search

billchurch / webssh2

Web SSH Client using ssh2, socket.io, xterm.js, and express. webssh webssh2
MIT License
2.36k stars 536 forks source link

Connecting by private key ask about passphrase #360

Closed marcus2vinicius closed 3 months ago

marcus2vinicius commented 8 months ago

Hi guys, Im trying to connect based on this post : image https://github.com/billchurch/webssh2/issues/209

and Im receiving this error

marcus@marcus-laptop:~$ docker run --name webssh2 -p 2222:2222 -v /home/marcus/Downloads/temp/app1/app/config.json:/usr/src/config.json billchurch/webssh2
WebSSH2 service reading config from: /usr/src/config.json
WebSSH2 service listening on 0.0.0.0:2222
(node:1) UnhandledPromiseRejectionWarning: Error: Cannot parse privateKey: Encrypted private OpenSSH key detected, but no passphrase given
    at Client.connect (/usr/src/node_modules/ssh2/lib/client.js:261:15)
    at setupConnection (/usr/src/server/socket.js:223:12)
    at Namespace.appSocket (/usr/src/server/socket.js:249:3)
    at Namespace.emit (events.js:412:35)
    at Namespace.emitReserved (/usr/src/node_modules/socket.io/dist/typed-events.js:56:22)
    at /usr/src/node_modules/socket.io/dist/namespace.js:141:26
    at processTicksAndRejections (internal/process/task_queues.js:77:11)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:1) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1)
(node:1) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Any idea about that?

billchurch commented 8 months ago

Didn't implement decrypting password-protected private keys so you need to have a decrypted private key. It all sounds like a bad idea... You either store that password with a secrets manager or you put your decrypted private key in the secrets manager. So, i guess you might as well do it that way. That being said, the way this is implemented it would require the private key to be on the filesystem anyway since it's currently got to be in config.json...

Maybe env is the way to approach this but I'm always uncomfortable with creds being anywhere which is why this originally was set to use basic auth and the creds are passed vs being sourced. Not perfect but it's something.