# File lib/net/ssh/verifiers/strict.rb, line 13 def verify(arguments) options = arguments[:session].options host = options[:host_key_alias] || arguments[:session].host_as_string matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options) # we've never seen this host before, so just automatically add the key. # not the most secure option (since the first hit might be the one that # is hacked), but since almost nobody actually compares the key # fingerprint, this is a reasonable compromise between usability and # security. if matches.empty? ip = arguments[:session].peer[:ip] Net::SSH::KnownHosts.add(host, arguments[:key], arguments[:session].options) return true end # If we found any matches, check to see that the key type and # blob also match. found = matches.any? do |key| key.ssh_type == arguments[:key].ssh_type && key.to_blob == arguments[:key].to_blob end # If a match was found, return true. Otherwise, raise an exception # indicating that the key was not recognized. found || process_cache_miss(host, arguments) end