Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to disable "Other Options > Connect to" #17340

Closed
sparticvs opened this issue May 12, 2022 · 6 comments
Closed

Add ability to disable "Other Options > Connect to" #17340

sparticvs opened this issue May 12, 2022 · 6 comments
Labels
enhancement page:login

Comments

@sparticvs
Copy link

Page: Login

This now displays "Other options > Connect to", which while I can see the value, is not something I want on my Cockpit instance - it makes it so that someone could bypass my 2FA setup, which I don't like. I'd like to be able to disable this option, even if it was just part of the config file.
@martinpitt
Copy link
Member

Basically the same as in https://bugzilla.redhat.com/show_bug.cgi?id=2018741 . My proposed solution was to change the RequireHost option into a three-state: RemoteHost=require|allow|no.

@sparticvs
Copy link
Author

@martinpitt thanks for the comment, I honestly didn't even look at BZ. I like your suggestion. My question is would it prohibit just on the login page or would it be across the platform entirely (meaning after logging in, would it prevent you from connecting to other hosts in VMs that are on the private networks?) [If you'd prefer, I can also move the conversation over there].

@martinpitt
Copy link
Member

I didn't plan for the RemoteHost option to affect connecting to other hosts in a running Cockpit session. IMHO this does not make sense both conceptually and technically -- once you have a running session on the initial machine (with the login page), you can always run "ssh" directly (via the Cockpit API, if necessary on the browser console). That option should only affect the login page itself.

Does that match your expectations?

@sparticvs
Copy link
Author

Perfect, that aligns with what I am hoping for.

@tholeb
Copy link

tholeb commented May 30, 2022

Hello, it seems there is an option for that in the config: WebService > LoginTo:

According to the documentation:

When set to true the Connect to option on the login screen is visible and allows logging into another server. If this option is not specified then it will be automatically detected based on whether the cockpit-ssh process is available or not.

You can just add this to your /etc/cockpit/cockpit.conf:

[WebService]
LoginTo = false # Prevent the user to log into another server

Does it helps ?

@sparticvs
Copy link
Author

@tholeb - that is exactly what I'm looking for. Thanks!

@thoger thoger mentioned this issue Mar 21, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement page:login
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@martinpitt @sparticvs @tholeb