = send_and_wait(SSH2_AGENT_REQUEST_VERSION, :string, Transport::ServerVersion::PROTO_VERSION)
+
+      if type == SSH2_AGENT_VERSION_RESPONSE
+        raise NotImplementedError, "SSH2 agents are not yet supported"
+      elsif type != SSH_AGENT_RSA_IDENTITIES_ANSWER1 && type != SSH_AGENT_RSA_IDENTITIES_ANSWER2
+        raise AgentError, "unknown response from agent: #{type}, #{body.to_s.inspect}"
+      end
+    end
+
+    # Return an array of all identities (public keys) known to the agent.
+    # Each key returned is augmented with a +comment+ property which is set
+    # to the comment returned by the agent for that key.
+    def identities
+      type, body = send_and_wait(SSH2_AGENT_REQUEST_IDENTITIES)
+      raise AgentError, "could not get identity count" if agent_failed(type)
+      raise AgentError, "bad authentication reply: #{type}" if type != SSH2_AGENT_IDENTITIES_ANSWER
+
+      identities = []
+      body.read_long.times do
+        key = Buffer.new(body.read_string).read_key
+        key.extend(Comment)
+        key.comment = body.read_string
+        identities.push key
+      end
+
+      return identities
+    end
+
+    # Closes this socket. This agent reference is no longer able to
+    # query the agent.
+    def close
+      @socket.close
+    end
+
+    # Using the agent and the given public key, sign the given data. The
+    # signature is returned in SSH2 format.
+    def sign(key, data)
+      type, reply = send_and_wait(SSH2_AGENT_SIGN_REQUEST, :string, Buffer.from(:key, key), :string, data, :long, 0)
+
+      if agent_failed(type)
+        raise AgentError, "agent could not sign data with requested identity"
+      elsif type != SSH2_AGENT_SIGN_RESPONSE
+        raise AgentError, "bad authentication response #{type}"
+      end
+
+      return reply.read_string
+    end
+
+    private
+
+      # Returns the agent socket factory to use.
+      def agent_socket_factory
+        if File::ALT_SEPARATOR
+          Pageant::socket_factory
+        else
+          UNIXSocket
+        end
+      end
+
+      # Send a new packet of the given type, with the associated data.
+      def send_packet(type, *args)
+        buffer = Buffer.from(*args)
+        data = [buffer.length + 1, type.to_i, buffer.to_s].pack("NCA*")
+        debug { "sending agent request #{type} len #{buffer.length}" }
+        @socket.send data, 0
+      end
+
+      # Read the next packet from the agent. This will return a two-part
+      # tuple consisting of the packet type, and the packet's body (which
+      # is returned as a Net::SSH::Buffer).
+      def read_packet
+        buffer = Net::SSH::Buffer.new(@socket.read(4))
+        buffer.append(@socket.read(buffer.read_long))
+        type = buffer.read_byte
+        debug { "received agent packet #{type} len #{buffer.length-4}" }
+        return type, buffer
+      end
+
+      # Send the given packet and return the subsequent reply from the agent.
+      # (See #send_packet and #read_packet).
+      def send_and_wait(type, *args)
+        send_packet(type, *args)
+        read_packet
+      end
+
+      # Returns +true+ if the parameter indicates a "failure" response from
+      # the agent, and +false+ otherwise.
+      def agent_failed(type)
+        type == SSH_AGENT_FAILURE ||
+        type == SSH2_AGENT_FAILURE ||
+        type == SSH_COM_AGENT2_FAILURE
+      end
+  end
+
+end; end; end