class Net::SSH::Transport::Algorithms

Implements the higher-level logic behind an SSH key-exchange. It handles both the initial exchange, as well as subsequent re-exchanges (as needed). It also encapsulates the negotiation of the algorithms, and provides a single point of access to the negotiated algorithms.

You will never instantiate or reference this directly. It is used internally by the transport layer.

Constants

ALGORITHMS: Define all algorithms, with the deprecated, supported by Net::SSH.
DEFAULT_ALGORITHMS: Define the default algorithms, in order of preference, supported by Net::SSH.

Attributes

algorithms[R]

The hash of algorithms preferred by the client, which will be told to the server during algorithm negotiation.

compression_client[R]

The type of compression to use to compress packets being sent by the client.

compression_server[R]

The type of compression to use to decompress packets arriving from the server.

encryption_client[R]

The type of the cipher to use to encrypt packets sent from the client to the server.

encryption_server[R]

The type of the cipher to use to decrypt packets arriving from the server.

hmac_client[R]

The type of HMAC to use to sign packets sent by the client.

hmac_server[R]

The type of HMAC to use to validate packets arriving from the server.

host_key[R]

The type of host key that will be used for this session.

kex[R]

The kex algorithm to use settled on between the client and server.

language_client[R]

The language that will be used in messages sent by the client.

language_server[R]

The language that will be used in messages sent from the server.

options[R]

The hash of options used to initialize this object

session[R]

The underlying transport layer session that supports this object

session_id[R]

The session-id for this session, as decided during the initial key exchange.

Public Class Methods

allowed_packet?(packet) click to toggle source

Returns true if the given packet can be processed during a key-exchange.

# File lib/net/ssh/transport/algorithms.rb, line 138
def self.allowed_packet?(packet)
  (1..4).include?(packet.type) ||
  (6..19).include?(packet.type) ||
  (21..49).include?(packet.type)
end

new(session, options={}) click to toggle source

Instantiates a new Algorithms object, and prepares the hash of preferred algorithms based on the options parameter and the ALGORITHMS constant.

# File lib/net/ssh/transport/algorithms.rb, line 146
def initialize(session, options={})
  @session = session
  @logger = session.logger
  @options = options
  @algorithms = {}
  @pending = @initialized = false
  @client_packet = @server_packet = nil
  prepare_preferred_algorithms!
end

Public Instance Methods

[](key) click to toggle source

A convenience method for accessing the list of preferred types for a specific algorithm (see algorithms).

# File lib/net/ssh/transport/algorithms.rb, line 190
def [](key)
  algorithms[key]
end

accept_kexinit(packet) click to toggle source

Called by the transport layer when a KEXINIT packet is received, indicating that the server wants to exchange keys. This can be spontaneous, or it can be in response to a client-initiated rekey request (see rekey!). Either way, this will block until the key exchange completes.

# File lib/net/ssh/transport/algorithms.rb, line 177
def accept_kexinit(packet)
  info { "got KEXINIT from server" }
  @server_data = parse_server_algorithm_packet(packet)
  @server_packet = @server_data[:raw]
  if !pending?
    send_kexinit
  else
    proceed!
  end
end

allow?(packet) click to toggle source

Returns true if no exchange is pending, and otherwise returns true or false depending on whether the given packet is of a type that is allowed during a key exchange.

# File lib/net/ssh/transport/algorithms.rb, line 206
def allow?(packet)
  !pending? || Algorithms.allowed_packet?(packet)
end

host_key_format() click to toggle source

# File lib/net/ssh/transport/algorithms.rb, line 215
def host_key_format
  case host_key
  when /^([a-z0-9-]+)-cert-v\d{2}@openssh.com$/
    Regexp.last_match[1]
  else
    host_key
  end
end

initialized?() click to toggle source

Returns true if the algorithms have been negotiated at all.

# File lib/net/ssh/transport/algorithms.rb, line 211
def initialized?
  @initialized
end

pending?() click to toggle source

Returns true if a key-exchange is pending. This will be true from the moment either the client or server requests the key exchange, until the exchange completes. While an exchange is pending, only a limited number of packets are allowed, so event processing essentially stops during this period.

# File lib/net/ssh/transport/algorithms.rb, line 199
def pending?
  @pending
end

rekey!() click to toggle source

Request a rekey operation. This will return immediately, and does not actually perform the rekey operation. It does cause the session to change state, however–until the key exchange finishes, no new packets will be processed.

# File lib/net/ssh/transport/algorithms.rb, line 167
def rekey!
  @client_packet = @server_packet = nil
  @initialized = false
  send_kexinit
end

start() click to toggle source

Start the algorithm negotation

# File lib/net/ssh/transport/algorithms.rb, line 157
def start
  raise ArgumentError, "Cannot call start if it's negotiation started or done" if @pending || @initialized

  send_kexinit
end