Class: Vagrant::Util::SSH

Inherits:
Object
  • Object
show all
Defined in:
lib/vagrant/util/ssh.rb

Overview

This is a class that has helpers on it for dealing with SSH. These helpers don’t depend on any part of Vagrant except what is given via the parameters.

Constant Summary collapse

LOGGER = 
Log4r::Logger.new("vagrant::util::ssh")

Class Method Summary collapse

Class Method Details

.check_key_permissions(key_path) ⇒ Object

Checks that the permissions for a private key are valid, and fixes them if possible. SSH requires that permissions on the private key are 0600 on POSIX based systems. This will make a best effort to fix these permissions if they are not properly set.

Parameters:

  • key_path (Pathname)

    The path to the private key.



22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/vagrant/util/ssh.rb', line 22

def self.check_key_permissions(key_path)
  # Don't do anything if we're on Windows, since Windows doesn't worry
  # about key permissions.
  return if Platform.windows?

  LOGGER.debug("Checking key permissions: #{key_path}")
  stat = key_path.stat

  if stat.owned? && FileMode.from_octal(stat.mode) != "600"
    LOGGER.info("Attempting to correct key permissions to 0600")
    key_path.chmod(0600)

    # Re-stat the file to get the new mode, and verify it worked
    stat = key_path.stat
    if FileMode.from_octal(stat.mode) != "600"
      raise Errors::SSHKeyBadPermissions, :key_path => key_path
    end
  end
rescue Errno::EPERM
  # This shouldn't happen since we verify we own the file, but
  # it is possible in theory, so we raise an error.
  raise Errors::SSHKeyBadPermissions, :key_path => key_path
end

.exec(ssh_info, opts = {}) ⇒ Object

Halts the running of this process and replaces it with a full-fledged SSH shell into a remote machine.

Note: This method NEVER returns. The process ends after this.

Parameters:

  • ssh_info (Hash)

    This is the SSH information. For the keys required please see the documentation of Machine#ssh_info.

  • opts (Hash) (defaults to: {})

    These are additional options that are supported by exec.



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
 
# File 'lib/vagrant/util/ssh.rb', line 55

def self.exec(ssh_info, opts={})
  # Ensure the platform supports ssh. On Windows there are several programs which
  # include ssh, notably git, mingw and cygwin, but make sure ssh is in the path!
  if !Which.which("ssh")
    if Platform.windows?
      raise Errors::SSHUnavailableWindows,
        :host => ssh_info[:host],
        :port => ssh_info[:port],
        :username => ssh_info[:username],
        :key_path => ssh_info[:private_key_path]
    end

    raise Errors::SSHUnavailable
  end

  # If plain mode is enabled then we don't do any authentication (we don't
  # set a user or an identity file)
  plain_mode = opts[:plain_mode]

  options = {}
  options[:host] = ssh_info[:host]
  options[:port] = ssh_info[:port]
  options[:username] = ssh_info[:username]
  options[:private_key_path] = ssh_info[:private_key_path]

  # Command line options
  command_options = [
    "-p", options[:port].to_s,
    "-o", "LogLevel=FATAL",
    "-o", "StrictHostKeyChecking=no",
    "-o", "UserKnownHostsFile=/dev/null"]

  # Solaris/OpenSolaris/Illumos uses SunSSH which doesn't support the
  # IdentitiesOnly option. Also, we don't enable it in plain mode so
  # that SSH properly searches our identities and tries to do it itself.
  if !Platform.solaris? && !plain_mode
    command_options += ["-o", "IdentitiesOnly=yes"]
  end

  # If we're not in plain mode, attach the private key path.
  command_options += ["-i", options[:private_key_path].to_s] if !plain_mode

  if ssh_info[:forward_x11]
    # Both are required so that no warnings are shown regarding X11
    command_options += [
      "-o", "ForwardX11=yes",
      "-o", "ForwardX11Trusted=yes"]
  end

  # Configurables -- extra_args should always be last due to the way the
  # ssh args parser works. e.g. if the user wants to use the -t option,
  # any shell command(s) she'd like to run on the remote server would
  # have to be the last part of the 'ssh' command:
  #
  #   $ ssh localhost -t -p 2222 "cd mydirectory; bash"
  #
  # Without having extra_args be last, the user loses this ability
  command_options += ["-o", "ForwardAgent=yes"] if ssh_info[:forward_agent]
  command_options.concat(opts[:extra_args]) if opts[:extra_args]

  # Build up the host string for connecting
  host_string = options[:host]
  host_string = "#{options[:username]}@#{host_string}" if !plain_mode
  command_options.unshift(host_string)

  # Invoke SSH with all our options
  LOGGER.info("Invoking SSH: #{command_options.inspect}")
  SafeExec.exec("ssh", *command_options)
end