jpillora
Require/generate --auth username:$(random password...) by default
Considering the power of the tunnel that chisel creates (it gives access to all localhost ports by default, without authentication!) it would be prudent to force users to supply some sort of credentials by default when starting the chisel server.
When starting the server without --auth, it should autogenerate some credentials.
Alternatively, maybe there could be a simpler way to specify authorization rules than the users.json file. I think whiltelisting should be used for ports, so that by default, no ports are accessible.
We can use chisel to ssh into servers from within restrictive networks that only allow http traffic. But for that purpose, we only need access to port 22 on the server running chisel server, not all the rest of ports.
Agreed, a default --auth $(whoami):$(random password) and an explicit --auth none would have be better. Main problem is that this is a breaking change. Many people use the docker image, many people use chisel for production workflows, so I think the only way forward here is to release this in a v2
