Class: SSHKey
- Inherits:
-
Object
- Object
- SSHKey
- Defined in:
- lib/sshkey.rb,
lib/sshkey/version.rb,
lib/sshkey/exception.rb
Defined Under Namespace
Classes: PublicKeyError
Constant Summary collapse
- SSH_TYPES =
{"rsa" => "ssh-rsa", "dsa" => "ssh-dss"}
- SSH_CONVERSION =
{"rsa" => ["e", "n"], "dsa" => ["p", "q", "g", "pub_key"]}
- VERSION =
"1.6.1"
Instance Attribute Summary collapse
-
#comment ⇒ Object
Returns the value of attribute comment.
-
#directives ⇒ Object
Returns the value of attribute directives.
-
#key_object ⇒ Object
readonly
Returns the value of attribute key_object.
-
#passphrase ⇒ Object
Returns the value of attribute passphrase.
-
#type ⇒ Object
readonly
Returns the value of attribute type.
Class Method Summary collapse
-
.fingerprint ⇒ Object
Fingerprints.
-
.generate(options = {}) ⇒ Object
Generate a new keypair and return an SSHKey object.
-
.md5_fingerprint(key) ⇒ Object
Fingerprints.
-
.sha1_fingerprint(key) ⇒ Object
SHA1 fingerprint for the given SSH key.
-
.ssh_public_key_bits(ssh_public_key) ⇒ Object
Bits.
-
.valid_ssh_public_key?(ssh_public_key) ⇒ Boolean
Validate an existing SSH public key.
Instance Method Summary collapse
-
#bits ⇒ Object
Determine the length (bits) of the key as an integer.
-
#encrypted_private_key ⇒ Object
Fetch the encrypted RSA/DSA private key using the passphrase provided.
-
#initialize(private_key, options = {}) ⇒ SSHKey
constructor
Create a new SSHKey object.
-
#md5_fingerprint ⇒ Object
(also: #fingerprint)
Fingerprints.
-
#private_key ⇒ Object
(also: #rsa_private_key, #dsa_private_key)
Fetch the RSA/DSA private key.
-
#public_key ⇒ Object
(also: #rsa_public_key, #dsa_public_key)
Fetch the RSA/DSA public key.
-
#randomart ⇒ Object
Randomart.
-
#sha1_fingerprint ⇒ Object
SHA1 fingerprint for the given SSH public key.
-
#ssh_public_key ⇒ Object
SSH public key.
Constructor Details
#initialize(private_key, options = {}) ⇒ SSHKey
Create a new SSHKey object
Parameters
-
private_key - Existing RSA or DSA private key
-
options<~Hash>
-
:comment<~String> - Comment to use for the public key, defaults to “”
-
:passphrase<~String> - If the key is encrypted, supply the passphrase
-
:directives<~Array> - Options prefixed to the public key
-
144 145 146 147 148 149 150 151 152 153 154 155 |
# File 'lib/sshkey.rb', line 144 def initialize(private_key, = {}) @passphrase = [:passphrase] @comment = [:comment] || "" self.directives = [:directives] || [] begin @key_object = OpenSSL::PKey::RSA.new(private_key, passphrase) @type = "rsa" rescue @key_object = OpenSSL::PKey::DSA.new(private_key, passphrase) @type = "dsa" end end |
Instance Attribute Details
#comment ⇒ Object
Returns the value of attribute comment.
133 134 135 |
# File 'lib/sshkey.rb', line 133 def comment @comment end |
#directives ⇒ Object
Returns the value of attribute directives.
266 267 268 |
# File 'lib/sshkey.rb', line 266 def directives @directives end |
#key_object ⇒ Object (readonly)
Returns the value of attribute key_object.
132 133 134 |
# File 'lib/sshkey.rb', line 132 def key_object @key_object end |
#passphrase ⇒ Object
Returns the value of attribute passphrase.
133 134 135 |
# File 'lib/sshkey.rb', line 133 def passphrase @passphrase end |
#type ⇒ Object (readonly)
Returns the value of attribute type.
132 133 134 |
# File 'lib/sshkey.rb', line 132 def type @type end |
Class Method Details
.fingerprint ⇒ Object
Fingerprints
Accepts either a public or private key
MD5 fingerprint for the given SSH key
80 81 82 83 84 85 86 |
# File 'lib/sshkey.rb', line 80 def md5_fingerprint(key) if key.match(/PRIVATE/) new(key).md5_fingerprint else Digest::MD5.hexdigest(decoded_key(key)).gsub(fingerprint_regex, '\1:\2') end end |
.generate(options = {}) ⇒ Object
Generate a new keypair and return an SSHKey object
The default behavior when providing no options will generate a 2048-bit RSA keypair.
Parameters
-
options<~Hash>:
-
:type<~String> - “rsa” or “dsa”, “rsa” by default
-
:bits<~Integer> - Bit length
-
:comment<~String> - Comment to use for the public key, defaults to “”
-
:passphrase<~String> - Encrypt the key with this passphrase
-
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
# File 'lib/sshkey.rb', line 26 def generate( = {}) type = [:type] || "rsa" # JRuby modulus size must range from 512 to 1024 default_bits = type == "rsa" ? 2048 : 1024 bits = [:bits] || default_bits cipher = OpenSSL::Cipher::Cipher.new("AES-128-CBC") if [:passphrase] case type.downcase when "rsa" then new(OpenSSL::PKey::RSA.generate(bits).to_pem(cipher, [:passphrase]), ) when "dsa" then new(OpenSSL::PKey::DSA.generate(bits).to_pem(cipher, [:passphrase]), ) else raise "Unknown key type: #{type}" end end |
.md5_fingerprint(key) ⇒ Object
Fingerprints
Accepts either a public or private key
MD5 fingerprint for the given SSH key
73 74 75 76 77 78 79 |
# File 'lib/sshkey.rb', line 73 def md5_fingerprint(key) if key.match(/PRIVATE/) new(key).md5_fingerprint else Digest::MD5.hexdigest(decoded_key(key)).gsub(fingerprint_regex, '\1:\2') end end |
.sha1_fingerprint(key) ⇒ Object
SHA1 fingerprint for the given SSH key
83 84 85 86 87 88 89 |
# File 'lib/sshkey.rb', line 83 def sha1_fingerprint(key) if key.match(/PRIVATE/) new(key).sha1_fingerprint else Digest::SHA1.hexdigest(decoded_key(key)).gsub(fingerprint_regex, '\1:\2') end end |
.ssh_public_key_bits(ssh_public_key) ⇒ Object
Bits
Returns ssh public key bits or false depending on the validity of the public key provided
Parameters
-
ssh_public_key<~String> - “ssh-rsa AAAAB3NzaC1yc2EA.…”
64 65 66 |
# File 'lib/sshkey.rb', line 64 def ssh_public_key_bits(ssh_public_key) unpacked_byte_array( *parse_ssh_public_key(ssh_public_key) ).last.num_bytes * 8 end |
.valid_ssh_public_key?(ssh_public_key) ⇒ Boolean
Validate an existing SSH public key
Returns true or false depending on the validity of the public key provided
Parameters
-
ssh_public_key<~String> - “ssh-rsa AAAAB3NzaC1yc2EA.…”
50 51 52 53 54 55 |
# File 'lib/sshkey.rb', line 50 def valid_ssh_public_key?(ssh_public_key) ssh_type, encoded_key = parse_ssh_public_key(ssh_public_key) SSH_CONVERSION[SSH_TYPES.invert[ssh_type]].size == unpacked_byte_array(ssh_type, encoded_key).size rescue false end |
Instance Method Details
#bits ⇒ Object
Determine the length (bits) of the key as an integer
202 203 204 |
# File 'lib/sshkey.rb', line 202 def bits self.class.ssh_public_key_bits(ssh_public_key) end |
#encrypted_private_key ⇒ Object
Fetch the encrypted RSA/DSA private key using the passphrase provided
If no passphrase is set, returns the unencrypted private key
169 170 171 172 |
# File 'lib/sshkey.rb', line 169 def encrypted_private_key return private_key unless passphrase key_object.to_pem(OpenSSL::Cipher::Cipher.new("AES-128-CBC"), passphrase) end |
#md5_fingerprint ⇒ Object Also known as: fingerprint
Fingerprints
MD5 fingerprint for the given SSH public key
191 192 193 |
# File 'lib/sshkey.rb', line 191 def md5_fingerprint Digest::MD5.hexdigest(ssh_public_key_conversion).gsub(/(.{2})(?=.)/, '\1:\2') end |
#private_key ⇒ Object Also known as: rsa_private_key, dsa_private_key
Fetch the RSA/DSA private key
rsa_private_key and dsa_private_key are aliased for backward compatibility
160 161 162 |
# File 'lib/sshkey.rb', line 160 def private_key key_object.to_pem end |
#public_key ⇒ Object Also known as: rsa_public_key, dsa_public_key
Fetch the RSA/DSA public key
rsa_public_key and dsa_public_key are aliased for backward compatibility
177 178 179 |
# File 'lib/sshkey.rb', line 177 def public_key key_object.public_key.to_pem end |
#randomart ⇒ Object
Randomart
Generate OpenSSH compatible ASCII art fingerprints See www.opensource.apple.com/source/OpenSSH/OpenSSH-175/openssh/key.c (key_fingerprint_randomart function)
Example: –[ RSA 2048]—- |o+ o.. | |..+.o | | ooo | |.++. o | |o
+ S | |.. + o . | | . + . | | . . | | Eo. | -----------------
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 |
# File 'lib/sshkey.rb', line 223 def randomart fieldsize_x = 17 fieldsize_y = 9 x = fieldsize_x / 2 y = fieldsize_y / 2 raw_digest = Digest::MD5.digest(ssh_public_key_conversion) num_bytes = raw_digest.bytesize field = Array.new(fieldsize_x) { Array.new(fieldsize_y) {0} } raw_digest.bytes.each do |byte| 4.times do x += (byte & 0x1 != 0) ? 1 : -1 y += (byte & 0x2 != 0) ? 1 : -1 x = [[x, 0].max, fieldsize_x - 1].min y = [[y, 0].max, fieldsize_y - 1].min field[x][y] += 1 if (field[x][y] < num_bytes - 2) byte >>= 2 end end field[fieldsize_x / 2][fieldsize_y / 2] = num_bytes - 1 field[x][y] = num_bytes augmentation_string = " .o+=*BOX@%&#/^SE" output = "+--#{sprintf("[%4s %4u]", type.upcase, bits)}----+\n" fieldsize_y.times do |y| output << "|" fieldsize_x.times do |x| output << augmentation_string[[field[x][y], num_bytes].min] end output << "|" output << "\n" end output << "+#{"-" * fieldsize_x}+" output end |
#sha1_fingerprint ⇒ Object
SHA1 fingerprint for the given SSH public key
197 198 199 |
# File 'lib/sshkey.rb', line 197 def sha1_fingerprint Digest::SHA1.hexdigest(ssh_public_key_conversion).gsub(/(.{2})(?=.)/, '\1:\2') end |
#ssh_public_key ⇒ Object
SSH public key
184 185 186 |
# File 'lib/sshkey.rb', line 184 def ssh_public_key [directives.join(",").strip, SSH_TYPES[type], Base64.encode64(ssh_public_key_conversion).gsub("\n", ""), comment].join(" ").strip end |