Object
Represents an authentication session. It manages the authentication of a user over an established connection (the “transport” object, see Net::SSH::Transport::Session).
The use of an authentication session to manage user authentication is internal to Net::SSH (specifically Net::SSH.start). Consumers of the Net::SSH library will never need to access this class directly.
Instantiates a new Authentication::Session object over the given transport layer abstraction.
# File lib/net/ssh/authentication/session.rb, line 40 40: def initialize(transport, options={}) 41: self.logger = transport.logger 42: @transport = transport 43: 44: @auth_methods = options[:auth_methods] || %(publickey hostbased password keyboard-interactive) 45: @options = options 46: 47: @allowed_auth_methods = @auth_methods 48: end
Attempts to authenticate the given user, in preparation for the next service request. Returns true if an authentication method succeeds in authenticating the user, and false otherwise.
# File lib/net/ssh/authentication/session.rb, line 53 53: def authenticate(next_service, username, password=nil) 54: debug { "beginning authentication of `#{username}'" } 55: 56: transport.send_message(transport.service_request("ssh-userauth")) 57: message = expect_message(SERVICE_ACCEPT) 58: 59: key_manager = KeyManager.new(logger, options) 60: keys.each { |key| key_manager.add(key) } unless keys.empty? 61: key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty? 62: 63: attempted = [] 64: 65: @auth_methods.each do |name| 66: begin 67: next unless @allowed_auth_methods.include?(name) 68: attempted << name 69: 70: debug { "trying #{name}" } 71: begin 72: method = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join).new(self, :key_manager => key_manager) 73: rescue NameError => ne 74: debug{"Mechanism #{name} was requested, but isn't a known type. Ignoring it."} 75: next 76: end 77: 78: return true if method.authenticate(next_service, username, password) 79: rescue Net::SSH::Authentication::DisallowedMethod 80: end 81: end 82: 83: error { "all authorization methods failed (tried #{attempted.join(', ')})" } 84: return false 85: ensure 86: key_manager.finish if key_manager 87: end
Blocks until a packet is received, and returns it if it is of the given type. If it is not, an exception is raised.
# File lib/net/ssh/authentication/session.rb, line 121 121: def expect_message(type) 122: message = next_message 123: unless message.type == type 124: raise Net::SSH::Exception, "expected #{type}, got #{message.type} (#{message})" 125: end 126: message 127: end
Blocks until a packet is received. It silently handles USERAUTH_BANNER packets, and will raise an error if any packet is received that is not valid during user authentication.
# File lib/net/ssh/authentication/session.rb, line 92 92: def next_message 93: loop do 94: packet = transport.next_message 95: 96: case packet.type 97: when USERAUTH_BANNER 98: info { packet[:message] } 99: # TODO add a hook for people to retrieve the banner when it is sent 100: 101: when USERAUTH_FAILURE 102: @allowed_auth_methods = packet[:authentications].split(/,/) 103: debug { "allowed methods: #{packet[:authentications]}" } 104: return packet 105: 106: when USERAUTH_METHOD_RANGE, SERVICE_ACCEPT 107: return packet 108: 109: when USERAUTH_SUCCESS 110: transport.hint :authenticated 111: return packet 112: 113: else 114: raise Net::SSH::Exception, "unexpected message #{packet.type} (#{packet})" 115: end 116: end 117: end
Returns an array of paths to the key files usually defined by system default.
# File lib/net/ssh/authentication/session.rb, line 133 133: def default_keys 134: if defined?(OpenSSL::PKey::EC) 135: %(~/.ssh/id_dsa ~/.ssh/id_rsa ~/.ssh/id_ecdsa 136: ~/.ssh2/id_dsa ~/.ssh2/id_rsa ~/.ssh2/id_ecdsa) 137: else 138: %(~/.ssh/id_dsa ~/.ssh/id_rsa ~/.ssh2/id_dsa ~/.ssh2/id_rsa) 139: end 140: end
Disabled; run with --debug to generate this.
Generated with the Darkfish Rdoc Generator 1.1.6.