sshkeyproof 0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +2 -0
- data/Manifest +6 -0
- data/README.md +24 -0
- data/Rakefile +9 -0
- data/lib/sshkeyauth.rb +38 -0
- data/sshkeyproof.gemspec +33 -0
- data/test/test_all.rb +36 -0
- metadata +77 -0
data/CHANGELOG
ADDED
data/Manifest
ADDED
data/README.md
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
|
2
|
+
h3. gem install 'sshkeyproof'
|
3
|
+
|
4
|
+
If you have a user's public key, you can verify they are who they say they are (ie. they hold the correspending private key):
|
5
|
+
|
6
|
+
|
7
|
+
h3. Client
|
8
|
+
|
9
|
+
The client takes their private key (defaults to ~/.ssh/id_rsa) and encrypts a random string as proof of work.
|
10
|
+
|
11
|
+
request = Sshkeyproof::Client.new key_file: "./id_rsa"
|
12
|
+
|
13
|
+
|
14
|
+
h3. Server
|
15
|
+
|
16
|
+
The server takes the request string and verifies it
|
17
|
+
|
18
|
+
s = Sshkeyproof::Server.new request
|
19
|
+
|
20
|
+
s.fingerprint # => public key SHA1 fingerprint
|
21
|
+
|
22
|
+
s.correct?(public_key) # => true
|
23
|
+
|
24
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,9 @@
|
|
1
|
+
require 'echoe'
|
2
|
+
|
3
|
+
Echoe.new('sshkeyproof') do |p|
|
4
|
+
p.author = "Andrew Snow"
|
5
|
+
p.email = 'andrew@modulus.org'
|
6
|
+
p.summary = 'Ruby gem to prove client has the other half of a keypair'
|
7
|
+
p.url = 'https://github.com/andys/sshkeyproof'
|
8
|
+
p.runtime_dependencies = ['sshkey']
|
9
|
+
end
|
data/lib/sshkeyauth.rb
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
|
2
|
+
require 'openssl'
|
3
|
+
require 'sshkey'
|
4
|
+
|
5
|
+
module Sshkeyproof
|
6
|
+
class Client
|
7
|
+
def initialize(params={})
|
8
|
+
key_file = params[:key_file] || '~/.ssh/id_rsa'
|
9
|
+
ssh_key = params[:ssh_key] || File.read(key_file)
|
10
|
+
openssl_key = params[:openssl_key] || OpenSSL::PKey::RSA.new(ssh_key)
|
11
|
+
@privkey = openssl_key if openssl_key.private?
|
12
|
+
@pubkey = @privkey && @privkey.public_key || openssl_key
|
13
|
+
end
|
14
|
+
|
15
|
+
def random
|
16
|
+
@random ||= OpenSSL::Random.random_bytes(10).unpack('H*').first
|
17
|
+
end
|
18
|
+
|
19
|
+
def request
|
20
|
+
ciphertext = @privkey.private_encrypt(random).unpack('H*').first
|
21
|
+
"#{SSHKey.sha1_fingerprint(@pubkey.to_s)}|#{random.unpack('H*').first}|#{ciphertext}"
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
|
26
|
+
class Server
|
27
|
+
attr_reader :fingerprint
|
28
|
+
def initialize(request_string)
|
29
|
+
(@fingerprint,@random,@ciphertext) = request_string.to_s.split("|")
|
30
|
+
end
|
31
|
+
|
32
|
+
def correct?(key)
|
33
|
+
openssl_key = String===key ? OpenSSL::PKey::RSA.new(key) : key
|
34
|
+
@fingerprint && @random && @ciphertext && openssl_key.public_key.public_decrypt([@ciphertext].pack('H*')) == [@random].pack('H*') rescue nil
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
data/sshkeyproof.gemspec
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = "sshkeyproof"
|
5
|
+
s.version = "0.1"
|
6
|
+
|
7
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
|
+
s.authors = ["Andrew Snow"]
|
9
|
+
s.date = "2013-01-24"
|
10
|
+
s.description = "Ruby gem to prove client has the other half of a keypair"
|
11
|
+
s.email = "andrew@modulus.org"
|
12
|
+
s.extra_rdoc_files = ["CHANGELOG", "README.md", "lib/sshkeyauth.rb"]
|
13
|
+
s.files = ["CHANGELOG", "Manifest", "README.md", "Rakefile", "lib/sshkeyauth.rb", "test/test_all.rb", "sshkeyproof.gemspec"]
|
14
|
+
s.homepage = "https://github.com/andys/sshkeyproof"
|
15
|
+
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Sshkeyproof", "--main", "README.md"]
|
16
|
+
s.require_paths = ["lib"]
|
17
|
+
s.rubyforge_project = "sshkeyproof"
|
18
|
+
s.rubygems_version = "1.8.24"
|
19
|
+
s.summary = "Ruby gem to prove client has the other half of a keypair"
|
20
|
+
s.test_files = ["test/test_all.rb"]
|
21
|
+
|
22
|
+
if s.respond_to? :specification_version then
|
23
|
+
s.specification_version = 3
|
24
|
+
|
25
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
26
|
+
s.add_runtime_dependency(%q<sshkey>, [">= 0"])
|
27
|
+
else
|
28
|
+
s.add_dependency(%q<sshkey>, [">= 0"])
|
29
|
+
end
|
30
|
+
else
|
31
|
+
s.add_dependency(%q<sshkey>, [">= 0"])
|
32
|
+
end
|
33
|
+
end
|
data/test/test_all.rb
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
require "#{File.dirname(__FILE__)}/../lib/sshkeyproof"
|
2
|
+
require 'test/unit'
|
3
|
+
|
4
|
+
class TestSshkeyproof < Test::Unit::TestCase
|
5
|
+
def setup
|
6
|
+
@ssh_key = SSHKey.generate(type:"RSA", bits:1024, comment:"foo@bar.com")
|
7
|
+
@client = Sshkeyproof::Client.new ssh_key: @ssh_key.private_key
|
8
|
+
@request = @client.request
|
9
|
+
end
|
10
|
+
|
11
|
+
def test_success
|
12
|
+
server = Sshkeyproof::Server.new @request
|
13
|
+
assert_equal true, server.correct?(@ssh_key.public_key)
|
14
|
+
end
|
15
|
+
|
16
|
+
def test_bad_ciphertext
|
17
|
+
badrequest = @request.dup
|
18
|
+
|
19
|
+
#fiddle the cipher text
|
20
|
+
badrequest[-3] = '0'
|
21
|
+
badrequest[-2] = '0'
|
22
|
+
badrequest[-1] = '0'
|
23
|
+
|
24
|
+
server = Sshkeyproof::Server.new badrequest
|
25
|
+
assert_equal nil, server.correct?(@ssh_key.public_key)
|
26
|
+
end
|
27
|
+
|
28
|
+
def test_wrong_key
|
29
|
+
ssh_key2 = SSHKey.generate(type:"RSA", bits:1024, comment:"foo@bar.com")
|
30
|
+
client2 = Sshkeyproof::Client.new ssh_key: ssh_key2.private_key
|
31
|
+
request2 = client2.request
|
32
|
+
|
33
|
+
server = Sshkeyproof::Server.new request2
|
34
|
+
assert_equal nil, server.correct?(@ssh_key.public_key)
|
35
|
+
end
|
36
|
+
end
|
metadata
ADDED
@@ -0,0 +1,77 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: sshkeyproof
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease:
|
5
|
+
version: '0.1'
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Andrew Snow
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2013-01-24 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ! '>='
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '0'
|
20
|
+
none: false
|
21
|
+
version_requirements: !ruby/object:Gem::Requirement
|
22
|
+
requirements:
|
23
|
+
- - ! '>='
|
24
|
+
- !ruby/object:Gem::Version
|
25
|
+
version: '0'
|
26
|
+
none: false
|
27
|
+
name: sshkey
|
28
|
+
prerelease: false
|
29
|
+
type: :runtime
|
30
|
+
description: Ruby gem to prove client has the other half of a keypair
|
31
|
+
email: andrew@modulus.org
|
32
|
+
executables: []
|
33
|
+
extensions: []
|
34
|
+
extra_rdoc_files:
|
35
|
+
- CHANGELOG
|
36
|
+
- README.md
|
37
|
+
- lib/sshkeyauth.rb
|
38
|
+
files:
|
39
|
+
- CHANGELOG
|
40
|
+
- Manifest
|
41
|
+
- README.md
|
42
|
+
- Rakefile
|
43
|
+
- lib/sshkeyauth.rb
|
44
|
+
- test/test_all.rb
|
45
|
+
- sshkeyproof.gemspec
|
46
|
+
homepage: https://github.com/andys/sshkeyproof
|
47
|
+
licenses: []
|
48
|
+
post_install_message:
|
49
|
+
rdoc_options:
|
50
|
+
- --line-numbers
|
51
|
+
- --inline-source
|
52
|
+
- --title
|
53
|
+
- Sshkeyproof
|
54
|
+
- --main
|
55
|
+
- README.md
|
56
|
+
require_paths:
|
57
|
+
- lib
|
58
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
59
|
+
requirements:
|
60
|
+
- - ! '>='
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: '0'
|
63
|
+
none: false
|
64
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ! '>='
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '1.2'
|
69
|
+
none: false
|
70
|
+
requirements: []
|
71
|
+
rubyforge_project: sshkeyproof
|
72
|
+
rubygems_version: 1.8.24
|
73
|
+
signing_key:
|
74
|
+
specification_version: 3
|
75
|
+
summary: Ruby gem to prove client has the other half of a keypair
|
76
|
+
test_files:
|
77
|
+
- test/test_all.rb
|