kvm-switch icon indicating copy to clipboard operation
kvm-switch copied to clipboard
Published 3 years ago verified publisher icon timgws

Implement SSL for connections

Open timgws opened this issue 3 years ago • 2 comments

Currently, there is no SSL on the HTTP API/Websocket connection.

timgws avatar Jun 05 '22 03:06 timgws

Would be nice to have, indeed. Sending keystrokes over LAN (which will include passwords) is very risky if you have some nasty eavesdropper. Some kind of pairing/trusting process to safely exchange keys would be OK.

pataquets avatar Dec 11 '22 18:12 pataquets

We do not send keystrokes over WebSockets at the moment, all key presses are sent over USB.

This is not as serious an issue as is being made out.

Sending keystrokes over LAN (which will include passwords) is very risky if you have some nasty eavesdropper.

We don't ever do this. The KVM controller (eg, https://connectpro.com/products/udp2-14ap-displayport-1-4-kvm-switch-for-dual-monitors-and-4-systems) is responsible for sending keys directly to the machine over USB.

What we (currently) don't do, is send the requests for swapping the inputs over SSL. This is much less of a security issue, however, still should be resolved by moving the websocket connection to https.

timgws avatar Dec 11 '22 23:12 timgws