require keyauth per default to increase security

tmate-io / tmate

Instant Terminal Sharing

https://tmate.io/

Other

5.61k stars 299 forks source link

Open jonasstein opened 4 years ago

jonasstein commented 4 years ago

I suggest that tmate requires public key authentication to increase the security per default. (security by design)

It should not fall back to the unsafe keyless mode, if the key is not found.

tmate --ignorekey should overwrite this requirement and allow the more insecure mode.

rzbrk commented 4 years ago

I fully support this!

nviennot commented 4 years ago

How would that work for HTML5 clients?

jonasstein commented 4 years ago

The server can set tmate --ignorekey, to fall back to the less secure method, if the HTML5 client can not handle public key authentication.