Open billchurch opened 3 years ago
PassportJS seems like a logical way to accomplish this, with the ability to extend more in the future...
0.5.0-dev-0 has the first attempts at getting this working under passport.js
/reauth on HTTP Basic isn't working in Chrome now... This might have been a fluke that it worked at all, not done trying but this may end up being a breaking change for HTTP Basic in 0.5.0 and we'll support some sort of forms based auth (modal , inline, or otherwise).
/ssh/login/host
to gather username
and password
(required) credentials from either GET or POST ./app/index.js
(f36af08)/ssh/host
route into ./app/server/sessionSetup.js for readability and reuse for #247 for webssh2 changed from WebSSH2
to webssh2
Will webssh2 support public key login with hardware etoken and SafeNet Authentication Client? Is that possible? Would be awesome!
Hello, any plan to add authentication based on a ssh key instead of login / password ?
Definitely have plans, been struggling with the best way to implement.
Taking direct private key is risky.
May be mTLS is what you looking for? )
https://en.wikipedia.org/wiki/Mutual_authentication
https://medium.com/@sevcsik/authentication-using-https-client-certificates-3c9d270e8326
I do like mTLS and use it for a lot of other things. The main problem here is WebSSH2 isn't actually authenticating anything, it's just passing the credentials to the SSH server.
So, using mTLS is intriguing but the private key never leaves the client so even if we supported x509 over SSH we wouldn't be able to use an existing mTLS session to then do x509 to an SSH host.
That being said, ssh-rsa or ssh-dss are the most widely supported methods of getting private keys to a host. Perhaps integrating with something like hashicorp vault or something similar could be an answer. Or be modular enough that having x vendor's vault would be easy to support.
A new method to collect credentials is required to work around browser incompatibilities and support alternate methods of authentication.
Goals of this enhancement: