metasploit-framework/lib/net/ssh/verifiers/lenient.rb

30 lines
1.0 KiB
Ruby

require 'net/ssh/verifiers/strict'
module Net; module SSH; module Verifiers
# Basically the same as the Strict verifier, but does not try to actually
# verify a connection if the server is the localhost and the port is a
# nonstandard port number. Those two conditions will typically mean the
# connection is being tunnelled through a forwarded port, so the known-hosts
# file will not be helpful (in general).
class Lenient < Strict
# Tries to determine if the connection is being tunnelled, and if so,
# returns true. Otherwise, performs the standard strict verification.
def verify(arguments)
return true if tunnelled?(arguments)
super
end
private
# A connection is potentially being tunnelled if the port is not 22,
# and the ip refers to the localhost.
def tunnelled?(args)
return false if args[:session].port == Net::SSH::Transport::Session::DEFAULT_PORT
ip = args[:session].peer[:ip]
return ip == "127.0.0.1" || ip == "::1"
end
end
end; end; end