pro.webssh.net icon indicating copy to clipboard operation
pro.webssh.net copied to clipboard

Published 20 hours ago verified publisher icon isontheline

Add connection history logging : Audit

Open jedis00 opened this issue 1 year ago • 17 comments

Feature description

A log that shows connection history, including the duration of the connection.

jedis00 avatar Jun 08 '23 13:06 jedis00

Nice issue!

Could you tell me more about your request? What about the history? How much kind of data should WebSSH store?

Have a nice day @jedis00 ☀️

isontheline avatar Jun 08 '23 19:06 isontheline

Something similar to this, but also capture the duration of the session, if possible. Just some text. Don't really need history, though that would be interesting to capture and allow to view it later.

Yesterday box1 6/8/23 8:08PM - Duration 1h 4m box2 6/8/23 8:08PM - Duration 4h 4m box4 6/8/23 8:08PM - Duration 5h 4m

6/6/23 box12 6/6/23 8:08PM - Duration 5h 4m box18 6/6/23 8:08PM - Duration 3h 4m

jedis00 avatar Jun 08 '23 23:06 jedis00

Thank you @jedis00 for your reply and details 🙏

isontheline avatar Jun 09 '23 20:06 isontheline

This would be a lot more useful if the IP address of the connection was also noted.

mbierman avatar Jun 12 '23 01:06 mbierman

This would be a lot more useful if the IP address of the connection was also noted.

Can't hurt to also throw that in, but I would seriously question whether people are memorizing IP addresses or making use of the friendly name on the connection itself.

jedis00 avatar Jun 13 '23 17:06 jedis00

Which place would be perfect for accessing this feature?

Long press / right click on the connection > View connections history?

isontheline avatar Jun 13 '23 17:06 isontheline

@isontheline If I had to pick, Long press on connection along side Edit, etc.

@jedis00 IP is crucial. Someone can see if some strange IP (pretending to be a friendly, known device) is accessing a connection. Gmail is a great example. (Location of access based on IP would also be nice)

mbierman avatar Jun 13 '23 18:06 mbierman

@isontheline If I had to pick, Long press on connection along side Edit, etc.

Thanks !

@jedis00 IP is crucial. Someone can see if some strange IP (pretending to be a friendly, known device) is accessing a connection. Gmail is a great example. (Location of access based on IP would also be nice)

I would like more information about these data : IP and Location As WebSSH will only log you own device IP and your own device location, why these informations would be helpful as only your device will access your servers. If anyone else access your servers it will be outside WebSSH and so the connections history is useless.

Or perhaps I have misunderstood the need?

isontheline avatar Jun 13 '23 18:06 isontheline

@mbierman My feature was to log my device connecting to my servers. I'm not sure it would be entirely helpful to see my own IP address there, as someone would need to steal my phone, unlock the device, and then try to login to a server with this app. At that point, I'd be looking at server logs and not something in the app, since I wouldn't have access to the device.

jedis00 avatar Jun 13 '23 18:06 jedis00

Termius app has a similar feature if you'd like to see what they're doing.

jedis00 avatar Jun 13 '23 18:06 jedis00

On macOS the history shows all attempts on same list on the sidebar : image

isontheline avatar Jun 13 '23 18:06 isontheline

@isontheline

url1

url2

jedis00 avatar Jun 13 '23 19:06 jedis00

Here's a gmail example.

image

This is important to be aware of logins are happening. My thought is this: Right now the biggest concern I have about WebSSH is the storing of credentials. So, say that is somehow compromised. Say someone either gets access to them or, picks up a device with webssh installed. If I see that a particular device is at an IP it shouldn't be at, or, a device I don't recognize is using WebSSH to access servers that is worrisome. If you are going to log access the log should include the public IP something was done from.

mbierman avatar Jun 13 '23 23:06 mbierman

Here's a gmail example.

image

This is important to be aware of logins are happening. My thought is this: Right now the biggest concern I have about WebSSH is the storing of credentials. So, say that is somehow compromised. Say someone either gets access to them or, picks up a device with webssh installed. If I see that a particular device is at an IP it shouldn't be at, or, a device I don't recognize is using WebSSH to access servers that is worrisome. If you are going to log access the log should include the public IP something was done from.

Enable FaceID and iCloud. Then you’re fine. What you’re proposing doesn’t really make sense. I want to be able to see the last time I connected to servers. Not others.

jedis00 avatar Jun 13 '23 23:06 jedis00

I have FaceID and iCloud enabled, thanks. ;)

For me, this feature is almost useless without the additional info.

mbierman avatar Jun 13 '23 23:06 mbierman

I have FaceID and iCloud enabled, thanks. ;)

For me, this feature is almost useless without the additional info.

What you’re proposing should be handled on the server and not the client. You’re describing a centralized solution, when this app is all client side storage of credentials and backup to iCloud. Apple doesn’t alert you when your Apple ID is already used on a known device where you’re logged in — no reason to expect any different with a ssh client on your iDevice.

putty, Zoc, Termius, and ssh cli do not do what you’re suggesting either. You’d be looking to the server logs and implementing some king of alerting/monitoring approach.

Feel free to make your own feature enhancement ;)

jedis00 avatar Jun 14 '23 00:06 jedis00

Feel free to make your own feature enhancement ;)

Wow. I could say the same about your request. I'm done with this thread.

mbierman avatar Jun 14 '23 00:06 mbierman