Files | Admin

Notes:

Release Name: 2.0.13

Notes:
= Net::SSH

* http://net-ssh.rubyforge.org/ssh

== DESCRIPTION:

Net::SSH is a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.

== FEATURES:

* Execute processes on remote servers and capture their output
* Run multiple processes in parallel over a single SSH connection
* Support for SSH subsystems
* Forward local and remote ports via an SSH connection

== SYNOPSIS:

In a nutshell:

  require 'net/ssh'

  Net::SSH.start('host', 'user', :password => "password") do |ssh|
    # capture all stderr and stdout output from a remote process
    output = ssh.exec!("hostname")

    # capture only stdout matching a particular pattern
    stdout = ""
    ssh.exec!("ls -l /home/jamis") do |channel, stream, data|
      stdout << data if stream == :stdout
    end
    puts stdout

    # run multiple processes in parallel to completion
    ssh.exec "sed ..."
    ssh.exec "awk ..."
    ssh.exec "rm -rf ..."
    ssh.loop

    # open a new channel and configure a minimal set of callbacks, then run
    # the event loop until the channel finishes (closes)
    channel = ssh.open_channel do |ch|
      ch.exec "/usr/local/bin/ruby /path/to/file.rb" do |ch, success|
        raise "could not execute command" unless success

        # "on_data" is called when the process writes something to stdout
        ch.on_data do |c, data|
          $STDOUT.print data
        end

        # "on_extended_data" is called when the process writes something to stderr
        ch.on_extended_data do |c, type, data|
          $STDERR.print data
        end

        ch.on_close { puts "done!" }
      end
    end

    channel.wait

    # forward connections on local port 1234 to port 80 of www.capify.org
    ssh.forward.local(1234, "www.capify.org", 80)
    ssh.loop { true }
  end

See Net::SSH for more documentation, and links to further information.

== REQUIREMENTS:

The only requirement you might be missing is the OpenSSL bindings for Ruby. These are built by default on most platforms, but you can verify that they're built and installed on your system by running the following command line:

  ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'

If that spits out something like "OpenSSL 0.9.8g 19 Oct 2007", then you're set. If you get an error, then you'll need to see about rebuilding ruby with OpenSSL support, or (if your platform supports it) installing the OpenSSL bindings separately.

Additionally: if you are going to be having Net::SSH prompt you for things like passwords or certificate passphrases, you'll want to have either the Highline (recommended) or Termios (unix systems only) gem installed, so that the passwords don't echo in clear text.

Lastly, if you want to run the tests or use any of the Rake tasks, you'll need:

* Echoe (for the Rakefile)
* Mocha (for the tests)


== INSTALL:

* gem install net-ssh (might need sudo privileges)


== ARCFOUR SUPPORT:

from Karl Varga:

Ruby's OpenSSL bindings always return a key length of 16 for RC4 ciphers, which means that when we try to use ARCFOUR256 or higher, Net::SSH generates keys which are consistently too short - 16 bytes as opposed to 32 bytes - resulting in the following error:

    OpenSSL::CipherError: key length too short
  
My patch simply instructs Net::SSH to build keys of the the proper length, regardless of the required key length reported by OpenSSL.

You should also be aware that your OpenSSL C libraries may also contain this bug.  I've updated to 0.9.8k, but according to this thread[https://bugzilla.mindrot.org/show_bug.cgi?id=1291], the bug existed as recently as 0.9.8e!  I've manually taken a look at my header files and they look ok, which is what makes me think it's a bug in the Ruby implementation.

To see your OpenSSL version:

    $ openssl version
    OpenSSL 0.9.8k 25 Mar 2009
  
After installing this gem, verify that Net::SSH is generating keys of the correct length by running the script <tt>support/arcfour_check.rb</tt>:

    $ ruby arcfour_support.rb
    
which should produce the following:

    arcfour128: [16, 8] OpenSSL::Cipher::Cipher
    arcfour256: [32, 8] OpenSSL::Cipher::Cipher
    arcfour512: [64, 8] OpenSSL::Cipher::Cipher
    

== LICENSE:

(The MIT License)

Copyright (c) 2008 Jamis Buck <jamis@37signals.com>

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
'Software'), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.



Changes: === 2.0.13 / 17 Aug 2009 * Added fix for hanging in ServerVersion#negotiate! when using SOCKS5 proxy (GH-9) [Gerald Talton] * Added support for specifying a list of hosts in .ssh/config, with tests (GH-6) [ckoehler, Delano Mandelbaum] * Added tests for arcfour128/256/512 lengths, encryption, and decryption [Delano Mandelbaum] * Skip packet stream tests for arcfour128/256/512 [Delano Mandelbaum] * Fix for OpenSSL cipher key length because it always returns 16, even when 32 byte keys are required, e.g. for arcfour256 and arcfour512 ciphers [Karl Varga] === 2.0.12 / 08 Jun 2009 * Applied patch for arcfour128 and arcfour256 support [Denis Bernard] * Use unbuffered reads when negotiating the protocol version [Steven Hazel] === 2.0.11 / 24 Feb 2009 * Add :key_data option for specifying raw private keys in PEM format [Alex Holems, Andrew Babkin] === 2.0.10 / 4 Feb 2009 * Added Net::SSH.configuration_for to make it easier to query the SSH configuration file(s) [Jamis Buck] === 2.0.9 / 1 Feb 2009 * Specifying non-nil user argument overrides user in .ssh/config [Jamis Buck] * Ignore requests for non-existent channels (workaround ssh server bug) [Jamis Buck] * Add terminate! method for hard shutdown scenarios [Jamis Buck] * Revert to pre-2.0.7 key-loading behavior by default, but load private-key if public-key doesn't exist [Jamis Buck] * Make sure :passphrase option gets passed to key manager [Bob Cotton] === 2.0.8 / 29 December 2008 * Fix private key change from 2.0.7 so that keys are loaded just-in-time, avoiding unecessary prompts from encrypted keys. [Jamis Buck] === 2.0.7 / 29 December 2008 * Make key manager use private keys instead of requiring public key to exist [arilerner@mac.com] * Fix failing tests [arilerner@mac.com] * Don't include pageant when running under JRuby [Angel N. Sciortino] === 2.0.6 / 6 December 2008 * Update the Manifest file so that the gem includes all necessary files [Jamis Buck] === 2.0.5 / 6 December 2008 * Make the Pageant interface comply with more of the Socket interface to avoid related errors [Jamis Buck] * Don't busy-wait on session close for remaining channels to close [Will Bryant] * Ruby 1.9 compatibility [Jamis Buck] * Fix Cipher#final to correctly flag a need for a cipher reset [Jamis Buck] === 2.0.4 / 27 Aug 2008 * Added Connection::Session#closed? and Transport::Session#closed? [Jamis Buck] * Numeric host names in .ssh/config are now parsed correct [Yanko Ivanov] * Make sure the error raised when a public key file is malformed is more informative than a MethodMissing error [Jamis Buck] * Cipher#reset is now called after Cipher#final, with the last n bytes used as the next initialization vector [Jamis Buck] === 2.0.3 / 27 Jun 2008 * Make Net::SSH::Version comparable [Brian Candler] * Fix errors in port forwarding when a channel could not be opened due to a typo in the exception name [Matthew Todd] * Use #chomp instead of #strip when cleaning the version string reported by the remote host, so that trailing whitespace is preserved (this is to play nice with servers like Mocana SSH) [Timo Gatsonides] * Correctly parse ssh_config entries with eq-sign delimiters [Jamis Buck] * Ignore malformed ssh_config entries [Jamis Buck] === 2.0.2 / 29 May 2008 * Make sure the agent client understands both RSA "identities answers" [Jamis Buck] * Fixed key truncation bug that caused hmacs other than SHA1 to fail with "corrupt hmac" errors [Jamis Buck] * Fix detection and loading of public keys when the keys don't actually exist [David Dollar] === 2.0.1 / 5 May 2008 * Teach Net::SSH about a handful of default key names [Jamis Buck] === 2.0.0 / 1 May 2008 * Allow the :verbose argument to accept symbols (:debug, etc.) as well as Logger level constants (Logger::DEBUG, etc.) [Jamis Buck] === 2.0 Preview Release 4 (1.99.3) / 19 Apr 2008 * Make sure HOME is set to something sane, even on OS's that don't set it by default [Jamis Buck] * Add a :passphrase option to specify the passphrase to use with private keys [Francis Sullivan] * Open a new auth agent connection for every auth-agent channel request [Jamis Buck] === 2.0 Preview Release 3 (1.99.2) / 10 Apr 2008 * Session properties [Jamis Buck] * Make channel open failure work with a callback so that failures can be handled similarly to successes [Jamis Buck] === 2.0 Preview Release 2 (1.99.1) / 22 Mar 2008 * Partial support for ~/.ssh/config (and related) SSH configuration files [Daniel J. Berger, Jamis Buck] * Added Net::SSH::Test to facilitate testing complex SSH state machines [Jamis Buck] * Reworked Net::SSH::Prompt to use conditionally-selected modules [Jamis Buck, suggested by James Rosen] * Added Channel#eof? and Channel#eof! [Jamis Buck] * Fixed bug in strict host key verifier on cache miss [Mike Timm] === 2.0 Preview Release 1 (1.99.0) / 21 Aug 2007 * First preview release of Net::SSH v2