Sha256: cc83b39888aef8f18476a27121d6c4e14775dd2e6141540996dbbebc5b63f3f4
Contents?: true
Size: 1.67 KB
Versions: 3
Compression:
Stored size: 1.67 KB
Contents
require 'net/ssh/errors'
require 'net/ssh/known-hosts'
module Net
module SSH
class HostKeyVerifier
def verify(arguments)
host = canonize(arguments[:peer])
matches = Net::SSH::KnownHosts.search_for(host)
# we've never seen this host before, so just automatically add the key.
# not the most secure option (since the first hit might be the one that
# is hacked), but since almost nobody actually compares the key
# fingerprint, this is a reasonable compromise between usability and
# security.
if matches.empty?
Net::SSH::KnownHosts.add(host, arguments[:key])
return true
end
# If we found any matches, check to see that the key type and
# blob also match.
found = matches.any? do |key|
key.ssh_type == arguments[:key].ssh_type &&
key.to_blob == arguments[:key].to_blob
end
# If a match was found, return true. Otherwise, raise an exception
# indicating that the key was not recognized.
found || process_cache_miss(host, arguments)
end
private
def process_cache_miss(host, args)
exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{host.join(',')}")
exception.data = args
exception.callback = Proc.new { Net::SSH::KnownHosts.add(host, args[:key]) }
raise exception
end
def canonize(peer)
hosts = []
hosts << Net::SSH::KnownHosts.canonize(peer[:host], peer[:port])
hosts << Net::SSH::KnownHosts.canonize(peer[:ip], peer[:port])
hosts.compact
end
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| net-ssh-1.1.2 | lib/net/ssh/host-key-verifier.rb |
| net-ssh-1.1.3 | lib/net/ssh/host-key-verifier.rb |
| net-ssh-1.1.4 | lib/net/ssh/host-key-verifier.rb |