Class: HrrRbSsh::Authentication::Method::Publickey

Inherits:
HrrRbSsh::Authentication::Method show all
Defined in:
lib/hrr_rb_ssh/authentication/method/publickey.rb,
lib/hrr_rb_ssh/authentication/method/publickey/context.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_ed25519.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/functionable.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/signature_blob.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb

Defined Under Namespace

Classes: Algorithm, Context

Constant Summary collapse

NAME = 
'publickey'
PREFERENCE = 
20

Instance Method Summary collapse

Methods included from SubclassWithPreferenceListable

#[], #inherited, #list_preferred, #list_supported

Constructor Details

#initialize(transport, options, variables, authentication_methods) ⇒ Publickey

Returns a new instance of Publickey.



13
14
15
16
17
18
19
20
21
 
# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 13

def initialize transport, options, variables, authentication_methods
  @logger = Logger.new(self.class.name)
  @transport = transport
  @options = options
  @session_id = options['session id']
  @authenticator = options.fetch( 'authentication_publickey_authenticator', Authenticator.new { false } )
  @variables = variables
  @authentication_methods = authentication_methods
end

Instance Method Details

#authenticate(userauth_request_message) ⇒ Object 



23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 23

def authenticate userauth_request_message
  public_key_algorithm_name = userauth_request_message[:'public key algorithm name']
  unless Algorithm.list_preferred.include?(public_key_algorithm_name)
    @logger.info { "unsupported public key algorithm: #{public_key_algorithm_name}" }
    return false
  end
  unless userauth_request_message[:'with signature']
    @logger.info { "public key algorithm is ok, require signature" }
    public_key_blob = userauth_request_message[:'public key blob']
    userauth_pk_ok_message public_key_algorithm_name, public_key_blob
  else
    @logger.info { "verify signature" }
    username = userauth_request_message[:'user name']
    algorithm = Algorithm[public_key_algorithm_name].new
    context = Context.new(username, algorithm, @session_id, userauth_request_message, @variables, @authentication_methods)
    @authenticator.authenticate context
  end
end

#request_authentication(username, service_name) ⇒ Object 



51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 51

def request_authentication username, service_name
  public_key_algorithm_name, secret_key = @options['client_authentication_publickey']
  send_request_without_signature username, service_name, public_key_algorithm_name, secret_key
  payload = @transport.receive
  case payload[0,1].unpack("C")[0]
  when Message::SSH_MSG_USERAUTH_PK_OK::VALUE
    send_request_with_signature username, service_name, public_key_algorithm_name, secret_key
    @transport.receive
  else
    payload
  end
end

#send_request_with_signature(username, service_name, public_key_algorithm_name, secret_key) ⇒ Object 



80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
 
# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 80

def send_request_with_signature username, service_name, public_key_algorithm_name, secret_key
  algorithm = Algorithm[public_key_algorithm_name].new
  public_key_blob = algorithm.generate_public_key_blob(secret_key)
  signature = algorithm.generate_signature(@session_id, username, service_name, 'publickey', secret_key)
  message = {
    :'message number'            => Message::SSH_MSG_USERAUTH_REQUEST::VALUE,
    :"user name"                 => username,
    :"service name"              => service_name,
    :"method name"               => NAME,
    :"with signature"            => true,
    :'public key algorithm name' => public_key_algorithm_name,
    :'public key blob'           => public_key_blob,
    :'signature'                 => signature,
  }
  payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message
  @transport.send payload
end

#send_request_without_signature(username, service_name, public_key_algorithm_name, secret_key) ⇒ Object 



64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 64

def send_request_without_signature username, service_name, public_key_algorithm_name, secret_key
  algorithm = Algorithm[public_key_algorithm_name].new
  public_key_blob = algorithm.generate_public_key_blob(secret_key)
  message = {
    :'message number'            => Message::SSH_MSG_USERAUTH_REQUEST::VALUE,
    :"user name"                 => username,
    :"service name"              => service_name,
    :"method name"               => NAME,
    :"with signature"            => false,
    :'public key algorithm name' => public_key_algorithm_name,
    :'public key blob'           => public_key_blob,
  }
  payload = Message::SSH_MSG_USERAUTH_REQUEST.encode message
  @transport.send payload
end

#userauth_pk_ok_message(public_key_algorithm_name, public_key_blob) ⇒ Object 



42
43
44
45
46
47
48
49
 
# File 'lib/hrr_rb_ssh/authentication/method/publickey.rb', line 42

def userauth_pk_ok_message public_key_algorithm_name, public_key_blob
  message = {
    :'message number'                             => Message::SSH_MSG_USERAUTH_PK_OK::VALUE,
    :'public key algorithm name from the request' => public_key_algorithm_name,
    :'public key blob from the request'           => public_key_blob,
  }
  payload = Message::SSH_MSG_USERAUTH_PK_OK.encode message
end