Implements the higher-level logic behind an SSH key-exchange. It handles both the initial exchange, as well as subsequent re-exchanges (as needed). It also encapsulates the negotiation of the algorithms, and provides a single point of access to the negotiated algorithms.
You will never instantiate or reference this directly. It is used internally by the transport layer.
Methods
public class
public instance
Constants
| ALGORITHMS | = | { :host_key => %w(ssh-rsa ssh-dss), :kex => %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1), :encryption => %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256), :hmac => %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 none), :compression => %w(none zlib@openssh.com zlib), :language => %w() } | Define the default algorithms, in order of preference, supported by Net::SSH. |
Attributes
| algorithms | [R] | The hash of algorithms preferred by the client, which will be told to the server during algorithm negotiation. |
| compression_client | [R] | The type of compression to use to compress packets being sent by the client. |
| compression_server | [R] | The type of compression to use to decompress packets arriving from the server. |
| encryption_client | [R] | The type of the cipher to use to encrypt packets sent from the client to the server. |
| encryption_server | [R] | The type of the cipher to use to decrypt packets arriving from the server. |
| hmac_client | [R] | The type of HMAC to use to sign packets sent by the client. |
| hmac_server | [R] | The type of HMAC to use to validate packets arriving from the server. |
| host_key | [R] | The type of host key that will be used for this session. |
| kex | [R] | The kex algorithm to use settled on between the client and server. |
| language_client | [R] | The language that will be used in messages sent by the client. |
| language_server | [R] | The language that will be used in messages sent from the server. |
| options | [R] | The hash of options used to initialize this object |
| session | [R] | The underlying transport layer session that supports this object |
| session_id | [R] | The session-id for this session, as decided during the initial key exchange. |
Public class methods
Returns true if the given packet can be processed during a key-exchange.
# File lib/net/ssh/transport/algorithms.rb, line 81 81: def self.allowed_packet?(packet) 82: ( 1.. 4).include?(packet.type) || 83: ( 6..19).include?(packet.type) || 84: (21..49).include?(packet.type) 85: end
Instantiates a new Algorithms object, and prepares the hash of preferred algorithms based on the options parameter and the ALGORITHMS constant.
# File lib/net/ssh/transport/algorithms.rb, line 89 89: def initialize(session, options={}) 90: @session = session 91: @logger = session.logger 92: @options = options 93: @algorithms = {} 94: @pending = @initialized = false 95: @client_packet = @server_packet = nil 96: prepare_preferred_algorithms! 97: end
Public instance methods
A convenience method for accessing the list of preferred types for a specific algorithm (see algorithms).
# File lib/net/ssh/transport/algorithms.rb, line 126 126: def [](key) 127: algorithms[key] 128: end
Called by the transport layer when a KEXINIT packet is recieved, indicating that the server wants to exchange keys. This can be spontaneous, or it can be in response to a client-initiated rekey request (see rekey!). Either way, this will block until the key exchange completes.
# File lib/net/ssh/transport/algorithms.rb, line 113 113: def accept_kexinit(packet) 114: info { "got KEXINIT from server" } 115: @server_data = parse_server_algorithm_packet(packet) 116: @server_packet = @server_data[:raw] 117: if !pending? 118: send_kexinit 119: else 120: proceed! 121: end 122: end
Returns true if no exchange is pending, and otherwise returns true or false depending on whether the given packet is of a type that is allowed during a key exchange.
# File lib/net/ssh/transport/algorithms.rb, line 142 142: def allow?(packet) 143: !pending? || Algorithms.allowed_packet?(packet) 144: end
Returns true if the algorithms have been negotiated at all.
# File lib/net/ssh/transport/algorithms.rb, line 147 147: def initialized? 148: @initialized 149: end
Returns true if a key-exchange is pending. This will be true from the moment either the client or server requests the key exchange, until the exchange completes. While an exchange is pending, only a limited number of packets are allowed, so event processing essentially stops during this period.
# File lib/net/ssh/transport/algorithms.rb, line 135 135: def pending? 136: @pending 137: end
Request a rekey operation. This will return immediately, and does not actually perform the rekey operation. It does cause the session to change state, however—until the key exchange finishes, no new packets will be processed.
# File lib/net/ssh/transport/algorithms.rb, line 103 103: def rekey! 104: @client_packet = @server_packet = nil 105: @initialized = false 106: send_kexinit 107: end