class Net::SSH::Authentication::Session
Net::SSH library will never need to access this class directly.
internal to Net::SSH (specifically Net::SSH.start). Consumers of the
The use of an authentication session to manage user authentication is
Net::SSH::Transport::Session).
a user over an established connection (the “transport” object, see
Represents an authentication session. It manages the authentication of
def authenticate(next_service, username, password = nil)
service request. Returns true if an authentication method succeeds in
Attempts to authenticate the given user, in preparation for the next
def authenticate(next_service, username, password = nil) debug { "beginning authentication of `#{username}'" } transport.send_message(transport.service_request("ssh-userauth")) expect_message(SERVICE_ACCEPT) key_manager = KeyManager.new(logger, options) keys.each { |key| key_manager.add(key) } unless keys.empty? keycerts.each { |keycert| key_manager.add_keycert(keycert) } unless keycerts.empty? keycert_data.each { |data| key_manager.add_keycert_data(data) } unless keycert_data.empty? key_data.each { |key2| key_manager.add_key_data(key2) } unless key_data.empty? default_keys.each { |key| key_manager.add(key) } unless options.key?(:keys) || options.key?(:key_data) attempted = [] @auth_methods.each do |name| next unless @allowed_auth_methods.include?(name) attempted << name debug { "trying #{name}" } begin auth_class = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join) method = auth_class.new(self, key_manager: key_manager, password_prompt: options[:password_prompt], pubkey_algorithms: options[:pubkey_algorithms] || nil) rescue NameError debug {"Mechanism #{name} was requested, but isn't a known type. Ignoring it."} next end return true if method.authenticate(next_service, username, password) rescue Net::SSH::Authentication::DisallowedMethod end error { "all authorization methods failed (tried #{attempted.join(', ')})" } return false ensure key_manager.finish if key_manager end
def default_keys
Returns an array of paths to the key files usually defined
def default_keys %w[~/.ssh/id_ed25519 ~/.ssh/id_rsa ~/.ssh/id_dsa ~/.ssh/id_ecdsa ~/.ssh2/id_ed25519 ~/.ssh2/id_rsa ~/.ssh2/id_dsa ~/.ssh2/id_ecdsa] end
def expect_message(type)
Blocks until a packet is received, and returns it if it is of the given
def expect_message(type) message = next_message raise Net::SSH::Exception, "expected #{type}, got #{message.type} (#{message})" unless message.type == type message end
def initialize(transport, options = {})
Instantiates a new Authentication::Session object over the given
def initialize(transport, options = {}) self.logger = transport.logger @transport = transport @auth_methods = options[:auth_methods] || Net::SSH::Config.default_auth_methods @options = options @allowed_auth_methods = @auth_methods end
def key_data
Returns an array of the key data that should be used when
def key_data Array(options[:key_data]) end
def keycert_data
Returns an array of the keycert data that should be used when
def keycert_data Array(options[:keycert_data]) end
def keycerts
Returns an array of paths to the keycert files that should be used when
def keycerts Array(options[:keycerts]) end
def keys
Returns an array of paths to the key files that should be used when
def keys Array(options[:keys]) end
def next_message
packets, and will raise an error if any packet is received that is not
Blocks until a packet is received. It silently handles USERAUTH_BANNER
def next_message loop do packet = transport.next_message case packet.type when USERAUTH_BANNER info { packet[:message] } # TODO add a hook for people to retrieve the banner when it is sent when USERAUTH_FAILURE @allowed_auth_methods = packet[:authentications].split(/,/) debug { "allowed methods: #{packet[:authentications]}" } return packet when USERAUTH_METHOD_RANGE, SERVICE_ACCEPT return packet when USERAUTH_SUCCESS transport.hint :authenticated return packet else raise Net::SSH::Exception, "unexpected message #{packet.type} (#{packet})" end end end