/usr/lib/ruby/vendor_ruby/net/ssh.rb is in ruby-net-ssh 1:3.2.0-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 | # Make sure HOME is set, regardless of OS, so that File.expand_path works
# as expected with tilde characters.
ENV['HOME'] ||= ENV['HOMEPATH'] ? "#{ENV['HOMEDRIVE']}#{ENV['HOMEPATH']}" : Dir.pwd
require 'logger'
require 'etc'
require 'net/ssh/config'
require 'net/ssh/errors'
require 'net/ssh/loggable'
require 'net/ssh/transport/session'
require 'net/ssh/authentication/session'
require 'net/ssh/connection/session'
module Net
# Net::SSH is a library for interacting, programmatically, with remote
# processes via the SSH2 protocol. Sessions are always initiated via
# Net::SSH.start. From there, a program interacts with the new SSH session
# via the convenience methods on Net::SSH::Connection::Session, by opening
# and interacting with new channels (Net::SSH::Connection:Session#open_channel
# and Net::SSH::Connection::Channel), or by forwarding local and/or
# remote ports through the connection (Net::SSH::Service::Forward).
#
# The SSH protocol is very event-oriented. Requests are sent from the client
# to the server, and are answered asynchronously. This gives great flexibility
# (since clients can have multiple requests pending at a time), but it also
# adds complexity. Net::SSH tries to manage this complexity by providing
# some simpler methods of synchronous communication (see Net::SSH::Connection::Session#exec!).
#
# In general, though, and if you want to do anything more complicated than
# simply executing commands and capturing their output, you'll need to use
# channels (Net::SSH::Connection::Channel) to build state machines that are
# executed while the event loop runs (Net::SSH::Connection::Session#loop).
#
# Net::SSH::Connection::Session and Net::SSH::Connection::Channel have more
# information about this technique.
#
# = "Um, all I want to do is X, just show me how!"
#
# == X == "execute a command and capture the output"
#
# Net::SSH.start("host", "user", :password => "password") do |ssh|
# result = ssh.exec!("ls -l")
# puts result
# end
#
# == X == "forward connections on a local port to a remote host"
#
# Net::SSH.start("host", "user", :password => "password") do |ssh|
# ssh.forward.local(1234, "www.google.com", 80)
# ssh.loop { true }
# end
#
# == X == "forward connections on a remote port to the local host"
#
# Net::SSH.start("host", "user", :password => "password") do |ssh|
# ssh.forward.remote(80, "www.google.com", 1234)
# ssh.loop { true }
# end
module SSH
# This is the set of options that Net::SSH.start recognizes. See
# Net::SSH.start for a description of each option.
VALID_OPTIONS = [
:auth_methods, :bind_address, :compression, :compression_level, :config,
:encryption, :forward_agent, :hmac, :host_key, :remote_user,
:keepalive, :keepalive_interval, :keepalive_maxcount, :kex, :keys, :key_data,
:languages, :logger, :paranoid, :password, :port, :proxy,
:rekey_blocks_limit,:rekey_limit, :rekey_packet_limit, :timeout, :verbose,
:known_hosts, :global_known_hosts_file, :user_known_hosts_file, :host_key_alias,
:host_name, :user, :properties, :passphrase, :keys_only, :max_pkt_size,
:max_win_size, :send_env, :use_agent, :number_of_password_prompts,
:append_supported_algorithms, :non_interactive, :agent_socket_factory
]
# The standard means of starting a new SSH connection. When used with a
# block, the connection will be closed when the block terminates, otherwise
# the connection will just be returned. The yielded (or returned) value
# will be an instance of Net::SSH::Connection::Session (q.v.). (See also
# Net::SSH::Connection::Channel and Net::SSH::Service::Forward.)
#
# Net::SSH.start("host", "user") do |ssh|
# ssh.exec! "cp /some/file /another/location"
# hostname = ssh.exec!("hostname")
#
# ssh.open_channel do |ch|
# ch.exec "sudo -p 'sudo password: ' ls" do |ch, success|
# abort "could not execute sudo ls" unless success
#
# ch.on_data do |ch, data|
# print data
# if data =~ /sudo password: /
# ch.send_data("password\n")
# end
# end
# end
# end
#
# ssh.loop
# end
#
# This method accepts the following options (all are optional):
#
# * :auth_methods => an array of authentication methods to try
# * :bind_address => the IP address on the connecting machine to use in
# establishing connection. (:bind_address is discarded if :proxy
# is set.)
# * :compression => the compression algorithm to use, or +true+ to use
# whatever is supported.
# * :compression_level => the compression level to use when sending data
# * :config => set to +true+ to load the default OpenSSH config files
# (~/.ssh/config, /etc/ssh_config), or to +false+ to not load them, or to
# a file-name (or array of file-names) to load those specific configuration
# files. Defaults to +true+.
# * :encryption => the encryption cipher (or ciphers) to use
# * :forward_agent => set to true if you want the SSH agent connection to
# be forwarded
# * :known_hosts => a custom object holding known hosts records.
# It must implement #search_for and add in a similiar manner as KnownHosts.
# * :global_known_hosts_file => the location of the global known hosts
# file. Set to an array if you want to specify multiple global known
# hosts files. Defaults to %w(/etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2).
# * :hmac => the hmac algorithm (or algorithms) to use
# * :host_key => the host key algorithm (or algorithms) to use
# * :host_key_alias => the host name to use when looking up or adding a
# host to a known_hosts dictionary file
# * :host_name => the real host name or IP to log into. This is used
# instead of the +host+ parameter, and is primarily only useful when
# specified in an SSH configuration file. It lets you specify an
# "alias", similarly to adding an entry in /etc/hosts but without needing
# to modify /etc/hosts.
# * :keepalive => set to +true+ to send a keepalive packet to the SSH server
# when there's no traffic between the SSH server and Net::SSH client for
# the keepalive_interval seconds. Defaults to +false+.
# * :keepalive_interval => the interval seconds for keepalive.
# Defaults to +300+ seconds.
# * :keepalive_maxcount => the maximun number of keepalive packet miss allowed.
# Defaults to 3
# * :kex => the key exchange algorithm (or algorithms) to use
# * :keys => an array of file names of private keys to use for publickey
# and hostbased authentication
# * :key_data => an array of strings, with each element of the array being
# a raw private key in PEM format.
# * :keys_only => set to +true+ to use only private keys from +keys+ and
# +key_data+ parameters, even if ssh-agent offers more identities. This
# option is intended for situations where ssh-agent offers many different
# identites.
# * :logger => the logger instance to use when logging
# * :max_pkt_size => maximum size we tell the other side that is supported per
# packet. Default is 0x8000 (32768 bytes). Increase to 0x10000 (65536 bytes)
# for better performance if your SSH server supports it (most do).
# * :max_win_size => maximum size we tell the other side that is supported for
# the window.
# * :paranoid => either false, true, :very, or :secure specifying how
# strict host-key verification should be (in increasing order here).
# You can also provide an own Object which responds to +verify+. The argument
# given to +verify+ is a hash consisting of the +:key+, the +:key_blob+,
# the +:fingerprint+ and the +:session+. Returning true accepts the host key,
# returning false declines it and closes the connection.
# * :passphrase => the passphrase to use when loading a private key (default
# is +nil+, for no passphrase)
# * :password => the password to use to login
# * :port => the port to use when connecting to the remote host
# * :properties => a hash of key/value pairs to add to the new connection's
# properties (see Net::SSH::Connection::Session#properties)
# * :proxy => a proxy instance (see Proxy) to use when connecting
# * :rekey_blocks_limit => the max number of blocks to process before rekeying
# * :rekey_limit => the max number of bytes to process before rekeying
# * :rekey_packet_limit => the max number of packets to process before rekeying
# * :send_env => an array of local environment variable names to export to the
# remote environment. Names may be given as String or Regexp.
# * :timeout => how long to wait for the initial connection to be made
# * :user => the user name to log in as; this overrides the +user+
# parameter, and is primarily only useful when provided via an SSH
# configuration file.
# * :remote_user => used for substitution into the '%r' part of a ProxyCommand
# * :user_known_hosts_file => the location of the user known hosts file.
# Set to an array to specify multiple user known hosts files.
# Defaults to %w(~/.ssh/known_hosts ~/.ssh/known_hosts2).
# * :use_agent => Set false to disable the use of ssh-agent. Defaults to
# true
# * :non_interactive => set to true if your app is non interactive and prefers
# authentication failure vs password prompt
# * :verbose => how verbose to be (Logger verbosity constants, Logger::DEBUG
# is very verbose, Logger::FATAL is all but silent). Logger::FATAL is the
# default. The symbols :debug, :info, :warn, :error, and :fatal are also
# supported and are translated to the corresponding Logger constant.
# * :append_all_supported_algorithms => set to +true+ to append all supported
# algorithms by net-ssh. Was the default behaviour until 2.10
# * :number_of_password_prompts => Number of prompts for the password
# authentication method defaults to 3 set to 0 to disable prompt for
# password auth method
# * :non_interactive => non interactive applications should set it to true
# to prefer failing a password/etc auth methods vs asking for password
# * :agent_socket_factory => enables the user to pass a lambda/block that will serve as the socket factory
# Net::SSH::start(user,host,agent_socket_factory: ->{ UNIXSocket.open('/foo/bar') })
# example: ->{ UNIXSocket.open('/foo/bar')}
#
# If +user+ parameter is nil it defaults to USER from ssh_config, or
# local username
def self.start(host, user=nil, options={}, &block)
invalid_options = options.keys - VALID_OPTIONS
if invalid_options.any?
raise ArgumentError, "invalid option(s): #{invalid_options.join(', ')}"
end
options[:user] = user if user
options = configuration_for(host, options.fetch(:config, true)).merge(options)
host = options.fetch(:host_name, host)
if !options.key?(:logger)
options[:logger] = Logger.new(STDERR)
options[:logger].level = Logger::FATAL
end
if options[:non_interactive]
options[:number_of_password_prompts] = 0
end
if options[:verbose]
options[:logger].level = case options[:verbose]
when Fixnum then options[:verbose]
when :debug then Logger::DEBUG
when :info then Logger::INFO
when :warn then Logger::WARN
when :error then Logger::ERROR
when :fatal then Logger::FATAL
else raise ArgumentError, "can't convert #{options[:verbose].inspect} to any of the Logger level constants"
end
end
transport = Transport::Session.new(host, options)
auth = Authentication::Session.new(transport, options)
user = options.fetch(:user, user) || Etc.getlogin
if auth.authenticate("ssh-connection", user, options[:password])
connection = Connection::Session.new(transport, options)
if block_given?
begin
yield connection
ensure
connection.close unless connection.closed?
end
else
return connection
end
else
transport.close
raise AuthenticationFailed, "Authentication failed for user #{user}@#{host}"
end
end
# Returns a hash of the configuration options for the given host, as read
# from the SSH configuration file(s). If +use_ssh_config+ is true (the
# default), this will load configuration from both ~/.ssh/config and
# /etc/ssh_config. If +use_ssh_config+ is nil or false, nothing will be
# loaded (and an empty hash returned). Otherwise, +use_ssh_config+ may
# be a file name (or array of file names) of SSH configuration file(s)
# to read.
#
# See Net::SSH::Config for the full description of all supported options.
def self.configuration_for(host, use_ssh_config=true)
files = case use_ssh_config
when true then Net::SSH::Config.default_files
when false, nil then return {}
else Array(use_ssh_config)
end
Net::SSH::Config.for(host, files)
end
end
end
|