Enhancement to Deeplink: Limited Insecure Access

[mbierman]

Feature description

I would love to see an addition to deeplinks #557

Add a parameter that allows the shell to be opened without access to any saved shells and without verification such as touchID etc. Perhaps something like

ssh://user@host?save=false&secure=false

This would allow quick access to a specific shell without access to other defined shells, which would be secure.

[isontheline]

Hello @mbierman Michael 👋

I don't have understood your need, could you please explain it further?

Add a parameter that allows the shell to be opened without access to any saved shells

When you open a deep link to WebSSH there is no access to the saved shells. You can add a new connection but you can't alter one which has been added by yourself inside WebSSH.

and without verification such as touchID etc

But disabling the WebSSH Touch ID / Face ID from the deep link could result in harmful situations if there is a bug inside WebSSH about your previous statement "allows the shell to be opened without access to any saved shells".

[mbierman]

No worries, sorry it wasn't clear.

One use I have that is perfect for webssh and the new deeplinks is to automate one time connections to a device so I want to be able to use the deeplinks + shortcuts to open the temporary connection and I don't want to have to authenticate WebSSH (I lock it normally to protect the static connections I have defined.

So I want to be able to make a connection but not compromise access to the existing connections.

If I used save=true then I would expect to have to authenticate my WebSSH access to save the connection to WebSSH.

Does that make sense?

[isontheline]

I understand the workflow but my risk appetite is lower.

I can't easily implement a secure way to protect access from your already defined connections. Just take WebSSH under macOS : you can open any other window by using the top menu bar. So you will be able to view all connections as well. It will be hard to implement and to secure.

My root question is now : why would you like to prevent access to your stored connections when using a deep link? Aren't you the only one to access WebSSH on your device?

[mbierman]

Yes I'm the only one with access in theory, but signing in to this temporary account is low risk and having to choose to abandon protection of accounts with saved passwords or this one, which has no saved passwords is a sophie's choice. Having to reauthenticate slows the workflow.

In terms of the challenge, what if the screen to saved accounts was hidden behind the auth flow? If a user can't get to it wouldn't that be reasonably secure?

[isontheline]

But I'm a CISO and I wouldn't trust any deep link to allow the app to be less secure (as it already is) 😬

Workflow slow down only by a very few seconds as you only need your face or finger.

I'm so scared about adding security bugs inside WebSSH.

[mbierman]

If there are security bugs in webssh, this is the least of the problems. :)

I have to say I like the security of locking WebSSH but it is already VERY clunky to put in the password on macOS which is where I would be doing this flow. I have often considered disabling the security because of it but that scares me a bit. But it is precissely because it is clunky on macOS that I thought to ask for this. I suppose if it were really seamless I could live with it, but not as it is now.

[isontheline]

I now understand 😅

On my side I use a keyboard with Touch ID.

Why not considering to disable the WebSSH lock on macOS?

Right now disabling it must be done on macOS and iPadOS at same time (sync) but I can implement different locking on multiple platforms.

[mbierman]

One mac has no touch ID. The other does have it. Even with TouchID auth is clunky. Sometimes the window pops up when I'm not even using WebSSH. Sometimes I'm in another Space or on another monitor... It won't easily go away and if I do get rid of it and then need to actually use webssh I may have to quit and restart it.

This is why I'm asking for an easier way.

[isontheline]

So disabling the lock on your macOS seems to be one solution isn't it?

[mbierman]

To be clear, my macOS always has a password. Just talking about webssh auth here.

Disabling that is a solution. But that means that there is easy access to several machines which is certainly a substantial risk. I'm not sure one I can take. So far I just put up with this, but I've hoped you would improve the auth. If auth was smooth then the deeplink bit would be less important.

[isontheline]

I could take a look at auth process but I won't be able to tell you any ETA though because I'm late to so many issues (and yours also about the refresh glitches)

[mbierman]

Totally understand! I wasn't trying to put time pressure. I appreciate you considering what can be done. You are right to ask for alternative solutions that align with other objectives. As always, many thanks. 🙏🏻