Class: SSHKeyHub::Processor::KeysFilter

Inherits:
Object
  • Object
show all
Defined in:
lib/ssh_key_hub/processor/keys_filter.rb

Overview

SSH public key filter

Instance Method Summary collapse

Constructor Details

#initialize(credentials = {}) ⇒ KeysFilter

Returns a new instance of KeysFilter

Parameters:

  • credentials (Hash) (defaults to: {})

    Hash with keys by username with SortedSets



9
10
11
 
# File 'lib/ssh_key_hub/processor/keys_filter.rb', line 9

def initialize(credentials = {})
  @credentials = credentials.deep_dup
end

Instance Method Details

#add(new_creds) ⇒ Object

Add new credentials to the filter

Parameters:

  • new_creds (Hash)

    Hash with keys by username with SortedSets



15
16
17
 
# File 'lib/ssh_key_hub/processor/keys_filter.rb', line 15

def add(new_creds)
  @credentials.merge!(new_creds) { |_, old_val, new_val| old_val + new_val }
end

#allow(type, min_bits, max_bits = @infinity) ⇒ Object

TODO



20
21
 
# File 'lib/ssh_key_hub/processor/keys_filter.rb', line 20

def allow(type, min_bits, max_bits = @infinity)
end

#reject(type, min_bits = 0, max_bits) ⇒ Object

TODO



24
25
 
# File 'lib/ssh_key_hub/processor/keys_filter.rb', line 24

def reject(type, min_bits = 0, max_bits)
end

#reject_weakHash

Remove weak keys from credentials Currently: any DSA, RSA below 2048 bits, and EC below 256 bits

Returns:

  • (Hash)

    credentials Hash with keys by username with SortedSets



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/ssh_key_hub/processor/keys_filter.rb', line 30

def reject_weak
  @credentials.each do |user, keys|
    keys.delete_if do |key|
      type, bits = SSHKeyHub::Processor::KeyProcessor.new.key_type_and_bits(key)
      puts "testing #{type} with #{bits}"
      case type
      when :DSA
        true
      when :RSA
        bits < 4096
      when :EC
        bits < 256
      else
        puts "[KeysFilter] Allowing UNRECOGNIZED key #{key} for #{user}"
        false
      end
    end
  end
  @credentials
end