diff options
author | Miklós Fazekas <mfazekas@szemafor.com> | 2021-08-05 17:20:55 +0200 |
---|---|---|
committer | Miklós Fazekas <mfazekas@szemafor.com> | 2021-08-05 17:25:37 +0200 |
commit | 51dc78feac5dc9df615ca0ef82e707951887411c (patch) | |
tree | 1fcbc3d677f3f03155254d8499ffd638a8065d9d | |
parent | 932f0268a2903e35f7bf9f8d1bb96dd38dd77e1f (diff) | |
download | net-ssh-51dc78feac5dc9df615ca0ef82e707951887411c.tar.gz |
Use ports specific format
-rw-r--r-- | lib/net/ssh/known_hosts.rb | 32 | ||||
-rw-r--r-- | test/integration/test_cert_host_auth.rb | 16 |
2 files changed, 28 insertions, 20 deletions
diff --git a/lib/net/ssh/known_hosts.rb b/lib/net/ssh/known_hosts.rb index 1313552..fddbffd 100644 --- a/lib/net/ssh/known_hosts.rb +++ b/lib/net/ssh/known_hosts.rb @@ -189,26 +189,28 @@ module Net hosts, type, key_content, comment = line.split(' ') end - if marker == "@cert-authority" - blob = key_content.unpack("m*").first - keys << HostKeyEntries::CertAuthority.new(Net::SSH::Buffer.new(blob).read_key, comment: comment) - else - # Skip empty line or one that is commented - next if hosts.nil? || hosts.start_with?('#') + # Skip empty line or one that is commented + next if hosts.nil? || hosts.start_with?('#') - hostlist = hosts.split(',') + hostlist = hosts.split(',') - next unless SUPPORTED_TYPE.include?(type) + next unless SUPPORTED_TYPE.include?(type) - found = hostlist.any? { |pattern| match(host_name, pattern) } || known_host_hash?(hostlist, entries) - next unless found + found = hostlist.any? { |pattern| match(host_name, pattern) } || known_host_hash?(hostlist, entries) + next unless found - found = hostlist.include?(host_ip) if options[:check_host_ip] && entries.size > 1 && hostlist.size > 1 - next unless found + found = hostlist.include?(host_ip) if options[:check_host_ip] && entries.size > 1 && hostlist.size > 1 + next unless found - blob = key_content.unpack("m*").first - keys << HostKeyEntries::PubKey.new(Net::SSH::Buffer.new(blob).read_key, comment: comment) - end + blob = key_content.unpack("m*").first + raw_key = Net::SSH::Buffer.new(blob).read_key + + keys << + if marker == "@cert-authority" + HostKeyEntries::CertAuthority.new(raw_key, comment: comment) + else + HostKeyEntries::PubKey.new(raw_key, comment: comment) + end end end diff --git a/test/integration/test_cert_host_auth.rb b/test/integration/test_cert_host_auth.rb index aeda37e..7bae3a9 100644 --- a/test/integration/test_cert_host_auth.rb +++ b/test/integration/test_cert_host_auth.rb @@ -34,17 +34,23 @@ class TestCertHostAuth < NetSSHTest end end + def debug + false + end + def test_host_should_match_when_host_key_was_signed_by_key Tempfile.open('cert_kh') do |f| setup_ssh_env do |params| data = File.read(params[:cert_pub]) - f.write("@cert-authority *.hosts.netssh #{data}") + f.write("@cert-authority [*.hosts.netssh]:2200 #{data}") f.close config_lines = ["HostCertificate #{params[:signed_host_key]}"] start_sshd_7_or_later(config: config_lines) do |_pid, port| - Timeout.timeout(100) do - ret = Net::SSH.start("one.hosts.netssh", "net_ssh_1", password: 'foopwd', port: port, verify_host_key: :always, user_known_hosts_file: [f.path], verbose: :debug) do |ssh| + Timeout.timeout(500) do + # sleep 0.2 + # sh "ssh -v -i ~/.ssh/id_ed25519 one.hosts.netssh -o UserKnownHostsFile=#{f.path} -p 2200" + ret = Net::SSH.start("one.hosts.netssh", "net_ssh_1", password: 'foopwd', port: port, verify_host_key: :always, user_known_hosts_file: [f.path]) do |ssh| ssh.exec! "echo 'foo'" end assert_equal "foo\n", ret @@ -61,7 +67,7 @@ class TestCertHostAuth < NetSSHTest Tempfile.open('cert_kh') do |f| setup_ssh_env do |params| data = File.read(params[:badcert_pub]) - f.write("@cert-authority *.hosts.netssh #{data}") + f.write("@cert-authority [*.hosts.netssh]:2200 #{data}") f.close config_lines = ["HostCertificate #{params[:signed_host_key]}"] @@ -69,7 +75,7 @@ class TestCertHostAuth < NetSSHTest Timeout.timeout(100) do sleep 0.2 assert_raises(Net::SSH::HostKeyMismatch) do - Net::SSH.start("one.hosts.netssh", "net_ssh_1", password: 'foopwd', port: port, verify_host_key: :always, user_known_hosts_file: [f.path], verbose: :debug) do |ssh| + Net::SSH.start("one.hosts.netssh", "net_ssh_1", password: 'foopwd', port: port, verify_host_key: :always, user_known_hosts_file: [f.path]) do |ssh| ssh.exec! "echo 'foo'" end end |