CasaOS icon indicating copy to clipboard operation
CasaOS copied to clipboard

Published 20 hours ago verified publisher icon IceWhaleTech

Key authentication

Open H4K0N42 opened this issue 2 years ago • 1 comments
trafficstars

Is your feature request related to a problem? Please describe. When I expose port 80 to the internet, I don't want a password as protection

Describe the solution you'd like Key authentication like on this side: https://www.elster.de/eportal/login/softpse

Describe alternatives you've considered 2FA with Phone

Additional context image

H4K0N42 avatar Jun 27 '23 10:06 H4K0N42

Yes, please do this!! I really really need this!

Circlewarrior08 avatar Feb 25 '24 04:02 Circlewarrior08

I honestly wouldn’t make anything but a simple website public on port 80 - making CasaOS public on port 80 sounds like a recipe for disaster but I digress!

That said, I’m all up for secure access to CasaOS (and its services) and multiple ways of implementing it.

something to try: install WG Easy (it’s in one of the AppStores too) - I couldn’t believe how butt simple it was to create a Wireguard tunnel and have access to your local network. It’s like magic, you flip the VPN switch and your phone acts like it’s connected over WiFi at home. I was able to ssh into and administrate local servers and even bring up Emby on my phone and start streaming music while driving! very very cool and quite thankful for CasaOS (and friends!) for making security this easy - I’ve had servers hacked so this was my biggest block for like 15 years.

udance4ever avatar Apr 26 '24 22:04 udance4ever

Describe the solution you'd like Key authentication like on this side: https://www.elster.de/eportal/login/softpse

I like this example though. I have Yubikeys I would love to use for authentication inside my tunnel.

this issue could be merged with https://github.com/IceWhaleTech/CasaOS/issues/671

udance4ever avatar Apr 26 '24 22:04 udance4ever

@udance4ever

Yes, I have now also set up Wireguard tunnels. I only expose the ports that need to be available. Anyway, thanks for the advice

H4K0N42 avatar Apr 26 '24 22:04 H4K0N42

@H4K0N42 noticed you closed this. I think you requested a very valuable feature as the transition to more secure forms of authentication is not exactly a straight forward one (it’s kinda a mess if you haven’t experienced it yourself - just look at eBay’s implementation). This is an opportunity for CasaOS to leapfrog and show what secure access to our own self-hosted data looks like and do away with all our passwords of the past! Do you not agree?

udance4ever avatar Apr 27 '24 06:04 udance4ever