train-juniper 0.7.0 → 0.7.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: abb9487cdbf492d9b94f9b45699e2a434095509e128d5928863e5fdff3c73241
-  data.tar.gz: 0d9d6746cb16f185eef54b199aaf02b4509e66cc9292af3475913bae89f3e36c
+  metadata.gz: c7074cafad165e2055edc5be8495a250025f4fc06ad658e740b77248e3d2273c
+  data.tar.gz: febffacb8ad71ffc912a76b3be460f598e48e20b0c500de48f10c3cefe11c549
 SHA512:
-  metadata.gz: 8c7c246e820daa1d436c03d4f95e7acab6bef59c600c9f18d99fcc94b63989a0adf00a483661fc362db634871446b469aa0bed753a6852b40d2da768709882d8
-  data.tar.gz: db80d5fdefcb80294734f162b67f48f21219859ebed3ee294bcb1449876be0a7c7758e4ed613c8fc3e40a9d7d67c25df12316cc56e31352dc648eda2c8184c59
+  metadata.gz: 4c47e243ab6d5922904bd7898b4c1da8dff8ac4986f3b60629e4662c566e79ace9bbec8a0dfda2ee400e51ec7f060f2c871b11be07d84130ce1f1ac1d23b4d76
+  data.tar.gz: af8b001261139a75f38da8be9711c3c9f14c8a618bd8195234c750262ef40e4a772cd9a081a59deb2880e1c78ac5ad44846ba7c902cc360420a4d4a4b5092be6

data/CHANGELOG.md

@@ -5,6 +5,83 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.7.3] - 2025-06-23
+
+### Documentation
+
+- Improve README structure for better MkDocs rendering
+- Add platform support section to README
+
+### Fixed
+
+- Follow standard RubyGems conventions for gem packaging
+- Remove .md extensions from internal MkDocs links
+- **docs**: Improve Support section formatting with subsections
+- **windows**: Use PowerShell for SSH_ASKPASS on Windows and add cross-platform CI/CD
+- **ci**: Add comprehensive platform support for cross-platform compatibility
+- Update ffi dependency to support Ruby 3.3 on Windows
+- Handle Windows PowerShell script paths in bastion proxy tests
+- Use direct gem push instead of rubygems/release-gem action
+- Complete release workflow implementation
+
+### Miscellaneous Tasks
+
+- Add session.md to .gitignore
+
+### Styling
+
+- Fix trailing whitespace in bastion proxy files
+
+### Testing
+
+- Add nocov markers for Windows-specific PowerShell code
+
+## [0.7.1] - 2025-06-23
+
+### Added
+
+- Implement Priority 2 DRY improvements and boost coverage to 90.88%
+- Add coverage analysis utility script
+- Boost test coverage to 93.13% and enhance coverage analysis tool
+- **coverage**: Integrate coverage reporting into release process and CI/CD
+- **docs**: Enhance coverage report with Material for MkDocs styling
+
+### Documentation
+
+- Add YARD documentation for inspect method and test organization guide
+- Add YARD documentation for all constants
+- **roadmap**: Modernize with v0.7.1 status and Material styling
+
+### Fixed
+
+- Add v0.7.0 to mkdocs and automate nav updates
+- **coverage**: Properly handle SimpleCov :nocov: markers in analysis
+- **docs**: Move Security Policy to About section in navigation
+- Resolve RuboCop violations for CI/CD compliance
+- Update release task to handle GitHub Actions gem publishing
+- Resolve final RuboCop issues in release task
+
+### Miscellaneous Tasks
+
+- Fix all RuboCop violations and prepare for v0.7.1 release
+- Remove .rubocop_todo.yml after fixing all violations
+
+### Refactor
+
+- Streamline release process for GitHub Actions
+- Phase 1 modularization - extract JuniperFile, EnvironmentHelpers, and Validation
+- Reorganize directory structure to follow Train plugin conventions
+- Phase 2 modularization - extract CommandExecutor and ErrorHandling
+- Phase 3 modularization - extract SSHSession and BastionProxy
+- DRY improvements for v0.7.1
+- Fix all RuboCop complexity issues without using todos
+- **docs**: Reorganize navigation for better user experience
+
+### Testing
+
+- Fix platform edge case test and boost coverage to 99.75%
+- Achieve 100% code coverage 🎯
+
 ## [0.7.0] - 2025-06-23
 
 ### Added

data/CONTRIBUTING.md

@@ -146,7 +146,7 @@ Releases are managed by project maintainers:
 
 ## Community
 
-- Follow our [Code of Conduct](CODE_OF_CONDUCT.md)
+- Follow our [Code of Conduct](CODE_OF_CONDUCT)
 - Be respectful and collaborative
 - Help others learn and contribute
 

data/README.md

@@ -175,11 +175,11 @@ This allows maximum flexibility while providing sensible defaults for common sce
 | `key_files` | SSH private key files | - | - |
 | `keys_only` | Use only specified keys | false | - |
 
-**Notes**: 
-- Cannot specify both `bastion_host` and `proxy_command` simultaneously
-- If `bastion_user` not provided, falls back to using main `user` for bastion authentication
-- If `bastion_password` not provided, falls back to using main `password` for bastion authentication
-- Supports automated password authentication via SSH_ASKPASS mechanism
+!!! note "Important Configuration Notes"
+    - Cannot specify both `bastion_host` and `proxy_command` simultaneously
+    - If `bastion_user` not provided, falls back to using main `user` for bastion authentication
+    - If `bastion_password` not provided, falls back to using main `password` for bastion authentication
+    - Supports automated password authentication via SSH_ASKPASS mechanism
 
 ### InSpec Configuration File
 
@@ -280,7 +280,8 @@ Train.create('juniper', {
 
 ### Common Authentication Issues
 
-#### ❌ **Error**: "No bastion password specified"
+#### ❌ Error: "No bastion password specified"
+
 **Solution**: Train doesn't have `--bastion-password`. Use one of these patterns:
 ```bash
 # Same password for both (most common)
@@ -293,7 +294,8 @@ inspec detect -t "juniper://user@device?bastion_host=jump" --key-files ~/.ssh/id
 inspec detect -t "juniper://user@device?proxy_command=sshpass%20-p%20jumppass%20ssh%20jumpuser@jump%20-W%20%h:%p" --password "device_pass"
 ```
 
-#### ❌ **Error**: "Authentication failed"
+#### ❌ Error: "Authentication failed"
+
 **Solutions**:
 ```bash
 # Verify bastion connection first
@@ -309,7 +311,8 @@ inspec detect -t "juniper://user@device?bastion_host=jump&proxy_command=ssh%20-v
 inspec detect -t "juniper://user@device?bastion_host=jump" --password "pass" -l debug
 ```
 
-#### ❌ **Error**: "Connection timeout"
+#### ❌ Error: "Connection timeout"
+
 **Solutions**:
 ```bash
 # Increase timeouts
@@ -349,6 +352,7 @@ result = connection.run_command('show version')
 ```
 
 Mock mode provides:
+
 - ✅ Realistic JunOS command outputs
 - ✅ Platform detection (JunOS 12.1X47-D15.4)
 - ✅ Error simulation for negative testing
@@ -393,12 +397,31 @@ This plugin implements the Train Plugin V1 API with:
 - **Platform** (`lib/train-juniper/platform.rb`) - JunOS platform detection
 - **Version** (`lib/train-juniper/version.rb`) - Plugin version management
 
+### Platform Support
+
+This gem supports a wide range of platforms to ensure maximum compatibility:
+
+| Platform | Description | Use Case |
+|----------|-------------|----------|
+| `ruby` | Platform-independent | Pure Ruby installations |
+| `x86_64-linux` | Standard Linux | Most Linux servers and CI/CD |
+| `aarch64-linux` | ARM64 Linux | AWS Graviton, Raspberry Pi |
+| `x86_64-linux-musl` | Alpine Linux | Docker containers |
+| `x86_64-darwin` | Intel macOS | Older Mac workstations |
+| `arm64-darwin-*` | Apple Silicon macOS | Modern Mac workstations |
+| `x64-mingw-ucrt` | Windows (UCRT) | Windows 10/11 with modern Ruby |
+| `x86_64-freebsd` | FreeBSD | Network appliances (JunOS heritage) |
+| `x86_64-solaris` | Solaris/illumos | Enterprise environments |
+
+!!! note "Platform Compatibility"
+    This comprehensive platform support ensures the plugin works wherever InSpec runs, from developer workstations to CI/CD pipelines to production jump hosts. The FreeBSD support is particularly relevant given that JunOS is based on FreeBSD.
+
 ### Documentation
 
-- **[Installation Guide](installation.md)** - Complete installation instructions
-- **[Basic Usage](basic-usage.md)** - Getting started with the plugin
-- **[Release Process](RELEASE_PROCESS.md)** - How to cut releases and publish gems
-- **[Project Roadmap](ROADMAP.md)** - Future development plans and contribution opportunities
+- **[Installation Guide](installation)** - Complete installation instructions
+- **[Basic Usage](basic-usage)** - Getting started with the plugin
+- **[Release Process](RELEASE_PROCESS)** - How to cut releases and publish gems
+- **[Project Roadmap](ROADMAP)** - Future development plans and contribution opportunities
 
 ### Plugin Development Resources
 
@@ -407,19 +430,29 @@ This plugin implements the Train Plugin V1 API with:
 
 ## Contributing
 
+We welcome contributions! Here's how to get started:
+
 1. Fork the repository
-2. Create a feature branch
+2. Create a feature branch (`git checkout -b feature/amazing-feature`)
 3. Make your changes with tests
-4. Run `bundle exec rake test` 
+4. Run `bundle exec rake test` to ensure tests pass
 5. Submit a pull request
 
+Please see our [Contributing Guide](CONTRIBUTING) for more details.
+
 ## Support and Contact
 
+### General Support
+
 For questions, feature requests, or general support:
+
 - Email: [saf@mitre.org](mailto:saf@mitre.org)
 - GitHub Issues: [https://github.com/mitre/train-juniper/issues](https://github.com/mitre/train-juniper/issues)
 
+### Security Issues
+
 For security issues or vulnerabilities:
+
 - Email: [saf-security@mitre.org](mailto:saf-security@mitre.org)
 - GitHub Security: [https://github.com/mitre/train-juniper/security](https://github.com/mitre/train-juniper/security)
 
@@ -439,12 +472,12 @@ Special thanks to the Train and InSpec communities for their excellent documenta
 
 Licensed under the Apache-2.0 license, except as noted below.
 
-See [LICENSE](LICENSE.md) for full details.
+See [LICENSE](LICENSE) for full details.
 
 ### Notice
 
 This software was produced for the U.S. Government under contract and is subject to Federal Acquisition Regulation Clause 52.227-14.
 
-See [NOTICE](NOTICE.md) for full details.
+See [NOTICE](NOTICE) for full details.
 
 © 2025 The MITRE Corporation.

data/Rakefile

@@ -103,5 +103,5 @@ end
 #------------------------------------------------------------------#
 #                    Bundler Gem Tasks
 #------------------------------------------------------------------#
-# This provides the standard 'rake release' task that rubygems/release-gem expects
-require 'bundler/gem_tasks'
+# Bundler gem tasks disabled - we use GitHub Actions for gem publication
+# require 'bundler/gem_tasks'

data/lib/train-juniper/connection/bastion_proxy.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+require 'train-juniper/constants'
+
+module TrainPlugins
+  module Juniper
+    # Handles bastion host proxy configuration and authentication
+    module BastionProxy
+      # Configure bastion proxy for SSH connection
+      # @param ssh_options [Hash] SSH options to modify
+      def configure_bastion_proxy(ssh_options)
+        require 'net/ssh/proxy/jump' unless defined?(Net::SSH::Proxy::Jump)
+
+        # Build proxy jump string from bastion options
+        bastion_user = @options[:bastion_user] || @options[:user]
+        bastion_port = @options[:bastion_port]
+
+        proxy_jump = if bastion_port == Constants::DEFAULT_SSH_PORT
+                       "#{bastion_user}@#{@options[:bastion_host]}"
+                     else
+                       "#{bastion_user}@#{@options[:bastion_host]}:#{bastion_port}"
+                     end
+
+        @logger.debug("Using bastion host: #{proxy_jump}")
+
+        # Set up automated password authentication via SSH_ASKPASS
+        setup_bastion_password_auth
+
+        ssh_options[:proxy] = Net::SSH::Proxy::Jump.new(proxy_jump)
+      end
+
+      # Set up SSH_ASKPASS for bastion password authentication
+      def setup_bastion_password_auth
+        bastion_password = @options[:bastion_password] || @options[:password]
+        return unless bastion_password
+
+        @ssh_askpass_script = create_ssh_askpass_script(bastion_password)
+        ENV['SSH_ASKPASS'] = @ssh_askpass_script
+        ENV['SSH_ASKPASS_REQUIRE'] = 'force'
+        @logger.debug('Configured SSH_ASKPASS for automated bastion authentication')
+      end
+
+      # Create temporary SSH_ASKPASS script for automated password authentication
+      # @param password [String] The password to use
+      # @return [String] Path to the created script
+      def create_ssh_askpass_script(password)
+        require 'tempfile'
+
+        if Gem.win_platform?
+          # :nocov:
+          # Create Windows PowerShell script
+          script = Tempfile.new(['ssh_askpass', '.ps1'])
+          # PowerShell handles escaping better, just escape quotes
+          escaped_password = password.gsub("'", "''")
+          script.write("Write-Output '#{escaped_password}'\r\n")
+          script.close
+
+          # Create a wrapper batch file to execute PowerShell with bypass policy
+          wrapper = Tempfile.new(['ssh_askpass_wrapper', '.bat'])
+          wrapper.write("@echo off\r\npowershell.exe -ExecutionPolicy Bypass -File \"#{script.path}\"\r\n")
+          wrapper.close
+
+          @logger.debug("Created SSH_ASKPASS PowerShell script at #{script.path} with wrapper at #{wrapper.path}")
+          wrapper.path
+          # :nocov:
+        else
+          # Create Unix shell script
+          script = Tempfile.new(['ssh_askpass', '.sh'])
+          script.write("#!/bin/bash\necho '#{password}'\n")
+          script.close
+          File.chmod(0o755, script.path)
+
+          @logger.debug("Created SSH_ASKPASS script at #{script.path}")
+          script.path
+        end
+      end
+
+      # Generate SSH proxy command for bastion host using ProxyJump (-J)
+      # @param bastion_user [String] Username for bastion
+      # @param bastion_port [Integer] Port for bastion
+      # @return [String] SSH command string
+      def generate_bastion_proxy_command(bastion_user, bastion_port)
+        args = ['ssh']
+
+        # SSH options for connection
+        Constants::STANDARD_SSH_OPTIONS.each do |key, value|
+          args += ['-o', "#{key}=#{value}"]
+        end
+
+        # Use ProxyJump (-J) which handles password authentication properly
+        jump_host = if bastion_port == Constants::DEFAULT_SSH_PORT
+                      "#{bastion_user}@#{@options[:bastion_host]}"
+                    else
+                      "#{bastion_user}@#{@options[:bastion_host]}:#{bastion_port}"
+                    end
+        args += ['-J', jump_host]
+
+        # Add SSH keys if specified
+        if @options[:key_files]
+          Array(@options[:key_files]).each do |key_file|
+            args += ['-i', key_file]
+          end
+        end
+
+        # Target connection - %h and %p will be replaced by Net::SSH
+        args += ['%h', '-p', '%p']
+
+        args.join(' ')
+      end
+    end
+  end
+end

data/lib/train-juniper/connection/command_executor.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+module TrainPlugins
+  module Juniper
+    # Handles command execution, sanitization, and output formatting
+    module CommandExecutor
+      # Command sanitization patterns
+      # Note: Pipe (|) is allowed as it's commonly used in JunOS commands
+      DANGEROUS_COMMAND_PATTERNS = [
+        /[;&<>$`]/,     # Shell metacharacters (excluding pipe)
+        /\n|\r/,        # Newlines that could inject commands
+        /\\(?![nrt])/   # Escape sequences (except valid ones like \n, \r, \t)
+      ].freeze
+
+      # Execute commands on Juniper device via SSH
+      # @param cmd [String] The JunOS command to execute
+      # @return [CommandResult] Result object with stdout, stderr, and exit status
+      # @raise [Train::ClientError] If command contains dangerous characters
+      # @example
+      #   result = connection.run_command('show version')
+      #   puts result.stdout
+      def run_command_via_connection(cmd)
+        # Sanitize command to prevent injection
+        safe_cmd = sanitize_command(cmd)
+
+        return mock_command_result(safe_cmd) if @options[:mock]
+
+        begin
+          # :nocov: Real SSH execution cannot be tested without actual devices
+          # Ensure we're connected
+          connect unless connected?
+
+          log_command(safe_cmd)
+
+          # Execute command via SSH session
+          output = @ssh_session.exec!(safe_cmd)
+
+          @logger.debug("Command output: #{output}")
+
+          # Format JunOS result
+          format_junos_result(output, safe_cmd)
+        rescue StandardError => e
+          log_error(e, 'Command execution failed')
+          # Handle connection errors gracefully
+          error_result(e.message)
+          # :nocov:
+        end
+      end
+
+      private
+
+      # Sanitize command to prevent injection attacks
+      def sanitize_command(cmd)
+        cmd_str = cmd.to_s.strip
+
+        if DANGEROUS_COMMAND_PATTERNS.any? { |pattern| cmd_str.match?(pattern) }
+          raise Train::ClientError, "Invalid characters in command: #{cmd_str.inspect}"
+        end
+
+        cmd_str
+      end
+
+      # Format JunOS command results
+      def format_junos_result(output, cmd)
+        # Parse JunOS-specific error patterns
+        if junos_error?(output)
+          error_result(output)
+        else
+          success_result(output, cmd)
+        end
+      end
+
+      # Clean command output
+      def clean_output(output, cmd)
+        # Handle nil output gracefully
+        return '' if output.nil?
+
+        # Remove command echo and prompts
+        lines = output.to_s.split("\n")
+        lines.reject! { |line| line.strip == cmd.strip }
+
+        # Remove JunOS prompt patterns from the end
+        lines.pop while lines.last&.strip&.match?(/^[%>$#]+\s*$/)
+
+        lines.join("\n")
+      end
+
+      # Mock command execution for testing
+      def mock_command_result(cmd)
+        output, exit_status = MockResponses.response_for(cmd)
+        # For mock mode, network devices return errors as stdout
+        Train::Extras::CommandResult.new(output, '', exit_status)
+      end
+
+      # Factory method for successful command results
+      # @param output [String] Command output
+      # @param cmd [String, nil] Original command for cleaning output
+      # @return [Train::Extras::CommandResult] Successful result object
+      def success_result(output, cmd = nil)
+        output = clean_output(output, cmd) if cmd
+        Train::Extras::CommandResult.new(output, '', 0)
+      end
+
+      # Factory method for error command results
+      # @param message [String] Error message
+      # @return [Train::Extras::CommandResult] Error result object
+      def error_result(message)
+        Train::Extras::CommandResult.new('', message, 1)
+      end
+    end
+  end
+end

data/lib/train-juniper/connection/error_handling.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module TrainPlugins
+  module Juniper
+    # Handles error detection, classification, and messaging
+    module ErrorHandling
+      # JunOS error patterns organized by type
+      JUNOS_ERRORS = {
+        configuration: [/^error:/i, /configuration database locked/i],
+        syntax: [/syntax error/i],
+        command: [/invalid command/i, /unknown command/i],
+        argument: [/missing argument/i]
+      }.freeze
+
+      # Flattened error patterns for quick matching
+      JUNOS_ERROR_PATTERNS = JUNOS_ERRORS.values.flatten.freeze
+
+      # Check for JunOS error patterns
+      # @param output [String] Command output to check
+      # @return [Boolean] true if output contains error patterns
+      def junos_error?(output)
+        return false if output.nil? || output.empty?
+
+        JUNOS_ERROR_PATTERNS.any? { |pattern| output.match?(pattern) }
+      end
+
+      # Handle connection errors with helpful messages
+      # @param error [StandardError] The error that occurred
+      # @raise [Train::TransportError] Always raises with formatted message
+      def handle_connection_error(error)
+        @logger.error("SSH connection failed: #{error.message}")
+
+        if bastion_auth_error?(error)
+          raise Train::TransportError, bastion_error_message(error)
+        else
+          raise Train::TransportError, "Failed to connect to Juniper device #{@options[:host]}: #{error.message}"
+        end
+      end
+
+      # Check if error is bastion authentication related
+      # @param error [StandardError] The error to check
+      # @return [Boolean] true if error is bastion-related
+      def bastion_auth_error?(error)
+        @options[:bastion_host] &&
+          (error.message.include?('Permission denied') || error.message.include?('command failed'))
+      end
+
+      # Build helpful bastion error message
+      # @param error [StandardError] The original error
+      # @return [String] Detailed error message with troubleshooting steps
+      def bastion_error_message(error)
+        <<~ERROR
+          Failed to connect to Juniper device #{@options[:host]} via bastion #{@options[:bastion_host]}: #{error.message}
+
+          Possible causes:
+          1. Incorrect bastion credentials (user: #{@options[:bastion_user] || @options[:user]})
+          2. Network connectivity issues to bastion host
+          3. Bastion host SSH service not available on port #{@options[:bastion_port]}
+          4. Target device not reachable from bastion
+
+          Authentication options:
+          - Password: Use --bastion-password (or JUNIPER_BASTION_PASSWORD env var)
+          - SSH Key: Use --key-files option to specify SSH private key files
+          - SSH Agent: Ensure your SSH agent has the required keys loaded
+
+          For more details, see: https://mitre.github.io/train-juniper/troubleshooting/#bastion-authentication
+        ERROR
+      end
+    end
+  end
+end

data/lib/train-juniper/connection/ssh_session.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+module TrainPlugins
+  module Juniper
+    # Handles SSH session management and configuration
+    module SSHSession
+      # SSH option mapping configuration
+      SSH_OPTION_MAPPING = {
+        port: :port,
+        password: :password,
+        timeout: :timeout,
+        keepalive: :keepalive,
+        keepalive_interval: :keepalive_interval,
+        keys: ->(opts) { Array(opts[:key_files]) if opts[:key_files] },
+        keys_only: ->(opts) { opts[:keys_only] if opts[:key_files] }
+      }.freeze
+
+      # Default SSH options for Juniper connections
+      # @note verify_host_key is set to :never for network device compatibility
+      SSH_DEFAULTS = {
+        verify_host_key: :never
+      }.freeze
+
+      # Establish SSH connection to Juniper device
+      def connect
+        return if connected?
+
+        # :nocov: Real SSH connections cannot be tested without actual devices
+        begin
+          # Use direct SSH connection (network device pattern)
+          # Defensive loading - only require if not fully loaded
+          require 'net/ssh' unless defined?(Net::SSH) && Net::SSH.respond_to?(:start)
+
+          @logger.debug('Establishing SSH connection to Juniper device')
+
+          ssh_options = build_ssh_options
+
+          # Add bastion host support if configured
+          if @options[:bastion_host]
+            log_bastion_connection(@options[:bastion_host])
+            configure_bastion_proxy(ssh_options)
+          end
+
+          log_connection_attempt(@options[:host], @options[:port])
+          log_ssh_options(ssh_options)
+
+          # Direct SSH connection
+          @ssh_session = Net::SSH.start(@options[:host], @options[:user], ssh_options)
+          log_connection_success(@options[:host])
+
+          # Configure JunOS session for automation
+          test_and_configure_session
+        rescue StandardError => e
+          handle_connection_error(e)
+        end
+        # :nocov:
+      end
+
+      # Check if SSH connection is active
+      # @return [Boolean] true if connected, false otherwise
+      def connected?
+        return true if @options[:mock]
+
+        !@ssh_session.nil?
+      rescue StandardError
+        false
+      end
+
+      # Check if running in mock mode
+      # @return [Boolean] true if in mock mode
+      def mock?
+        @options[:mock] == true
+      end
+
+      # Test connection and configure JunOS session
+      def test_and_configure_session
+        @logger.debug('Testing SSH connection and configuring JunOS session')
+
+        # Test connection first
+        @ssh_session.exec!('echo "connection test"')
+        @logger.debug('SSH connection test successful')
+
+        # Optimize CLI for automation
+        @ssh_session.exec!('set cli screen-length 0')
+        @ssh_session.exec!('set cli screen-width 0')
+        @ssh_session.exec!('set cli complete-on-space off') if @options[:disable_complete_on_space]
+
+        @logger.debug('JunOS session configured successfully')
+      rescue StandardError => e
+        @logger.warn("Failed to configure JunOS session: #{e.message}")
+      end
+
+      private
+
+      # Build SSH connection options from @options
+      def build_ssh_options
+        SSH_DEFAULTS.merge(
+          SSH_OPTION_MAPPING.each_with_object({}) do |(ssh_key, option_key), opts|
+            value = option_key.is_a?(Proc) ? option_key.call(@options) : @options[option_key]
+            opts[ssh_key] = value unless value.nil?
+          end
+        )
+      end
+    end
+  end
+end