Does a strict host verification, looking the server up in the known host files to see if a key has already been seen for this server. If this server does not appear in any host file, this will silently add the server. If the server does appear at least once, but the key given does not match any known for the server, an exception will be raised (HostKeyMismatch). Otherwise, this returns true.
Public instance methods
verify
(arguments)
[show source]
# File lib/net/ssh/verifiers/strict.rb, line 13 13: def verify(arguments) 14: options = arguments[:session].options 15: host = options[:host_key_alias] || arguments[:session].host_as_string 16: matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options) 17: 18: # we've never seen this host before, so just automatically add the key. 19: # not the most secure option (since the first hit might be the one that 20: # is hacked), but since almost nobody actually compares the key 21: # fingerprint, this is a reasonable compromise between usability and 22: # security. 23: if matches.empty? 24: ip = arguments[:session].peer[:ip] 25: Net::SSH::KnownHosts.add(host, arguments[:key], arguments[:session].options) 26: return true 27: end 28: 29: # If we found any matches, check to see that the key type and 30: # blob also match. 31: found = matches.any? do |key| 32: key.ssh_type == arguments[:key].ssh_type && 33: key.to_blob == arguments[:key].to_blob 34: end 35: 36: # If a match was found, return true. Otherwise, raise an exception 37: # indicating that the key was not recognized. 38: found || process_cache_miss(host, arguments) 39: end