Parent

Class Index [+]

Quicksearch

Net::SSH::Verifiers::Strict

Does a strict host verification, looking the server up in the known host files to see if a key has already been seen for this server. If this server does not appear in any host file, this will silently add the server. If the server does appear at least once, but the key given does not match any known for the server, an exception will be raised (HostKeyMismatch). Otherwise, this returns true.

Public Instance Methods

verify(arguments) click to toggle source
    # File lib/net/ssh/verifiers/strict.rb, line 13
13:     def verify(arguments)
14:       options = arguments[:session].options
15:       host = options[:host_key_alias] || arguments[:session].host_as_string
16:       matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options)
17: 
18:       # we've never seen this host before, so just automatically add the key.
19:       # not the most secure option (since the first hit might be the one that
20:       # is hacked), but since almost nobody actually compares the key
21:       # fingerprint, this is a reasonable compromise between usability and
22:       # security.
23:       if matches.empty?
24:         ip = arguments[:session].peer[:ip]
25:         Net::SSH::KnownHosts.add(host, arguments[:key], arguments[:session].options)
26:         return true
27:       end
28: 
29:       # If we found any matches, check to see that the key type and
30:       # blob also match.
31:       found = matches.any? do |key|
32:         key.ssh_type == arguments[:key].ssh_type &&
33:         key.to_blob  == arguments[:key].to_blob
34:       end
35: 
36:       # If a match was found, return true. Otherwise, raise an exception
37:       # indicating that the key was not recognized.
38:       found || process_cache_miss(host, arguments)
39:     end

Private Instance Methods

process_cache_miss(host, args) click to toggle source
    # File lib/net/ssh/verifiers/strict.rb, line 43
43:       def process_cache_miss(host, args)
44:         exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{host.inspect}")
45:         exception.data = args
46:         exception.callback = Proc.new do
47:           Net::SSH::KnownHosts.add(host, args[:key], args[:session].options)
48:         end
49:         raise exception
50:       end

Disabled; run with --debug to generate this.

[Validate]

Generated with the Darkfish Rdoc Generator 1.1.6.