search

antoniomika / sish

HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.
https://ssi.sh
MIT License
3.84k stars 297 forks source link

Feature request: allow reading password from file #299

Closed amospalla closed 3 months ago

amospalla commented 3 months ago

Hello,

actualy sish allows setting a password with the --authentication-password= parameter but that exposes the password to any local user who is able to list processes.

The request would be to add a parameter like --authentication-password-file= which tells sish to read a password from the specified file, this way it can not be read by anyone except by the user executing the process.

antoniomika commented 3 months ago

This is actually already supported. You can use a config file (like this) to provide any command line flags (including password).

I've also just fixed environment variable settings as well. So you can provide it as an env var by setting: SISH_AUTHENTICATION_PASSWORD. The env setting follows a similar template for all other variables, SISH_ followed by the setting in uppercase, with the - replace with a _.

Hope this helps!

amospalla commented 3 months ago

Oh, I've searched for this before and never found it, obviously I didn't search well enough.

I was convinced something like this didn't exist.

Thank you very much.

antoniomika commented 3 months ago

Not a problem! We've overhauled the sish documentation but probably could do a better job of highlighting the different ways to configure it!