Parent

Included Modules

Class Index [+]

Quicksearch

Net::SSH::Authentication::Session

Represents an authentication session. It manages the authentication of a user over an established connection (the “transport” object, see Net::SSH::Transport::Session).

The use of an authentication session to manage user authentication is internal to Net::SSH (specifically Net::SSH.start). Consumers of the Net::SSH library will never need to access this class directly.

Attributes

transport[R]

transport layer abstraction

auth_methods[R]

the list of authentication methods to try

allowed_auth_methods[R]

the list of authentication methods that are allowed

options[R]

a hash of options, given at construction time

Public Class Methods

new(transport, options={}) click to toggle source

Instantiates a new Authentication::Session object over the given transport layer abstraction.

    # File lib/net/ssh/authentication/session.rb, line 40
40:     def initialize(transport, options={})
41:       self.logger = transport.logger
42:       @transport = transport
43: 
44:       @auth_methods = options[:auth_methods] || %(publickey hostbased password keyboard-interactive)
45:       @options = options
46: 
47:       @allowed_auth_methods = @auth_methods
48:     end

Public Instance Methods

authenticate(next_service, username, password=nil) click to toggle source

Attempts to authenticate the given user, in preparation for the next service request. Returns true if an authentication method succeeds in authenticating the user, and false otherwise.

    # File lib/net/ssh/authentication/session.rb, line 53
53:     def authenticate(next_service, username, password=nil)
54:       debug { "beginning authentication of `#{username}'" }
55: 
56:       transport.send_message(transport.service_request("ssh-userauth"))
57:       message = expect_message(SERVICE_ACCEPT)
58: 
59:       key_manager = KeyManager.new(logger, options)
60:       keys.each { |key| key_manager.add(key) } unless keys.empty?
61:       key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty?
62: 
63:       attempted = []
64: 
65:       @auth_methods.each do |name|
66:         begin
67:           next unless @allowed_auth_methods.include?(name)
68:           attempted << name
69: 
70:           debug { "trying #{name}" }
71:           begin 
72:             method = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join).new(self, :key_manager => key_manager)
73:           rescue NameError => ne
74:             debug{"Mechanism #{name} was requested, but isn't a known type.  Ignoring it."}
75:             next
76:           end
77: 
78:           return true if method.authenticate(next_service, username, password)
79:         rescue Net::SSH::Authentication::DisallowedMethod
80:         end
81:       end
82: 
83:       error { "all authorization methods failed (tried #{attempted.join(', ')})" }
84:       return false
85:     ensure
86:       key_manager.finish if key_manager
87:     end
expect_message(type) click to toggle source

Blocks until a packet is received, and returns it if it is of the given type. If it is not, an exception is raised.

     # File lib/net/ssh/authentication/session.rb, line 121
121:     def expect_message(type)
122:       message = next_message
123:       unless message.type == type
124:         raise Net::SSH::Exception, "expected #{type}, got #{message.type} (#{message})"
125:       end
126:       message
127:     end
next_message() click to toggle source

Blocks until a packet is received. It silently handles USERAUTH_BANNER packets, and will raise an error if any packet is received that is not valid during user authentication.

     # File lib/net/ssh/authentication/session.rb, line 92
 92:     def next_message
 93:       loop do
 94:         packet = transport.next_message
 95: 
 96:         case packet.type
 97:         when USERAUTH_BANNER
 98:           info { packet[:message] }
 99:           # TODO add a hook for people to retrieve the banner when it is sent
100: 
101:         when USERAUTH_FAILURE
102:           @allowed_auth_methods = packet[:authentications].split(/,/)
103:           debug { "allowed methods: #{packet[:authentications]}" }
104:           return packet
105: 
106:         when USERAUTH_METHOD_RANGE, SERVICE_ACCEPT
107:           return packet
108: 
109:         when USERAUTH_SUCCESS
110:           transport.hint :authenticated
111:           return packet
112: 
113:         else
114:           raise Net::SSH::Exception, "unexpected message #{packet.type} (#{packet})"
115:         end
116:       end
117:     end

Private Instance Methods

default_keys() click to toggle source

Returns an array of paths to the key files usually defined by system default.

     # File lib/net/ssh/authentication/session.rb, line 133
133:       def default_keys
134:         if defined?(OpenSSL::PKey::EC)
135:           %(~/.ssh/id_dsa ~/.ssh/id_rsa ~/.ssh/id_ecdsa
136:              ~/.ssh2/id_dsa ~/.ssh2/id_rsa ~/.ssh2/id_ecdsa)
137:         else
138:           %(~/.ssh/id_dsa ~/.ssh/id_rsa ~/.ssh2/id_dsa ~/.ssh2/id_rsa)
139:         end
140:       end
key_data() click to toggle source

Returns an array of the key data that should be used when attempting any key-based authentication mechanism.

     # File lib/net/ssh/authentication/session.rb, line 150
150:       def key_data
151:         Array(options[:key_data])
152:       end
keys() click to toggle source

Returns an array of paths to the key files that should be used when attempting any key-based authentication mechanism.

     # File lib/net/ssh/authentication/session.rb, line 144
144:       def keys
145:         Array(options[:keys] || default_keys)
146:       end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.