Require net-ssh ~> 7.0 for SHA-2 support #203
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Versions of net-ssh before 7.0 do not support the SHA-2 algorithm and result in mrsk not being able to connect to hosts using keys generated with it. net-ssh is also a dependency of sshkit, however, sshkit has a version requirement of >= 2.8.0 for net-ssh, so is not effective at ensuring mrsk has the version it needs to be the most compatible.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a version requirement for the net-ssh gem of ~> 7.0.
Versions of net-ssh prior to 7 do not support the SHA-2 algorithm for RSA client authentication (see https://github.com/net-ssh/net-ssh/blob/master/CHANGES.txt#L21), which will prevent mrsk from connecting to host machines using those keys. In some cases this presented as mrsk being unable to acquire a lock, and in others it was an authentication failure (depending on whether mrsk was trying to execute a command or acquire a lock for further work).
mrsk already requires sshkit, which has a version requirement of net-ssh >= 2.8.0. In many cases, this works well, as the latest version of net-ssh would likely get installed anyway. In some cases where an application uses net-ssh and specifies its own version requirement of >= 2.8.0 and < 7, and uses a SHA-2 key to connect to the host, both mrsk and sshkit would be fine (the bundle version requirements would all succeed), but net-ssh would fail to open a connection and mrsk would fail with one of the issues above.
Please let me know if there's anything else I can do for this PR!
Fixes #180.