Bill Church

Totally agree, and it looks like some of the logic for dealing with logging in, is handled by that project.

[PassportJS](http://www.passportjs.org/) seems like a logical way to accomplish this, with the ability to extend more in the future...

[0.5.0-dev-0](https://github.com/billchurch/webssh2/releases/tag/0.5.0-dev-0) has the first attempts at getting this working under passport.js /reauth on HTTP Basic isn't working in Chrome now... This might have been a fluke that it worked at...

[0.5.0-dev-1](https://github.com/billchurch/webssh2/releases/tag/0.5.0-dev-1) - New route `/ssh/login/host` to gather `username` and `password` (required) credentials from either GET or POST - readme refactored a bit - PORT, LISTEN_IP, SESSION_NAME, SESSION_SECRET can be set...

Definitely have plans, been struggling with the best way to implement. Taking direct private key is risky. - How to keep key safe server-side (in memory only) - How to...

I do like mTLS and use it for a lot of other things. The main problem here is WebSSH2 isn't actually authenticating anything, it's just passing the credentials to the...

This is not hard to do in practice, however how do we protect those keys? Where do they live? Any thoughts on this one? Integrating with something like a vault...

Will look into this as a future enhancement.

This is a good idea, will look into this. Will most likely need to target 0.5.0 but it may be possible.

Yeah, for better or worse it's Firefox's behavior has been pretty consistent in this regard. Chrome seems to respond to a 401 as you would expect, prompting the client for...