195 lines
5.1 KiB
Ruby
Executable file
195 lines
5.1 KiB
Ruby
Executable file
#!/usr/bin/env ruby
|
|
|
|
require 'time'
|
|
|
|
module BlackboxSshd
|
|
end
|
|
|
|
class Popen3
|
|
attr_reader :pid, :in, :out, :err
|
|
|
|
def initialize *cmd
|
|
pin, pout, perr = IO.pipe, IO.pipe, IO.pipe
|
|
@pid = Process.spawn *cmd, close_others: true, in: pin[0], out: pout[1], err: perr[1]
|
|
[pin[0], pout[1], perr[1]].map &:close
|
|
@in, @out, @err = pin[1], pout[0], perr[0]
|
|
end
|
|
|
|
def wait(flags=0) Process.wait @pid, flags end
|
|
alias :waitpid :wait
|
|
def wait2(flags=0) Process.wait2 @pid, flags end
|
|
alias :waitpid2 :wait2
|
|
|
|
READ_PARTIAL_BYTES = 10*1024
|
|
|
|
def _io_op xs, io, buf, type, &exe
|
|
if io.eof?
|
|
xs.delete io
|
|
xs.delete_at 0 while xs[0]&.eof?
|
|
else
|
|
buf << io.read( READ_PARTIAL_BYTES)
|
|
while line = buf.slice!( /\A.*?\n/)
|
|
yield line, type
|
|
end
|
|
end
|
|
end
|
|
private :_io_op
|
|
|
|
def each_line &exe
|
|
return LineEnumerator.new( self).each( &exe)
|
|
|
|
return to_enum(__method__) unless block_given?
|
|
xs = [@out, @err]
|
|
outbuf, errbuf = "", ""
|
|
while not xs.empty?
|
|
rs, ws, es = IO.select( xs, nil, xs)
|
|
rs.each do |r|
|
|
if @out == r
|
|
_io_op xs, @out, outbuf, :out, &exe
|
|
elsif @err == r
|
|
_io_op xs, @err, errbuf, :err, &exe
|
|
else
|
|
raise "IO.select returned something else than @out or @err."
|
|
end
|
|
end
|
|
end
|
|
yield outbuf, :out unless outbuf.empty?
|
|
yield errbuf, :err unless errbuf.empty?
|
|
self
|
|
end
|
|
|
|
class LineEnumerator
|
|
include Enumerable
|
|
attr_reader :obj
|
|
|
|
def initialize obj
|
|
@out, @err = obj.out, obj.err
|
|
@xs = [@out, @err]
|
|
@outbuf, @errbuf = "", ""
|
|
end
|
|
|
|
def _io_op io, buf, type, &exe
|
|
if io.eof?
|
|
@xs.delete io
|
|
@xs.delete_at 0 while @xs[0]&.eof?
|
|
else
|
|
buf << io.read( READ_PARTIAL_BYTES)
|
|
while line = buf.slice!( /\A.*?\n/)
|
|
yield line, type
|
|
end
|
|
end
|
|
end
|
|
private :_io_op
|
|
|
|
def each &exe
|
|
return self unless block_given?
|
|
while line = @errbuf.slice!( /\A.*?\n/)
|
|
yield line, :err
|
|
end
|
|
while line = @outbuf.slice!( /\A.*?\n/)
|
|
yield line, :out
|
|
end
|
|
until @xs.empty?
|
|
rs, ws, es = IO.select( @xs, nil, @xs)
|
|
rs.each do |r|
|
|
if @out == r
|
|
_io_op @out, @outbuf, :out, &exe
|
|
elsif @err == r
|
|
_io_op @err, @errbuf, :err, &exe
|
|
else
|
|
raise "IO.select returned something else than @out or @err."
|
|
end
|
|
end
|
|
end
|
|
self
|
|
end
|
|
|
|
def next
|
|
to_enum( :each).next
|
|
end
|
|
end
|
|
|
|
def close
|
|
@in.close unless @in&.closed?
|
|
@out.close unless @out&.closed?
|
|
@err.close unless @err&.closed?
|
|
end
|
|
end
|
|
|
|
class BlackboxSshd::Prober
|
|
DefaultSshOpts = {
|
|
HostbasedKeyTypes: 'ssh-ed25519-cert-v01@openssh.com',
|
|
PreferredAuthentications: :publickey,
|
|
IdentitiesOnly: true,
|
|
IdentityFile: '~/.ssh/id_ed25519'
|
|
}
|
|
|
|
attr_reader :ssh_opts
|
|
|
|
def initialize **ssh_opts
|
|
@ssh_opts = DefaultSshOpts.update( ssh_opts).update BatchMode: true
|
|
end
|
|
|
|
def ssh_opts_list
|
|
@ssh_opts.map do|k,v|
|
|
case v
|
|
when true then "-o#{k}=yes"
|
|
when false then "-o#{k}=no"
|
|
else "-o#{k}=#{v}"
|
|
end
|
|
end
|
|
end
|
|
|
|
def probe hostident
|
|
r = {lines: [], start: Time.now}
|
|
ssh = Popen3.new *%w[ssh -v], *ssh_opts_list, hostident, "true"
|
|
lines = ssh.each_line.to_a
|
|
ssh.close
|
|
r[:status] = ssh.wait2[1]
|
|
r[:stop] = Time.now
|
|
r[:duration] = r[:stop] - r[:start]
|
|
lines.each do |line, type|
|
|
r[:lines].push line
|
|
case line = line.chomp
|
|
when /\Adebug1: Remote protocol version (.*?), remote software version (.*?)\z/
|
|
r[:protocol] = $1
|
|
r[:remote_software] = $2
|
|
when /\Adebug1: Server host key: (.*?)\z/
|
|
r[:host_key] = $1
|
|
when /\Adebug1: Server host certificate: (.*?)\z/
|
|
# ssh-ed25519-cert-v01@openssh.com SHA256:P3b20g3rde66C7kDUF+/rV/CC3s5EaoUoZ35oyxs8aA, serial 43 ID \"host: gtw2\" CA ssh-ed25519 SHA256:9gmtFgVB7VfFE8/UYC22xmToHyDQ23arMQBtsir9w9E valid from 2022-03-02T00:00:00 to 2023-02-25T00:00:00
|
|
meta = $1
|
|
c = {}
|
|
c[:key] = $1 if %r{\A([^ ]+ [^ ]+),} =~ meta
|
|
c[:serial] = $1.to_i if %r{\bserial (\d+) } =~ meta
|
|
c[:id] = $1 if %r{\bID "(.*?)" } =~ meta
|
|
c[:ca] = $1 if %r{\bCA ([^ ]+ [^ ]+) } =~ meta
|
|
if %r{\bvalid from ([^ ]+) to ([^ ]+)\b} =~ meta
|
|
c[:valid_from], c[:valid_to] = Time.parse($1), Time.parse($2)
|
|
end
|
|
r[:host_cert] = c
|
|
when /\Adebug1: Host '(.*?)' is known and matches the (.*?) host certificate.\z/
|
|
r[:host_in_cert], r[:host_cert_type] = $1, $2
|
|
when /\Adebug1: kex_input_ext_info: server-sig-algs=<(.*?)>\z/
|
|
r[:server_sig_algs] = $1.split ','
|
|
when /\Adebug1: Authentications that can continue: (.*?)\z/
|
|
r[:authentications] = $1.split ','
|
|
end
|
|
end
|
|
r
|
|
end
|
|
|
|
def self.probe hostident, **ssh_opts
|
|
self.new( **ssh_opts).probe hostident
|
|
end
|
|
end
|
|
|
|
if __FILE__ == $0
|
|
require 'yaml'
|
|
require 'json'
|
|
r = BlackboxSshd::Prober.probe( ARGV[0])
|
|
STDERR.puts r.delete( :lines)
|
|
STDERR.puts
|
|
puts JSON.parse(r.to_json).to_yaml
|
|
end
|