| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
This code is taken from https://github.com/nov/json-jwt/pull/102/files
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The OpenSSL 3.0 changes don't allow for us to modify the private key
details directly, and there are no dedicated constructors as of Ruby
3.0, so we need to actually create a PEM certificate in-memory and load
that instead.
To add insult to injury, contrary to other types of keys such as RSA, we
need to actually build the full PEM data and not just pack the numbers
in a simple sequence, making the code even a bit more complicated.
Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
|
| |
|
|
|
|
|
|
|
| |
The OpenSSL 3.0 changes don't allow for us to modify the private key
details directly, and there are no dedicated constructors as of Ruby
3.0, so we need to actually create a PEM certificate in-memory and load
that instead.
Co-authored-by: Lucas Kanashiro <lucas.kanashiro@canonical.com>
|
| |
|
|
| |
Fixes #657.
|
| |
|
|
| |
Lot of spacing issues :)
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
defined?(OpenSSL::Digest::SHA256)
Signed-off-by: Florian Wininger <fw.centrale@gmail.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This adds support for parsing and signing SSH certificates, and for using
SSH certificates as identities when authenticating, via a "-cert.pub" file.
This does not add support for authenticating host certificates. Supporting
that requires understanding @cert-authority in known_hosts, and validating
the hostname against the certificate principals.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Prior to this change, attempting to send UTF8 commands through
SSH, or attempting to copy files with UTF8 filenames could fail.
This was particularly easy to trigger by attempting to execute
commands that were 128 bytes or longer.
- monkey patch net-ssh gem to allow UTF-8 strings >= 128 bytes
The buffer @content is often built as a UTF-8 string, until the
point at which it appends data that cannot be encoded as a UTF-8
sequence.
One case occurs when the call to write_string is made to append a
string that exceeds 127 bytes in length. The SSH2 format says
that strings must be length prefixed, and when the value [128]
has pack("N*") called against it, the resultant 4 byte network
order representation does not have a valid UTF-8 equivalent,
resulting in an ASCII-8BIT / BINARY string.
[127].pack('N*').encode('utf-8')
=> "\u0000\u0000\u0000\u007F"
[128].pack('N*').encode('utf-8')
Encoding::UndefinedConversionError: "\x80" from ASCII-8BIT to UTF-8
Ruby has a subtle behavior where appending a BINARY string to
an existing UTF-8 string is allowed and the resultant string
changes encoding to BINARY. However, once this has happened,
the string can no longer have UTF-8 encoded strings appended as
Ruby will raise an Encoding:CompatibilityError
Appending BINARY to UTF-8 always creates BINARY:
"foo".encode('utf-8') << [128].pack('N*')
=> "foo\x00\x00\x00\x80"
Appending UTF-8 representable strings to existing strings:
Ruby 2.1.7 keeps the string as its default UTF-8
"foo" << [127].pack('N*')
=> "foo\u0000\u0000\u0000\u007F"
Ruby 1.9.3 keeps UTF-8 strings as UTF-8
"foo".encode('utf-8') << [127].pack('N*')
=> "foo\u0000\u0000\u0000\u007F"
Ruby 1.9.3 defaults to US-ASCII which changes it to BINARY
pry(main)> "foo" << [127].pack('N*')
=> "foo\x00\x00\x00\x7F"
The simple solution is to call force_encoding on UTF-8 strings
prior to appending them to @content, given it's always OK to
append ASCII-8BIT / BINARY strings to existing strings, but
appending UTF-8 to BINARY raises errors.
"\x80".force_encoding('ASCII-8BIT') << "\u16A0"
Encoding::CompatibilityError: incompatible character encodings: ASCII-8BIT and UTF-8
force_encoding in this case, will simply translate a valid UTF-8
string to its BINARY equivalent
"\u16A0".force_encoding('BINARY')
=> "\xE1\x9A\xA0"
Correct conversion per http://www.fileformat.info/info/unicode/char/16a0/index.htm
|
| | |
|
| | |
|
| |
|
|
| |
This reverts commit 16398e414cdcf59939c31357c136a188fd10ecab.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This does not implement certificate based authentication (described here
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.certkeys?rev=HEAD)
but instead makes it so that if the certificate is not needed for
authentication net-ssh doesn't cause the entire application to die.
The net-ssh test suite continues to pass. On my own machine I did tests
with certificates loaded and verified that although authentication could
not proceed to a host requiring a certificate it at least did not die.
I also verified that I can continue to use normal rsa and dsa keys to
ssh to hosts that do not require certificates even when the certificates
are loaded into my ssh-agent instance.
This is a potential solution to issue #124 and an alternative to the one
presented in pull request #134.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, UTF-8 encoded strings would result in the error:
`final': data not multiple of block length (OpenSSL::Cipher::CipherError)
This is because cipher padding length was based on character length
instead of bytesize. When a UTF-8 character with a bytesize of e.g. 3
was encountered, Net::SSH would incorrectly add 2 more padding than was
needed, breaking the block size multiple.
Buffer also incorrectly identified the length of the string in
write_string using character length instead of bytesize.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Key Exchange
* diffie-hellman-group14-sha1
* ecdh-sha2-nistp{256,384,521}
* Host Key
* ecdsa-sha2-nistp{256,384,521}
* Authentication
* ecdsa-sha2-nistp{256,384,521}
* HMAC
* hmac-ripemd160
* Cipher:
* aes{128,192,256}-ctr
* camellia{128,192,256}-ctr
* blowfish-ctr
* cast128-ctr
* 3des-ctr
* arcfour (has problems with weak keys, and should be used with caution)
* camellia{128,192,256}-cbc
|
| | |
|
| | |
|
| |
|
|
| |
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@190 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
| |
|
|
| |
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@183 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
| |
|
|
| |
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@177 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
| |
|
|
| |
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@173 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
| |
|
|
| |
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@158 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
| |
|
|
|
|
| |
make sure channel.close doesn't blow up if the channel has not been confirmed open yet
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@136 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
| |
|
|
|
|
| |
blocking on the select. fix the extended_data callback to use the correct parameters.
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@134 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
| |
|
|
| |
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@132 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
| |
|
|
| |
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@121 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
| |
|
|
| |
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@119 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
| |
|
|
| |
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@118 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
|
|
git-svn-id: http://svn.jamisbuck.org/net-ssh/branches/v2@117 1d2a57f2-1ded-0310-ad52-83097a15a5de
|
