Works with public keys now, for passwordless operation

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@2000 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

3 files changed, 38 insertions, 12 deletions

diff --git a/switchtower/lib/switchtower/actor.rb b/switchtower/lib/switchtower/actor.rb
index db25ca99c2..012f4a1f55 100644
--- a/switchtower/lib/switchtower/actor.rb
+++ b/switchtower/lib/switchtower/actor.rb
@@ -1,7 +1,7 @@
 require 'erb'
-require 'net/ssh'
 require 'switchtower/command'
 require 'switchtower/gateway'
+require 'switchtower/ssh'
 
 module SwitchTower
 
@@ -12,7 +12,7 @@ module SwitchTower
   # new actor via Configuration#actor.
   class Actor
 
-    # An adaptor for making the Net::SSH interface look and act like that of the
+    # An adaptor for making the SSH interface look and act like that of the
     # Gateway class.
     class DefaultConnectionFactory #:nodoc:
       def initialize(config)
@@ -20,8 +20,7 @@ module SwitchTower
       end
 
       def connect_to(server)
-        Net::SSH.start(server, :username => @config.user,
-          :password => @config.password)
+        SSH.connect(server, @config)
       end
     end
 
@@ -40,7 +39,7 @@ module SwitchTower
     # instances of Actor::Task.
     attr_reader :tasks
 
-    # A hash of the Net::SSH sessions that are currently open and available.
+    # A hash of the SSH sessions that are currently open and available.
     # Because sessions are constructed lazily, this will only contain
     # connections to those servers that have been the targets of one or more
     # executed tasks.
diff --git a/switchtower/lib/switchtower/gateway.rb b/switchtower/lib/switchtower/gateway.rb
index 531c34ba5f..46f8361e9a 100644
--- a/switchtower/lib/switchtower/gateway.rb
+++ b/switchtower/lib/switchtower/gateway.rb
@@ -1,5 +1,5 @@
 require 'thread'
-require 'net/ssh'
+require 'switchtower/ssh'
 
 Thread.abort_on_exception = true
 
@@ -36,9 +36,7 @@ module SwitchTower
 
       @thread = Thread.new do
         @config.logger.trace "starting connection to gateway #{server}"
-        Net::SSH.start(server, :username => @config.user,
-          :password => @config.password
-        ) do |@session|
+        SSH.connect(server, @config) do |@session|
           @config.logger.trace "gateway connection established"
           @mutex.synchronize { waiter.signal }
           connection = @session.registry[:connection][:driver]
@@ -93,9 +91,8 @@ module SwitchTower
 
           begin
             @session.forward.local(port, key, 22)
-            @pending_forward_requests[key] =
-              Net::SSH.start('127.0.0.1', :username => @config.user,
-                :password => @config.password, :port => port)
+            @pending_forward_requests[key] = SSH.connect('127.0.0.1', @config,
+              port)
             @config.logger.trace "connection to #{key} via gateway established"
           rescue Object
             @pending_forward_requests[key] = nil
diff --git a/switchtower/lib/switchtower/ssh.rb b/switchtower/lib/switchtower/ssh.rb
new file mode 100644
index 0000000000..b810f20573
--- /dev/null
+++ b/switchtower/lib/switchtower/ssh.rb
@@ -0,0 +1,30 @@
+require 'net/ssh'
+
+module SwitchTower
+  # A helper class for dealing with SSH connections.
+  class SSH
+    # An abstraction to make it possible to connect to the server via public key
+    # without prompting for the password. If the public key authentication fails
+    # this will fall back to password authentication.
+    #
+    # If a block is given, the new session is yielded to it, otherwise the new
+    # session is returned.
+    def self.connect(server, config, port=22, &block)
+      methods = [ %w(publickey hostbased), %w(password keyboard-interactive) ]
+      password_value = nil
+
+      begin
+        Net::SSH.start(server,
+          :username => config.user,
+          :password => password_value,
+          :port => port,
+          :auth_methods => methods.shift,
+          &block)
+      rescue Net::SSH::AuthenticationFailed
+        raise if methods.empty?
+        password_value = config.password
+        retry
+      end
+    end
+  end
+end