class Net::SSH::Transport::Algorithms
Implements the higher-level logic behind an SSH
key-exchange. It handles both the initial exchange, as well as subsequent re-exchanges (as needed). It also encapsulates the negotiation of the algorithms, and provides a single point of access to the negotiated algorithms.
You will never instantiate or reference this directly. It is used internally by the transport layer.
Constants
- ALGORITHMS
Define the default algorithms, in order of preference, supported by
Net::SSH
.
Attributes
The hash of algorithms preferred by the client, which will be told to the server during algorithm negotiation.
The type of compression to use to compress packets being sent by the client.
The type of compression to use to decompress packets arriving from the server.
The type of the cipher to use to encrypt packets sent from the client to the server.
The type of the cipher to use to decrypt packets arriving from the server.
The type of HMAC
to use to sign packets sent by the client.
The type of HMAC
to use to validate packets arriving from the server.
The type of host key that will be used for this session.
The kex algorithm to use settled on between the client and server.
The language that will be used in messages sent by the client.
The language that will be used in messages sent from the server.
The hash of options used to initialize this object
The underlying transport layer session that supports this object
The session-id for this session, as decided during the initial key exchange.
Public Class Methods
Returns true if the given packet can be processed during a key-exchange.
# File lib/net/ssh/transport/algorithms.rb, line 105 def self.allowed_packet?(packet) (1..4).include?(packet.type) || (6..19).include?(packet.type) || (21..49).include?(packet.type) end
Instantiates a new Algorithms
object, and prepares the hash of preferred algorithms based on the options parameter and the ALGORITHMS
constant.
# File lib/net/ssh/transport/algorithms.rb, line 113 def initialize(session, options={}) @session = session @logger = session.logger @options = options @algorithms = {} @pending = @initialized = false @client_packet = @server_packet = nil prepare_preferred_algorithms! end
Public Instance Methods
A convenience method for accessing the list of preferred types for a specific algorithm (see algorithms
).
# File lib/net/ssh/transport/algorithms.rb, line 156 def [](key) algorithms[key] end
Called by the transport layer when a KEXINIT packet is received, indicating that the server wants to exchange keys. This can be spontaneous, or it can be in response to a client-initiated rekey request (see rekey!
). Either way, this will block until the key exchange completes.
# File lib/net/ssh/transport/algorithms.rb, line 143 def accept_kexinit(packet) info { "got KEXINIT from server" } @server_data = parse_server_algorithm_packet(packet) @server_packet = @server_data[:raw] if !pending? send_kexinit else proceed! end end
Returns true if no exchange is pending, and otherwise returns true or false depending on whether the given packet is of a type that is allowed during a key exchange.
# File lib/net/ssh/transport/algorithms.rb, line 172 def allow?(packet) !pending? || Algorithms.allowed_packet?(packet) end
# File lib/net/ssh/transport/algorithms.rb, line 181 def host_key_format case host_key when "ssh-rsa-cert-v01@openssh.com", "ssh-rsa-cert-v00@openssh.com" "ssh-rsa" else host_key end end
Returns true if the algorithms have been negotiated at all.
# File lib/net/ssh/transport/algorithms.rb, line 177 def initialized? @initialized end
Returns true
if a key-exchange is pending. This will be true from the moment either the client or server requests the key exchange, until the exchange completes. While an exchange is pending, only a limited number of packets are allowed, so event processing essentially stops during this period.
# File lib/net/ssh/transport/algorithms.rb, line 165 def pending? @pending end
Request a rekey operation. This will return immediately, and does not actually perform the rekey operation. It does cause the session to change state, however–until the key exchange finishes, no new packets will be processed.
# File lib/net/ssh/transport/algorithms.rb, line 133 def rekey! @client_packet = @server_packet = nil @initialized = false send_kexinit end
Start the algorithm negotation
# File lib/net/ssh/transport/algorithms.rb, line 124 def start raise ArgumentError, "Cannot call start if it's negotiation started or done" if @pending || @initialized send_kexinit end