Implements the higher-level logic behind an SSH key-exchange. It handles both the initial exchange, as well as subsequent re-exchanges (as needed). It also encapsulates the negotiation of the algorithms, and provides a single point of access to the negotiated algorithms.
You will never instantiate or reference this directly. It is used internally by the transport layer.
Methods
Public Class
Public Instance
Constants
| ALGORITHMS | = | { :host_key => %w(ssh-rsa ssh-dss ssh-rsa-cert-v01@openssh.com ssh-rsa-cert-v00@openssh.com), :kex => %w(diffie-hellman-group-exchange-sha1 diffie-hellman-group1-sha1 diffie-hellman-group14-sha1 diffie-hellman-group-exchange-sha256), :encryption => %w(aes128-cbc 3des-cbc blowfish-cbc cast128-cbc aes192-cbc aes256-cbc rijndael-cbc@lysator.liu.se idea-cbc none arcfour128 arcfour256 arcfour aes128-ctr aes192-ctr aes256-ctr camellia128-cbc camellia192-cbc camellia256-cbc camellia128-cbc@openssh.org camellia192-cbc@openssh.org camellia256-cbc@openssh.org camellia128-ctr camellia192-ctr camellia256-ctr camellia128-ctr@openssh.org camellia192-ctr@openssh.org camellia256-ctr@openssh.org cast128-ctr blowfish-ctr 3des-ctr aes256-gcm@openssh.com aes128-gcm@openssh.com ), :hmac => %w(hmac-sha1 hmac-md5 hmac-sha1-96 hmac-md5-96 hmac-ripemd160 hmac-ripemd160@openssh.com hmac-sha2-256 hmac-sha2-512 hmac-sha2-256-96 hmac-sha2-512-96 none hmac-sha2-512-etm@openssh.com hmac-sha2-256-etm@openssh.com umac-128-etm@openssh.com), :compression => %w(none zlib@openssh.com zlib), :language => %w() } |
Define the default algorithms, in order of preference, supported by Net::SSH. |
Attributes
| algorithms | [R] |
The hash of algorithms preferred by the client, which will be told to the server during algorithm negotiation. |
| compression_client | [R] |
The type of compression to use to compress packets being sent by the client. |
| compression_server | [R] |
The type of compression to use to decompress packets arriving from the server. |
| encryption_client | [R] |
The type of the cipher to use to encrypt packets sent from the client to the server. |
| encryption_server | [R] |
The type of the cipher to use to decrypt packets arriving from the server. |
| hmac_client | [R] |
The type of HMAC to use to sign packets sent by the client. |
| hmac_server | [R] |
The type of HMAC to use to validate packets arriving from the server. |
| host_key | [R] |
The type of host key that will be used for this session. |
| kex | [R] |
The kex algorithm to use settled on between the client and server. |
| language_client | [R] |
The language that will be used in messages sent by the client. |
| language_server | [R] |
The language that will be used in messages sent from the server. |
| options | [R] |
The hash of options used to initialize this object |
| session | [R] |
The underlying transport layer session that supports this object |
| session_id | [R] |
The session-id for this session, as decided during the initial key exchange. |
Public Class methods
Returns true if the given packet can be processed during a key-exchange.
# File lib/net/ssh/transport/algorithms.rb, line 114 def self.allowed_packet?(packet) ( 1.. 4).include?(packet.type) || ( 6..19).include?(packet.type) || (21..49).include?(packet.type) end
Instantiates a new Algorithms object, and prepares the hash of preferred algorithms based on the options parameter and the ALGORITHMS constant.
# File lib/net/ssh/transport/algorithms.rb, line 122 def initialize(session, options={}) @session = session @logger = session.logger @options = options @algorithms = {} @pending = @initialized = false @client_packet = @server_packet = nil prepare_preferred_algorithms! end
Public Instance methods
A convenience method for accessing the list of preferred types for a specific algorithm (see algorithms).
# File lib/net/ssh/transport/algorithms.rb, line 159 def [](key) algorithms[key] end
Called by the transport layer when a KEXINIT packet is recieved, indicating that the server wants to exchange keys. This can be spontaneous, or it can be in response to a client-initiated rekey request (see rekey!). Either way, this will block until the key exchange completes.
# File lib/net/ssh/transport/algorithms.rb, line 146 def accept_kexinit(packet) info { "got KEXINIT from server" } @server_data = parse_server_algorithm_packet(packet) @server_packet = @server_data[:raw] if !pending? send_kexinit else proceed! end end
Returns true if no exchange is pending, and otherwise returns true or false depending on whether the given packet is of a type that is allowed during a key exchange.
# File lib/net/ssh/transport/algorithms.rb, line 175 def allow?(packet) !pending? || Algorithms.allowed_packet?(packet) end
Returns true if the algorithms have been negotiated at all.
# File lib/net/ssh/transport/algorithms.rb, line 180 def initialized? @initialized end
Returns true if a key-exchange is pending. This will be true from the moment either the client or server requests the key exchange, until the exchange completes. While an exchange is pending, only a limited number of packets are allowed, so event processing essentially stops during this period.
# File lib/net/ssh/transport/algorithms.rb, line 168 def pending? @pending end
Request a rekey operation. This will return immediately, and does not actually perform the rekey operation. It does cause the session to change state, however--until the key exchange finishes, no new packets will be processed.
# File lib/net/ssh/transport/algorithms.rb, line 136 def rekey! @client_packet = @server_packet = nil @initialized = false send_kexinit end