Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Feature: - Security: SSH Key Password shold be asked on connection, not saved in the app #131

Closed
userw2891 opened this issue Jan 26, 2023 · 7 comments
Closed

New Feature: - Security: SSH Key Password shold be asked on connection, not saved in the app #131

userw2891 opened this issue Jan 26, 2023 · 7 comments

Comments

@userw2891
Copy link

SSH Private key Password SHOULD NOT BE SAVED IN THE APP.
SSH Private key password

  • should be asked on connection.
  • or when using the app (You manually lock and unlock the key)

Behaviour should be similar like Connectboot Android App

  • you have key manager
  • on each server configuration when enabled SSH connection through key you just select the key from key manager
  • When connecting will ask for ssh key if key is not previously unlocked and load in memory

Care should be taken of key password stored and released from memory

  • when vnc session close also clear password in running memory
  • when we manually close key from key manager

It is good for now just to implement a ssh key password request and key release when vnc close... and later rework key handling and add a key manager.
I do not trust to save password in the app, probably the password is neither encrypted, it is stored in plain, and if encrypted, I will not trust app encryption implementation, and not last if stored can be retrieved, so it should not be stored.

Thank you,
@gujjwal00
Copy link
Owner

SSH Private key Password SHOULD NOT BE SAVED IN THE APP. SSH Private key password

* should be asked on connection.

* or when using the app (You manually lock and unlock the key)

Sure, this can be implemented. AVNC can ask for key password when connecting, just like it does for VNC password.

Behaviour should be similar like Connectboot Android App

* you have key manager

* on each server configuration when enabled SSH connection through key you just select the key from key manager

* When connecting will ask for ssh key if key is not previously unlocked and load in memory

Care should be taken of key password stored and released from memory

* when vnc session close also clear password in running memory

* when we manually close key from key manager

It is good for now just to implement a ssh key password request and key release when vnc close... and later rework key handling and add a key manager.
I do not trust to save password in the app, probably the password is neither encrypted, it is stored in plain, and if encrypted, I will not trust app encryption implementation, and not last if stored can be retrieved, so it should not be stored.

Yes, passwords are stored in plaintext, because they are required for authentication. AVNC stores all server data in private app storage, and relies on Android for access protection.

If you don't trust the app, how do you know I won't send the key password to some random server, even if password is only asked while connecting to VNC server?

So I am not going to implement a key manager. Once AVNC supports asking for key password while connecting, you can use any third-party password manger you trust to auto-fill passwords in AVNC.

@userw2891
Copy link
Author

userw2891 commented Jan 27, 2023
edited
Loading

"If you don't trust the app, how do you know I won't send the key password to some random server, even if password is only asked while connecting to VNC server?"

  1. Is not about not trusting your app, but why I should trust Android when password is saved in plain text... maybe some other app can retrieve it. (Of course you are not talking on stored password)
  2. I do not trust any app by default, so I assume my risks when using apps, I just hope the app will assure best security if possible by default...

"So I am not going to implement a key manager. Once AVNC supports asking for key password while connecting, you can use any third-party password manger you trust to auto-fill passwords in AVNC."
Is not about autofilling passwords, is about easy reuse key on multiple server(profile) connections and if you use the app and unlock key you don't have to retype password on each connection to a different server in current working session.
You can look how Connectboot app handle ssh key passwords.
Of course this is more complex work, and require a lot of time, so I will be happy if the key password will not be stored, just asked, I do not feel confident in storing passwords on phone, or in apps..

"Sure, this can be implemented. AVNC can ask for key password when connecting, just like it does for VNC password."
If you do that will be grate and enaught, thank you

Just a final thought.
If someone use ssh he expect secure connection, if someone use a key instead of a password he expect even more security on connection, of course you will say why I use android in first place... right I avoid until now ...
SSH Key password security is more important than VNC one, with that password he can have access to server with VNC one he can't do anything... (as connection is allowed only through ssh)
For now I just store in app a wrong password, witch I change before connection and revert after finishing it.

@gujjwal00
Copy link
Owner

Hi @userw2891, SSH password and SSH private key password will now be optional when creating a server.
You can use the following APK to test it: app-debug.zip

@userw2891
Copy link
Author

Thank you

make a quick test, and popup to request for key password show
not fully tested yet (i think I chose a wrong key)

there are also two things that can be extra done

  • remove the pasword field for ssh key in main coonnection configuration window (private key password shold never be saved)
  • rename the dialog asking for password from "SSH Login" to "SSH Private Key Password" or just "Private Key Password" because it might make confusion that you type an ssh login passord not a password to decript ssh key (shh key is used for authentication, not the password in the dialog)

When I have time I will check again key, pasword key, server pair to see if it really works, or just install ap on the other phone (it works on other phone, and if I remember correctly not on this one)

Thank you again

gujjwal00 added a commit that referenced this issue Apr 8, 2023
@gujjwal00
Make SSH passwords optional when creating profile
42b8fb8 
This affects both login password & private key password. These will be
queried using LoginFragment if not available in profile.

LoginInfo now serves as a generic wrapper for credentials, instead of
being tied to VNC credentials.

Re: #131
@gujjwal00
Copy link
Owner

Fixed by: 42b8fb8
CI build: https://github.com/gujjwal00/avnc/suites/12108976296/artifacts/638018533

remove the pasword field for ssh key in main coonnection configuration window (private key password shold never be saved)

I will keep it for now. It can be removed in future.

rename the dialog asking for password from "SSH Login" to "SSH Private Key Password" or just "Private Key Password" because it might make confusion that you type an ssh login passord not a password to decript ssh key (shh key is used for authentication, not the password in the dialog)

Renamed it to Unlock private key.

Thank you for testing.

@userw2891
Copy link
Author

Super... just a note... there is no software that I know that save a private key pasword... they keep the password in memory only at runtime for current session or until is manualy removed by user/ or unencripted key removed from memory

How is now is perfectly fine for me... super work... thank you...

@gujjwal00
Copy link
Owner

I will remove the key password field after few versions. It requires a database migration, and I want to give the new login flow some time with users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gujjwal00 @userw2891