-
Notifications
You must be signed in to change notification settings - Fork 536
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
user.name/user.password superseeded by basicAuth #243
Comments
First off, great issue template usage! 🥇 If I understand your use case correctly. You authenticate to your proxy using HTTP Basic. Then you connect to the WebSSH2 instance through that proxy and you have Client ---> [HTTP(S) Proxy] ---> [WebSSH2] While, it makes sense to assume that if this is defined in config.json it should override anything sent in Basic Auth, what it does in practice is "pre-authorize" so that the HTTP 401 is never sent to the client (thereby the client won't create the However, if that header is inplace (by something already upstream, or set by the client manually) it will take priority over what is in This wasn't something I had considered when designing this, as my use-case and environment was pretty controlled, we strip all client headers off the requests as they pass through so it's not really an issue. That being said, it makes sense for this to work as you expect it to and I'd like to add that to the list. For now, depending on the proxy you're using you may be able to strip this header off before sending requests to /ssh/ and that would prevent the override of these settings in Tagging #242 for inclusion |
@Utopiah check out 0.4.0-testing-2 and see if this does what you want. |
@billchurch very nice, indeed it worked now as expected! |
* feat: upgrade to socket.io 4.1.1 #242 * chore: lint ./app/client/src/js/index.js #242 * chore: eslint disable global Blob warning #242 * chore: lint ./app/index.js #242 * chore: lint ./app/server/app.js #242 * chore: setup eslint and airbnb rules disable standard #242 * Delete package-lock-old.json * chore: lint ./app/index.js #242 * feat: implement alpine docker image from #213 * chore: lint ./app/server/app.js still TODO for stop function #242 * chore: lint ./app/server/util.js #242 * chore: lint ./app/server/app.js reorg socket and safe shutdown * chore: grammar / spelling * chore: fix some misplaced next returns in some Express routes #242 * chore: lint ./app/server/socket.js #242 * chore: bump version in ./app/package.json #242 * docs: update docs for 0.4.0 #242 * chore: update package-lock.json * chore: install Prettier code linter #242 * chore: linting for Prettier #242 * chore: lint ./app/client/src/js/index.js #242 * chore: client linting #242 * Update package-lock.json * chore: repackage wbssh2 bundle for testing #242 * chore: convert ./app/client/src/js/index.js to typescript #242 * chore: remove html rendering from node * Update tsconfig.json * Update tsconfig.json * Delete index.js * Update ChangeLog.md * chore: config for development container #242 * Update BUILDING.md * feat: pull in #234 staged for 0.4.0 #242 * docs: update changelog * update package.json * chore: split config from app/server/app.js #242 * chore: version bump * chore: consistency * feat: overridebasic fixes #243 included for #242 * chore: remove serverlog code * docs: update changelog
* feat: upgrade to socket.io 4.1.1 billchurch#242 * chore: lint ./app/client/src/js/index.js billchurch#242 * chore: eslint disable global Blob warning billchurch#242 * chore: lint ./app/index.js billchurch#242 * chore: lint ./app/server/app.js billchurch#242 * chore: setup eslint and airbnb rules disable standard billchurch#242 * Delete package-lock-old.json * chore: lint ./app/index.js billchurch#242 * feat: implement alpine docker image from billchurch#213 * chore: lint ./app/server/app.js still TODO for stop function billchurch#242 * chore: lint ./app/server/util.js billchurch#242 * chore: lint ./app/server/app.js reorg socket and safe shutdown * chore: grammar / spelling * chore: fix some misplaced next returns in some Express routes billchurch#242 * chore: lint ./app/server/socket.js billchurch#242 * chore: bump version in ./app/package.json billchurch#242 * docs: update docs for 0.4.0 billchurch#242 * chore: update package-lock.json * chore: install Prettier code linter billchurch#242 * chore: linting for Prettier billchurch#242 * chore: lint ./app/client/src/js/index.js billchurch#242 * chore: client linting billchurch#242 * Update package-lock.json * chore: repackage wbssh2 bundle for testing billchurch#242 * chore: convert ./app/client/src/js/index.js to typescript billchurch#242 * chore: remove html rendering from node * Update tsconfig.json * Update tsconfig.json * Delete index.js * Update ChangeLog.md * chore: config for development container billchurch#242 * Update BUILDING.md * feat: pull in billchurch#234 staged for 0.4.0 billchurch#242 * docs: update changelog * update package.json * chore: split config from app/server/app.js billchurch#242 * chore: version bump * chore: consistency * feat: overridebasic fixes billchurch#243 included for billchurch#242 * chore: remove serverlog code * docs: update changelog
* feat: upgrade to socket.io 4.1.1 billchurch#242 * chore: lint ./app/client/src/js/index.js billchurch#242 * chore: eslint disable global Blob warning billchurch#242 * chore: lint ./app/index.js billchurch#242 * chore: lint ./app/server/app.js billchurch#242 * chore: setup eslint and airbnb rules disable standard billchurch#242 * Delete package-lock-old.json * chore: lint ./app/index.js billchurch#242 * feat: implement alpine docker image from billchurch#213 * chore: lint ./app/server/app.js still TODO for stop function billchurch#242 * chore: lint ./app/server/util.js billchurch#242 * chore: lint ./app/server/app.js reorg socket and safe shutdown * chore: grammar / spelling * chore: fix some misplaced next returns in some Express routes billchurch#242 * chore: lint ./app/server/socket.js billchurch#242 * chore: bump version in ./app/package.json billchurch#242 * docs: update docs for 0.4.0 billchurch#242 * chore: update package-lock.json * chore: install Prettier code linter billchurch#242 * chore: linting for Prettier billchurch#242 * chore: lint ./app/client/src/js/index.js billchurch#242 * chore: client linting billchurch#242 * Update package-lock.json * chore: repackage wbssh2 bundle for testing billchurch#242 * chore: convert ./app/client/src/js/index.js to typescript billchurch#242 * chore: remove html rendering from node * Update tsconfig.json * Update tsconfig.json * Delete index.js * Update ChangeLog.md * chore: config for development container billchurch#242 * Update BUILDING.md * feat: pull in billchurch#234 staged for 0.4.0 billchurch#242 * docs: update changelog * update package.json * chore: split config from app/server/app.js billchurch#242 * chore: version bump * chore: consistency * feat: overridebasic fixes billchurch#243 included for billchurch#242 * chore: remove serverlog code * docs: update changelog
Depending on the type of issue, please include the following information:
node -v
v10.24.0npm -v
5.8.0uname -a
Linux ff0e59c9fbed 5.8.0-44-generic Update standard to the latest version 🚀 #50-Ubuntu SMP Tue Feb 9 06:29:41 UTC 2021 x86_64 GNU/Linuxcat /etc/os-release
Debian GNU/Linux 10 (buster)grep version app/package.json
0.3.1uname -a
Linux ff0e59c9fbed 5.8.0-44-generic Update standard to the latest version 🚀 #50-Ubuntu SMP Tue Feb 9 06:29:41 UTC 2021 x86_64 GNU/Linuxsshd -v
OpenSSH_7.9p1 Debian-10+deb10u2, OpenSSL 1.1.1d 10 Sep 2019WebSSH2 error: Authentication failure user=utopiah from=172.21.0.11
despite having"user": { "name": "shelltest", ..
inapp/config.json
which unfortunately with Switch User not woking in FireFox #196 means I have to use another domain.I had a proper setup working. I switched from IP authentication on my reverse proxy to basic auth. Unfortunately despite specifying name/password in the configuration file and maybe due to "permit usage with some SSO systems that can replay credentials over HTTP basic." it used the basicAuth. I was expecting that the configuration file, when values are defined, would prevent user modification. If this is the expected usage then I suppose, if it's not a corner case, that being able to avoid replaying basicAuth would help.
PS: to clarify, if basicAuth on my reverse proxy and the user on the target machine of WebSSH are identical, it works. This is though not what I expected when I relied on the configuration file with the other user
shelltest
. I'd like to be able to force that behavior.The text was updated successfully, but these errors were encountered: