sshkey 1.4.0 → 1.5.0

data/.travis.yml

@@ -7,6 +7,7 @@ rvm:
   - ruby-head
   - jruby-18mode
   - jruby-19mode
+  - jruby-20mode
   - jruby-head
   - rbx-18mode
   - rbx-19mode

data/README.md

@@ -1,5 +1,4 @@
-SSHKey
-======
+# SSHKey
 
 Generate private and public SSH keys (RSA and DSA supported) using pure Ruby.
 
@@ -9,67 +8,159 @@ Tested on the following Rubies: MRI 1.8.7, 1.9.2, 1.9.3, 2.0.0, REE, JRuby (1.7.
 
 [![Build Status](https://secure.travis-ci.org/bensie/sshkey.png)](http://travis-ci.org/bensie/sshkey)
 
-Usage
------
+## Usage
+
+### Generate a new key
 
 When generating a new keypair the default key type is 2048-bit RSA, but you can supply the `type` (RSA or DSA) and `bits` in the options.
 You can also (optionally) supply a `comment` or `passphrase`:
 
-``` ruby
+```ruby
 k = SSHKey.generate
 
 k = SSHKey.generate(:type => "DSA", :bits => 1024, :comment => "foo@bar.com", :passphrase => "foobar")
 ```
 
+### Use your existing key
+
 Return an SSHKey object from an existing RSA or DSA private key (provided as a string)
 
-``` ruby
+```ruby
 k = SSHKey.new(File.read("~/.ssh/id_rsa"), :comment => "foo@bar.com")
 ```
 
-Both of these will return an SSHKey object with the following methods:
+### The SSHKey object
 
-``` ruby
-# Returns an OpenSSL::PKey::RSA or OpenSSL::PKey::DSA key object
-# http://www.ruby-doc.org/stdlib/libdoc/openssl/rdoc/classes/OpenSSL/PKey/RSA.html
-# http://www.ruby-doc.org/stdlib/libdoc/openssl/rdoc/classes/OpenSSL/PKey/DSA.html
-k.key_object
-# => -----BEGIN RSA PRIVATE KEY-----\nMIIEowI...
+#### Private and public keys
 
-# Returns the Private Key as a string
-k.private_key
-# => "-----BEGIN RSA PRIVATE KEY-----\nMIIEowI..."
+Fetch the private and public keys as strings. Note that the `public_key` is the RSA or DSA public key, not an SSH public key.
 
-# Return the Private Key in encrypted form if a passphrase was provided
-k.encrypted_private_key
-# => "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED..."
+```ruby
+k.private_key
+# => "-----BEGIN RSA PRIVATE KEY-----\nMIIEoAIBAAKCAQEAvR7l72CT7UBP6P+02Iut8gKKbKyekz/pQxnckPp1VafuaIwC\nMvYfP4ffVJTcY5IhU9mISNxZf6YDQ0TuD1aOrZYG9wsIgGY0nXhOUZxe/Q5I+V7D\nOI/hSzKF7W0cNCvaJPUSo8+soCLNSQ5mjnV3sRZ6uJwGFN30i1GulqHHKkx3vGxb\niaAL9YG58dPSbPGHFTA/epqUyd1fzCuWHyL9dHW7aw4RroNyEtVdiftAQfaK20I2\nueeDfuEtCPaxQYFQqbz5kKnXQx3fwHRpC7/84xHxsrY576evGxHw4p5EJD37scNN\ncneTG3Ly79/VVSAlrSm6ltutx0+S70scCqK0ewIDAQABAoH/MjwC15LPuDVdBIbn\ngp2XlrEWE8fGV1ainzA/ZkMg55+ztBF8hAzcQAPXTqA76jbmo18k1DWzkDSIqVWl\n5m0XeQRg1T4ZBAIh97H9G7BtispAl/yT3nJZZaAF8wsIctMzHp36VYjUUbTs0nsA\nwtZw9JkEAAVxmBlc26TWuyw9uv4fYXuR+uOsWH8jTTVPvxM9FaCCdK+dOMnswm7Y\nlOAlJj5dANkB2KPwIeE461ThyMo9GHEjpsvciMhKLuBoTSucNkhdgapAmYTSI+/1\nf1cA/KEdCMs9ANr1HFujeS01+N1Xrw/yW6EazaDN1oFHCVORtlB295Eac0Wq6y/P\npf1BAoGBAPIw4HQWsolU3f4FdIvc2POAcSJDRgt++I9Qt/QXq1SJ2dGKIveFiJgo\nZjCfHQFVZ8xl64cLzQ1WagZA1JBbbk9g5RxHDxRv7q+Kn3ogugDo9GUoQvpuuAU6\nXHoR/mLinDorJUnttL3U49xTMfrrut4qkUg+daBVptPtylpio6EDAoGBAMfnYq08\nfd/cPEQ2XPeswgtzXsKNLqA6UXBM7ZauKaFLByjy8peMMF6JPOYlBKQif5k+Egmu\nWIe8oTm8Nn5Ymt32bEd+MkHUC7kFzQeiXnM3u0oKzJMXLAvjSTs296g50YM5zJTC\nl64ACQmQOLZ9tdKorl52ZcmdbBEcZ2uwRvkpAoGAKhs5SrWPgLTSi5FjO9W/mkYg\nZTaQ/PqsOC5ubO+Yh/AXgIiln6cFon6Tlax0HIE+tJibpDT3B3SYplGrIxXiTcao\nzovEIWd8deSB6Xe7HuFhbBzd2DBbqf0FiuuJ8KM5ShuqNfovzDkxDGMic198c5eu\n/oJtbNy3Tm0vGxu/GwUCgYAgmRPXShkAq0pMmUzZups+AMdAFIO47ymelXzc6HOz\ncKevPsbefabZk6mRohG6rkF+fMe2Om8HW3QzFQUR32MJtQh9NA//+hMbTd3cU9bx\nFPJ+pXostkehfKPReyoxjZQjwQYicAUKA8l1fMYyxBclTgp5Lvd0RC5+L9KRlgJM\n2QKBgGVIWRNVpGg38dDqdq/4ue1BoTFhqoMGi6WQm3xa+NH+lyJGacdUhGRz8PxN\nhVKpIj8ljg2Rq/CA9qSgL/Z9rhn8QUMWULuAroCp0S2pMBtZ2RB+Mg2FdVFR9/Ft\nfG7co6mKUGkFPtr48EMfeKY88BRsp3yGOsROGdDsCHItjOVH\n-----END RSA PRIVATE KEY-----\n"
 
-# Returns the Public Key as a string
 k.public_key
-# => "-----BEGIN RSA PUBLIC KEY-----\nMIIBCg..."
+# => "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvR7l72CT7UBP6P+02Iut\n8gKKbKyekz/pQxnckPp1VafuaIwCMvYfP4ffVJTcY5IhU9mISNxZf6YDQ0TuD1aO\nrZYG9wsIgGY0nXhOUZxe/Q5I+V7DOI/hSzKF7W0cNCvaJPUSo8+soCLNSQ5mjnV3\nsRZ6uJwGFN30i1GulqHHKkx3vGxbiaAL9YG58dPSbPGHFTA/epqUyd1fzCuWHyL9\ndHW7aw4RroNyEtVdiftAQfaK20I2ueeDfuEtCPaxQYFQqbz5kKnXQx3fwHRpC7/8\n4xHxsrY576evGxHw4p5EJD37scNNcneTG3Ly79/VVSAlrSm6ltutx0+S70scCqK0\newIDAQAB\n-----END PUBLIC KEY-----\n"
+```
+
+Fetch the SSH public key as a string.
 
-# Returns the SSH Public Key as a string
+```ruby
 k.ssh_public_key
-# => "ssh-rsa AAAAB3NzaC1yc2EA...."
+# => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5XsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoAv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVICWtKbqW263HT5LvSxwKorR7"
+```
+
+#### Encryption
+
+If a passcode is set when a key is generated or by setting the `passcode` accessor, you can
+fetch the encrypted version of the private key.
 
-# Returns the comment as a string
+```ruby
+k.passcode = "foo"
+# => "foo"
+
+k.encrypted_private_key
+# => "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: AES-128-CBC,748B766CFB185C3BD1D7E4D31113EBDA\n\ntWbfOuAjBlSZdq3kdJTLZJ7prjNWOKuGpeesNfVZDziIaZNCUakvgnUFdX3IZZnj\nEYITfjZ1TEUY3EkemL/57txiP3A4iOMDK2JGg8lp3G45x6c9XucJ2YxgvMye/ugP\n014MzLvBNunWq8TolkFj4gbc+WCqsyFqGdpRsf/hx7PcLDd2nvS5zxjBAPno87KN\nYgEnZYrpyl01ePucwFVWlrlGJdc0+F+0Ms5gpjMds56YL3Rwv9BlWzapVtrqN29r\nZg0otylPAyuGJOQ8srDOa+pbSySXvcdoKfR6xQ9fIB0tUfGgrH3c5O0/rEW7FSiO\n6ng4ntXXOKKkQfCezXQVvqMjKtKAbcKaPYAvrB2Gp2VIPUN5tN52nKuWvQWPA0P/\nm/uKiFkvzDWj8xMEOdzDAG9/7ysX+T5angvhfT23+NEdGIlPZLDRHI3f+2Itn99f\nvVoDYUXiyd5h7VwOTn6scebbvyPY8DiWpB/5iaU8WBPr7TVTl9n2z+Gmy4eg3wS0\nTU4hGlKv7MiITO2+dOCZTVrKn9/gTgmtyiLucb4huBH88Nsj4zWnTrVjMMBWsTUD\nkzvo9081zgDKKeawcbZYdI1Tc4epV7SMTHpx1ztzIlPdQ6kRaWomwMSarQeSlhJe\naFx67cde6M3Kc3LOgE0VT+3NvVLnkDwkytwnQKLd6oT3d1kFxWXjMwqiPbSzz3bf\nkOhG01gsJDXIzAgDlOlhE+Qlsd3yc734UIH98rTFMVB00HS36WLuz3hh+Ew4rsrf\nDIuRIdxL/4GVdQ8J5WpSoN0tF5iQD1wpEMU2vUjYjj9TZkhpOpnK3UVvbKd4WPsV\n956XJT7ZDvX4+pvHc5GJq/UX5h42kycY0hftUoLapXt5Nhb/fL8mUT8Eix184uiO\n5mA3fgRP3oGJ28N653X/+kL2YhXCeTd2VjkVhKruuoex96Igyt8W7wW5y7MOPezf\nwfo8IzidcJcDR1W4OEOXr+oDlCE1CLGCzmenR+AUIisqz45yb5G076l8PQkI3NWC\nBhT1YbTds4QzrndIDZgMm65ZCaklm+FVHWV61rXd9rlugcq+flQuXAE/EnFtySMc\n3lztrzXulLXzgLrYG355JbQFddwehO7LdxKZA9LHC9/odcoVI9RBj1CzshYtlftR\nn56nxPTIxRTVjQdgCZ6VcjZhwv1I904NtGm4SZupiShXsbHzAfaeJ54GMq4PRlgN\nmH7JrI9/puBb1dLD0XNgPtmYIo18v9e7g9o+un/wDtxCTxhQtD0npPo1IuW4cW7q\n07lZPwGkN2FD2PNTBGXeQ6/EXTHxlyFn62GSr+DmXu0O8MJS827Vd4b8QmKzRTxf\nFEmtVhiD15KlrQxwajmhqfY6KHRxbBuG/w7ioRr2Vl0G9NmKwmJkQO8dM+mJ8rVE\nsWvm8xVm1bowahzDVPnyFUUjuGNi6jFElkv8zvlQUoTcjSZHPrQSHuX742f5Spph\nLLCHdGZ2Ry8UGPlqKtvd6V/z25NsBgbuit+hNkBsdIztH7MVGAhKSMgk1FgXmKzV\nmZnPigq5WAHtIvojzI9NfZxU2Avif0yymXNtOnipw0sCJ0notN8NuGdQEmyxThqW\n-----END RSA PRIVATE KEY-----\n"
+```
+
+#### Comments
+
+Keys can optionally have a comment that is shown as part of the public SSH key. Get or
+set the key's comment with the `comment` accessor.
+
+```ruby
 k.comment
-# => "foo@bar.com"
+# => nil
+
+k.comment = "me@me.com"
+# => "me@me.com"
+
+k.ssh_public_key
+# => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5XsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoAv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVICWtKbqW263HT5LvSxwKorR7 me@me.com"
+```
+
+#### Bit length
+
+Determine the strength of the key in bits as an integer.
 
-# Returns the MD5 fingerprint as a string
+```ruby
+k.bits
+# => 2048
+```
+
+#### Fingerprints
+
+It is often helpful to use a fingerprint to visually or programmatically check if one key
+matches another. Fetch either an MD5 (OpenSSH default) or SHA1 fingerprint of the SSH public key.
+
+```ruby
 k.md5_fingerprint
 # => "2a:89:84:c9:29:05:d1:f8:49:79:1c:ba:73:99:eb:af"
 
-# Returns the SHA1 fingerprint as a string
 k.sha1_fingerprint
 # => "e4:f9:79:f2:fe:d6:be:2d:ef:2e:c2:fa:aa:f8:b0:17:34:fe:0d:c0"
+```
+
+#### Public Key Directives
+
+Add optional directives prefixed to the public key that will be enforced when a key is authenticated.
+
+Accepts a string or an array of strings.
+
+```ruby
+k.directives = "no-pty"
+# => ["no-pty"]
+
+k.directives = [
+  "no-port-forwarding",
+  "no-X11-forwarding",
+  "no-agent-forwarding",
+  "no-pty",
+  "command='/home/user/bin/authprogs'"
+]
+# => ["no-port-forwarding", "no-X11-forwarding", "no-agent-forwarding", "no-pty", "command='/home/user/bin/authprogs'"]
+
+k.ssh_public_key
+# => "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command='/home/user/bin/authprogs' ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5XsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoAv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVICWtKbqW263HT5LvSxwKorR7"
+```
+
+#### Randomart
+
+Generate [OpenSSH compatible](http://www.opensource.apple.com/source/OpenSSH/OpenSSH-175/openssh/key.c) ASCII art fingerprints
+
+```ruby
+puts k.randomart
++--[ RSA 2048]----+
+|o+ o..           |
+|..+.o            |
+| ooo             |
+|.++. o           |
+|+o+ +   S        |
+|.. + o .         |
+|  . + .          |
+|   . .           |
+|    Eo.          |
++-----------------+
+```
+
+#### Original OpenSSL key object
+
+Return the original [OpenSSL::PKey::RSA](http://www.ruby-doc.org/stdlib/libdoc/openssl/rdoc/classes/OpenSSL/PKey/RSA.html) or [OpenSSL::PKey::DSA](http://www.ruby-doc.org/stdlib/libdoc/openssl/rdoc/classes/OpenSSL/PKey/DSA.html) object.
+
+```ruby
+k.key_object
+# => -----BEGIN RSA PRIVATE KEY-----\nMIIEowI...
+```
+
+### Validate existing SSH public keys
+
+Determine if a given SSH public key is valid. Very useful to test user input of public keys to make sure they accurately copy/pasted the key. Just pass the SSH public key as a string.
 
-# Validates SSH Public Key
-SSHKey.valid_ssh_public_key? "ssh-rsa AAAAB3NzaC1yc2EA...."
+```ruby
+SSHKey.valid_ssh_public_key? "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9HuXvYJPtQE/o/7TYi63yAopsrJ6TP+lDGdyQ+nVVp+5ojAIy9h8/h99UlNxjkiFT2YhI3Fl/pgNDRO4PVo6tlgb3CwiAZjSdeE5RnF79Dkj5XsM4j+FLMoXtbRw0K9ok9RKjz6ygIs1JDmaOdXexFnq4nAYU3fSLUa6WoccqTHe8bFuJoAv1gbnx09Js8YcVMD96mpTJ3V/MK5YfIv10dbtrDhGug3IS1V2J+0BB9orbQja554N+4S0I9rFBgVCpvPmQqddDHd/AdGkLv/zjEfGytjnvp68bEfDinkQkPfuxw01yd5MbcvLv39VVICWtKbqW263HT5LvSxwKorR7"
 # => true
 ```
 
-Copyright
----------
+## Copyright
 
 Copyright (c) 2011-2013 James Miller

data/lib/sshkey.rb

@@ -7,9 +7,6 @@ class SSHKey
   SSH_TYPES      = {"rsa" => "ssh-rsa", "dsa" => "ssh-dss"}
   SSH_CONVERSION = {"rsa" => ["e", "n"], "dsa" => ["p", "q", "g", "pub_key"]}
 
-  attr_reader :key_object, :type
-  attr_accessor :passphrase, :comment
-
   class << self
     # Generate a new keypair and return an SSHKey object
     #
@@ -124,6 +121,9 @@ class SSHKey
     end
   end
 
+  attr_reader :key_object, :type
+  attr_accessor :passphrase, :comment
+
   # Create a new SSHKey object
   #
   # ==== Parameters
@@ -131,10 +131,12 @@ class SSHKey
   # * options<~Hash>
   #   * :comment<~String> - Comment to use for the public key, defaults to ""
   #   * :passphrase<~String> - If the key is encrypted, supply the passphrase
+  #   * :directives<~Array> - Options prefixed to the public key
   #
   def initialize(private_key, options = {})
     @passphrase = options[:passphrase]
     @comment    = options[:comment] || ""
+    self.directives = options[:directives]
     begin
       @key_object = OpenSSL::PKey::RSA.new(private_key, passphrase)
       @type = "rsa"
@@ -172,7 +174,7 @@ class SSHKey
 
   # SSH public key
   def ssh_public_key
-    [SSH_TYPES[type], Base64.encode64(ssh_public_key_conversion).gsub("\n", ""), comment].join(" ").strip
+    [directives.join(",").strip, SSH_TYPES[type], Base64.encode64(ssh_public_key_conversion).gsub("\n", ""), comment].join(" ").strip
   end
 
   # Fingerprints
@@ -250,6 +252,11 @@ class SSHKey
     output
   end
 
+  def directives=(directives)
+    @directives = Array[directives].flatten
+  end
+  attr_reader :directives
+
   private
 
   # SSH Public Key Conversion

data/lib/sshkey/version.rb

@@ -1,3 +1,3 @@
 class SSHKey
-  VERSION = "1.4.0"
+  VERSION = "1.5.0"
 end

data/test/sshkey_test.rb

@@ -202,12 +202,36 @@ EOF
     assert_equal expected4, @key_without_comment.ssh_public_key
   end
 
+  def test_public_key_directives
+    @key1.directives = "no-pty"
+    assert_equal ["no-pty"], @key1.directives
+
+    @key1.directives = ["no-pty"]
+    assert_equal ["no-pty"], @key1.directives
+
+    @key1.directives = [
+      "no-port-forwarding",
+      "no-X11-forwarding",
+      "no-agent-forwarding",
+      "no-pty",
+      "command='/home/user/bin/authprogs'"
+    ]
+    expected1 = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command='/home/user/bin/authprogs' ssh-rsa #{SSH_PUBLIC_KEY1} me@example.com"
+    assert_equal expected1, @key1.ssh_public_key
+    assert SSHKey.valid_ssh_public_key?(expected1)
+
+    @key2.directives = "no-pty"
+    expected2 = "no-pty ssh-rsa #{SSH_PUBLIC_KEY2} me@example.com"
+    assert_equal expected2, @key2.ssh_public_key
+    assert SSHKey.valid_ssh_public_key?(expected2)
+  end
+
   def test_ssh_public_key_validation
     expected1 = "ssh-rsa #{SSH_PUBLIC_KEY1} me@example.com"
     expected2 = "ssh-rsa #{SSH_PUBLIC_KEY2} me@example.com"
     expected3 = "ssh-dss #{SSH_PUBLIC_KEY3} me@example.com"
     expected4 = "ssh-rsa #{SSH_PUBLIC_KEY1}"
-    expected5 = %Q{from="trusted.eng.cam.ac.uk",no-port-forwarding,no-pty" ssh-rsa #{SSH_PUBLIC_KEY1}}
+    expected5 = %Q{from="trusted.eng.cam.ac.uk",no-port-forwarding,no-pty ssh-rsa #{SSH_PUBLIC_KEY1}}
     invalid1  = "ssh-rsa #{SSH_PUBLIC_KEY1}= me@example.com"
     invalid2  = "ssh-rsa #{SSH_PUBLIC_KEY2}= me@example.com"
     invalid3  = "ssh-dss #{SSH_PUBLIC_KEY3}= me@example.com"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sshkey
 version: !ruby/object:Gem::Version
-  version: 1.4.0
+  version: 1.5.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-01-23 00:00:00.000000000 Z
+date: 2013-04-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -70,3 +70,4 @@ specification_version: 3
 summary: SSH private/public key generator in Ruby
 test_files:
 - test/sshkey_test.rb
+has_rdoc: