sshportal icon indicating copy to clipboard operation
sshportal copied to clipboard

Published 20 hours ago verified publisher icon moul

How to connect sshportal

Open LeoChbiao opened this issue 2 years ago • 4 comments

Actual Result / Problem

Hi everyone,

I am newer about the SSH protocol。After I received the connect link from my IT engineer,I used the following command: ssh -l invite:xxxxxxxx -p 2222 172.16.0.5,Then I am required to input the password,It is very strange. I queried in the repository,there is a reminder: If the association fails and you are promted for a password, verify that the host you're connecting from has a SSH key set up or generate one with ssh-keygen -t rsa At last,I created a SSH key in my own PC and executed the command again, it works.

Expected Result / Suggestion

Does anyone who can help to explain the sshportal principles?Why I need to create SSH key in my own PC for the first time

LeoChbiao avatar Jan 10 '23 01:01 LeoChbiao

@LeoChbiao It will remember your public key when you first connect your portal using -l invite:xxxxxx , of course you can specify one key using ssh -i path_to_your_key other than the default one (.ssh/id_rsa or .ssh/id_ec25519 or something else). If you do not have a key, you should set up one.

I guess, the reason why can not use password to connect portal, is password should be paired with a login name but sshportal take login name to identify your target as ssh -l your_target.

slawdan avatar Jan 20 '23 03:01 slawdan

I guess, the reason why can not use password to connect portal, is password should be paired with a login name but sshportal take login name to identify your target as ssh -l your_target.

There is no technical reason why it can't scan the database for a user with that password, and select that user, exactly how it does for keys.. That being said, just no...

SSHPortal's "password" support is a stub which accepts a password, check if you are logging in as "healthcheck" and if so, accepts a healthcheck query. If your username is not "healthcheck", the password request is denied.

I didn't like this, because it meant anytime anyone used ssh without a key, they would get a password prompt. This has a tendency to encourage bots and hackers, so I permanently disabled it in the source.

systemmonkey42 avatar Feb 16 '23 00:02 systemmonkey42

Sorry to comment on this after so long, but I'm having the same issue. I already have an ssh key generated and creating a new one doesn't help.

scarzehd avatar Mar 22 '24 00:03 scarzehd

@scarzehd

I can't help on this specific issue but know that this project is no longer maintained. You may take a look at our fork which is up to date and includes multiple security improvements / fixes but keep in mind that our fork is on MAINTENANCE mode and only security issues and major bugs will be fixed. We don't plan to add and accept new features.

Honestly, you should consider choosing another SSH bastion :

  • https://github.com/warp-tech/warpgate (seems promising but is maintained by only 1 person)
  • https://github.com/gravitational/teleport (maintained by a company)

libvoid avatar Apr 04 '24 16:04 libvoid