ssh-chat icon indicating copy to clipboard operation
ssh-chat copied to clipboard

Published 20 hours ago verified publisher icon shazow

whitelist: Allow forcing a username in the pubkey comment field

Open patatetom opened this issue 7 years ago • 10 comments

hi,

the comment, if present, could it be used as a nickname ? combined with the removal of the /nick command, this could allow the server administrator to set user nicknames...

regards.

patatetom avatar May 07 '18 09:05 patatetom

Your comments aren't shared with the server, they're just parsed by your ssh client, so there is nothing ssh-chat can do about this.

shazow avatar May 07 '18 14:05 shazow

We have some issues about username registration though that you might like. Please check our existing issues. :)

shazow avatar May 07 '18 15:05 shazow

I was talking about the comment that can be added at the end of the public key inserted in the white list and maintained by the server administrator (this public key = this nickname).

thanks for ssh-chat.

patatetom avatar May 09 '18 06:05 patatetom

Oh, you mean for the public key whitelisting feature? That's an interesting idea.

shazow avatar May 09 '18 14:05 shazow

@shazow I believe in ssh-chat, the public keys that admins paste into the whitelist file can't contain the comment typically found in people's public keys? Is that true?

davidpellerin avatar May 10 '18 14:05 davidpellerin

@davidpellerin I don't know off the top of my head, but is there any reason why that can't be fixed either way?

shazow avatar May 10 '18 14:05 shazow

@shazow I think currently I am pasting in public keys without the comments at the end, which makes it confusing to remember who I've whitelisted... I could be wrong about this, but it would be awesome if we could allow those comments to be supported at the end of each line in the whitelist file. Because if I want to revoke a user's access, right now I have to figure out who owns which key.

davidpellerin avatar May 10 '18 14:05 davidpellerin

@davidpellerin Could you confirm it doesn't already work and open an issue for this please?

shazow avatar May 10 '18 15:05 shazow

@shazow Looks like I can't seem to reproduce it! (this is a good thing!) thanks!

davidpellerin avatar May 10 '18 15:05 davidpellerin

I use these added comments without any problem in my whitelist.

I also have a small script that regenerates the motd from the whitelist entries and restart ssh-chat :

cat ./whitelist 
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAslc3lKVnC4njbIPc1Ktuz+DKC7I1p+6uskwABo2ALcXdOHSxmimbHc5+uDsXUnVddLP2Gzrbnp4ugvXcEJY3IjrT1MsIEfgACd5dCpMwHGFV7TlZhxXzCXV1DwbwtI5mSNs4olcL6mtuWnal2Ms9LjhEYpojbhwaCe/aTYIRqKGf12FIsi7OF7y+mQW1JXfobl+rhor5ECndVkJx2rx6piLi8kKEkCdHNBjojZ1VTIL5xlkqitRL9nNUfKKHtNWv8v+cYbe7LXnX2vZFC/GHmIEOts9mmF2ftKPRsmR36Ur+Kon+rNFthAqj0s3+4dqv+uyAaAC4K9KCYVooQBdHzQ== Alice
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAteIlB8GO+H3Okrn7NDgdN4/kjnggyzombFXLbVuzqLLFSXzZvjm3vVzVEEVThMOwzsZBIC0/ZR6DbkuB89TQcOpbVDYAJd7lYFTSyMzdtRD/ahSDIWN1Z9EjAqq3D65Y+ajdbLj2uvVKGVWcu0YkIL6CwHJU0CMTK//BOG7ycdY/nO5lRmG+wZPJsIVIYAPwVdcwesGKGAY4lfcV745IC9eTbUqqUDT8HYaDOEc+wekBetwO0TxutF+iT7lZTdkSLynfnsdBsy3zwrbWqSR+FbMmQH4/mCPALspDz/YjAIw/44sgFB3rESGIsWd9Lw8c0evc0U8bZ9683WFWMrfuXw== Bob

#!/usr/bin/bash
clear > ./motd
printf "\n\033[91mHello\033[0m (/help for help)\n\n" >> ./motd
ssh-keygen -lf ./whitelist | awk '{print substr($2, 8), $3}' | sort -k 2 | tee -a ./motd
systemctl restart ssh-chat

cat ./motd

Hello (/help for help)

w7AYQn3pGt2trXu/MhLsUaruVWqMjSVLcCi/SkRWHNI Alice
53UhutGBzeUi4o5VA4N5vMaiAOsvBkqsFwO96XXWyzM Bob

patatetom avatar May 11 '18 07:05 patatetom