feat: ssh pam

[sheensantoscapadngan]

Description 📣

This PR adds SSH PAM (Privileged Access Management) support to the Infisical CLI, enabling users to establish SSH sessions through the Infisical Gateway with automatic credential injection and session recording.

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

Tests 🛠️

# Here's some code block to paste some code snippets

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

[greptile-apps]

Greptile Summary

• Implements SSH PAM support with automatic credential injection, session recording, and transparent proxy architecture for privileged access management
• Introduces critical security vulnerabilities: unauthenticated client access (NoClientAuth: true) and MITM-vulnerable target connections (ssh.InsecureIgnoreHostKey())
• Stores sensitive credentials (passwords, private keys) in memory without explicit zeroing, vulnerable to memory dumps

Confidence Score: 1/5

• This PR introduces critical authentication and encryption bypass vulnerabilities that make it unsafe for production deployment
• Score reflects multiple critical security issues: NoClientAuth allows anyone with localhost access to use injected credentials, InsecureIgnoreHostKey enables MITM attacks on target servers, and credentials remain in memory without secure handling. These vulnerabilities could lead to unauthorized access and credential theft.
• packages/pam/handlers/ssh/proxy.go requires immediate security hardening before deployment

Important Files Changed

Filename	Overview
packages/pam/handlers/ssh/proxy.go	Critical security vulnerabilities: NoClientAuth: true allows unauthenticated access and ssh.InsecureIgnoreHostKey() enables MITM attacks
packages/pam/local/ssh-proxy.go	Launches SSH client with disabled host key verification; transparent credential injection via local proxy
packages/pam/session/credentials.go	Manages credential caching in memory; credentials remain in-memory throughout session lifecycle
packages/api/model.go	Added SSH credential fields and interface{} type for flexible log format, reducing type safety

[greptile-apps]

_{11 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}

[x032205]

@greptile review this

[greptile-apps]

Additional Comments (1)

1. packages/pam/session/credentials.go, line 84-95 (link)

   logic: SECURITY: Sensitive credentials stored in memory without explicit zeroing after use.

   SSH private keys and passwords remain in memory (lines 89, 87) until garbage collected. If the process memory is dumped or swapped to disk, credentials could be exposed. In Go, strings are immutable and can't be reliably zeroed.

   Consider adding explicit cleanup with secure memory handling patterns, or document that operators should prevent core dumps and memory swapping on systems running PAM sessions.

_{11 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile
React with 👍 or 👎 to share your feedback on this new summary format}