Use ports specific format

author: Miklós Fazekas <mfazekas@szemafor.com> 2021-08-05 17:20:55 +0200
committer: Miklós Fazekas <mfazekas@szemafor.com> 2021-08-05 17:25:37 +0200
commit: 51dc78feac5dc9df615ca0ef82e707951887411c (patch)
tree: 1fcbc3d677f3f03155254d8499ffd638a8065d9d
parent: 932f0268a2903e35f7bf9f8d1bb96dd38dd77e1f (diff)
download: net-ssh-51dc78feac5dc9df615ca0ef82e707951887411c.tar.gz
2 files changed, 28 insertions, 20 deletions
diff --git a/lib/net/ssh/known_hosts.rb b/lib/net/ssh/known_hosts.rb
index 1313552..fddbffd 100644
--- a/lib/net/ssh/known_hosts.rb
+++ b/lib/net/ssh/known_hosts.rb
@@ -189,26 +189,28 @@ module Net
               hosts, type, key_content, comment = line.split(' ')
             end
 
-            if marker == "@cert-authority"
-              blob = key_content.unpack("m*").first
-              keys << HostKeyEntries::CertAuthority.new(Net::SSH::Buffer.new(blob).read_key, comment: comment)
-            else
-              # Skip empty line or one that is commented
-              next if hosts.nil? || hosts.start_with?('#')
+            # Skip empty line or one that is commented
+            next if hosts.nil? || hosts.start_with?('#')
 
-              hostlist = hosts.split(',')
+            hostlist = hosts.split(',')
 
-              next unless SUPPORTED_TYPE.include?(type)
+            next unless SUPPORTED_TYPE.include?(type)
 
-              found = hostlist.any? { |pattern| match(host_name, pattern) } || known_host_hash?(hostlist, entries)
-              next unless found
+            found = hostlist.any? { |pattern| match(host_name, pattern) } || known_host_hash?(hostlist, entries)
+            next unless found
 
-              found = hostlist.include?(host_ip) if options[:check_host_ip] && entries.size > 1 && hostlist.size > 1
-              next unless found
+            found = hostlist.include?(host_ip) if options[:check_host_ip] && entries.size > 1 && hostlist.size > 1
+            next unless found
 
-              blob = key_content.unpack("m*").first
-              keys << HostKeyEntries::PubKey.new(Net::SSH::Buffer.new(blob).read_key, comment: comment)
-            end
+            blob = key_content.unpack("m*").first
+            raw_key = Net::SSH::Buffer.new(blob).read_key
+
+            keys <<
+              if marker == "@cert-authority"
+                HostKeyEntries::CertAuthority.new(raw_key, comment: comment)
+              else
+                HostKeyEntries::PubKey.new(raw_key, comment: comment)
+              end
           end
         end
 
diff --git a/test/integration/test_cert_host_auth.rb b/test/integration/test_cert_host_auth.rb
index aeda37e..7bae3a9 100644
--- a/test/integration/test_cert_host_auth.rb
+++ b/test/integration/test_cert_host_auth.rb
@@ -34,17 +34,23 @@ class TestCertHostAuth < NetSSHTest
     end
   end
 
+  def debug
+    false
+  end
+
   def test_host_should_match_when_host_key_was_signed_by_key
     Tempfile.open('cert_kh') do |f|
       setup_ssh_env do |params|
         data = File.read(params[:cert_pub])
-        f.write("@cert-authority *.hosts.netssh #{data}")
+        f.write("@cert-authority [*.hosts.netssh]:2200 #{data}")
         f.close
 
         config_lines = ["HostCertificate #{params[:signed_host_key]}"]
         start_sshd_7_or_later(config: config_lines) do |_pid, port|
-          Timeout.timeout(100) do
-            ret = Net::SSH.start("one.hosts.netssh", "net_ssh_1", password: 'foopwd', port: port, verify_host_key: :always, user_known_hosts_file: [f.path], verbose: :debug) do |ssh|
+          Timeout.timeout(500) do
+            # sleep 0.2
+            # sh "ssh -v -i ~/.ssh/id_ed25519 one.hosts.netssh -o UserKnownHostsFile=#{f.path} -p 2200"
+            ret = Net::SSH.start("one.hosts.netssh", "net_ssh_1", password: 'foopwd', port: port, verify_host_key: :always, user_known_hosts_file: [f.path]) do |ssh|
               ssh.exec! "echo 'foo'"
             end
             assert_equal "foo\n", ret
@@ -61,7 +67,7 @@ class TestCertHostAuth < NetSSHTest
     Tempfile.open('cert_kh') do |f|
       setup_ssh_env do |params|
         data = File.read(params[:badcert_pub])
-        f.write("@cert-authority *.hosts.netssh #{data}")
+        f.write("@cert-authority [*.hosts.netssh]:2200 #{data}")
         f.close
 
         config_lines = ["HostCertificate #{params[:signed_host_key]}"]
@@ -69,7 +75,7 @@ class TestCertHostAuth < NetSSHTest
           Timeout.timeout(100) do
             sleep 0.2
             assert_raises(Net::SSH::HostKeyMismatch) do
-              Net::SSH.start("one.hosts.netssh", "net_ssh_1", password: 'foopwd', port: port, verify_host_key: :always, user_known_hosts_file: [f.path], verbose: :debug) do |ssh|
+              Net::SSH.start("one.hosts.netssh", "net_ssh_1", password: 'foopwd', port: port, verify_host_key: :always, user_known_hosts_file: [f.path]) do |ssh|
                 ssh.exec! "echo 'foo'"
               end
             end
author	Miklós Fazekas <mfazekas@szemafor.com>	2021-08-05 17:20:55 +0200
committer	Miklós Fazekas <mfazekas@szemafor.com>	2021-08-05 17:25:37 +0200
commit	51dc78feac5dc9df615ca0ef82e707951887411c (patch)
tree	1fcbc3d677f3f03155254d8499ffd638a8065d9d
parent	932f0268a2903e35f7bf9f8d1bb96dd38dd77e1f (diff)
download	net-ssh-51dc78feac5dc9df615ca0ef82e707951887411c.tar.gz