sshwifty
sshwifty copied to clipboard
nirui
Feature request
Hi.
Your work is brilliant. However, I would be even happier if you could add an interactive login feature in addition to password and public key authentication. This is important to me because TOTP authentication works on our SSH server.
Thanks in advance!
I'm currently working on another project of mine, which consumed almost all of my free time.
However, I do have plan to add interactive login in the future, after the project I'm working on is finished of course. So stay tuned :)
@nirui Because it's related to public key auth... Is it possible to use a hardware eToken via SafeNet Authentication Client to login?
@pwFoo Only if the eToken works by generating a random number which user must read and submit during the authentication (KeyboardInteractive Authentication to be specific).
It's hard to support a hardware if the hardware doing something completely proprietary. Addition to that, you still don't want to let a Web based program to handle sensitive information.
By the way, KeyboardInteractive Authentication will be added eventually. However, the process is blocked by another project of mine, which is the reason of why there are so little improvements done to this project recently.
Private and public key is stored on the etoken. Private key isn't exportable for security! Browser interacts with the etoken with a Chrome Browser or SafeNet Authentication Client popup:
I try to use that kind of public key auth for ssh. That feature works fine with SecureCRT ssh client.
@pwFoo SecureCRT works differently since it's a native program that can directly communicate with the operating system, that means SecureCRT can access all the API that the OS provides, such as CryptoAPI which some eToken are compatible with.
Sshwifty on the other hand, is a web page lives inside a web browser sandbox, it cannot access those APIs. In fact, Sshwifty cannot even handle SSH connections without it's backend (it also means the private key must be send to the backend through network in order to establish a SSH connection).
Simply put, Sshwifty and all the web SSH clients like it are way less secure than native programs such as SecureCRT. If you really care about security, maybe a web SSH isn't a good idea :-)
I'll buy an eToken myself to see if I can figure something out, BUT please don't raise any hope on this. I think my best bet is to turn Sshwifty into a native software, but that would take very long time, so :-P
Thanks for your explaination! It's possible to authenticate clients with smartcard via browser. So I just hoped that would be possible to use that api / way to use etoken key auth :)
@pwFoo My guess is, the SafeNet installer deployed a web browser plugin for your computer, the plugin acts like a bridge between the web page and the operating system.
But I think the plugin is proprietary, so...
Any news in this topic? You would make me very happy with the interactive login feature :)
Hi szom1,
Sorry but I'm afraid this will not happen any time soon, because I have quite a few things going on at this moment, most significantly:
-
My Internet is not very stable at this moment, it takes me 2 minutes to open this page, and 6 hours or more just to update the dependencies. It's really hard to work under such bad connections when all of the components/docs are online-only
-
I brought a new Lenovo ThinkPad laptop few days ago but that computer really troubles me. Currently it's sitting in the local Lenovo service center to get it's mainboard replaced because yesterday it totally failed to boot. The actual repair might happen in later weeks when the parts arrived.
The only computer I have right now is a DELL laptop from 2009, it's a Intel Core 2 Duo machine with 4G of RAM. Running VS Code alone is a challenge, it suffers even more when I woke up the whole
npmfamily :) (But I love it, it runs for months at a time without a shutdown, it does whatever I asked for and never cause me trouble. Well, I guess fuck Lenovo) -
Most importantly however, is another project of mine which is the main cause of the delay. The project itself could be huge if I can finish it, and Sshwifty will benefit a great deal from the project as well, so I think the delay is worthy.
Currently I'm working on the most complex part of the project (called Peer Manager, see screenshot below), but sadly I have to redesign it a few times (thus the time cost). I know it sounded like a excuse/delay tactic, but really it's not, I'm actually working on the project almost every day in the past year, there is the proof if you're interested to see it:
(Note the last commit was in Sat, Jun 18)
I know all of those things are still small, but I'm also a small individual doing small things, I have to settle those things down one by one in order to continue to introduce big changes into this project, which takes time and energy.
But of course, I did some research in the meantime, specifically on Web Authentication (WebAuthn) standard, which should enables the ability for web browsers/web pages to use USB security keys & fingerprint reader (/platform authenticator) authentication etc without third-party plugins. I can't test most features of WebAuthn because my old computer does not support the hardware, which is the reason why I brought the ThinkPad in the first place.
Well, I guess that concludes the current states of Sshwifty. I'll keep you posted if there is anything worth updating. Sorry again for the delay.
Hi
Thanks for the detailed explanation. Currently I am using another webssh client which is not as nine as yours but useable. So until then I will use that one.
Thanks again. Have a nice day!
Ákos
Sent from myMail for iOS
- June 21., Tuesday 13:57 +0200 from @.*** @.***>:
Hi szom1, Sorry but I'm afraid this will not happen any time soon, because I have quite a few things going on at this moment, most significantly: * My Internet is not very stable at this moment, it takes me 2 minutes to open this page, and 6 hours or more just to update the dependencies. It's really hard to work under such bad connections when all of the components/docs are online-only * I brought a new Lenovo ThinkPad laptop few days ago but that computer really troubles me. Currently it's sitting in the local Lenovo service center to get it's mainboard replaced because yesterday it totally failed to boot. The actual repair might happen in later weeks when the parts arrived. The only computer I have right now is a DELL laptop from 2009, it's a Intel Core 2 Duo machine with 4G of RAM. Running VS Code alone is a challenge, it suffers even more when I woke up the whole npm family :) (But I love it, it runs for months at a time without a shutdown, it does whatever I asked for and never cause me trouble. Well, I guess fuck Lenovo) * Most importantly however, is another project of mine which is the main cause of the delay. The project itself could be huge if I can finish it, and Sshwifty will benefit a great deal from the project as well, so I think the delay is worthy. Currently I'm working on the most complex part of the project (called Peer Manager, see screenshot below), but sadly I have to redesign it a few times (thus the time cost). I know it sounded like a excuse/delay tactic, but really it's not, I'm actually working on the project almost every day in the past year, there is the proof if you're interested to see it:
(Note the last commit was in Sat, Jun 18) I know all of those things are still small, but I'm also a small individual doing small things, I have to settle those things down one by one in order to continue to introduce big changes into this project, which takes time and energy. But of course, I did some research in the meantime, specifically on Web Authentication ( WebAuthn ) standard, which should enables the ability for web browsers/web pages to use USB security keys & fingerprint reader (/platform authenticator) authentication etc without third-party plugins. I can't test most features of WebAuthn because my old computer does not support the hardware, which is the reason why I brought the ThinkPad in the first place. Well, I guess that concludes the current states of Sshwifty. I'll keep you posted if there is anything worth updating. Sorry again for the delay. — Reply to this email directly, view it on GitHub , or unsubscribe . You are receiving this because you authored the thread. Message ID: <nirui/sshwifty/issues/55/1161649709 @ github . com>
Hi Thanks for the detailed explanation. Currently I am using another webssh client which is not as nine as yours but useable. So until then I will use that one. Thanks again. Have a nice day! Ákos Sent from myMail for iOS 2022. June 21., Tuesday 13:57 +0200 from @.*** @.***>: … Hi szom1, Sorry but I'm afraid this will not happen any time soon, because I have quite a few things going on at this moment, most significantly: * My Internet is not very stable at this moment, it takes me 2 minutes to open this page, and 6 hours or more just to update the dependencies. It's really hard to work under such bad connections when all of the components/docs are online-only * I brought a new Lenovo ThinkPad laptop few days ago but that computer really troubles me. Currently it's sitting in the local Lenovo service center to get it's mainboard replaced because yesterday it totally failed to boot. The actual repair might happen in later weeks when the parts arrived. The only computer I have right now is a DELL laptop from 2009, it's a Intel Core 2 Duo machine with 4G of RAM. Running VS Code alone is a challenge, it suffers even more when I woke up the whole npm family :) (But I love it, it runs for months at a time without a shutdown, it does whatever I asked for and never cause me trouble. Well, I guess fuck Lenovo) * Most importantly however, is another project of mine which is the main cause of the delay. The project itself could be huge if I can finish it, and Sshwifty will benefit a great deal from the project as well, so I think the delay is worthy. Currently I'm working on the most complex part of the project (called Peer Manager, see screenshot below), but sadly I have to redesign it a few times (thus the time cost). I know it sounded like a excuse/delay tactic, but really it's not, I'm actually working on the project almost every day in the past year, there is the proof if you're interested to see it: (Note the last commit was in Sat, Jun 18) I know all of those things are still small, but I'm also a small individual doing small things, I have to settle those things down one by one in order to continue to introduce big changes into this project, which takes time and energy. But of course, I did some research in the meantime, specifically on Web Authentication ( WebAuthn ) standard, which should enables the ability for web browsers/web pages to use USB security keys & fingerprint reader (/platform authenticator) authentication etc without third-party plugins. I can't test most features of WebAuthn because my old computer does not support the hardware, which is the reason why I brought the ThinkPad in the first place. Well, I guess that concludes the current states of Sshwifty. I'll keep you posted if there is anything worth updating. Sorry again for the delay. — Reply to this email directly, view it on GitHub , or unsubscribe . You are receiving this because you authored the thread. Message ID: <nirui/sshwifty/issues/55/1161649709 @ github . com>
Sorry to reply on such a old issue. This might not be much of a solution but you can use HTTP auth.
Hi Nirui,
I see you are working again on this project. What do you think will you have a little time to work on the keyboard interactive login method? Thanks for your answer in advance!
I'm still in maintenance mode, i.e. doing security patch and fixes etc as a responsible person should.
However, I still got quite a few out-of-band/unrelated problems (actually, more and more) in hand before working on anything big here.
Due to that, I'm afraid if the feature request not critical (like a security vul or something breaks the software), it will be delayed until I get back.
Sorry :(