diff options
| author | Miklós Fazekas <mfazekas@szemafor.com> | 2021-08-06 08:40:07 +0200 |
|---|---|---|
| committer | Miklós Fazekas <mfazekas@szemafor.com> | 2021-08-06 11:27:27 +0200 |
| commit | 5d87ccae454b9c8867478788f97c885ac8188ddc (patch) | |
| tree | 5fc6ddc862af5eb0dc7efbcd804f345b901e008c | |
| parent | 51dc78feac5dc9df615ca0ef82e707951887411c (diff) | |
| download | net-ssh-5d87ccae454b9c8867478788f97c885ac8188ddc.tar.gz | |
Accept all cert host key algs
| -rw-r--r-- | .rubocop.yml | 5 | ||||
| -rw-r--r-- | Gemfile | 1 | ||||
| -rw-r--r-- | lib/net/ssh/known_hosts.rb | 3 | ||||
| -rw-r--r-- | test/integration/test_cert_host_auth.rb | 18 |
4 files changed, 19 insertions, 8 deletions
diff --git a/.rubocop.yml b/.rubocop.yml index 973c53d..d80105c 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,3 +1,8 @@ +AllCops: + Exclude: + - 'tryout/**/*' + NewCops: enable + inherit_from: .rubocop_todo.yml Style/DoubleNegation: @@ -8,7 +8,6 @@ gem 'byebug', group: %i[development test] if !Gem.win_platform? && RUBY_ENGINE = if ENV["CI"] gem 'codecov', require: false, group: :test gem 'simplecov', require: false, group: :test - gem 'x25519', github: 'RubyCrypto/x25519', ref: '60c0f2913460c7b13b516e4e887a5517a2bd9edd' end gem 'webrick', group: %i[development test] if RUBY_VERSION.split(".")[0].to_i >= 3 diff --git a/lib/net/ssh/known_hosts.rb b/lib/net/ssh/known_hosts.rb index fddbffd..b52bc6a 100644 --- a/lib/net/ssh/known_hosts.rb +++ b/lib/net/ssh/known_hosts.rb @@ -43,6 +43,9 @@ module Net ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com + ssh-ed25519-cert-v01@openssh.com + ssh-rsa-cert-v01@openssh.com + ssh-rsa-cert-v00@openssh.com ] end diff --git a/test/integration/test_cert_host_auth.rb b/test/integration/test_cert_host_auth.rb index 7bae3a9..fee5b2b 100644 --- a/test/integration/test_cert_host_auth.rb +++ b/test/integration/test_cert_host_auth.rb @@ -13,23 +13,27 @@ class TestCertHostAuth < NetSSHTest def setup_ssh_env(&block) tmpdir do |dir| + cert_type = "rsa" + # cert_type = "ssh-ed25519" + host_key_type = "ecdsa" + # host_key_type = "ed25519" + # create a cert, and sign the host key @cert = "#{dir}/ca" sh "rm -rf #{@cert} #{@cert}.pub" - sh "ssh-keygen -t rsa -N '' -C 'ca@hosts.netssh' -f #{@cert}" - FileUtils.cp "/etc/ssh/ssh_host_ecdsa_key.pub", "#{dir}/one.hosts.netssh.pub" + sh "ssh-keygen -t #{cert_type} -N '' -C 'ca@hosts.netssh' -f #{@cert} #{debug ? '' : '-q'}" + FileUtils.cp "/etc/ssh/ssh_host_#{host_key_type}_key.pub", "#{dir}/one.hosts.netssh.pub" Dir.chdir(dir) do - sh "ssh-keygen -s #{@cert} -h -I one.hosts.netssh -n one.hosts.netssh #{dir}/one.hosts.netssh.pub" - sh "ssh-keygen -L -f one.hosts.netssh-cert.pub" + sh "ssh-keygen -s #{@cert} -h -I one.hosts.netssh -n one.hosts.netssh #{debug ? '' : '-q'} #{dir}/one.hosts.netssh.pub" + sh "ssh-keygen -L -f one.hosts.netssh-cert.pub" if debug end - signed_host_key = "/etc/ssh/ssh_host_ecdsa_key-cert.pub" + signed_host_key = "/etc/ssh/ssh_host_#{host_key_type}_key-cert.pub" sh "sudo cp -f #{dir}/one.hosts.netssh-cert.pub #{signed_host_key}" # we don't use this for signing the cert @badcert = "#{dir}/badca" sh "rm -rf #{@badcert} #{@badcert}.pub" - sh "ssh-keygen -t rsa -N '' -C 'ca@hosts.netssh' -f #{@badcert}" - + sh "ssh-keygen -t #{cert_type} -N '' -C 'ca@hosts.netssh' -f #{@badcert} #{debug ? '' : '-q'}" yield(cert_pub: "#{@cert}.pub", badcert_pub: "#{@badcert}.pub", signed_host_key: signed_host_key) end end |