class Net::SSH::Transport::Session
The transport layer represents the lowest level of the SSH
protocol, and implements basic message exchanging and protocol initialization. It will never be instantiated directly (unless you really know what you’re about), but will instead be created for you automatically when you create a new SSH
session via Net::SSH.start
.
Constants
- DEFAULT_PORT
The standard port for the
SSH
protocol.
Attributes
The Algorithms
instance used to perform key exchanges.
The host to connect to, as given to the constructor.
The host-key verifier object used to verify host keys, to ensure that the connection is not being spoofed.
The hash of options that were given to the object at initialization.
The port number to connect to, as given in the options to the constructor. If no port number was given, this will default to DEFAULT_PORT
.
The ServerVersion
instance that encapsulates the negotiated protocol version.
The underlying socket object being used to communicate with the remote host.
Public Class Methods
Instantiates a new transport layer abstraction. This will block until the initial key exchange completes, leaving you with a ready-to-use transport session.
# File lib/net/ssh/transport/session.rb, line 58 def initialize(host, options = {}) self.logger = options[:logger] @host = host @port = options[:port] || DEFAULT_PORT @bind_address = options[:bind_address] || nil @options = options @socket = if (factory = options[:proxy]) debug { "establishing connection to #{@host}:#{@port} through proxy" } factory.open(@host, @port, options) else debug { "establishing connection to #{@host}:#{@port}" } Socket.tcp(@host, @port, @bind_address, nil, connect_timeout: options[:timeout]) end @socket.extend(PacketStream) @socket.logger = @logger debug { "connection established" } @queue = [] @host_key_verifier = select_host_key_verifier(options[:verify_host_key]) @server_version = ServerVersion.new(socket, logger, options[:timeout]) @algorithms = Algorithms.new(self, options) @algorithms.start wait { algorithms.initialized? } rescue Errno::ETIMEDOUT raise Net::SSH::ConnectionTimeout end
Public Instance Methods
Cleans up (see PacketStream#cleanup
) and closes the underlying socket.
# File lib/net/ssh/transport/session.rb, line 127 def close socket.cleanup socket.close end
Returns true if the underlying socket has been closed.
# File lib/net/ssh/transport/session.rb, line 122 def closed? socket.closed? end
Configure’s the packet stream’s client state with the given set of options. This is typically used to define the cipher, compression, and hmac algorithms to use when sending packets to the server.
# File lib/net/ssh/transport/session.rb, line 255 def configure_client(options = {}) socket.client.set(options) end
Configure’s the packet stream’s server state with the given set of options. This is typically used to define the cipher, compression, and hmac algorithms to use when reading packets from the server.
# File lib/net/ssh/transport/session.rb, line 262 def configure_server(options = {}) socket.server.set(options) end
Enqueues the given message, such that it will be sent at the earliest opportunity. This does not block, but returns immediately.
# File lib/net/ssh/transport/session.rb, line 248 def enqueue_message(message) socket.enqueue_packet(message) end
Sets a new hint for the packet stream, which the packet stream may use to change its behavior. (See PacketStream#hints
).
# File lib/net/ssh/transport/session.rb, line 268 def hint(which, value = true) socket.hints[which] = value end
Returns the host (and possibly IP address) in a format compatible with SSH
known-host files.
# File lib/net/ssh/transport/session.rb, line 103 def host_as_string @host_as_string ||= begin string = "#{host}" string = "[#{string}]:#{port}" if port != DEFAULT_PORT peer_ip = socket.peer_ip if peer_ip != Net::SSH::Transport::PacketStream::PROXY_COMMAND_HOST_IP && peer_ip != host string2 = peer_ip string2 = "[#{string2}]:#{port}" if port != DEFAULT_PORT string << "," << string2 end string end end
# File lib/net/ssh/transport/session.rb, line 94 def host_keys @host_keys ||= begin known_hosts = options.fetch(:known_hosts, KnownHosts) known_hosts.search_for(options[:host_key_alias] || host_as_string, options) end end
Blocks until a new packet is available to be read, and returns that packet. See poll_message
.
# File lib/net/ssh/transport/session.rb, line 174 def next_message poll_message(:block) end
Returns a hash of information about the peer (remote) side of the socket, including :ip, :port, :host, and :canonized (see host_as_string
).
# File lib/net/ssh/transport/session.rb, line 168 def peer @peer ||= { ip: socket.peer_ip, port: @port.to_i, host: @host, canonized: host_as_string } end
Tries to read the next packet from the socket. If mode is :nonblock (the default), this will not block and will return nil if there are no packets waiting to be read. Otherwise, this will block until a packet is available. Note that some packet types (DISCONNECT, IGNORE, UNIMPLEMENTED, DEBUG, and KEXINIT) are handled silently by this method, and will never be returned.
If a key-exchange is in process and a disallowed packet type is received, it will be enqueued and otherwise ignored. When a key-exchange is not in process, and consume_queue is true, packets will be first read from the queue before the socket is queried.
# File lib/net/ssh/transport/session.rb, line 189 def poll_message(mode = :nonblock, consume_queue = true) loop do return @queue.shift if consume_queue && @queue.any? && algorithms.allow?(@queue.first) packet = socket.next_packet(mode, options[:timeout]) return nil if packet.nil? case packet.type when DISCONNECT raise Net::SSH::Disconnect, "disconnected: #{packet[:description]} (#{packet[:reason_code]})" when IGNORE debug { "IGNORE packet received: #{packet[:data].inspect}" } when UNIMPLEMENTED lwarn { "UNIMPLEMENTED: #{packet[:number]}" } when DEBUG send(packet[:always_display] ? :fatal : :debug) { packet[:message] } when KEXINIT algorithms.accept_kexinit(packet) else return packet if algorithms.allow?(packet) push(packet) end end end
Adds the given packet to the packet queue. If the queue is non-empty, poll_message
will return packets from the queue in the order they were received.
# File lib/net/ssh/transport/session.rb, line 236 def push(packet) @queue.push(packet) end
Requests a rekey operation, and blocks until the operation completes. If a rekey is already pending, this returns immediately, having no effect.
# File lib/net/ssh/transport/session.rb, line 150 def rekey! if !algorithms.pending? algorithms.rekey! wait { algorithms.initialized? } end end
Returns immediately if a rekey is already in process. Otherwise, if a rekey is needed (as indicated by the socket, see PacketStream#if_needs_rekey?
) one is performed, causing this method to block until it completes.
# File lib/net/ssh/transport/session.rb, line 160 def rekey_as_needed return if algorithms.pending? socket.if_needs_rekey? { rekey! } end
Sends the given message via the packet stream, blocking until the entire message has been sent.
# File lib/net/ssh/transport/session.rb, line 242 def send_message(message) socket.send_packet(message) end
Returns a new service_request
packet for the given service name, ready for sending to the server.
# File lib/net/ssh/transport/session.rb, line 143 def service_request(service) Net::SSH::Buffer.from(:byte, SERVICE_REQUEST, :string, service) end
Performs a “hard” shutdown of the connection. In general, this should never be done, but it might be necessary (in a rescue clause, for instance, when the connection needs to close but you don’t know the status of the underlying protocol’s state).
# File lib/net/ssh/transport/session.rb, line 136 def shutdown! error { "forcing connection closed" } socket.close end
Waits (blocks) until the given block returns true. If no block is given, this just waits long enough to see if there are any pending packets. Any packets read are enqueued (see push
).
# File lib/net/ssh/transport/session.rb, line 223 def wait loop do break if block_given? && yield message = poll_message(:nonblock, false) push(message) if message break if !block_given? end end
Private Instance Methods
Instantiates a new host-key verification class, based on the value of the parameter.
Usually, the argument is a symbol like ‘:never` which corresponds to a verifier, like `::Net::SSH::Verifiers::Never`.
-
:never (very insecure)
-
:accept_new_or_local_tunnel (insecure)
-
:accept_new (insecure)
-
:always (secure)
If the argument happens to respond to :verify and :verify_signature, it is returned directly. Otherwise, an exception is raised.
Values false, true, and :very were deprecated in [#595](github.com/net-ssh/net-ssh/pull/595)
# File lib/net/ssh/transport/session.rb, line 312 def select_host_key_verifier(verifier) case verifier when false Kernel.warn('verify_host_key: false is deprecated, use :never') Net::SSH::Verifiers::Never.new when :never then Net::SSH::Verifiers::Never.new when true Kernel.warn('verify_host_key: true is deprecated, use :accept_new_or_local_tunnel') Net::SSH::Verifiers::AcceptNewOrLocalTunnel.new when :accept_new_or_local_tunnel, nil then Net::SSH::Verifiers::AcceptNewOrLocalTunnel.new when :very Kernel.warn('verify_host_key: :very is deprecated, use :accept_new') Net::SSH::Verifiers::AcceptNew.new when :accept_new then Net::SSH::Verifiers::AcceptNew.new when :secure then Kernel.warn('verify_host_key: :secure is deprecated, use :always') Net::SSH::Verifiers::Always.new when :always then Net::SSH::Verifiers::Always.new else if verifier.respond_to?(:verify) if verifier.respond_to?(:verify_signature) verifier else Kernel.warn("Warning: verifier without :verify_signature is deprecated") CompatibleVerifier.new(verifier) end else raise( ArgumentError, "Invalid argument to :verify_host_key (or deprecated " \ ":paranoid): #{verifier.inspect}" ) end end end