Sha256: cc83b39888aef8f18476a27121d6c4e14775dd2e6141540996dbbebc5b63f3f4

Contents?: true

Size: 1.67 KB

Versions: 3

Compression:

Stored size: 1.67 KB

Contents

require 'net/ssh/errors'
require 'net/ssh/known-hosts'

module Net
  module SSH

    class HostKeyVerifier
      def verify(arguments)
        host = canonize(arguments[:peer])
        matches = Net::SSH::KnownHosts.search_for(host)

        # we've never seen this host before, so just automatically add the key.
        # not the most secure option (since the first hit might be the one that
        # is hacked), but since almost nobody actually compares the key
        # fingerprint, this is a reasonable compromise between usability and
        # security.
        if matches.empty?
          Net::SSH::KnownHosts.add(host, arguments[:key])
          return true
        end

        # If we found any matches, check to see that the key type and
        # blob also match.
        found = matches.any? do |key|
          key.ssh_type == arguments[:key].ssh_type &&
          key.to_blob  == arguments[:key].to_blob
        end

        # If a match was found, return true. Otherwise, raise an exception
        # indicating that the key was not recognized.
        found || process_cache_miss(host, arguments)
      end

      private

        def process_cache_miss(host, args)
          exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{host.join(',')}")
          exception.data = args
          exception.callback = Proc.new { Net::SSH::KnownHosts.add(host, args[:key]) }
          raise exception
        end

        def canonize(peer)
          hosts = []
          hosts << Net::SSH::KnownHosts.canonize(peer[:host], peer[:port])
          hosts << Net::SSH::KnownHosts.canonize(peer[:ip], peer[:port])
          hosts.compact
        end
    end

  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version Path
net-ssh-1.1.2 lib/net/ssh/host-key-verifier.rb
net-ssh-1.1.3 lib/net/ssh/host-key-verifier.rb
net-ssh-1.1.4 lib/net/ssh/host-key-verifier.rb