Class: Net::SSH::Authentication::Session
- Inherits:
-
Object
- Object
- Net::SSH::Authentication::Session
- Includes:
- Constants, Loggable, Transport::Constants
- Defined in:
- lib/net/ssh/authentication/session.rb
Overview
Represents an authentication session. It manages the authentication of a user over an established connection (the “transport” object, see Net::SSH::Transport::Session).
The use of an authentication session to manage user authentication is internal to Net::SSH (specifically Net::SSH.start). Consumers of the Net::SSH library will never need to access this class directly.
Constant Summary
Constants included from Transport::Constants
Transport::Constants::DEBUG, Transport::Constants::DISCONNECT, Transport::Constants::IGNORE, Transport::Constants::KEXDH_INIT, Transport::Constants::KEXDH_REPLY, Transport::Constants::KEXINIT, Transport::Constants::NEWKEYS, Transport::Constants::SERVICE_ACCEPT, Transport::Constants::SERVICE_REQUEST, Transport::Constants::UNIMPLEMENTED
Constants included from Constants
Constants::USERAUTH_BANNER, Constants::USERAUTH_FAILURE, Constants::USERAUTH_METHOD_RANGE, Constants::USERAUTH_PASSWD_CHANGEREQ, Constants::USERAUTH_PK_OK, Constants::USERAUTH_REQUEST, Constants::USERAUTH_SUCCESS
Instance Attribute Summary collapse
-
#allowed_auth_methods ⇒ Object
readonly
the list of authentication methods that are allowed.
-
#auth_methods ⇒ Object
readonly
the list of authentication methods to try.
-
#options ⇒ Object
readonly
a hash of options, given at construction time.
-
#transport ⇒ Object
readonly
transport layer abstraction.
Attributes included from Loggable
Instance Method Summary collapse
-
#authenticate(next_service, username, password = nil) ⇒ Object
Attempts to authenticate the given user, in preparation for the next service request.
-
#expect_message(type) ⇒ Object
Blocks until a packet is received, and returns it if it is of the given type.
-
#initialize(transport, options = {}) ⇒ Session
constructor
Instantiates a new Authentication::Session object over the given transport layer abstraction.
-
#next_message ⇒ Object
Blocks until a packet is received.
Methods included from Loggable
#debug, #error, #fatal, #info, #lwarn
Constructor Details
#initialize(transport, options = {}) ⇒ Session
Instantiates a new Authentication::Session object over the given transport layer abstraction.
40 41 42 43 44 45 46 47 48 |
# File 'lib/net/ssh/authentication/session.rb', line 40 def initialize(transport, ={}) self.logger = transport.logger @transport = transport @auth_methods = [:auth_methods] || %w(publickey hostbased password keyboard-interactive) @options = @allowed_auth_methods = @auth_methods end |
Instance Attribute Details
#allowed_auth_methods ⇒ Object (readonly)
the list of authentication methods that are allowed
33 34 35 |
# File 'lib/net/ssh/authentication/session.rb', line 33 def allowed_auth_methods @allowed_auth_methods end |
#auth_methods ⇒ Object (readonly)
the list of authentication methods to try
30 31 32 |
# File 'lib/net/ssh/authentication/session.rb', line 30 def auth_methods @auth_methods end |
#options ⇒ Object (readonly)
a hash of options, given at construction time
36 37 38 |
# File 'lib/net/ssh/authentication/session.rb', line 36 def @options end |
#transport ⇒ Object (readonly)
transport layer abstraction
27 28 29 |
# File 'lib/net/ssh/authentication/session.rb', line 27 def transport @transport end |
Instance Method Details
#authenticate(next_service, username, password = nil) ⇒ Object
Attempts to authenticate the given user, in preparation for the next service request. Returns true if an authentication method succeeds in authenticating the user, and false otherwise.
53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
# File 'lib/net/ssh/authentication/session.rb', line 53 def authenticate(next_service, username, password=nil) debug { "beginning authentication of `#{username}'" } transport.(transport.service_request("ssh-userauth")) = (SERVICE_ACCEPT) key_manager = KeyManager.new(logger, ) keys.each { |key| key_manager.add(key) } unless keys.empty? key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty? attempted = [] @auth_methods.each do |name| begin next unless @allowed_auth_methods.include?(name) attempted << name debug { "trying #{name}" } begin method = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join).new(self, :key_manager => key_manager) rescue NameError => ne debug{"Mechanism #{name} was requested, but isn't a known type. Ignoring it."} next end return true if method.authenticate(next_service, username, password) rescue Net::SSH::Authentication::DisallowedMethod end end error { "all authorization methods failed (tried #{attempted.join(', ')})" } return false ensure key_manager.finish if key_manager end |
#expect_message(type) ⇒ Object
Blocks until a packet is received, and returns it if it is of the given type. If it is not, an exception is raised.
121 122 123 124 125 126 127 |
# File 'lib/net/ssh/authentication/session.rb', line 121 def (type) = unless .type == type raise Net::SSH::Exception, "expected #{type}, got #{.type} (#{})" end end |
#next_message ⇒ Object
Blocks until a packet is received. It silently handles USERAUTH_BANNER packets, and will raise an error if any packet is received that is not valid during user authentication.
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 |
# File 'lib/net/ssh/authentication/session.rb', line 92 def loop do packet = transport. case packet.type when USERAUTH_BANNER info { packet[:message] } # TODO add a hook for people to retrieve the banner when it is sent when USERAUTH_FAILURE @allowed_auth_methods = packet[:authentications].split(/,/) debug { "allowed methods: #{packet[:authentications]}" } return packet when USERAUTH_METHOD_RANGE, SERVICE_ACCEPT return packet when USERAUTH_SUCCESS transport.hint :authenticated return packet else raise Net::SSH::Exception, "unexpected message #{packet.type} (#{packet})" end end end |