SSH Credentials not being remembered if username=email

[tschettervictor]

In version 1.1.21 I’m now running into a bug that will not let me save the ssh credentials of local devices if my username is a email address. They are being reset on every connection.

anyone else?

[tschettervictor]

I believe I have found a bug.

When setting up the server for the first time, before creating any users, I set the “usernameisEmail”: true variable and created a user with an email address being the username
If I do that, the credentials don’t seem to be able to save, once logging in

But if i just create a username normally without first setting that variable, then credentials save as they should.
I will also add that setting that variable to “false” and creating a second user with just a normal username, also works.

The issue appears to be in the fact that an email is used as a username, perhaps a bug in the characters used

@si458

[tschettervictor]

Im just wondering if there are any fixes planned for this. Otherwise I'll have to switch all my users to a normal username, which might be a slight headache.

[tschettervictor]

@si458 perhaps you can point me to the relevant file to sift through and see if I can spot anything that would cause this behaviour.

[si458]

this is weird? because i can see it goes to add the ssh creds into the db, and says it saved, but never actually saves?
just trying to work out why its not saving in the db

[si458]

ok seems to be a BUG with nedb, if i use mysql or sqlite, it works no problem

[si458]

ok BIG problem, nedb doesnt handle fullstops correctly, so this would require a huge change for nedb
seald/nedb#55 (comment)
workaround is to use a different database like sqlite

[si458]

ok so another work around is to remove the line below from inside model.js inside nedb package
(not sure what else breaks tho)

  if (k.indexOf('.') !== -1) {
    throw new Error('Field names cannot contain a .');
  }

so we need to look at working out HOW to replace fullstops with maybe something else?
or base64 encode the email address?

[tschettervictor]

Will look at migrating to mongodb for now…

[tschettervictor]

Will look at migrating to mongodb for now…

Unfortunately MongoDB does not really work properly on my FreeBSD server. But I will try MariaDB.

[si458]

you could try sqlite...
stop meshcentral, set sqlite: true under settings in config.json
Then run node node_modules/meshcentral --nedbtodb
This will convert the nedb to any DB u specify in your config.json
Then start meshcentral again

[tschettervictor]

Confirmed working as expected using MariaDB. Migration was as easy as

1. node node-modules/meshcentral --dbexport database.json
2. configure a mariadb database and add mariadb json block to config.json
3. node node-modules/meshcentral --dbimport database.json

If you fix the NeDB, please let us know, but I believe MariaDB will serve better anyway.

[si458]

Glad u got it sorted!
only issue with dbexport is it doesn't export events as far as im aware, only the config

[tschettervictor]

Any plans to integrate another database as default?
NeDB is long EOL it seems.

[si458]

i did ask @Ylianst but at the moment we are leaving it as it is,
i personally think we could shift to sqlite as the default, but the size can get massive quickly

[Ylianst]

Ok, looking into this now.

[si458]

@Ylianst the issue as explained above here #5833 (comment)
is because the json keys (names) contain fulls stops, so if the username is an email address, its not saving the value,
its not the json values but the keys!

[Ylianst]

Ha yes, I just replicated the issue on my test server. In NeDB, I have to escape the "." on many of the fields due to how it works. I basically need to escape this case also. Hold on.

[Ylianst]

Just fixed it. Replace the file common.js with the latest one here, reset the server and it will work. Fixes both RDP and SSH credentials.

[si458]

yep can confirm all works here! its encoding the string as user/testing123/simon@mycompany%2Ecom

[tschettervictor]

Hmmm. It doesn't seem to be working for me though.

[si458]

Did u replace the single file? And restart meshcentral? Ans switch bk to using nedb?

[tschettervictor]

Did u replace the single file? And restart meshcentral? Ans switch bk to using nedb?

Yes i did. Basically removed the line for MariaDB, did a --dbimport, changed the file, and started the server again.

The file was in node_modules/meshcentral/common.js

[tschettervictor]

Hang on just a sec. The issue I'm having is that my MeshCental username is my email. The credentials for the ssh and rdp connection themselves don't matter.

If my MeshCentral username is my email, then it doesn't work. Are we on the same page?

[si458]

@tschettervictor yes that's my setup, usernameisemail and it works OK here now, saving into nedb with the master common.js being replaced

[tschettervictor]

@tschettervictor yes that's my setup, usernameisemail and it works OK here now, saving into nedb with the master common.js being replaced

Ok thanks. But its still not working for me. Tried different connections but no go

[si458]

can you share ur config.json please? (hide secret info)

[tschettervictor]

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
  "settings": {
    "cert": "mesh.domain.com",
    "_WANonly": true,
    "_LANonly": true,
    "sessionKey": "string",
    "sessionTime": 168,
    "port": 8443,
    "_debug": true,
    "aliasPort": 443,
    "_redirPort": 80,
    "_redirAliasPort": 80,
    "TlsOffload": "192.168.50.135",
    "_trustedProxy": "192.168.50.135",
    "_MariaDB": {
      "_host": "localhost",
      "_user": "meshcentral",
      "_password": "password",
      "_database": "meshcentral"
    }
  },
  "domains": {
    "": {
      "title": "domain",
      "title2": "domain",
      "certUrl": "https://192.168.50.135",
      "ssh": true,
      "mstsc": true,
      "_minify": true,
      "_newAccounts": true,
      "allowsavingdevicecredentials": true,
      "userNameIsEmail": true,
      "agentInviteCodes": true
    }
  },
  "smtp": {
    "host": "smtp.gmail.com",
    "port": "465",
    "from": "MC Management",
    "user": "email",
    "pass": "password",
    "tls": true
  }
}

[Ylianst]

To make sure, when accessing SSH to save credentials, your using this option?
In the screenshot, you can see it's an email username and I was able to save credentials.

[tschettervictor]

To make sure, when accessing SSH to save credentials, your using this option? In the screenshot, you can see it's an email username and I was able to save credentials.

Yes. I also use Terminal, SSH Connect and that also doesn't work.

[tschettervictor]

It does show the credentials as saved on the device page, but it still asks for a login when clicking connect.

[tschettervictor]

And I can't clear the credentials either.

[tschettervictor]

And I can't clear the credentials either.

The fix seems to allow saving credentials that have "." in them. But my issue is that when my MeshCentral username has periods in it or is an email, then I can't save credentials. When I log in as a user without periods in it, I can save them properly. @Ylianst

[tschettervictor]

It looks like this bug is back in version 1.1.22

I am using mariadb as my database this time, but its again not letting me save the SSH credentials.
@si458

[tschettervictor]

It looks like this bug is back in version 1.1.22

I am using mariadb as my database this time, but its again not letting me save the SSH credentials. @si458

Meanwhile, back on version 1.1.21 everything works again.

[si458]

@tschettervictor This has been fixed recently in PR #6001 so you just need to wait for a new release or npm install from git repo or use docker master image

[tschettervictor]

@tschettervictor This has been fixed recently in PR #6001 so you just need to wait for a new release or npm install from git repo or use docker master image

Ok. I assumed it was part of 1.1.22

[si458]

It was fixed but then something else broke in 1.1.22 #5994