Remember instance password across different browser sessions

[hwittenborn]

Hi! Would there be any way for Sshwifty to remember the password/token used to log in to the instance across different browser sessions? I have a fairly complicated password on my instance and having to type it in every single time (even on things like a page refresh) is quite tedious, and it would help tremendously if Sshwifty just remembered a token after entering a password for the first time.

[nirui]

Hi :D

But bad news first: currently, Sshwifty does not save user login credentials on to the disk.

Sshwifty will remember the password until the page is reloaded (refreshed). For security reasons, the records are saved in memory and will not be available for the later sessions.

Before the page is reloaded however, you can directly reuse previous login parameters by simply selecting the connection record under the Known Remote list. The login process in this case should be completely automatic without the need of user input (until the page is reloaded that is) .

[hwittenborn]

Sshwifty will remember the password until the page is reloaded (refreshed). For security reasons, the records are saved in memory and will not be available for the later sessions.

It makes sense that things like SSH keys or other details to connect to servers would be kept in memory, but would it be possible to make it to where the password itself for the instance could persist past that, even if had to be enabled by a config option?

I just want the password to be stored so I don't have to retype it, it would be fine by me if the client still had to authenticate with the stored password and retrieve details on available servers every time, since that would be done in the background with no user intervention anyway, right?

[nirui]

Web browser is a dynamic and complex environment. Data stored inside a web browser might be accessible not only by Sshwifty, but also by extensions, injected scripts and services hosted under the same hostname (if the user hosts their instance in this manner).

Because of that, I don't think it is responsible for me to enable such feature knowing some users might upload their secret password and/or private key to the web page to be stored in long-term. Sorry, I'm afraid I cannot do that at my end since it effects too many users :(

If you got really annoyed by this behavior, please consider switch to Private Key authentication method by creating a SSH key pair to be used specifically in Sshwifty. That way, you only need to load a file instead of typing the password.

And if that's not an option, you can modify the software to add credential data as part of data stored in persistent storage (here is an example on how it's done).