sish icon indicating copy to clipboard operation
sish copied to clipboard

Published 20 hours ago verified publisher icon antoniomika

Restrict public keys to tcp-aliases

Open giezi opened this issue 2 years ago • 6 comments

Hi there

Thanks for the great project!

Just a question: Is it possible to restrict TCP aliases to specific public keys with a matching pattern option (like KEYNAME1-* is allowed to access all TCPALIAS1-* )?

Usecase: allow only specific public keys from a customer to access specific tcp-aliases (with a wildcard option)

Thanks a lot, Reto

giezi avatar May 24 '22 07:05 giezi

Hey @giezi,

Unfortunately, this is not supported by sish (yet). I've been trying to think about an ACL system and how best to manage it.

I'm trying to keep sish as stateless as possible, but have some ideas on how this might be supported in the future. Make sure to stay tuned and keep following the project!

As an aside, if you're using sish for work and are making money from it (totally and completely permissible by the project's license) consider sponsoring the project! Not mandatory by any means, just helps allow me to assign more time to the project and keep adding awesome features :)

Best,

antoniomika avatar May 24 '22 13:05 antoniomika

Hi @antoniomika

Many thanks for the fast feedback :) That would be awesome - our project is at the moment in a PoC stage which doesn't require the ACL system. Once we've completed the PoC and started moving the project further into production, I will talk to my boss regarding the sponsoring :)

Best regards Reto

giezi avatar May 25 '22 09:05 giezi 

The authenticity of host '[ssi.sh]:2222 ([104.225.216.27]:2222)' can't be established.
ED25519 key fingerprint is SHA256:jJDD2ObGNkf9euI7ZVB9Qy+GhZU0FQE1+pUwlvsBVJE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[ssi.sh]:2222,[104.225.216.27]:2222' (ED25519) to the list of known hosts.
[email protected]'s password:

Asking for password not sure which password and where to get it

raghunrv avatar Jun 27 '22 12:06 raghunrv 

The authenticity of host '[ssi.sh]:2222 ([104.225.216.27]:2222)' can't be established.
ED25519 key fingerprint is SHA256:jJDD2ObGNkf9euI7ZVB9Qy+GhZU0FQE1+pUwlvsBVJE.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[ssi.sh]:2222,[104.225.216.27]:2222' (ED25519) to the list of known hosts.
[email protected]'s password:

Asking for password not sure which password and where to get it

I have the same problem... :(

Kalmito avatar Sep 06 '22 10:09 Kalmito

@Kalmito and @raghunrv see issues https://github.com/antoniomika/sish/issues/245

I think I have the same issue as you both.

chmuche avatar Sep 28 '22 07:09 chmuche

The issue the other two above had is because ssi.sh is no longer open to the public. I had to deal with a few people using it for command and control coordination and I did not want to leave that ability up any longer.

@chmuche your issue might be due to how the public keys file is parsed by sish

antoniomika avatar Sep 28 '22 23:09 antoniomika