| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
|
|
|
|
| |
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
|
|
|
|
| |
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
|
|
|
|
| |
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
|
|
|
|
| |
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
|
|
|
|
| |
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
|
|
|
|
| |
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
|
|
|
|
| |
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
|
|
|
|
| |
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
|
|\
| |
| | |
Consider ProxyCommand and ProxyJump together
|
| | |
|
| |
| |
| |
| |
| | |
ProxyCommand and ProxyJump override each other so they need to be
tracked together so the first one set takes precedence
|
|/ |
|
|
|
|
|
|
|
|
| |
Make this setting available so it can be used when deciding how to
configure `verify_host_key` so that users of this library can enable
behavior consistent with `ssh`.
Resolves #678.
|
|\
| |
| | |
Deprecating RC4 as per https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-10
|
| | |
|
| | |
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
|
| |
The known_hosts file can contain pattern for matching hosts. When
looking for a known host, match the user provided hostname with the
patterns found in the known_hosts file.
|
|\
| |
| | |
Fix host key checking
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The known_hosts file may contain keys associated with a hostname, an
ip-address, or both.
When validating a key, the net-ssh gem ensure that both the hostname and
the ip-address match beforce adding that key. Thus, if the known_hosts
file only contains one of these two pieces of information, the host key
verification fails.
Instead of adding keys when both the hostname and the ip-address match,
add them when the user-supplied identification of the remote host match
an entry in the known_hosts file. Optionaly, if `check_host_ip` is set
to true, the resolved IP address of the remote host is also checked.
|
| |
| |
| |
| |
| |
| | |
This method is supposed to transform a relative path into an absolute
one, but ignrore the provided path and always return the full path to
the same fixture file.
|
|/ |
|
|\
| |
| |
| |
| | |
aleksandrs-ledovskis/chore/ssh-auth-sock-test-lab-cleanup
Clear SSH_AUTH_SOCK for duration of test run
|
| |
| |
| |
| |
| |
| |
| |
| | |
Permits per-scenario/test setup in usual `setup/teardown` constructs
Issue was spotted on local development machine where `SSH_AUTH_SOCK` was
present in ENV list - it messed up with "test/authentication/test_session.rb" tests
Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>
|
|\ \
| |/
|/| |
Server key signature verification done even if not requested
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In my environment I know that server key verification would fail so
I set :verify_host_key to :never I see following error:
diffie_hellman_group1_sha1.rb:211:in `verify_signature': could not verify server signature (Net::SSH::Exception)
This PR updates the Verifiers to provide key verification as well as key signature so when setting
that this oprtation should never be run it works fine.
We change an interface of Verifiers. User could provide its own object responding to :verify
with this change there is new method (:verify_signature) which is needed.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously wasn't correctly handling quoted and `=` delimited values.
Also, fixes logic that unsupported `Match` conditions result in
subsequent declarations to be applied for configuration.
OpenSSH implementation details:
- https://github.com/openssh/openssh-portable/blob/624d19ac2d56fa86a22417c35536caceb3be346f/readconf.c#L599
- https://github.com/openssh/openssh-portable/blob/624d19ac2d56fa86a22417c35536caceb3be346f/misc.c#L284-L285
Signed-off-by: Aleksandrs Ļedovskis <aleksandrs@ledovskis.lv>
|
| | |
|
| | |
|
|\ \
| | |
| | | |
Add timeout to blocking next_packet IO.select
|
| |/
| |
| |
| |
| |
| |
| | |
If the socket isn't closed properly for some reason this select will
block forever.
Fixes #550
|
|\ \
| | |
| | | |
Add missing 'logger' in test_session.rb.
|
| |/
| |
| |
| | |
Otherwise there is an intermittent test failure depending on which order tests are loaded in.
|
|\ \
| | |
| | | |
Prefer more modern cryptographic algorithms
|
| |/
| |
| |
| |
| | |
This commit modifies Net::SSH to prefer strong encryption for HMAC,
Cipher, Host Key Authentication and Key Exchange operations.
|
|/ |
|
|
|
|
|
|
|
| |
Fix an issue where writing an ECDSA public_key out to a Net::SSH::Buffer
fails when calling to_blob on the key due to the method being undefined.
Fixes https://github.com/net-ssh/net-ssh/issues/619
|
| |
|
|
|
|
|
|
| |
- The goal of this test is to confirm that the current user's name is
used when ssh-ing. It breaks when ~/.ssh/config contains User
directives.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deprecate some existing values, replacing them with a set of words
that match the classes in the `Net::SSH::Verifiers` module. Values
would be replaced as follows:
- `false` becomes `:never`,
- `true` becomes `:accept_new_or_local_tunnel`,
- `:very` becomes `:accept_new`, and
- `:secure` becomes `:always`.
This is a nice improvement, improving data type consistency (they're
all symbols) and expressiveness (they reveal the underlying classes).
This change was preliminarily approved in
https://github.com/net-ssh/net-ssh/issues/532
|
| |
|