Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

net-ssh

Package Overview
Dependencies
Maintainers
3
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

net-ssh

  • 7.3.0
  • Rubygems
  • Socket score

Version published
Maintainers
3
Created
Source

Gem Version Join the chat at https://gitter.im/net-ssh/net-ssh Build status Coverage status Backers on Open Collective Sponsors on Open Collective

Net::SSH 7.x

As of v2.6.4, all gem releases are signed. See INSTALL.

DESCRIPTION:

Net::SSH is a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.

FEATURES:

  • Execute processes on remote servers and capture their output
  • Run multiple processes in parallel over a single SSH connection
  • Support for SSH subsystems
  • Forward local and remote ports via an SSH connection

Supported Algorithms

Net::SSH 6.0 disables by default the usage of weak algorithms. We strongly recommend that you install a servers's version that supports the latest algorithms.

It is possible to return to the previous behavior by adding the option : append_all_supported_algorithms: true

Unsecure algoritms will definitely be removed in Net::SSH 8.*.

Host Keys

NameSupportDetails
ssh-rsaOK
ssh-ed25519OKRequire the gem ed25519
ecdsa-sha2-nistp521OKusing weak elliptic curves
ecdsa-sha2-nistp384OKusing weak elliptic curves
ecdsa-sha2-nistp256OKusing weak elliptic curves
ssh-dssDeprecated in 6.0unsecure, will be removed in 8.0

Key Exchange

NameSupportDetails
curve25519-sha256OKRequire the gem x25519
ecdh-sha2-nistp521OKusing weak elliptic curves
ecdh-sha2-nistp384OKusing weak elliptic curves
ecdh-sha2-nistp256OKusing weak elliptic curves
diffie-hellman-group1-sha1Deprecated in 6.0unsecure, will be removed in 8.0
diffie-hellman-group14-sha1OK
diffie-hellman-group-exchange-sha1Deprecated in 6.0unsecure, will be removed in 8.0
diffie-hellman-group-exchange-sha256OK

Encryption algorithms (ciphers)

NameSupportDetails
aes256-ctr / aes192-ctr / aes128-ctrOK
chacha20-poly1305@openssh.comOK.Requires the gem rbnacl
aes256-cbc / aes192-cbc / aes128-cbcDeprecated in 6.0unsecure, will be removed in 8.0
rijndael-cbc@lysator.liu.seDeprecated in 6.0unsecure, will be removed in 8.0
blowfish-ctr blowfish-cbcDeprecated in 6.0unsecure, will be removed in 8.0
cast128-ctr cast128-cbcDeprecated in 6.0unsecure, will be removed in 8.0
3des-ctr 3des-cbcDeprecated in 6.0unsecure, will be removed in 8.0
idea-cbcDeprecated in 6.0unsecure, will be removed in 8.0
noneDeprecated in 6.0unsecure, will be removed in 8.0

Message Authentication Code algorithms

NameSupportDetails
hmac-sha2-512-etmOK
hmac-sha2-256-etmOK
hmac-sha2-512OK
hmac-sha2-256OK
hmac-sha2-512-96Deprecated in 6.0removed from the specification, will be removed in 8.0
hmac-sha2-256-96Deprecated in 6.0removed from the specification, will be removed in 8.0
hmac-sha1OKfor backward compatibility
hmac-sha1-96Deprecated in 6.0unsecure, will be removed in 8.0
hmac-ripemd160Deprecated in 6.0unsecure, will be removed in 8.0
hmac-md5Deprecated in 6.0unsecure, will be removed in 8.0
hmac-md5-96Deprecated in 6.0unsecure, will be removed in 8.0
noneDeprecated in 6.0unsecure, will be removed in 8.0

SYNOPSIS:

In a nutshell:

require 'net/ssh'

Net::SSH.start('host', 'user', password: "password") do |ssh|

# capture all stderr and stdout output from a remote process
output = ssh.exec!("hostname")
puts output

# capture only stdout matching a particular pattern
stdout = ""
ssh.exec!("ls -l /home/jamis") do |channel, stream, data|
  stdout << data if stream == :stdout && /foo/.match(data)
end
puts stdout

# run multiple processes in parallel to completion
ssh.exec "sed ..."
ssh.exec "awk ..."
ssh.exec "rm -rf ..."
ssh.loop

# open a new channel and configure a minimal set of callbacks, then run
# the event loop until the channel finishes (closes)
channel = ssh.open_channel do |ch|
  ch.exec "/usr/local/bin/ruby /path/to/file.rb" do |ch, success|
    raise "could not execute command" unless success

    # "on_data" is called when the process writes something to stdout
    ch.on_data do |c, data|
      $stdout.print data
    end

    # "on_extended_data" is called when the process writes something to stderr
    ch.on_extended_data do |c, type, data|
      $stderr.print data
    end

    ch.on_close { puts "done!" }
  end
end

channel.wait

# forward connections on local port 1234 to port 80 of www.capify.org
ssh.forward.local(1234, "www.capify.org", 80)
ssh.loop { true }
end

See Net::SSH for more documentation, and links to further information.

REQUIREMENTS:

The only requirement you might be missing is the OpenSSL bindings for Ruby with a version greather than 1.0.1. These are built by default on most platforms, but you can verify that they're built and installed on your system by running the following command line:

ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'

If that spits out something like OpenSSL 1.0.1 14 Mar 2012, then you're set. If you get an error, then you'll need to see about rebuilding ruby with OpenSSL support, or (if your platform supports it) installing the OpenSSL bindings separately.

INSTALL:

gem install net-ssh # might need sudo privileges

NOTE: If you are running on jruby on windows you need to install jruby-pageant manually (gemspec doesn't allow for platform specific dependencies at gem installation time).

However, in order to be sure the code you're installing hasn't been tampered with, it's recommended that you verify the signature. To do this, you need to add my public key as a trusted certificate (you only need to do this once):

# Add the public key as a trusted certificate
# (You only need to do this once)
curl -O https://raw.githubusercontent.com/net-ssh/net-ssh/master/net-ssh-public_cert.pem
gem cert --add net-ssh-public_cert.pem

Then, when install the gem, do so with high security:

gem install net-ssh -P HighSecurity

If you don't add the public key, you'll see an error like "Couldn't verify data signature". If you're still having trouble let me know and I'll give you a hand.

For ed25519 public key auth support your bundle file should contain ed25519, bcrypt_pbkdf dependencies.

gem install ed25519
gem install bcrypt_pbkdf

For curve25519-sha256 kex exchange support your bundle file should contain x25519 dependency.

RUBY SUPPORT

RUNNING TESTS

If you want to run the tests or use any of the Rake tasks, you'll need Mocha and other dependencies listed in Gemfile

Run the test suite from the net-ssh directory with the following command:

bundle exec rake test

NOTE : you can run test on all ruby versions with docker :

docker-compose up --build

Run a single test file like this:

ruby -Ilib -Itest test/transport/test_server_version.rb

To run integration tests see here

BUILDING GEM

rake build

GEM SIGNING (for maintainers)

If you have the net-ssh private signing key, you will be able to create signed release builds. Make sure the private key path matches the signing_key path set in net-ssh.gemspec and tell rake to sign the gem by setting the NET_SSH_BUILDGEM_SIGNED flag:

NET_SSH_BUILDGEM_SIGNED=true rake build

For time to time, the public certificate associated to the private key needs to be renewed. You can do this with the following command:

gem cert --build netssh@solutious.com --private-key path/2/net-ssh-private_key.pem
mv gem-public_cert.pem net-ssh-public_cert.pem
gem cert --add net-ssh-public_cert.pem

or rake cert:update_public_when_expired

Security contact information

See SECURITY.md

CREDITS

Contributors

This project exists thanks to all the people who contribute.

contributors

Backers

Thank you to all our backers! 🙏 Become a backer

backers

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. Become a sponsor

Sponsor

LICENSE:

(The MIT License)

Copyright (c) 2008 Jamis Buck

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

FAQs

Package last updated on 02 Oct 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc