adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
860e29228b09467d78894de3b0ec7ca10055bbb2
metasploit-gs/lib/net/ssh/verifiers/strict.rb
T
Tod Beardsley 810133acc2 Fixes #841. Initial commit for net-ssh by Jamis Buck. http://github.com/jamis/net-ssh 
Note that net-ssh is no longer actively maintained: http://weblog.jamisbuck.org/2009/2/25/net-ssh-capistrano-and-saying-goodbye



git-svn-id: file:///home/svn/framework3/trunk@8523 4d416f70-5f16-0410-b530-b9f4589650da
2010-02-16 19:18:19 +00:00

53 lines
2.0 KiB
Ruby
Raw Blame History

require 'net/ssh/errors'
require 'net/ssh/known_hosts'
module Net; module SSH; module Verifiers
# Does a strict host verification, looking the server up in the known
# host files to see if a key has already been seen for this server. If this
# server does not appear in any host file, this will silently add the
# server. If the server does appear at least once, but the key given does
# not match any known for the server, an exception will be raised (HostKeyMismatch).
# Otherwise, this returns true.
class Strict
def verify(arguments)
options = arguments[:session].options
host = options[:host_key_alias] || arguments[:session].host_as_string
matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options)
# we've never seen this host before, so just automatically add the key.
# not the most secure option (since the first hit might be the one that
# is hacked), but since almost nobody actually compares the key
# fingerprint, this is a reasonable compromise between usability and
# security.
if matches.empty?
ip = arguments[:session].peer[:ip]
Net::SSH::KnownHosts.add(host, arguments[:key], arguments[:session].options)
return true
end
# If we found any matches, check to see that the key type and
# blob also match.
found = matches.any? do |key|
key.ssh_type == arguments[:key].ssh_type &&
key.to_blob == arguments[:key].to_blob
end
# If a match was found, return true. Otherwise, raise an exception
# indicating that the key was not recognized.
found || process_cache_miss(host, arguments)
end
private
def process_cache_miss(host, args)
exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{host.inspect}")
exception.data = args
exception.callback = Proc.new do
Net::SSH::KnownHosts.add(host, args[:key], args[:session].options)
end
raise exception
end
end
end; end; end
Reference in New Issue View Git Blame Copy Permalink