diff options
author | Miklós Fazekas <mfazekas@szemafor.com> | 2021-08-10 10:15:28 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-08-10 10:15:28 +0200 |
commit | 1310df3b5cbdb8f0bd5d6c883f376f1acb6711ed (patch) | |
tree | a12ba32390b2623c2b8d9ce74007da86b3d202b4 | |
parent | 7a05fe9947f91266fc4f4026233b650f63c37a93 (diff) | |
parent | 42255eabc1888a3402f90ecbcb614afec105d593 (diff) | |
download | net-ssh-1310df3b5cbdb8f0bd5d6c883f376f1acb6711ed.tar.gz |
Merge pull request #765 from dax/fix_translated_strict_host_key_checking
Fix StrictHostKeyChecking ssh config parameter translation
-rw-r--r-- | lib/net/ssh/config.rb | 32 | ||||
-rw-r--r-- | test/test_config.rb | 22 |
2 files changed, 42 insertions, 12 deletions
diff --git a/lib/net/ssh/config.rb b/lib/net/ssh/config.rb index 98714e4..6f0f4da 100644 --- a/lib/net/ssh/config.rb +++ b/lib/net/ssh/config.rb @@ -33,7 +33,7 @@ module Net # * ProxyJump => maps to the :proxy option # * PubKeyAuthentication => maps to the :auth_methods option # * RekeyLimit => :rekey_limit - # * StrictHostKeyChecking => :strict_host_key_checking + # * StrictHostKeyChecking => :verify_host_key # * User => :user # * UserKnownHostsFile => :user_known_hosts_file # * NumberOfPasswordPrompts => :number_of_password_prompts @@ -194,6 +194,26 @@ module Net private + def translate_verify_host_key(value) + case value + when false + :never + when true + :always + when 'accept-new' + :accept_new + end + end + + def translate_keepalive(hash, value) + if value && value.to_i > 0 + hash[:keepalive] = true + hash[:keepalive_interval] = value.to_i + else + hash[:keepalive] = false + end + end + TRANSLATE_CONFIG_KEY_RENAME_MAP = { bindaddress: :bind_address, compression: :compression, @@ -208,13 +228,14 @@ module Net identityfile: :keys, fingerprinthash: :fingerprint_hash, port: :port, - stricthostkeychecking: :strict_host_key_checking, user: :user, userknownhostsfile: :user_known_hosts_file, checkhostip: :check_host_ip }.freeze def translate_config_key(hash, key, value, settings) case key + when :stricthostkeychecking + hash[:verify_host_key] = translate_verify_host_key(value) when :ciphers hash[:encryption] = value.split(/,/) when :hostbasedauthentication @@ -232,12 +253,7 @@ module Net when :serveralivecountmax hash[:keepalive_maxcount] = value.to_i if value when :serveraliveinterval - if value && value.to_i > 0 - hash[:keepalive] = true - hash[:keepalive_interval] = value.to_i - else - hash[:keepalive] = false - end + translate_keepalive(hash, value) when :passwordauthentication if value (hash[:auth_methods] << 'password').uniq! diff --git a/test/test_config.rb b/test/test_config.rb index b75486b..e315c86 100644 --- a/test/test_config.rb +++ b/test/test_config.rb @@ -170,7 +170,23 @@ class TestConfig < NetSSHTest assert_equal 'MD5', net_ssh[:fingerprint_hash] assert_equal true, net_ssh[:keepalive] assert_equal '/dev/null', net_ssh[:user_known_hosts_file] - assert_equal false, net_ssh[:strict_host_key_checking] + assert_equal :never, net_ssh[:verify_host_key] + end + + def test_translate_should_turn_on_host_key_verification + open_ssh = { 'stricthostkeychecking' => true } + + net_ssh = Net::SSH::Config.translate(open_ssh) + + assert_equal :always, net_ssh[:verify_host_key] + end + + def test_translate_should_accept_new_host_key + open_ssh = { 'stricthostkeychecking' => 'accept-new' } + + net_ssh = Net::SSH::Config.translate(open_ssh) + + assert_equal :accept_new, net_ssh[:verify_host_key] end def test_translate_should_turn_off_authentication_methods @@ -202,9 +218,7 @@ class TestConfig < NetSSHTest end def test_translate_should_not_disable_keyboard_interactive_when_challange_or_keyboardinterective_is_on - open_ssh = { - 'kbdinteractiveauthentication' => false - } + open_ssh = { 'kbdinteractiveauthentication' => false } net_ssh = Net::SSH::Config.translate(open_ssh) assert_equal %w(keyboard-interactive none password publickey), net_ssh[:auth_methods].sort |