Support Passwords

[supertylerc]

Hi!

First, this project is pretty awesome. Thank you for this!

I have a need for password-based authentication. The use case is network devices which authenticate on the backend to RADIUS or TACACS+. This grants centralized account management, but it doesn't allow for SSH keys.

I have a local patch that gives me this feature, but I would prefer not having to maintain my own fork for the sake of interactive passwords.

Would you be open to a pull request that implements the feature? Basically, the code checks to see if a particular user has the password key set to yes, and if so, it prompts for a password. I'm not sure what implications this may have elsewhere, but it serves my particular use case pretty well.

Thanks!

[anazmy]

Hey there,

Thanks a lot for the nice words, for password based authentication, yes, please go ahead and submit a PR, just check the branch you're using as I have added integration with freeipa with some differences in the code base.

Second, for network devices, that's an interesting use case I didn't have in mind, I was aiming to monitor ssh sessions on Linux servers and later check on windows (rdp) sessions, I have to think about including this use case specially with freeipa in the picture,but like I said password auth is indeed good to have.

[supertylerc]

Thanks! Which branch should I be using? master or phase0-freeipa?

[anazmy]

Master, as freeipa branch should be relying on ssh-keys and later kerberos tickets,though I have to handle this exception as well in freeipa branch.

Btw have you tested it with Linux servers? Any feedback?

[supertylerc]

I'm currently using it for labbing. I haven't tried it on Linux servers of any sort of scale (just one), but it vastly improves my labbing experiences. Right now, the only thing that's really bothering me from an end user perspective is that any sort of problem causes the application to close, which boots me from my SSH connection to the gateway host. I would much prefer that it tell me there was a problem and then return me to the node selection screen.

For reference, my lab currently consists of 15 network devices of various types. I haven't looked at any of the security-related features yet. Just getting started. Currently primarily using it as a gateway/jump host and less as a security aid. I do plan on examining the security features of the next month or two, though, and potentially deploying it for production use.

[anazmy]

You're absolutely right , I had the same feeling when I faced issue #10 , I'm thinking now on best way to provide error message on the screen and failing user back to the selection menu .