diff options
| -rw-r--r-- | .travis.yml | 11 | ||||
| -rw-r--r-- | lib/net/ssh.rb | 4 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/agent/socket.rb | 2 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/key_manager.rb | 11 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/session.rb | 4 | ||||
| -rw-r--r-- | lib/net/ssh/config.rb | 28 | ||||
| -rw-r--r-- | lib/net/ssh/known_hosts.rb | 12 | ||||
| -rw-r--r-- | lib/net/ssh/transport/algorithms.rb | 17 | ||||
| -rw-r--r-- | test/authentication/test_key_manager.rb | 9 | ||||
| -rw-r--r-- | test/configs/auth_off | 3 | ||||
| -rw-r--r-- | test/test_config.rb | 30 | ||||
| -rw-r--r-- | test/transport/test_algorithms.rb | 43 |
12 files changed, 127 insertions, 47 deletions
diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..5fe80bd --- /dev/null +++ b/.travis.yml @@ -0,0 +1,11 @@ +language: ruby +rvm: + - "1.9.3" + - "2.0.0" + - "2.1.0" + + +install: gem install jeweler test-unit mocha + +script: rake test + diff --git a/lib/net/ssh.rb b/lib/net/ssh.rb index 00f9ae0..d9a1f57 100644 --- a/lib/net/ssh.rb +++ b/lib/net/ssh.rb @@ -68,7 +68,7 @@ module Net :rekey_blocks_limit,:rekey_limit, :rekey_packet_limit, :timeout, :verbose, :global_known_hosts_file, :user_known_hosts_file, :host_key_alias, :host_name, :user, :properties, :passphrase, :keys_only, :max_pkt_size, - :max_win_size, :send_env + :max_win_size, :send_env, :use_agent ] # The standard means of starting a new SSH connection. When used with a @@ -166,6 +166,8 @@ module Net # * :user_known_hosts_file => the location of the user known hosts file. # Set to an array to specify multiple user known hosts files. # Defaults to %w(~/.ssh/known_hosts ~/.ssh/known_hosts2). + # * :use_agent => Set false to disable the use of ssh-agent. Defaults to + # true # * :verbose => how verbose to be (Logger verbosity constants, Logger::DEBUG # is very verbose, Logger::FATAL is all but silent). Logger::FATAL is the # default. The symbols :debug, :info, :warn, :error, and :fatal are also diff --git a/lib/net/ssh/authentication/agent/socket.rb b/lib/net/ssh/authentication/agent/socket.rb index 0bb43a1..c80099e 100644 --- a/lib/net/ssh/authentication/agent/socket.rb +++ b/lib/net/ssh/authentication/agent/socket.rb @@ -77,6 +77,8 @@ module Net; module SSH; module Authentication if type == SSH2_AGENT_VERSION_RESPONSE raise AgentNotAvailable, "SSH2 agents are not yet supported" + elsif type == SSH2_AGENT_FAILURE + debug { "Unexpected response type==#{type}, this will be ignored" } elsif type != SSH_AGENT_RSA_IDENTITIES_ANSWER1 && type != SSH_AGENT_RSA_IDENTITIES_ANSWER2 raise AgentNotAvailable, "unknown response from agent: #{type}, #{body.to_s.inspect}" end diff --git a/lib/net/ssh/authentication/key_manager.rb b/lib/net/ssh/authentication/key_manager.rb index dc9480b..9847750 100644 --- a/lib/net/ssh/authentication/key_manager.rb +++ b/lib/net/ssh/authentication/key_manager.rb @@ -37,13 +37,13 @@ module Net attr_reader :options # Create a new KeyManager. By default, the manager will - # use the ssh-agent if it is running and the `:keys_only` option - # is not true. + # use the ssh-agent if it is running and the `:use_agent` option + # is not false. def initialize(logger, options={}) self.logger = logger @key_files = [] @key_data = [] - @use_agent = !options[:keys_only] + @use_agent = !(options[:use_agent] == false) @known_identities = {} @agent = nil @options = options @@ -92,8 +92,9 @@ module Net # ssh-agent. Note that identities from an ssh-agent are always listed # first in the array, with other identities coming after. # - # If key manager was created with :keys_only option, no identities - # from ssh-agent will be loaded. + # If key manager was created with :keys_only option, any identity + # from ssh-agent will be ignored unless it present in key_files or + # key_data. def each_identity prepared_identities = prepare_identities_from_files + prepare_identities_from_data diff --git a/lib/net/ssh/authentication/session.rb b/lib/net/ssh/authentication/session.rb index c63bf41..5ac2cdc 100644 --- a/lib/net/ssh/authentication/session.rb +++ b/lib/net/ssh/authentication/session.rb @@ -133,8 +133,8 @@ module Net; module SSH; module Authentication # by system default. def default_keys if defined?(OpenSSL::PKey::EC) - %w(~/.ssh/id_dsa ~/.ssh/id_rsa ~/.ssh/id_ecdsa - ~/.ssh2/id_dsa ~/.ssh2/id_rsa ~/.ssh2/id_ecdsa) + %w(~/.ssh/id_ed25519 ~/.ssh/id_rsa ~/.ssh/id_dsa ~/.ssh/id_ecdsa + ~/.ssh2/id_ed25519 ~/.ssh2/id_rsa ~/.ssh2/id_dsa ~/.ssh2/id_ecdsa) else %w(~/.ssh/id_dsa ~/.ssh/id_rsa ~/.ssh2/id_dsa ~/.ssh2/id_rsa) end diff --git a/lib/net/ssh/config.rb b/lib/net/ssh/config.rb index 4798344..fb605b2 100644 --- a/lib/net/ssh/config.rb +++ b/lib/net/ssh/config.rb @@ -8,7 +8,8 @@ module Net; module SSH # # Only a subset of OpenSSH configuration options are understood: # - # * ChallengeResponseAuthentication => maps to the :auth_methods option + # * ChallengeResponseAuthentication => maps to the :auth_methods option challenge-response (then coleasced into keyboard-interactive) + # * KbdInteractiveAuthentication => maps to the :auth_methods keyboard-interactive # * Ciphers => maps to the :encryption option # * Compression => :compression # * CompressionLevel => :compression_level @@ -22,7 +23,7 @@ module Net; module SSH # * IdentityFile => maps to the :keys option # * IdentitiesOnly => :keys_only # * Macs => maps to the :hmac option - # * PasswordAuthentication => maps to the :auth_methods option + # * PasswordAuthentication => maps to the :auth_methods option password # * Port => :port # * PreferredAuthentications => maps to the :auth_methods option # * ProxyCommand => maps to the :proxy option @@ -73,8 +74,6 @@ module Net; module SSH file = File.expand_path(path) return settings unless File.readable?(file) - settings[:auth_methods] ||= default_auth_methods.clone - globals = {} matched_host = nil multi_host = [] @@ -133,7 +132,9 @@ module Net; module SSH # +settings+ hash must have Strings for keys, all downcased, and # the returned hash will have Symbols for keys. def translate(settings) - settings.inject({}) do |hash, (key, value)| + auth_methods = default_auth_methods.clone + (auth_methods << 'challenge-response').uniq! + ret = settings.inject({:auth_methods=>auth_methods}) do |hash, (key, value)| case key when 'bindaddress' then hash[:bind_address] = value @@ -175,6 +176,12 @@ module Net; module SSH end when 'challengeresponseauthentication' if value + (hash[:auth_methods] << 'challenge-response').uniq! + else + hash[:auth_methods].delete('challenge-response') + end + when 'kbdinteractiveauthentication' + if value (hash[:auth_methods] << 'keyboard-interactive').uniq! else hash[:auth_methods].delete('keyboard-interactive') @@ -182,7 +189,7 @@ module Net; module SSH when 'port' hash[:port] = value when 'preferredauthentications' - hash[:auth_methods] = value.split(/,/) + hash[:auth_methods] = value.split(/,/) # TODO we should place to preferred_auth_methods rather than auth_methods when 'proxycommand' if value and !(value =~ /^none$/) require 'net/ssh/proxy/command' @@ -206,6 +213,7 @@ module Net; module SSH end hash end + merge_challenge_response_with_keyboard_interactive(ret) end private @@ -229,6 +237,14 @@ module Net; module SSH else size.to_i end end + + def merge_challenge_response_with_keyboard_interactive(hash) + if hash[:auth_methods].include?('challenge-response') + hash[:auth_methods].delete('challenge-response') + (hash[:auth_methods] << 'keyboard-interactive').uniq! + end + hash + end end end diff --git a/lib/net/ssh/known_hosts.rb b/lib/net/ssh/known_hosts.rb index f91131e..7ee253a 100644 --- a/lib/net/ssh/known_hosts.rb +++ b/lib/net/ssh/known_hosts.rb @@ -15,9 +15,17 @@ module Net; module SSH SUPPORTED_TYPE = %w(ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 - ecdsa-sha2-nistp521) + ecdsa-sha2-nistp521 + ssh-ed25519-cert-v01@openssh.com + ssh-rsa-cert-v01@openssh.com + ssh-rsa-cert-v00@openssh.com + ssh-ed25519 + ) else - SUPPORTED_TYPE = %w(ssh-rsa ssh-dss) + SUPPORTED_TYPE = %w(ssh-rsa ssh-dss + ssh-rsa-cert-v01@openssh.com + ssh-rsa-cert-v00@openssh.com + ) end diff --git a/lib/net/ssh/transport/algorithms.rb b/lib/net/ssh/transport/algorithms.rb index d34e1ea..f4aec2f 100644 --- a/lib/net/ssh/transport/algorithms.rb +++ b/lib/net/ssh/transport/algorithms.rb @@ -22,7 +22,9 @@ module Net; module SSH; module Transport # Define the default algorithms, in order of preference, supported by # Net::SSH. ALGORITHMS = { - :host_key => %w(ssh-rsa ssh-dss), + :host_key => %w(ssh-rsa ssh-dss + ssh-rsa-cert-v01@openssh.com + ssh-rsa-cert-v00@openssh.com), :kex => %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 @@ -40,21 +42,28 @@ module Net; module SSH; module Transport camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr + aes256-gcm@openssh.com aes128-gcm@openssh.com ), :hmac => %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 - hmac-sha2-512-96 none), + hmac-sha2-512-96 none + hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com + umac-128-etm@openssh.com), + :compression => %w(none zlib@openssh.com zlib), :language => %w() } if defined?(OpenSSL::PKey::EC) ALGORITHMS[:host_key] += %w(ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 - ecdsa-sha2-nistp521) + ecdsa-sha2-nistp521 + ssh-ed25519-cert-v01@openssh.com + ssh-ed25519) ALGORITHMS[:kex] += %w(ecdh-sha2-nistp256 ecdh-sha2-nistp384 - ecdh-sha2-nistp521) + ecdh-sha2-nistp521 + curve25519-sha256@libssh.org) end # The underlying transport layer session that supports this object diff --git a/test/authentication/test_key_manager.rb b/test/authentication/test_key_manager.rb index 73423a1..1ebaf0f 100644 --- a/test/authentication/test_key_manager.rb +++ b/test/authentication/test_key_manager.rb @@ -30,8 +30,12 @@ module Authentication assert !manager.use_agent? end - def test_use_agent_is_false_if_keys_only - assert !manager(:keys_only => true).use_agent? + def test_agent_should_be_used_by_default + assert manager().use_agent? + end + + def test_agent_should_not_be_used_with_no_agent + assert !manager(:use_agent => false).use_agent? end def test_each_identity_should_load_from_key_files @@ -101,6 +105,7 @@ module Authentication assert_equal rsa.to_blob, identities.first.to_blob assert_equal({:from => :agent}, manager.known_identities[rsa]) + assert manager.use_agent? end def test_identities_without_public_key_files_should_not_be_touched_if_identity_loaded_from_agent diff --git a/test/configs/auth_off b/test/configs/auth_off index 6b1b6ef..cf13bd5 100644 --- a/test/configs/auth_off +++ b/test/configs/auth_off @@ -1,4 +1,5 @@ HostBasedAuthentication no PasswordAuthentication no PubKeyAuthentication no -ChallengeResponseAuthentication no
\ No newline at end of file +ChallengeResponseAuthentication no +KbdInteractiveAuthentication no diff --git a/test/test_config.rb b/test/test_config.rb index cb462de..761299d 100644 --- a/test/test_config.rb +++ b/test/test_config.rb @@ -112,7 +112,8 @@ class TestConfig < Test::Unit::TestCase 'hostbasedauthentication' => false, 'passwordauthentication' => false, 'pubkeyauthentication' => false, - 'challengeresponseauthentication' => false + 'challengeresponseauthentication' => false, + 'kbdinteractiveauthentication' => false } net_ssh = Net::SSH::Config.translate(open_ssh) @@ -125,7 +126,8 @@ class TestConfig < Test::Unit::TestCase 'hostbasedauthentication' => true, 'passwordauthentication' => true, 'pubkeyauthentication' => true, - 'challengeresponseauthentication' => true + 'challengeresponseauthentication' => true, + 'kbdinteractiveauthentication' => true } net_ssh = Net::SSH::Config.translate(open_ssh) @@ -133,6 +135,30 @@ class TestConfig < Test::Unit::TestCase assert_equal %w(hostbased keyboard-interactive none password publickey), net_ssh[:auth_methods].sort end + def test_translate_should_not_disable_keyboard_interactive_when_challange_or_keyboardinterective_is_on + open_ssh = { + 'kbdinteractiveauthentication' => false + } + net_ssh = Net::SSH::Config.translate(open_ssh) + assert_equal %w(keyboard-interactive none password publickey), net_ssh[:auth_methods].sort + + open_ssh = { + 'challengeresponseauthentication' => false + } + net_ssh = Net::SSH::Config.translate(open_ssh) + assert_equal %w(keyboard-interactive none password publickey), net_ssh[:auth_methods].sort + end + + def test_should_ddisable_keyboard_interactive_when_challeng_and_keyboardinteractive_is_off + open_ssh = { + 'challengeresponseauthentication' => false, + 'kbdinteractiveauthentication' => false + } + + net_ssh = Net::SSH::Config.translate(open_ssh) + assert_equal %w(none password publickey), net_ssh[:auth_methods].sort + end + def test_for_should_turn_off_authentication_methods config = Net::SSH::Config.for("test.host", [config(:empty), config(:auth_off), config(:auth_on)]) assert_equal %w(none), config[:auth_methods].sort diff --git a/test/transport/test_algorithms.rb b/test/transport/test_algorithms.rb index fcf8385..47d5ed5 100644 --- a/test/transport/test_algorithms.rb +++ b/test/transport/test_algorithms.rb @@ -18,18 +18,17 @@ module Transport def test_constructor_should_build_default_list_of_preferred_algorithms if defined?(OpenSSL::PKey::EC) - assert_equal %w(ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521), algorithms[:host_key] - assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521), algorithms[:kex] + assert_equal %w(ssh-rsa ssh-dss ssh-rsa-cert-v01@openssh.com ssh-rsa-cert-v00@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519-cert-v01@openssh.com ssh-ed25519), algorithms[:host_key] + assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256@libssh.org), algorithms[:kex] else - assert_equal %w(ssh-rsa ssh-dss), algorithms[:host_key] - assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256), algorithms[:kex] + assert_equal %w(ssh-rsa ssh-dss ssh-rsa-cert-v01@openssh.com ssh-rsa-cert-v00@openssh.com), algorithms[:host_key] + assert_equal %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256 aes256-gcm@openssh.com aes128-gcm@openssh.com), algorithms[:kex] end - assert_equal %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr), algorithms[:encryption] + assert_equal %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr aes256-gcm@openssh.com aes128-gcm@openssh.com), algorithms[:encryption] if defined?(OpenSSL::Digest::SHA256) - assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms[:hmac] + assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com umac-128-etm@openssh.com), algorithms[:hmac] else - assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com none), algorithms[:hmac] - end + assert_equal %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com none umac-128-etm@openssh.com), algorithms[:hmac] end assert_equal %w(none zlib@openssh.com zlib), algorithms[:compression] assert_equal %w(), algorithms[:language] end @@ -43,16 +42,16 @@ module Transport def test_constructor_with_preferred_host_key_type_should_put_preferred_host_key_type_first if defined?(OpenSSL::PKey::EC) - assert_equal %w(ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521), algorithms(:host_key => "ssh-dss")[:host_key] + assert_equal %w(ssh-dss ssh-rsa ssh-rsa-cert-v01@openssh.com ssh-rsa-cert-v00@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519-cert-v01@openssh.com ssh-ed25519), algorithms(:host_key => "ssh-dss")[:host_key] else - assert_equal %w(ssh-dss ssh-rsa), algorithms(:host_key => "ssh-dss")[:host_key] + assert_equal %w(ssh-dss ssh-rsa ssh-rsa-cert-v01@openssh.com ssh-rsa-cert-v00@openssh.com), algorithms(:host_key => "ssh-dss")[:host_key] end end def test_constructor_with_known_hosts_reporting_known_host_key_should_use_that_host_key_type Net::SSH::KnownHosts.expects(:search_for).with("net.ssh.test,127.0.0.1", {}).returns([stub("key", :ssh_type => "ssh-dss")]) if defined?(OpenSSL::PKey::EC) - assert_equal %w(ssh-dss ssh-rsa ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521), algorithms[:host_key] + assert_equal %w(ssh-dss ssh-rsa ssh-rsa-cert-v01@openssh.com ssh-rsa-cert-v00@openssh.com ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519-cert-v01@openssh.com ssh-ed25519), algorithms[:host_key] else assert_equal %w(ssh-dss ssh-rsa), algorithms[:host_key] end @@ -64,7 +63,7 @@ module Transport def test_constructor_with_preferred_kex_should_put_preferred_kex_first if defined?(OpenSSL::PKey::EC) - assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex] + assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256 ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 curve25519-sha256@libssh.org), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex] else assert_equal %w(diffie-hellman-group1-sha1 diffie-hellman-group-exchange-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256), algorithms(:kex => "diffie-hellman-group1-sha1")[:kex] end @@ -75,11 +74,11 @@ module Transport end def test_constructor_with_preferred_encryption_should_put_preferred_encryption_first - assert_equal %w(aes256-cbc aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr), algorithms(:encryption => "aes256-cbc")[:encryption] + assert_equal %w(aes256-cbc aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr aes256-gcm@openssh.com aes128-gcm@openssh.com), algorithms(:encryption => "aes256-cbc")[:encryption] end def test_constructor_with_multiple_preferred_encryption_should_put_all_preferred_encryption_first - assert_equal %w(aes256-cbc 3des-cbc idea-cbc aes128-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr), algorithms(:encryption => %w(aes256-cbc 3des-cbc idea-cbc))[:encryption] + assert_equal %w(aes256-cbc 3des-cbc idea-cbc aes128-cbc blowfish-cbc cast128-cbc aes192-cbc rijndael-cbc@lysator.liu.se none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr aes256-gcm@openssh.com aes128-gcm@openssh.com), algorithms(:encryption => %w(aes256-cbc 3des-cbc idea-cbc))[:encryption] end def test_constructor_with_unrecognized_encryption_should_raise_exception @@ -87,11 +86,11 @@ module Transport end def test_constructor_with_preferred_hmac_should_put_preferred_hmac_first - assert_equal %w(hmac-md5-96 hmac-sha1 hmac-md5 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms(:hmac => "hmac-md5-96")[:hmac] + assert_equal %w(hmac-md5-96 hmac-sha1 hmac-md5 hmac-sha1-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com umac-128-etm@openssh.com), algorithms(:hmac => "hmac-md5-96")[:hmac] end def test_constructor_with_multiple_preferred_hmac_should_put_all_preferred_hmac_first - assert_equal %w(hmac-md5-96 hmac-sha1-96 hmac-sha1 hmac-md5 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none), algorithms(:hmac => %w(hmac-md5-96 hmac-sha1-96))[:hmac] + assert_equal %w(hmac-md5-96 hmac-sha1-96 hmac-sha1 hmac-md5 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com umac-128-etm@openssh.com), algorithms(:hmac => %w(hmac-md5-96 hmac-sha1-96))[:hmac] end def test_constructor_with_unrecognized_hmac_should_raise_exception @@ -290,16 +289,16 @@ module Transport assert_equal KEXINIT, buffer.type assert_equal 16, buffer.read(16).length if defined?(OpenSSL::PKey::EC) - assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521", buffer.read_string - assert_equal options[:host_key] || "ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521", buffer.read_string + assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256@libssh.org", buffer.read_string + assert_equal options[:host_key] || "ssh-rsa,ssh-dss,ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ssh-ed25519", buffer.read_string else assert_equal options[:kex] || "diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha256", buffer.read_string assert_equal options[:host_key] || "ssh-rsa,ssh-dss", buffer.read_string end - assert_equal options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256,arcfour,aes128-ctr,aes192-ctr,aes256-ctr,camellia128-cbc,camellia192-cbc,camellia256-cbc,camellia128-cbc@openssh.org,camellia192-cbc@openssh.org,camellia256-cbc@openssh.org,camellia128-ctr,camellia192-ctr,camellia256-ctr,camellia128-ctr@openssh.org,camellia192-ctr@openssh.org,camellia256-ctr@openssh.org,cast128-ctr,blowfish-ctr,3des-ctr", buffer.read_string - assert_equal options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256,arcfour,aes128-ctr,aes192-ctr,aes256-ctr,camellia128-cbc,camellia192-cbc,camellia256-cbc,camellia128-cbc@openssh.org,camellia192-cbc@openssh.org,camellia256-cbc@openssh.org,camellia128-ctr,camellia192-ctr,camellia256-ctr,camellia128-ctr@openssh.org,camellia192-ctr@openssh.org,camellia256-ctr@openssh.org,cast128-ctr,blowfish-ctr,3des-ctr", buffer.read_string - assert_equal options[:hmac_client] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none", buffer.read_string - assert_equal options[:hmac_server] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none", buffer.read_string + assert_equal options[:encryption_client] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256,arcfour,aes128-ctr,aes192-ctr,aes256-ctr,camellia128-cbc,camellia192-cbc,camellia256-cbc,camellia128-cbc@openssh.org,camellia192-cbc@openssh.org,camellia256-cbc@openssh.org,camellia128-ctr,camellia192-ctr,camellia256-ctr,camellia128-ctr@openssh.org,camellia192-ctr@openssh.org,camellia256-ctr@openssh.org,cast128-ctr,blowfish-ctr,3des-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com", buffer.read_string + assert_equal options[:encryption_server] || "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,idea-cbc,none,arcfour128,arcfour256,arcfour,aes128-ctr,aes192-ctr,aes256-ctr,camellia128-cbc,camellia192-cbc,camellia256-cbc,camellia128-cbc@openssh.org,camellia192-cbc@openssh.org,camellia256-cbc@openssh.org,camellia128-ctr,camellia192-ctr,camellia256-ctr,camellia128-ctr@openssh.org,camellia192-ctr@openssh.org,camellia256-ctr@openssh.org,cast128-ctr,blowfish-ctr,3des-ctr,aes256-gcm@openssh.com,aes128-gcm@openssh.com", buffer.read_string + assert_equal options[:hmac_client] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com", buffer.read_string + assert_equal options[:hmac_server] || "hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha2-256-96,hmac-sha2-512-96,none,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com", buffer.read_string assert_equal options[:compression_client] || "none,zlib@openssh.com,zlib", buffer.read_string assert_equal options[:compression_server] || "none,zlib@openssh.com,zlib", buffer.read_string assert_equal options[:language_client] || "", buffer.read_string |